mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into blake2

Browse Source
This commit is contained in:
toddouska 2013-03-22 10:20:01 -07:00
commit d6deb690e6
78 changed files with 7817 additions and 2480 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -37,6 +37,7 @@ examples/echoserver/echoserver
examples/server/server
snifftest
output
mcapi/test
testsuite/testsuite
tests/unit
testsuite/*.der

2
Makefile.am
View File

@ -31,6 +31,7 @@ EXTRA_DIST+= lib/dummy
EXTRA_DIST+= cyassl-ntru.vcproj
EXTRA_DIST+= cyassl.vcproj
EXTRA_DIST+= cyassl-iphone.xcodeproj/project.pbxproj
EXTRA_DIST+= cyassl-ios.xcodeproj/project.pbxproj
EXTRA_DIST+= cyassl-ntru.sln
EXTRA_DIST+= cyassl.sln
EXTRA_DIST+= valgrind-error.sh
@ -62,6 +63,7 @@ include mqx/util_lib/Sources/include.am
include mplabx/ctaocrypt_benchmark.X/nbproject/include.am
include mplabx/ctaocrypt_test.X/nbproject/include.am
include mplabx/cyassl.X/nbproject/include.am
include mcapi/include.am
if USE_VALGRIND
TESTS_ENVIRONMENT=./valgrind-error.sh

5
autogen.sh
View File

@ -10,4 +10,7 @@ else
fi
autoreconf --install --force --verbose
ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
if test -d .git; then
ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
fi

2
commit-tests.sh
View File

@ -23,7 +23,7 @@ RESULT=$?
# make sure full config is ok
echo -e "\n\nTesting full config as well...\n\n"
./configure --enable-opensslExtra --enable-fastmath --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia;
./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia;
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1

621
configure.ac
View File

@ -6,7 +6,7 @@
#
#
AC_INIT([cyassl],[2.5.1],[http://www.yassl.com])
AC_INIT([cyassl],[2.5.4],[http://www.yassl.com])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
@ -106,8 +106,8 @@ AS_IF([test "$ax_enable_debug" = "yes"],
# SINGLE THREADED
AC_ARG_ENABLE([singleThreaded],
[ --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
AC_ARG_ENABLE([singlethreaded],
[ --enable-singlethreaded Enable CyaSSL single threaded (default: disabled)],
[ ENABLED_SINGLETHREADED=$enableval ],
[ ENABLED_SINGLETHREADED=no ])
@ -136,8 +136,8 @@ fi
# OPENSSL Extra Compatibility
AC_ARG_ENABLE([opensslExtra],
[ --enable-opensslExtra Enable extra OpenSSL API, size+ (default: disabled)],
AC_ARG_ENABLE([opensslextra],
[ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)],
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
)
@ -148,7 +148,7 @@ fi
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable small and opensslExtra, only one or the other.])
AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
fi
@ -201,7 +201,7 @@ AC_ARG_ENABLE([leanpsk],
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DCYASSL_USER_IO -DUSE_SLOW_SHA"
AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DCYASSL_USER_IO -DNO_SHA -DUSE_SLOW_SHA"
ENABLED_SLOWMATH="no"
ENABLED_SINGLETHREADED="yes"
fi
@ -209,42 +209,6 @@ fi
AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
# fastmath
AC_ARG_ENABLE([fastmath],
[ --enable-fastmath Enable fast math for BigInts (default: disabled)],
[ ENABLED_FASTMATH=$enableval ],
[ ENABLED_FASTMATH=no ]
)
if test "x$ENABLED_FASTMATH" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
# fast HUGE math
AC_ARG_ENABLE([fasthugemath],
[ --enable-fasthugemath Enable fast math + huge code (default: disabled)],
[ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_FASTHUGEMATH="yes"
fi
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
ENABLED_FASTMATH="yes"
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])
# big cache
AC_ARG_ENABLE([bigcache],
[ --enable-bigcache Enable big session cache (default: disabled)],
@ -400,6 +364,18 @@ fi
AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
# NULL CIPHER
AC_ARG_ENABLE([nullcipher],
[ --enable-nullcipher Enable CyaSSL NULL cipher support (default: disabled)],
[ ENABLED_NULL_CIPHER=$enableval ],
[ ENABLED_NULL_CIPHER=no ]
)
if test "$ENABLED_NULL_CIPHER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
fi
# RIPEMD
AC_ARG_ENABLE([ripemd],
[ --enable-ripemd Enable CyaSSL RIPEMD-160 support (default: disabled)],
@ -500,6 +476,389 @@ then
fi
# DSA
AC_ARG_ENABLE([dsa],
[ --enable-dsa Enable DSA (default: disabled)],
[ ENABLED_DSA=$enableval ],
[ ENABLED_DSA=no ]
)
if test "$ENABLED_DSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
fi
AM_CONDITIONAL([BUILD_DSA], [test "x$ENABLED_DSA" = "xyes"])
# ECC
AC_ARG_ENABLE([ecc],
[ --enable-ecc Enable ECC (default: disabled)],
[ ENABLED_ECC=$enableval ],
[ ENABLED_ECC=no ]
)
if test "$ENABLED_ECC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
fi
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.])
fi
# PSK
AC_ARG_ENABLE([psk],
[ --enable-psk Enable PSK (default: disabled)],
[ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ]
)
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
fi
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "yes"
then
ENABLED_PSK=yes
fi
# ERROR STRINGS
AC_ARG_ENABLE([errorstrings],
[ --enable-errorstrings Enable error strings table (default: enabled)],
[ ENABLED_ERROR_STRINGS=$enableval ],
[ ENABLED_ERROR_STRINGS=yes ]
)
if test "$ENABLED_ERROR_STRINGS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
else
# turn off error strings if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
ENABLED_ERROR_STRINGS=no
fi
fi
# OLD TLS
AC_ARG_ENABLE([oldtls],
[ --enable-oldtls Enable old TLS versions < 1.2 (default: enabled)],
[ ENABLED_OLD_TLS=$enableval ],
[ ENABLED_OLD_TLS=yes ]
)
if test "$ENABLED_OLD_TLS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
else
# turn off old if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no
fi
fi
# MEMORY
AC_ARG_ENABLE([memory],
[ --enable-memory Enable memory callbacks (default: enabled)],
[ ENABLED_MEMORY=$enableval ],
[ ENABLED_MEMORY=yes ]
)
if test "$ENABLED_MEMORY" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CYASSL_MEMORY"
else
# turn off memory cb if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
# but don't turn on NO_CYASSL_MEMORY because using own
ENABLED_MEMORY=no
fi
fi
AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"])
# RSA
AC_ARG_ENABLE([rsa],
[ --enable-rsa Enable RSA (default: enabled)],
[ ENABLED_RSA=$enableval ],
[ ENABLED_RSA=yes ]
)
if test "$ENABLED_RSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
else
# turn off RSA if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
ENABLED_RSA=no
fi
fi
AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"])
# DH
AC_ARG_ENABLE([dh],
[ --enable-dh Enable DH (default: enabled)],
[ ENABLED_DH=$enableval ],
[ ENABLED_DH=yes ]
)
if test "$ENABLED_DH" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
else
# turn off DH if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
ENABLED_DH=no
fi
fi
AM_CONDITIONAL([BUILD_DH], [test "x$ENABLED_DH" = "xyes"])
# ASN
# turn off asn, which means no certs, no rsa, no dh, no dsa, no ecc,
# and no big int, use this to disable all public key stuff
AC_ARG_ENABLE([asn],
[ --enable-asn Enable ASN (default: enabled)],
[ ENABLED_ASN=$enableval ],
[ ENABLED_ASN=yes ]
)
if test "$ENABLED_ASN" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
else
# turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
ENABLED_ASN=no
fi
fi
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable rsa if disabling asn.])
fi
if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable dsa if disabling asn.])
fi
if test "$ENABLED_DH" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable dh if disabling asn.])
fi
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable ecc if disabling asn.])
fi
if test "$ENABLED_PSK" = "no" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please enable psk if disabling asn.])
fi
if test "$ENABLED_ASN" = "no"
then
ENABLED_FASTMATH=no
ENABLED_SLOWMATH=no
fi
AM_CONDITIONAL([BUILD_ASN], [test "x$ENABLED_ASN" = "xyes"])
# AES
AC_ARG_ENABLE([aes],
[ --enable-aes Enable AES (default: enabled)],
[ ENABLED_AES=$enableval ],
[ ENABLED_AES=yes ]
)
if test "$ENABLED_AES" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
else
# turn off AES if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
ENABLED_AES=no
fi
fi
AM_CONDITIONAL([BUILD_AES], [test "x$ENABLED_AES" = "xyes"])
# CODING
AC_ARG_ENABLE([coding],
[ --enable-coding Enable Coding base 16/64 (default: enabled)],
[ ENABLED_CODING=$enableval ],
[ ENABLED_CODING=yes ]
)
if test "$ENABLED_CODING" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
else
# turn off CODING if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
ENABLED_CODING=no
fi
fi
AM_CONDITIONAL([BUILD_CODING], [test "x$ENABLED_CODING" = "xyes"])
# DES3
AC_ARG_ENABLE([des3],
[ --enable-des3 Enable DES3 (default: enabled)],
[ ENABLED_DES3=$enableval ],
[ ENABLED_DES3=yes ]
)
if test "$ENABLED_DES3" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else
# turn off DES3 if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no
fi
fi
AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
# ARC4
AC_ARG_ENABLE([arc4],
[ --enable-arc4 Enable ARC4 (default: enabled)],
[ ENABLED_ARC4=$enableval ],
[ ENABLED_ARC4=yes ]
)
if test "$ENABLED_ARC4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
else
# turn off ARC4 if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
ENABLED_ARC4=no
fi
fi
AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"])
# MD5
AC_ARG_ENABLE([md5],
[ --enable-md5 Enable MD5 (default: enabled)],
[ ENABLED_MD5=$enableval ],
[ ENABLED_MD5=yes ]
)
if test "$ENABLED_MD5" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
else
# turn off MD5 if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
ENABLED_MD5=no
fi
fi
AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"])
# SHA
AC_ARG_ENABLE([sha],
[ --enable-sha Enable SHA (default: enabled)],
[ ENABLED_SHA=$enableval ],
[ ENABLED_SHA=yes ]
)
if test "$ENABLED_SHA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
else
# turn off SHA if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
ENABLED_SHA=no
fi
fi
AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
# MD4
AC_ARG_ENABLE([md4],
[ --enable-md4 Enable MD4 (default: disabled)],
[ ENABLED_MD4=$enableval ],
[ ENABLED_MD4=no ]
)
if test "$ENABLED_MD4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
fi
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
# PWDBASED
AC_ARG_ENABLE([pwdbased],
[ --enable-pwdbased Enable PWDBASED (default: disabled)],
[ ENABLED_PWDBASED=$enableval ],
[ ENABLED_PWDBASED=no ]
)
if test "$ENABLED_PWDBASED" = "no"
then
if test "$ENABLED_OPENSSLEXTRA" = "yes"
then
# opensslextra needs pwdbased
ENABLED_PWDBASED=yes
else
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
fi
fi
AM_CONDITIONAL([BUILD_PWDBASED], [test "x$ENABLED_PWDBASED" = "xyes"])
# HC128
AC_ARG_ENABLE([hc128],
[ --enable-hc128 Enable HC-128 (default: disabled)],
@ -534,22 +893,9 @@ fi
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
# PSK
AC_ARG_ENABLE([psk],
[ --enable-psk Enable PSK (default: disabled)],
[ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ]
)
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
fi
# Web Server Build
AC_ARG_ENABLE([webServer],
[ --enable-webServer Enable Web Server (default: disabled)],
AC_ARG_ENABLE([webserver],
[ --enable-webserver Enable Web Server (default: disabled)],
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
)
@ -560,53 +906,39 @@ then
fi
# No Filesystem Build
AC_ARG_ENABLE([noFilesystem],
[ --enable-noFilesystem Enable No Filesystem (default: disabled)],
[ ENABLED_NOFILESYSTEM=$enableval ],
[ ENABLED_NOFILESYSTEM=no ]
# Filesystem Build
AC_ARG_ENABLE([filesystem],
[ --enable-filesystem Enable Filesystem support (default: disabled)],
[ ENABLED_FILESYSTEM=$enableval ],
[ ENABLED_FILESYSTEM=yes ]
)
if test "$ENABLED_NOFILESYSTEM" = "yes"
if test "$ENABLED_FILESYSTEM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
else
# turn off filesystem if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
ENABLED_FILESYSTEM=no
fi
fi
# No inline Build
AC_ARG_ENABLE([noInline],
[ --enable-noInline Enable No inline (default: disabled)],
[ ENABLED_NOINLINE=$enableval ],
[ ENABLED_NOINLINE=no ]
# inline Build
AC_ARG_ENABLE([inline],
[ --enable-inline Enable inline functions (default: disabled)],
[ ENABLED_INLINE=$enableval ],
[ ENABLED_INLINE=yes ]
)
if test "$ENABLED_NOINLINE" = "yes"
if test "$ENABLED_INLINE" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
fi
AM_CONDITIONAL([BUILD_NOINLINE], [test "x$ENABLED_NOINLINE" = "xyes"])
# ECC
AC_ARG_ENABLE([ecc],
[ --enable-ecc Enable ECC (default: disabled)],
[ ENABLED_ECC=$enableval ],
[ ENABLED_ECC=no ]
)
if test "$ENABLED_ECC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
fi
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.])
fi
AM_CONDITIONAL([BUILD_INLINE], [test "x$ENABLED_INLINE" = "xyes"])
# OCSP
@ -718,6 +1050,49 @@ then
fi
# fastmath
AC_ARG_ENABLE([fastmath],
[ --enable-fastmath Enable fast math for BigInts (default: enabled)],
[ ENABLED_FASTMATH=$enableval ],
[ ENABLED_FASTMATH=yes ]
)
if test "x$ENABLED_FASTMATH" = "xyes"
then
# turn off fastmth if leanpsk on or asn off
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
then
ENABLED_FASTMATH=no
else
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
fi
# fast HUGE math
AC_ARG_ENABLE([fasthugemath],
[ --enable-fasthugemath Enable fast math + huge code (default: disabled)],
[ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_FASTHUGEMATH="yes"
fi
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
ENABLED_FASTMATH="yes"
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])
# Enable Examples, used to disable examples
AC_ARG_ENABLE([examples],
[ --enable-examples Enable Examples (default: enabled)],
@ -726,11 +1101,15 @@ AC_ARG_ENABLE([examples],
)
AS_IF([test "x$ENABLED_SINGLETHREADED" = "xyes"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_NOFILESYSTEM" = "xyes"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
# certs still have sha signatures for now
AS_IF([test "x$ENABLED_SHA" = "xno"], [ENABLED_EXAMPLES="no"])
AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])
# LIBZ
ENABLED_LIBZ="no"
trylibzdir=""
AC_ARG_WITH([libz],
[ --with-libz=PATH PATH to libz install (default /usr/) ],
@ -762,9 +1141,10 @@ AC_ARG_WITH([libz],
else
AC_MSG_RESULT([yes])
fi
ENABLED_LIBZ="yes"
]
)
AM_CONDITIONAL([BUILD_LIBZ], [test "x$ENABLED_LIBZ" = "xyes"])
# cavium
@ -797,6 +1177,37 @@ AC_ARG_WITH([cavium],
)
# microchip api
AC_ARG_ENABLE([mcapi],
[ --enable-mcapi Enable Microchip API (default: disabled)],
[ ENABLED_MCAPI=$enableval ],
[ ENABLED_MCAPI=no ]
)
if test "$ENABLED_MCAPI" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT"
fi
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([please enable sha512 if enabling mcapi.])
fi
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([please enable ecc if enabling mcapi.])
fi
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_LIBZ" = "no"
then
AC_MSG_ERROR([please use --with-libz if enabling mcapi.])
fi
AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"])
# OPTIMIZE FLAGS
if test "$GCC" = "yes"
then
@ -873,29 +1284,47 @@ echo " * VCS checkout: $ac_cv_vcs_checkout"
echo
echo " Features "
echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * DTLS: $ENABLED_DTLS"
echo " * Enable extra OpenSSL API: $ENABLED_OPENSSLEXTRA"
echo " * Filesystem: $ENABLED_FILESYSTEM"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
echo " * fastmath: $ENABLED_FASTMATH"
echo " * sniffer: $ENABLED_SNIFFER"
echo " * ARC4: $ENABLED_ARC4"
echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI"
echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM"
echo " * DES3: $ENABLED_DES3"
echo " * Camellia: $ENABLED_CAMELLIA"
echo " * NULL Cipher: $ENABLED_NULL_CIPHER"
echo " * MD5: $ENABLED_MD5"
echo " * RIPEMD: $ENABLED_RIPEMD"
echo " * SHA: $ENABLED_SHA"
echo " * SHA-512: $ENABLED_SHA512"
echo " * BLAKE2: $ENABLED_BLAKE2"
echo " * keygen: $ENABLED_KEYGEN"
echo " * certgen: $ENABLED_CERTGEN"
echo " * HC-128: $ENABLED_HC128"
echo " * RABBIT: $ENABLED_RABBIT"
echo " * PWDBASED: $ENABLED_PWDBASED"
echo " * MD4: $ENABLED_MD4"
echo " * PSK: $ENABLED_PSK"
echo " * LEANPSK: $ENABLED_LEANPSK"
echo " * RSA: $ENABLED_RSA"
echo " * DSA: $ENABLED_DSA"
echo " * DH: $ENABLED_DH"
echo " * ECC: $ENABLED_ECC"
echo " * ASN: $ENABLED_ASN"
echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
echo " * OCSP: $ENABLED_OCSP"
echo " * CRL: $ENABLED_CRL"
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
echo " * NTRU: $ENABLED_NTRU"
echo " * valgrind unit tests: $ENABLED_VALGRIND"
echo " * LIBZ: $ENABLED_LIBZ"
echo " * Examples: $ENABLED_EXAMPLES"
echo ""
echo "---"

4
ctaocrypt/benchmark/benchmark.c
View File

@ -160,7 +160,9 @@ int main(int argc, char** argv)
#ifndef NO_MD5
bench_md5();
#endif
#ifndef NO_SHA
bench_sha();
#endif
#ifndef NO_SHA256
bench_sha256();
#endif
@ -506,6 +508,7 @@ void bench_md5(void)
#endif /* NO_MD5 */
#ifndef NO_SHA
void bench_sha(void)
{
Sha hash;
@ -531,6 +534,7 @@ void bench_sha(void)
printf("SHA %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
blockType, total, persec);
}
#endif /* NO_SHA */
#ifndef NO_SHA256

29
ctaocrypt/src/asm.c
View File

@ -437,9 +437,10 @@ __asm__( \
#define INNERMUL \
do { fp_word t; \
_c[0] = t = ((fp_word)_c[0] + (fp_word)cy) + \
t = ((fp_word)_c[0] + (fp_word)cy) + \
(((fp_word)mu) * ((fp_word)*tmpm++)); \
cy = (t >> DIGIT_BIT); \
_c[0] = (fp_digit)t; \
cy = (fp_digit)(t >> DIGIT_BIT); \
} while (0)
#define PROPCARRY \
@ -975,8 +976,9 @@ __asm__( \
/* multiplies point i and j, updates carry "c1" and digit c2 */
#define SQRADD(i, j) \
do { fp_word t; \
t = c0 + ((fp_word)i) * ((fp_word)j); c0 = t; \
t = c1 + (t >> DIGIT_BIT); c1 = t; c2 += t >> DIGIT_BIT; \
t = c0 + ((fp_word)i) * ((fp_word)j); c0 = (fp_digit)t; \
t = c1 + (t >> DIGIT_BIT); c1 = (fp_digit)t; \
c2 +=(fp_digit) (t >> DIGIT_BIT); \
} while (0);
@ -984,10 +986,12 @@ __asm__( \
#define SQRADD2(i, j) \
do { fp_word t; \
t = ((fp_word)i) * ((fp_word)j); \
tt = (fp_word)c0 + t; c0 = tt; \
tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = tt; c2 += tt >> DIGIT_BIT; \
tt = (fp_word)c0 + t; c0 = tt; \
tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = tt; c2 += tt >> DIGIT_BIT; \
tt = (fp_word)c0 + t; c0 = (fp_digit)tt; \
tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = (fp_digit)tt; \
c2 +=(fp_digit)( tt >> DIGIT_BIT); \
tt = (fp_word)c0 + t; c0 = (fp_digit)tt; \
tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = (fp_digit)tt; \
c2 +=(fp_digit) (tt >> DIGIT_BIT); \
} while (0);
#define SQRADDSC(i, j) \
@ -1274,10 +1278,11 @@ ____asm__( \
#define COMBA_FINI
#define MULADD(i, j) \
do { fp_word t; \
t = (fp_word)c0 + ((fp_word)i) * ((fp_word)j); c0 = t; \
t = (fp_word)c1 + (t >> DIGIT_BIT); c1 = t; c2 += t >> DIGIT_BIT; \
#define MULADD(i, j) \
do { fp_word t; \
t = (fp_word)c0 + ((fp_word)i) * ((fp_word)j); c0 = (fp_digit)t; \
t = (fp_word)c1 + (t >> DIGIT_BIT); \
c1 = (fp_digit)t; c2 += (fp_digit)(t >> DIGIT_BIT); \
} while (0);
#endif

72
ctaocrypt/src/asn.c
View File

@ -71,10 +71,10 @@
#ifndef TRUE
enum {
FALSE = 0,
TRUE = 1
};
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
@ -92,12 +92,33 @@ enum {
#define NO_TIME_H
/* since Micrium not defining XTIME or XGMTIME, CERT_GEN not available */
#elif defined(USER_TIME)
/* no <time.h> structures used */
#define NO_TIME_H
/* user time, and gmtime compatible functions, there is a gmtime
implementation here that WINCE uses, so really just need some ticks
since the EPOCH
*/
struct tm {
int tm_sec; /* seconds after the minute [0-60] */
int tm_min; /* minutes after the hour [0-59] */
int tm_hour; /* hours since midnight [0-23] */
int tm_mday; /* day of the month [1-31] */
int tm_mon; /* months since January [0-11] */
int tm_year; /* years since 1900 */
int tm_wday; /* days since Sunday [0-6] */
int tm_yday; /* days since January 1 [0-365] */
int tm_isdst; /* Daylight Savings Time flag */
long tm_gmtoff; /* offset from CUT in seconds */
char *tm_zone; /* timezone abbreviation */
};
typedef long time_t;
/* forward declaration */
struct tm* gmtime(const time_t* timer);
extern time_t XTIME(time_t * timer);
#define XGMTIME(c) gmtime((c))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#else
/* default */
/* uses complete <time.h> facility */
@ -137,7 +158,8 @@ time_t time(time_t* timer)
return *timer;
}
#endif /* _WIN32_WCE */
#if defined( _WIN32_WCE ) || defined( USER_TIME )
struct tm* gmtime(const time_t* timer)
{
@ -155,17 +177,17 @@ struct tm* gmtime(const time_t* timer)
static struct tm st_time;
struct tm* ret = &st_time;
time_t time = *timer;
time_t secs = *timer;
unsigned long dayclock, dayno;
int year = EPOCH_YEAR;
dayclock = (unsigned long)time % SECS_DAY;
dayno = (unsigned long)time / SECS_DAY;
dayclock = (unsigned long)secs % SECS_DAY;
dayno = (unsigned long)secs / SECS_DAY;
ret->tm_sec = dayclock % 60;
ret->tm_min = (dayclock % 3600) / 60;
ret->tm_hour = dayclock / 3600;
ret->tm_wday = (dayno + 4) % 7; /* day 0 a Thursday */
ret->tm_sec = (int) dayclock % 60;
ret->tm_min = (int)(dayclock % 3600) / 60;
ret->tm_hour = (int) dayclock / 3600;
ret->tm_wday = (int) (dayno + 4) % 7; /* day 0 a Thursday */
while(dayno >= (unsigned long)YEARSIZE(year)) {
dayno -= YEARSIZE(year);
@ -173,7 +195,7 @@ struct tm* gmtime(const time_t* timer)
}
ret->tm_year = year - YEAR0;
ret->tm_yday = dayno;
ret->tm_yday = (int)dayno;
ret->tm_mon = 0;
while(dayno >= (unsigned long)_ytab[LEAPYEAR(year)][ret->tm_mon]) {
@ -181,13 +203,13 @@ struct tm* gmtime(const time_t* timer)
ret->tm_mon++;
}
ret->tm_mday = ++dayno;
ret->tm_mday = (int)++dayno;
ret->tm_isdst = 0;
return ret;
}
#endif /* _WIN32_WCE */
#endif /* _WIN32_WCE || USER_TIME */
#ifdef THREADX
@ -386,6 +408,7 @@ static int GetMyVersion(const byte* input, word32* inOutIdx, int* version)
}
#ifndef NO_PWDBASED
/* Get small count integer, 32 bits or less */
static int GetShortInt(const byte* input, word32* inOutIdx, int* number)
{
@ -409,7 +432,7 @@ static int GetShortInt(const byte* input, word32* inOutIdx, int* number)
return *number;
}
#endif
/* May not have one, not an error */
static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version)
@ -1413,7 +1436,9 @@ static int GetKey(DecodedCert* cert)
/* process NAME, either issuer or subject */
static int GetName(DecodedCert* cert, int nameType)
{
#ifndef NO_SHA
Sha sha;
#endif
int length; /* length of all distinguished names */
int dummy;
char* full = (nameType == ISSUER) ? cert->issuer : cert->subject;
@ -1438,12 +1463,14 @@ static int GetName(DecodedCert* cert, int nameType)
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
#ifndef NO_SHA
InitSha(&sha);
ShaUpdate(&sha, &cert->source[idx], length + cert->srcIdx - idx);
if (nameType == ISSUER)
ShaFinal(&sha, cert->issuerHash);
else
ShaFinal(&sha, cert->subjectHash);
#endif
length += cert->srcIdx;
idx = 0;
@ -1884,7 +1911,7 @@ static word32 BytePrecision(word32 value)
{
word32 i;
for (i = sizeof(value); i; --i)
if (value >> ((i - 1) * BIT_SIZE))
if (value >> ((i - 1) * CYASSL_BIT_SIZE))
break;
return i;
@ -1901,7 +1928,7 @@ static word32 SetLength(word32 length, byte* output)
output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH);
for (j = BytePrecision(length); j; --j) {
output[i] = (byte)(length >> ((j - 1) * BIT_SIZE));
output[i] = (byte)(length >> ((j - 1) * CYASSL_BIT_SIZE));
i++;
}
}
@ -2101,8 +2128,10 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
(void)sig;
(void)sigSz;
(void)heap;
(void)ret;
switch (sigOID) {
#ifndef NO_MD5
case CTC_MD5wRSA:
{
Md5 md5;
@ -2113,6 +2142,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
digestSz = MD5_DIGEST_SIZE;
}
break;
#endif
#if defined(CYASSL_MD2)
case CTC_MD2wRSA:
{
@ -2125,6 +2155,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
}
break;
#endif
#ifndef NO_SHA
case CTC_SHAwRSA:
case CTC_SHAwDSA:
case CTC_SHAwECDSA:
@ -2137,6 +2168,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
digestSz = SHA_DIGEST_SIZE;
}
break;
#endif
#ifndef NO_SHA256
case CTC_SHA256wRSA:
case CTC_SHA256wECDSA:

13
ctaocrypt/src/coding.c
View File

@ -23,6 +23,8 @@
#include <config.h>
#endif
#ifndef NO_CODING
#include <cyassl/ctaocrypt/coding.h>
#include <cyassl/ctaocrypt/error.h>
#include <cyassl/ctaocrypt/logging.h>
@ -104,16 +106,18 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
break;
inLen -= 4;
if (in[j] == ' ' || in[j] == '\r' || in[j] == '\n') {
if (inLen && (in[j] == ' ' || in[j] == '\r' || in[j] == '\n')) {
byte endLine = in[j++];
inLen--;
while (endLine == ' ') { /* allow trailing whitespace */
while (inLen && endLine == ' ') { /* allow trailing whitespace */
endLine = in[j++];
inLen--;
}
if (endLine == '\r') {
endLine = in[j++];
inLen--;
if (inLen) {
endLine = in[j++];
inLen--;
}
}
if (endLine != '\n') {
CYASSL_MSG("Bad end of line in Base64 Decode");
@ -263,3 +267,4 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
#endif /* defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER) */
#endif /* NO_CODING */

168
ctaocrypt/src/compress.c Normal file
View File

@ -0,0 +1,168 @@
/* compress.c
*
* Copyright (C) 2006-2013 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef HAVE_LIBZ
#include <cyassl/ctaocrypt/compress.h>
#include <cyassl/ctaocrypt/error.h>
#include <cyassl/ctaocrypt/logging.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
#else
#include <ctaocrypt/src/misc.c>
#endif
#include <zlib.h>
/* alloc user allocs to work with zlib */
static void* myAlloc(void* opaque, unsigned int item, unsigned int size)
{
(void)opaque;
return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ);
}
static void myFree(void* opaque, void* memory)
{
(void)opaque;
XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ);
}
#ifdef HAVE_MCAPI
#define DEFLATE_DEFAULT_WINDOWBITS 11
#define DEFLATE_DEFAULT_MEMLEVEL 1
#else
#define DEFLATE_DEFAULT_WINDOWBITS 15
#define DEFLATE_DEFAULT_MEMLEVEL 8
#endif
int Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 flags)
/*
* out - pointer to destination buffer
* outSz - size of destination buffer
* in - pointer to source buffer to compress
* inSz - size of source to compress
* flags - flags to control how compress operates
*
* return:
* negative - error code
* positive - bytes stored in out buffer
*
* Note, the output buffer still needs to be larger than the input buffer.
* The right chunk of data won't compress at all, and the lookup table will
* add to the size of the output. The libz code says the compressed
* buffer should be srcSz + 0.1% + 12.
*/
{
z_stream stream;
int result = 0;
stream.next_in = (Bytef*)in;
stream.avail_in = (uInt)inSz;
#ifdef MAXSEG_64K
/* Check for source > 64K on 16-bit machine: */
if ((uLong)stream.avail_in != inSz) return COMPRESS_INIT_E;
#endif
stream.next_out = out;
stream.avail_out = (uInt)outSz;
if ((uLong)stream.avail_out != outSz) return COMPRESS_INIT_E;
stream.zalloc = (alloc_func)myAlloc;
stream.zfree = (free_func)myFree;
stream.opaque = (voidpf)0;
if (deflateInit2(&stream, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
DEFLATE_DEFAULT_WINDOWBITS, DEFLATE_DEFAULT_MEMLEVEL,
flags ? Z_FIXED : Z_DEFAULT_STRATEGY) != Z_OK)
return COMPRESS_INIT_E;
if (deflate(&stream, Z_FINISH) != Z_STREAM_END) {
deflateEnd(&stream);
return COMPRESS_E;
}
result = (int)stream.total_out;
if (deflateEnd(&stream) != Z_OK)
result = COMPRESS_E;
return result;
}
int DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz)
/*
* out - pointer to destination buffer
* outSz - size of destination buffer
* in - pointer to source buffer to compress
* inSz - size of source to compress
* flags - flags to control how compress operates
*
* return:
* negative - error code
* positive - bytes stored in out buffer
*/
{
z_stream stream;
int result = 0;
stream.next_in = (Bytef*)in;
stream.avail_in = (uInt)inSz;
/* Check for source > 64K on 16-bit machine: */
if ((uLong)stream.avail_in != inSz) return DECOMPRESS_INIT_E;
stream.next_out = out;
stream.avail_out = (uInt)outSz;
if ((uLong)stream.avail_out != outSz) return DECOMPRESS_INIT_E;
stream.zalloc = (alloc_func)myAlloc;
stream.zfree = (free_func)myFree;
stream.opaque = (voidpf)0;
if (inflateInit2(&stream, DEFLATE_DEFAULT_WINDOWBITS) != Z_OK)
return DECOMPRESS_INIT_E;
if (inflate(&stream, Z_FINISH) != Z_STREAM_END) {
inflateEnd(&stream);
return DECOMPRESS_E;
}
result = (int)stream.total_out;
if (inflateEnd(&stream) != Z_OK)
result = DECOMPRESS_E;
return result;
}
#endif /* HAVE_LIBZ */

4
ctaocrypt/src/dh.c
View File

@ -83,8 +83,8 @@ static word32 DiscreteLogWorkFactor(word32 n)
static void GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
{
word32 sz = mp_unsigned_bin_size(&key->p);
sz = min(sz, 2 * DiscreteLogWorkFactor(sz * BIT_SIZE) / BIT_SIZE + 1);
sz = min(sz, 2 * DiscreteLogWorkFactor(sz * CYASSL_BIT_SIZE) /
CYASSL_BIT_SIZE + 1);
RNG_GenerateBlock(rng, priv, sz);
priv[0] |= 0x0C;

16
ctaocrypt/src/error.c
View File

@ -281,6 +281,22 @@ void CTaoCryptErrorString(int error, char* buffer)
XSTRNCPY(buffer, "Cavium Init type error", max);
break;
case COMPRESS_INIT_E:
XSTRNCPY(buffer, "Compress Init error", max);
break;
case COMPRESS_E:
XSTRNCPY(buffer, "Compress error", max);
break;
case DECOMPRESS_INIT_E:
XSTRNCPY(buffer, "DeCompress Init error", max);
break;
case DECOMPRESS_E:
XSTRNCPY(buffer, "DeCompress error", max);
break;
default:
XSTRNCPY(buffer, "unknown error number", max);

66
ctaocrypt/src/hmac.c
View File

@ -42,7 +42,8 @@ static int InitHmac(Hmac* hmac, int type)
hmac->innerHashKeyed = 0;
hmac->macType = (byte)type;
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384))
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
|| type == SHA512))
return BAD_FUNC_ARG;
switch (type) {
@ -52,9 +53,11 @@ static int InitHmac(Hmac* hmac, int type)
break;
#endif
#ifndef NO_SHA
case SHA:
InitSha(&hmac->hash.sha);
break;
#endif
#ifndef NO_SHA256
case SHA256:
@ -68,6 +71,12 @@ static int InitHmac(Hmac* hmac, int type)
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
InitSha512(&hmac->hash.sha512);
break;
#endif
default:
break;
}
@ -80,7 +89,7 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
byte* ip = (byte*) hmac->ipad;
byte* op = (byte*) hmac->opad;
word32 i, hmac_block_size = SHA_BLOCK_SIZE;
word32 i, hmac_block_size = 0;
#ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
@ -106,8 +115,10 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
break;
#endif
#ifndef NO_SHA
case SHA:
{
hmac_block_size = SHA_BLOCK_SIZE;
if (length <= SHA_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
@ -118,6 +129,7 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
}
}
break;
#endif
#ifndef NO_SHA256
case SHA256:
@ -151,6 +163,22 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
{
hmac_block_size = SHA512_BLOCK_SIZE;
if (length <= SHA512_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
Sha512Update(&hmac->hash.sha512, key, length);
Sha512Final(&hmac->hash.sha512, ip);
length = SHA512_DIGEST_SIZE;
}
}
break;
#endif
default:
break;
}
@ -173,9 +201,11 @@ static void HmacKeyInnerHash(Hmac* hmac)
break;
#endif
#ifndef NO_SHA
case SHA:
ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
break;
#endif
#ifndef NO_SHA256
case SHA256:
@ -191,6 +221,13 @@ static void HmacKeyInnerHash(Hmac* hmac)
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
Sha512Update(&hmac->hash.sha512,
(byte*) hmac->ipad, SHA512_BLOCK_SIZE);
break;
#endif
default:
break;
}
@ -216,9 +253,11 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
break;
#endif
#ifndef NO_SHA
case SHA:
ShaUpdate(&hmac->hash.sha, msg, length);
break;
#endif
#ifndef NO_SHA256
case SHA256:
@ -232,6 +271,12 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
Sha512Update(&hmac->hash.sha512, msg, length);
break;
#endif
default:
break;
}
@ -264,6 +309,7 @@ void HmacFinal(Hmac* hmac, byte* hash)
break;
#endif
#ifndef NO_SHA
case SHA:
{
ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
@ -275,6 +321,7 @@ void HmacFinal(Hmac* hmac, byte* hash)
ShaFinal(&hmac->hash.sha, hash);
}
break;
#endif
#ifndef NO_SHA256
case SHA256:
@ -306,6 +353,21 @@ void HmacFinal(Hmac* hmac, byte* hash)
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
{
Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash);
Sha512Update(&hmac->hash.sha512,
(byte*) hmac->opad, SHA512_BLOCK_SIZE);
Sha512Update(&hmac->hash.sha512,
(byte*) hmac->innerHash, SHA512_DIGEST_SIZE);
Sha512Final(&hmac->hash.sha512, hash);
}
break;
#endif
default:
break;
}

7
ctaocrypt/src/integer.c
View File

@ -33,6 +33,8 @@
/* in case user set USE_FAST_MATH there */
#include <cyassl/ctaocrypt/settings.h>
#ifndef NO_BIG_INT
#ifndef USE_FAST_MATH
#include <cyassl/ctaocrypt/integer.h>
@ -43,6 +45,8 @@
#endif
#endif
static void bn_reverse (unsigned char *s, int len);
/* math settings check */
word32 CheckRunTimeSettings(void)
{
@ -3732,7 +3736,7 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c)
#endif
#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || !defined(NO_PWDBASED)
#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || defined(OPENSSL_EXTRA)
/* single digit addition */
int mp_add_d (mp_int* a, mp_digit b, mp_int* c)
@ -4452,3 +4456,4 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
#endif /* USE_FAST_MATH */
#endif /* NO_BIG_INT */

3
ctaocrypt/src/md5.c
View File

@ -24,6 +24,8 @@
#include <config.h>
#endif
#ifndef NO_MD5
#include <cyassl/ctaocrypt/md5.h>
#ifdef NO_INLINE
@ -340,3 +342,4 @@ void Md5Final(Md5* md5, byte* hash)
#endif /* STM32F2_CRYPTO */
#endif /* NO_MD5 */

4
ctaocrypt/src/misc.c
View File

@ -163,8 +163,8 @@ STATIC INLINE void XorWords(word* r, const word* a, word32 n)
STATIC INLINE void xorbuf(byte* buf, const byte* mask, word32 count)
{
if (((word)buf | (word)mask | count) % WORD_SIZE == 0)
XorWords( (word*)buf, (const word*)mask, count / WORD_SIZE);
if (((word)buf | (word)mask | count) % CYASSL_WORD_SIZE == 0)
XorWords( (word*)buf, (const word*)mask, count / CYASSL_WORD_SIZE);
else {
word32 i;
for (i = 0; i < count; i++) buf[i] ^= mask[i];

4
ctaocrypt/src/random.c
View File

@ -58,6 +58,7 @@
#endif
#endif /* USE_WINDOWS_API */
#if !defined( NO_CYASSL_RANDOM )
#ifdef NO_RC4
@ -568,7 +569,7 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#elif defined(NO_DEV_RANDOM)
#error "you need to write an os specific GenerateSeed() here"
#warning "you need to write an os specific GenerateSeed() here"
#else /* !USE_WINDOWS_API && !THREADX && !MICRIUM && !NO_DEV_RANDOM */
@ -613,3 +614,4 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#endif /* USE_WINDOWS_API */
#endif /* NO_CYASSL_RANDOM */

4
ctaocrypt/src/sha.c
View File

@ -19,10 +19,13 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifndef NO_SHA
#include <cyassl/ctaocrypt/sha.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
@ -345,3 +348,4 @@ void ShaFinal(Sha* sha, byte* hash)
#endif /* STM32F2_CRYPTO */
#endif /* NO_SHA */

217
ctaocrypt/test/test.c
View File

@ -51,6 +51,9 @@
#ifdef HAVE_ECC
#include <cyassl/ctaocrypt/ecc.h>
#endif
#ifdef HAVE_LIBZ
#include <cyassl/ctaocrypt/compress.h>
#endif
#ifdef _MSC_VER
/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
@ -116,6 +119,7 @@ int hmac_md5_test(void);
int hmac_sha_test(void);
int hmac_sha256_test(void);
int hmac_sha384_test(void);
int hmac_sha512_test(void);
int arc4_test(void);
int hc128_test(void);
int rabbit_test(void);
@ -138,6 +142,9 @@ int pbkdf2_test(void);
#ifdef HAVE_ECC
int ecc_test(void);
#endif
#ifdef HAVE_LIBZ
int compress_test(void);
#endif
@ -166,7 +173,7 @@ void ctaocrypt_test(void* args)
((func_args*)args)->return_code = -1; /* error state */
#if !defined(CYASSL_LEANPSK)
#if !defined(NO_BIG_INT)
if (CheckCtcSettings() != 1)
err_sys("Build vs runtime math mismatch\n", -1234);
@ -174,7 +181,7 @@ void ctaocrypt_test(void* args)
if (CheckFastMathSettings() != 1)
err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n", -1235);
#endif /* USE_FAST_MATH */
#endif /* !CYASSL_LEANPSK */
#endif /* !NO_BIG_INT */
#ifndef NO_MD5
@ -198,10 +205,12 @@ void ctaocrypt_test(void* args)
printf( "MD4 test passed!\n");
#endif
#ifndef NO_SHA
if ( (ret = sha_test()) )
err_sys("SHA test failed!\n", ret);
else
printf( "SHA test passed!\n");
#endif
#ifndef NO_SHA256
if ( (ret = sha256_test()) )
@ -239,10 +248,12 @@ void ctaocrypt_test(void* args)
printf( "HMAC-MD5 test passed!\n");
#endif
#ifndef NO_SHA
if ( (ret = hmac_sha_test()) )
err_sys("HMAC-SHA test failed!\n", ret);
else
printf( "HMAC-SHA test passed!\n");
#endif
#ifndef NO_SHA256
if ( (ret = hmac_sha256_test()) )
@ -258,6 +269,13 @@ void ctaocrypt_test(void* args)
printf( "HMAC-SHA384 test passed!\n");
#endif
#ifdef CYASSL_SHA512
if ( (ret = hmac_sha512_test()) )
err_sys("HMAC-SHA512 test failed!\n", ret);
else
printf( "HMAC-SHA512 test passed!\n");
#endif
#endif
#ifndef NO_RC4
@ -370,6 +388,12 @@ void ctaocrypt_test(void* args)
printf( "ECC test passed!\n");
#endif
#ifdef HAVE_LIBZ
if ( (ret = compress_test()) )
err_sys("COMPRESS test failed!\n", ret);
else
printf( "COMPRESS test passed!\n");
#endif
((func_args*)args)->return_code = ret;
}
@ -643,6 +667,8 @@ int md4_test(void)
#endif /* NO_MD4 */
#ifndef NO_SHA
int sha_test(void)
{
Sha sha;
@ -697,6 +723,7 @@ int sha_test(void)
return 0;
}
#endif /* NO_SHA */
#ifdef CYASSL_RIPEMD
int ripemd_test(void)
@ -1161,6 +1188,75 @@ int hmac_sha384_test(void)
#endif
#if !defined(NO_HMAC) && defined(CYASSL_SHA512)
int hmac_sha512_test(void)
{
Hmac hmac;
byte hash[SHA512_DIGEST_SIZE];
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
"Jefe",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
testVector a, b, c;
testVector test_hmac[3];
int times = sizeof(test_hmac) / sizeof(testVector), i;
a.input = "Hi There";
a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
"\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
"\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
"\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
"\x3a\x12\x68\x54";
a.inLen = strlen(a.input);
a.outLen = SHA512_DIGEST_SIZE;
b.input = "what do ya want for nothing?";
b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
"\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
"\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
"\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
"\x38\xbc\xe7\x37";
b.inLen = strlen(b.input);
b.outLen = SHA512_DIGEST_SIZE;
c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD";
c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
"\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
"\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
"\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
"\xe1\x32\x92\xfb";
c.inLen = strlen(c.input);
c.outLen = SHA512_DIGEST_SIZE;
test_hmac[0] = a;
test_hmac[1] = b;
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
HmacSetKey(&hmac, SHA512, (byte*)keys[i], (word32)strlen(keys[i]));
HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
HmacFinal(&hmac, hash);
if (memcmp(hash, test_hmac[i].output, SHA512_DIGEST_SIZE) != 0)
return -20 - i;
}
return 0;
}
#endif
#ifndef NO_RC4
int arc4_test(void)
{
@ -3056,3 +3152,120 @@ int ecc_test(void)
}
#endif /* HAVE_ECC */
#ifdef HAVE_LIBZ
const byte sample_text[] =
"Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
"polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
"marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
"plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
"selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
"small batch meggings kogi dolore food truck bespoke gastropub.\n"
"\n"
"Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
"four loko you probably haven't heard of them high life. Messenger bag\n"
"whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
"et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
"Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
"food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
"readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
"richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
"mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
"four loko whatever street art yr farm-to-table.\n"
"\n"
"Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
"pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
"et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
"nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
"seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
"eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
"readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
"ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
"locavore.\n"
"\n"
"Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
"banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
"cillum pickled velit, YOLO officia you probably haven't heard of them\n"
"trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
"small batch american apparel. Put a bird on it cosby sweater before they\n"
"sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
"DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
"Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
"excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
"neutra PBR selvage.\n"
"\n"
"Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
"next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
"authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
"wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
"tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
"trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
"incididunt flannel sustainable helvetica pork belly pug banksy you\n"
"probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
"mollit magna, sriracha sartorial helvetica.\n"
"\n"
"Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
"ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
"of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
"reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
"skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
"organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
"Veniam sunt food truck leggings, sint vinyl fap.\n"
"\n"
"Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
"them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
"apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
"flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
"letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
"Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
"delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
"magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
"pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
"\n"
"Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
"meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
"dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
"locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
"tousled beard mollit mustache leggings portland next level. Nihil esse\n"
"est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
"swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
"bag dolor terry richardson sapiente.\n";
int compress_test(void)
{
int ret = 0;
word32 dSz = sizeof(sample_text);
word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
byte *c = NULL;
byte *d = NULL;
c = calloc(cSz, sizeof(byte));
d = calloc(dSz, sizeof(byte));
if (c == NULL || d == NULL)
ret = -300;
if (ret == 0 && (ret = Compress(c, cSz, sample_text, dSz, 0)) < 0)
ret = -301;
if (ret > 0) {
cSz = (word32)ret;
ret = 0;
}
if (ret == 0 && DeCompress(d, dSz, c, cSz) != (int)dSz)
ret = -302;
if (ret == 0 && memcmp(d, sample_text, dSz))
ret = -303;
if (c) free(c);
if (d) free(d);
return ret;
}
#endif /* HAVE_LIBZ */

379
cyassl-ios.xcodeproj/project.pbxproj Normal file
View File

@ -0,0 +1,379 @@
// !$*UTF8*$!
{
archiveVersion = 1;
classes = {
};
objectVersion = 46;
objects = {
/* Begin PBXBuildFile section */
52B1348216F3CCC400C07B32 /* tls.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1347B16F3CCC400C07B32 /* tls.c */; };
52B1348316F3CCC400C07B32 /* ssl.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1347C16F3CCC400C07B32 /* ssl.c */; };
52B1348416F3CCC400C07B32 /* ocsp.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1347D16F3CCC400C07B32 /* ocsp.c */; };
52B1348516F3CCC400C07B32 /* keys.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1347E16F3CCC400C07B32 /* keys.c */; };
52B1348616F3CCC400C07B32 /* io.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1347F16F3CCC400C07B32 /* io.c */; };
52B1348716F3CCC400C07B32 /* internal.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1348016F3CCC400C07B32 /* internal.c */; };
52B1348816F3CCC400C07B32 /* crl.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1348116F3CCC400C07B32 /* crl.c */; };
52B134A316F3CDF300C07B32 /* tfm.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1348916F3CDF300C07B32 /* tfm.c */; };
52B134A416F3CDF300C07B32 /* sha256.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1348A16F3CDF300C07B32 /* sha256.c */; };
52B134A516F3CDF300C07B32 /* sha.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1348B16F3CDF300C07B32 /* sha.c */; };
52B134A616F3CDF300C07B32 /* rsa.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1348C16F3CDF300C07B32 /* rsa.c */; };
52B134A716F3CDF300C07B32 /* ripemd.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1348D16F3CDF300C07B32 /* ripemd.c */; };
52B134A816F3CDF300C07B32 /* random.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1348E16F3CDF300C07B32 /* random.c */; };
52B134A916F3CDF300C07B32 /* rabbit.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1348F16F3CDF300C07B32 /* rabbit.c */; };
52B134AA16F3CDF300C07B32 /* pwdbased.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349016F3CDF300C07B32 /* pwdbased.c */; };
52B134AB16F3CDF300C07B32 /* misc.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349116F3CDF300C07B32 /* misc.c */; };
52B134AC16F3CDF300C07B32 /* memory.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349216F3CDF300C07B32 /* memory.c */; };
52B134AD16F3CDF300C07B32 /* md5.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349316F3CDF300C07B32 /* md5.c */; };
52B134AE16F3CDF300C07B32 /* md4.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349416F3CDF300C07B32 /* md4.c */; };
52B134AF16F3CDF300C07B32 /* logging.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349516F3CDF300C07B32 /* logging.c */; };
52B134B016F3CDF300C07B32 /* integer.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349616F3CDF300C07B32 /* integer.c */; };
52B134B116F3CDF300C07B32 /* hmac.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349716F3CDF300C07B32 /* hmac.c */; };
52B134B216F3CDF300C07B32 /* hc128.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349816F3CDF300C07B32 /* hc128.c */; };
52B134B316F3CDF300C07B32 /* error.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349916F3CDF300C07B32 /* error.c */; };
52B134B416F3CDF300C07B32 /* ecc.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349A16F3CDF300C07B32 /* ecc.c */; };
52B134B516F3CDF300C07B32 /* dsa.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349B16F3CDF300C07B32 /* dsa.c */; };
52B134B616F3CDF300C07B32 /* dh.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349C16F3CDF300C07B32 /* dh.c */; };
52B134B716F3CDF300C07B32 /* des3.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349D16F3CDF300C07B32 /* des3.c */; };
52B134B816F3CDF300C07B32 /* coding.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349E16F3CDF300C07B32 /* coding.c */; };
52B134B916F3CDF300C07B32 /* camellia.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1349F16F3CDF300C07B32 /* camellia.c */; };
52B134BA16F3CDF300C07B32 /* asn.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B134A016F3CDF300C07B32 /* asn.c */; };
52B134BB16F3CDF300C07B32 /* arc4.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B134A116F3CDF300C07B32 /* arc4.c */; };
52B134BC16F3CDF300C07B32 /* aes.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B134A216F3CDF300C07B32 /* aes.c */; };
/* End PBXBuildFile section */
/* Begin PBXCopyFilesBuildPhase section */
52B1344B16F3C9E800C07B32 /* CopyFiles */ = {
isa = PBXCopyFilesBuildPhase;
buildActionMask = 2147483647;
dstPath = "include/${PRODUCT_NAME}";
dstSubfolderSpec = 16;
files = (
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXCopyFilesBuildPhase section */
/* Begin PBXFileReference section */
52B1344D16F3C9E800C07B32 /* libcyassl-ios.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = "libcyassl-ios.a"; sourceTree = BUILT_PRODUCTS_DIR; };
52B1347B16F3CCC400C07B32 /* tls.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = tls.c; path = src/tls.c; sourceTree = SOURCE_ROOT; };
52B1347C16F3CCC400C07B32 /* ssl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = ssl.c; path = src/ssl.c; sourceTree = SOURCE_ROOT; };
52B1347D16F3CCC400C07B32 /* ocsp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = ocsp.c; path = src/ocsp.c; sourceTree = SOURCE_ROOT; };
52B1347E16F3CCC400C07B32 /* keys.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = keys.c; path = src/keys.c; sourceTree = SOURCE_ROOT; };
52B1347F16F3CCC400C07B32 /* io.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = io.c; path = src/io.c; sourceTree = SOURCE_ROOT; };
52B1348016F3CCC400C07B32 /* internal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = internal.c; path = src/internal.c; sourceTree = SOURCE_ROOT; };
52B1348116F3CCC400C07B32 /* crl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = crl.c; path = src/crl.c; sourceTree = SOURCE_ROOT; };
52B1348916F3CDF300C07B32 /* tfm.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = tfm.c; path = ctaocrypt/src/tfm.c; sourceTree = SOURCE_ROOT; };
52B1348A16F3CDF300C07B32 /* sha256.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sha256.c; path = ctaocrypt/src/sha256.c; sourceTree = SOURCE_ROOT; };
52B1348B16F3CDF300C07B32 /* sha.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sha.c; path = ctaocrypt/src/sha.c; sourceTree = SOURCE_ROOT; };
52B1348C16F3CDF300C07B32 /* rsa.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = rsa.c; path = ctaocrypt/src/rsa.c; sourceTree = SOURCE_ROOT; };
52B1348D16F3CDF300C07B32 /* ripemd.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = ripemd.c; path = ctaocrypt/src/ripemd.c; sourceTree = SOURCE_ROOT; };
52B1348E16F3CDF300C07B32 /* random.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = random.c; path = ctaocrypt/src/random.c; sourceTree = SOURCE_ROOT; };
52B1348F16F3CDF300C07B32 /* rabbit.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = rabbit.c; path = ctaocrypt/src/rabbit.c; sourceTree = SOURCE_ROOT; };
52B1349016F3CDF300C07B32 /* pwdbased.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = pwdbased.c; path = ctaocrypt/src/pwdbased.c; sourceTree = SOURCE_ROOT; };
52B1349116F3CDF300C07B32 /* misc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = misc.c; path = ctaocrypt/src/misc.c; sourceTree = SOURCE_ROOT; };
52B1349216F3CDF300C07B32 /* memory.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = memory.c; path = ctaocrypt/src/memory.c; sourceTree = SOURCE_ROOT; };
52B1349316F3CDF300C07B32 /* md5.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = md5.c; path = ctaocrypt/src/md5.c; sourceTree = SOURCE_ROOT; };
52B1349416F3CDF300C07B32 /* md4.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = md4.c; path = ctaocrypt/src/md4.c; sourceTree = SOURCE_ROOT; };
52B1349516F3CDF300C07B32 /* logging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = logging.c; path = ctaocrypt/src/logging.c; sourceTree = SOURCE_ROOT; };
52B1349616F3CDF300C07B32 /* integer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = integer.c; path = ctaocrypt/src/integer.c; sourceTree = SOURCE_ROOT; };
52B1349716F3CDF300C07B32 /* hmac.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hmac.c; path = ctaocrypt/src/hmac.c; sourceTree = SOURCE_ROOT; };
52B1349816F3CDF300C07B32 /* hc128.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hc128.c; path = ctaocrypt/src/hc128.c; sourceTree = SOURCE_ROOT; };
52B1349916F3CDF300C07B32 /* error.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = error.c; path = ctaocrypt/src/error.c; sourceTree = SOURCE_ROOT; };
52B1349A16F3CDF300C07B32 /* ecc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = ecc.c; path = ctaocrypt/src/ecc.c; sourceTree = SOURCE_ROOT; };
52B1349B16F3CDF300C07B32 /* dsa.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = dsa.c; path = ctaocrypt/src/dsa.c; sourceTree = SOURCE_ROOT; };
52B1349C16F3CDF300C07B32 /* dh.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = dh.c; path = ctaocrypt/src/dh.c; sourceTree = SOURCE_ROOT; };
52B1349D16F3CDF300C07B32 /* des3.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = des3.c; path = ctaocrypt/src/des3.c; sourceTree = SOURCE_ROOT; };
52B1349E16F3CDF300C07B32 /* coding.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = coding.c; path = ctaocrypt/src/coding.c; sourceTree = SOURCE_ROOT; };
52B1349F16F3CDF300C07B32 /* camellia.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = camellia.c; path = ctaocrypt/src/camellia.c; sourceTree = SOURCE_ROOT; };
52B134A016F3CDF300C07B32 /* asn.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = asn.c; path = ctaocrypt/src/asn.c; sourceTree = SOURCE_ROOT; };
52B134A116F3CDF300C07B32 /* arc4.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = arc4.c; path = ctaocrypt/src/arc4.c; sourceTree = SOURCE_ROOT; };
52B134A216F3CDF300C07B32 /* aes.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = aes.c; path = ctaocrypt/src/aes.c; sourceTree = SOURCE_ROOT; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
52B1344A16F3C9E800C07B32 /* Frameworks */ = {
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXFrameworksBuildPhase section */
/* Begin PBXGroup section */
52B1344416F3C9E800C07B32 = {
isa = PBXGroup;
children = (
52B1347816F3CC0400C07B32 /* Source */,
52B1344E16F3C9E800C07B32 /* Products */,
);
sourceTree = "<group>";
};
52B1344E16F3C9E800C07B32 /* Products */ = {
isa = PBXGroup;
children = (
52B1344D16F3C9E800C07B32 /* libcyassl-ios.a */,
);
name = Products;
sourceTree = "<group>";
};
52B1347816F3CC0400C07B32 /* Source */ = {
isa = PBXGroup;
children = (
52B1347916F3CC9200C07B32 /* cyaSSL */,
52B1347A16F3CC9A00C07B32 /* wolfCrypt */,
);
name = Source;
path = "cyassl-ios";
sourceTree = "<group>";
};
52B1347916F3CC9200C07B32 /* cyaSSL */ = {
isa = PBXGroup;
children = (
52B1347B16F3CCC400C07B32 /* tls.c */,
52B1347C16F3CCC400C07B32 /* ssl.c */,
52B1347D16F3CCC400C07B32 /* ocsp.c */,
52B1347E16F3CCC400C07B32 /* keys.c */,
52B1347F16F3CCC400C07B32 /* io.c */,
52B1348016F3CCC400C07B32 /* internal.c */,
52B1348116F3CCC400C07B32 /* crl.c */,
);
name = cyaSSL;
sourceTree = "<group>";
};
52B1347A16F3CC9A00C07B32 /* wolfCrypt */ = {
isa = PBXGroup;
children = (
52B1348916F3CDF300C07B32 /* tfm.c */,
52B1348A16F3CDF300C07B32 /* sha256.c */,
52B1348B16F3CDF300C07B32 /* sha.c */,
52B1348C16F3CDF300C07B32 /* rsa.c */,
52B1348D16F3CDF300C07B32 /* ripemd.c */,
52B1348E16F3CDF300C07B32 /* random.c */,
52B1348F16F3CDF300C07B32 /* rabbit.c */,
52B1349016F3CDF300C07B32 /* pwdbased.c */,
52B1349116F3CDF300C07B32 /* misc.c */,
52B1349216F3CDF300C07B32 /* memory.c */,
52B1349316F3CDF300C07B32 /* md5.c */,
52B1349416F3CDF300C07B32 /* md4.c */,
52B1349516F3CDF300C07B32 /* logging.c */,
52B1349616F3CDF300C07B32 /* integer.c */,
52B1349716F3CDF300C07B32 /* hmac.c */,
52B1349816F3CDF300C07B32 /* hc128.c */,
52B1349916F3CDF300C07B32 /* error.c */,
52B1349A16F3CDF300C07B32 /* ecc.c */,
52B1349B16F3CDF300C07B32 /* dsa.c */,
52B1349C16F3CDF300C07B32 /* dh.c */,
52B1349D16F3CDF300C07B32 /* des3.c */,
52B1349E16F3CDF300C07B32 /* coding.c */,
52B1349F16F3CDF300C07B32 /* camellia.c */,
52B134A016F3CDF300C07B32 /* asn.c */,
52B134A116F3CDF300C07B32 /* arc4.c */,
52B134A216F3CDF300C07B32 /* aes.c */,
);
name = wolfCrypt;
sourceTree = "<group>";
};
/* End PBXGroup section */
/* Begin PBXNativeTarget section */
52B1344C16F3C9E800C07B32 /* cyassl-ios */ = {
isa = PBXNativeTarget;
buildConfigurationList = 52B1347216F3C9E800C07B32 /* Build configuration list for PBXNativeTarget "cyassl-ios" */;
buildPhases = (
52B1344916F3C9E800C07B32 /* Sources */,
52B1344A16F3C9E800C07B32 /* Frameworks */,
52B1344B16F3C9E800C07B32 /* CopyFiles */,
);
buildRules = (
);
dependencies = (
);
name = "cyassl-ios";
productName = "cyassl-ios";
productReference = 52B1344D16F3C9E800C07B32 /* libcyassl-ios.a */;
productType = "com.apple.product-type.library.static";
};
/* End PBXNativeTarget section */
/* Begin PBXProject section */
52B1344516F3C9E800C07B32 /* Project object */ = {
isa = PBXProject;
attributes = {
LastUpgradeCheck = 0460;
ORGANIZATIONNAME = "wolfSSL Inc";
};
buildConfigurationList = 52B1344816F3C9E800C07B32 /* Build configuration list for PBXProject "cyassl-ios" */;
compatibilityVersion = "Xcode 3.2";
developmentRegion = English;
hasScannedForEncodings = 0;
knownRegions = (
en,
);
mainGroup = 52B1344416F3C9E800C07B32;
productRefGroup = 52B1344E16F3C9E800C07B32 /* Products */;
projectDirPath = "";
projectRoot = "";
targets = (
52B1344C16F3C9E800C07B32 /* cyassl-ios */,
);
};
/* End PBXProject section */
/* Begin PBXSourcesBuildPhase section */
52B1344916F3C9E800C07B32 /* Sources */ = {
isa = PBXSourcesBuildPhase;
buildActionMask = 2147483647;
files = (
52B1348216F3CCC400C07B32 /* tls.c in Sources */,
52B1348316F3CCC400C07B32 /* ssl.c in Sources */,
52B1348416F3CCC400C07B32 /* ocsp.c in Sources */,
52B1348516F3CCC400C07B32 /* keys.c in Sources */,
52B1348616F3CCC400C07B32 /* io.c in Sources */,
52B1348716F3CCC400C07B32 /* internal.c in Sources */,
52B1348816F3CCC400C07B32 /* crl.c in Sources */,
52B134A316F3CDF300C07B32 /* tfm.c in Sources */,
52B134A416F3CDF300C07B32 /* sha256.c in Sources */,
52B134A516F3CDF300C07B32 /* sha.c in Sources */,
52B134A616F3CDF300C07B32 /* rsa.c in Sources */,
52B134A716F3CDF300C07B32 /* ripemd.c in Sources */,
52B134A816F3CDF300C07B32 /* random.c in Sources */,
52B134A916F3CDF300C07B32 /* rabbit.c in Sources */,
52B134AA16F3CDF300C07B32 /* pwdbased.c in Sources */,
52B134AB16F3CDF300C07B32 /* misc.c in Sources */,
52B134AC16F3CDF300C07B32 /* memory.c in Sources */,
52B134AD16F3CDF300C07B32 /* md5.c in Sources */,
52B134AE16F3CDF300C07B32 /* md4.c in Sources */,
52B134AF16F3CDF300C07B32 /* logging.c in Sources */,
52B134B016F3CDF300C07B32 /* integer.c in Sources */,
52B134B116F3CDF300C07B32 /* hmac.c in Sources */,
52B134B216F3CDF300C07B32 /* hc128.c in Sources */,
52B134B316F3CDF300C07B32 /* error.c in Sources */,
52B134B416F3CDF300C07B32 /* ecc.c in Sources */,
52B134B516F3CDF300C07B32 /* dsa.c in Sources */,
52B134B616F3CDF300C07B32 /* dh.c in Sources */,
52B134B716F3CDF300C07B32 /* des3.c in Sources */,
52B134B816F3CDF300C07B32 /* coding.c in Sources */,
52B134B916F3CDF300C07B32 /* camellia.c in Sources */,
52B134BA16F3CDF300C07B32 /* asn.c in Sources */,
52B134BB16F3CDF300C07B32 /* arc4.c in Sources */,
52B134BC16F3CDF300C07B32 /* aes.c in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXSourcesBuildPhase section */
/* Begin XCBuildConfiguration section */
52B1347016F3C9E800C07B32 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
CLANG_CXX_LIBRARY = "libc++";
CLANG_WARN_CONSTANT_CONVERSION = YES;
CLANG_WARN_EMPTY_BODY = YES;
CLANG_WARN_ENUM_CONVERSION = YES;
CLANG_WARN_INT_CONVERSION = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
COPY_PHASE_STRIP = NO;
GCC_C_LANGUAGE_STANDARD = gnu99;
GCC_DYNAMIC_NO_PIC = NO;
GCC_OPTIMIZATION_LEVEL = 0;
GCC_PREPROCESSOR_DEFINITIONS = (
"DEBUG=1",
"$(inherited)",
);
GCC_SYMBOLS_PRIVATE_EXTERN = NO;
GCC_WARN_ABOUT_RETURN_TYPE = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
IPHONEOS_DEPLOYMENT_TARGET = 6.1;
ONLY_ACTIVE_ARCH = YES;
SDKROOT = iphoneos;
USER_HEADER_SEARCH_PATHS = "cyassl/ctaocrypt cyassl include";
};
name = Debug;
};
52B1347116F3C9E800C07B32 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
CLANG_CXX_LIBRARY = "libc++";
CLANG_WARN_CONSTANT_CONVERSION = YES;
CLANG_WARN_EMPTY_BODY = YES;
CLANG_WARN_ENUM_CONVERSION = YES;
CLANG_WARN_INT_CONVERSION = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
COPY_PHASE_STRIP = YES;
GCC_C_LANGUAGE_STANDARD = gnu99;
GCC_WARN_ABOUT_RETURN_TYPE = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
IPHONEOS_DEPLOYMENT_TARGET = 6.1;
SDKROOT = iphoneos;
USER_HEADER_SEARCH_PATHS = "cyassl/ctaocrypt cyassl include";
VALIDATE_PRODUCT = NO;
};
name = Release;
};
52B1347316F3C9E800C07B32 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = YES;
CLANG_LINK_OBJC_RUNTIME = NO;
DSTROOT = /tmp/cyassl_ios.dst;
GCC_PRECOMPILE_PREFIX_HEADER = NO;
GCC_PREFIX_HEADER = "";
HEADER_SEARCH_PATHS = $SRCROOT;
OTHER_LDFLAGS = "";
PRODUCT_NAME = "$(TARGET_NAME)";
SKIP_INSTALL = YES;
TARGETED_DEVICE_FAMILY = "1,2";
USER_HEADER_SEARCH_PATHS = "cyassl/ctaocrypt cyassl";
};
name = Debug;
};
52B1347416F3C9E800C07B32 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = YES;
CLANG_LINK_OBJC_RUNTIME = NO;
DSTROOT = /tmp/cyassl_ios.dst;
GCC_PRECOMPILE_PREFIX_HEADER = NO;
GCC_PREFIX_HEADER = "";
HEADER_SEARCH_PATHS = $SRCROOT;
OTHER_LDFLAGS = "";
PRODUCT_NAME = "$(TARGET_NAME)";
SKIP_INSTALL = YES;
TARGETED_DEVICE_FAMILY = "1,2";
USER_HEADER_SEARCH_PATHS = "cyassl/ctaocrypt cyassl";
};
name = Release;
};
/* End XCBuildConfiguration section */
/* Begin XCConfigurationList section */
52B1344816F3C9E800C07B32 /* Build configuration list for PBXProject "cyassl-ios" */ = {
isa = XCConfigurationList;
buildConfigurations = (
52B1347016F3C9E800C07B32 /* Debug */,
52B1347116F3C9E800C07B32 /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
52B1347216F3C9E800C07B32 /* Build configuration list for PBXNativeTarget "cyassl-ios" */ = {
isa = XCConfigurationList;
buildConfigurations = (
52B1347316F3C9E800C07B32 /* Debug */,
52B1347416F3C9E800C07B32 /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
/* End XCConfigurationList section */
};
rootObject = 52B1344516F3C9E800C07B32 /* Project object */;
}

4
cyassl/crl.h
View File

@ -23,6 +23,9 @@
#ifndef CYASSL_CRL_H
#define CYASSL_CRL_H
#ifdef HAVE_CRL
#include <cyassl/ssl.h>
#include <cyassl/ctaocrypt/asn.h>
@ -44,4 +47,5 @@ CYASSL_LOCAL int CheckCertCRL(CYASSL_CRL*, DecodedCert*);
} /* extern "C" */
#endif
#endif /* HAVE_CRL */
#endif /* CYASSL_CRL_H */

7
cyassl/ctaocrypt/asn.h
View File

@ -273,6 +273,11 @@ struct DecodedCert {
#endif /* CYASSL_CERT_GEN */
};
#ifdef SHA_DIGEST_SIZE
#define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
#else
#define SIGNER_DIGEST_SIZE 160
#endif
/* CA Signers */
struct Signer {
@ -280,7 +285,7 @@ struct Signer {
word32 pubKeySize;
word32 keyOID; /* key type */
char* name; /* common name */
byte hash[SHA_DIGEST_SIZE]; /* sha hash of names in certificate */
byte hash[SIGNER_DIGEST_SIZE];/* sha hash of names in certificate */
Signer* next;
};

52
cyassl/ctaocrypt/compress.h Normal file
View File

@ -0,0 +1,52 @@
/* compress.h
*
* Copyright (C) 2006-2013 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_LIBZ
#ifndef CTAO_CRYPT_COMPRESS_H
#define CTAO_CRYPT_COMPRESS_H
#include <cyassl/ctaocrypt/types.h>
#ifdef __cplusplus
extern "C" {
#endif
#define COMPRESS_FIXED 1
CYASSL_API int Compress(byte*, word32, const byte*, word32, word32);
CYASSL_API int DeCompress(byte*, word32, const byte*, word32);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* CTAO_CRYPT_COMPRESS_H */
#endif /* HAVE_LIBZ */

7
cyassl/ctaocrypt/error.h
View File

@ -103,11 +103,16 @@ enum {
CAVIUM_INIT_E = -182, /* Cavium Init type error */
COMPRESS_INIT_E = -183, /* Compress init error */
COMPRESS_E = -184, /* Compress error */
DECOMPRESS_INIT_E = -185, /* DeCompress init error */
DECOMPRESS_E = -186, /* DeCompress error */
MIN_CODE_E = -200 /* errors -101 - -199 */
};
CYASSL_API void CTaoCryptErrorString(int error, char* buffer);
CYASSL_API void CTaoCryptErrorString(int err, char* buff);
#ifdef __cplusplus

14
cyassl/ctaocrypt/hmac.h
View File

@ -57,17 +57,22 @@ enum {
#ifdef NO_MD5
MD5 = 0,
#endif
#if defined(CYASSL_SHA384)
#if defined(CYASSL_SHA512)
INNER_HASH_SIZE = SHA512_DIGEST_SIZE,
HMAC_BLOCK_SIZE = SHA512_BLOCK_SIZE
#elif defined(CYASSL_SHA384)
INNER_HASH_SIZE = SHA384_DIGEST_SIZE,
HMAC_BLOCK_SIZE = SHA384_BLOCK_SIZE
#elif !defined(NO_SHA256)
INNER_HASH_SIZE = SHA256_DIGEST_SIZE,
HMAC_BLOCK_SIZE = SHA256_BLOCK_SIZE,
SHA512 = 4,
SHA384 = 5
#else
INNER_HASH_SIZE = SHA_DIGEST_SIZE,
HMAC_BLOCK_SIZE = SHA_BLOCK_SIZE,
SHA256 = 2, /* hash type unique */
SHA512 = 4,
SHA384 = 5
#endif
};
@ -78,13 +83,18 @@ typedef union {
#ifndef NO_MD5
Md5 md5;
#endif
Sha sha;
#ifndef NO_SHA
Sha sha;
#endif
#ifndef NO_SHA256
Sha256 sha256;
#endif
#ifdef CYASSL_SHA384
Sha384 sha384;
#endif
#ifdef CYASSL_SHA512
Sha512 sha512;
#endif
} Hash;
/* Hmac digest */

1
cyassl/ctaocrypt/include.am
View File

@ -8,6 +8,7 @@ nobase_include_HEADERS+= \
cyassl/ctaocrypt/asn_public.h \
cyassl/ctaocrypt/camellia.h \
cyassl/ctaocrypt/coding.h \
cyassl/ctaocrypt/compress.h \
cyassl/ctaocrypt/des3.h \
cyassl/ctaocrypt/dh.h \
cyassl/ctaocrypt/dsa.h \

7
cyassl/ctaocrypt/integer.h
View File

@ -82,9 +82,9 @@ extern "C" {
#ifdef MP_8BIT
typedef unsigned char mp_digit;
typedef unsigned short mp_word;
#elif defined(MP_16BIT)
#elif defined(MP_16BIT) || defined(NO_64BIT)
typedef unsigned short mp_digit;
typedef unsigned long mp_word;
typedef unsigned int mp_word;
#elif defined(MP_64BIT)
/* for GCC only on supported platforms */
#ifndef CRYPT
@ -238,7 +238,6 @@ int mp_count_bits (mp_int * a);
int mp_init_copy (mp_int * a, mp_int * b);
int mp_copy (mp_int * a, mp_int * b);
int mp_grow (mp_int * a, int size);
void bn_reverse (unsigned char *s, int len);
int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d);
void mp_zero (mp_int * a);
void mp_clamp (mp_int * a);
@ -314,7 +313,7 @@ int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
#endif
#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || !defined(NO_PWDBASED)
#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || defined(OPENSSL_EXTRA)
int mp_sub_d (mp_int * a, mp_digit b, mp_int * c);
#endif

40
cyassl/ctaocrypt/settings.h
View File

@ -115,20 +115,39 @@
#endif
#ifdef CYASSL_LEANPSK
#if defined(CYASSL_LEANPSK) && !defined(XMALLOC_USER)
#include <stdlib.h>
#define XMALLOC(s, h, type) malloc((s))
#define XFREE(p, h, type) free((p))
#define XREALLOC(p, n, h, t) realloc((p), (n))
#endif
#if defined(XMALLOC_USER) && defined(SSN_BUILDING_LIBYASSL)
#undef XMALLOC
#define XMALLOC yaXMALLOC
#undef XFREE
#define XFREE yaXFREE
#undef XREALLOC
#define XREALLOC yaXREALLOC
#endif
#ifdef FREERTOS
#define NO_WRITEV
#define NO_SHA512
#define NO_DH
#define NO_DSA
#define NO_HC128
#ifndef NO_WRITEV
#define NO_WRITEV
#endif
#ifndef NO_SHA512
#define NO_SHA512
#endif
#ifndef NO_DH
#define NO_DH
#endif
#ifndef NO_DSA
#define NO_DSA
#endif
#ifndef NO_HC128
#define NO_HC128
#endif
#ifndef SINGLE_THREADED
#include "FreeRTOS.h"
@ -448,10 +467,17 @@
#if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \
!defined(CYASSL_LEANPSK)
!defined(CYASSL_LEANPSK) && !defined(NO_CYASSL_MEMORY)
#define USE_CYASSL_MEMORY
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
#undef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
/* Place any other flags or defines here */

13
cyassl/ctaocrypt/tfm.h
View File

@ -54,6 +54,7 @@
#endif
#ifndef NO_64BIT
/* autodetect x86-64 and make sure we are using 64-bit digits with x86-64 asm */
#if defined(__x86_64__)
#if defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM)
@ -72,6 +73,7 @@
#if defined(__x86_64__) && !defined(FP_64BIT)
#define FP_64BIT
#endif
#endif /* NO_64BIT */
/* try to detect x86-32 */
#if defined(__i386__) && !defined(TFM_SSE2)
@ -214,8 +216,15 @@
typedef signed long long long64;
#endif
#endif
typedef unsigned int fp_digit;
typedef ulong64 fp_word;
#ifndef NO_64BIT
typedef unsigned int fp_digit;
typedef ulong64 fp_word;
#else
/* some procs like coldfire prefer not to place multiply into 64bit type
even though it exists */
typedef unsigned short fp_digit;
typedef unsigned int fp_word;
#endif
#endif
/* # of digits this is */

20
cyassl/ctaocrypt/types.h
View File

@ -74,6 +74,10 @@
#define WORD64_AVAILABLE
#define W64LIT(x) x##LL
typedef unsigned long long word64;
#elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8
#define WORD64_AVAILABLE
#define W64LIT(x) x##LL
typedef unsigned long long word64;
#else
#define MP_16BIT /* for mp_int, mp_word needs to be twice as big as
mp_digit, no 64 bit type so make mp_digit 16 bit */
@ -93,9 +97,9 @@
enum {
WORD_SIZE = sizeof(word),
BIT_SIZE = 8,
WORD_BITS = WORD_SIZE * BIT_SIZE
CYASSL_WORD_SIZE = sizeof(word),
CYASSL_BIT_SIZE = 8,
CYASSL_WORD_BITS = CYASSL_WORD_SIZE * CYASSL_BIT_SIZE
};
#define CYASSL_MAX_16BIT 0xffffU
@ -145,16 +149,22 @@ enum {
/* default to libc stuff */
/* XREALLOC is used once in normal math lib, not in fast math lib */
/* XFREE on some embeded systems doesn't like free(0) so test */
#ifdef XMALLOC_USER
#if defined(XMALLOC_USER)
/* prototypes for user heap override functions */
#include <stddef.h> /* for size_t */
extern void *XMALLOC(size_t n, void* heap, int type);
extern void *XREALLOC(void *p, size_t n, void* heap, int type);
extern void XFREE(void *p, void* heap, int type);
#elif defined(NO_CYASSL_MEMORY)
/* just use plain C stdlib stuff if desired */
#include <stdlib.h>
#define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));}
#define XREALLOC(p, n, h, t) realloc((p), (n))
#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
&& !defined(CYASSL_SAFERTOS) && !defined(FREESCALE_MQX) \
&& !defined(CYASSL_LEANPSK)
/* default C runtime, can install different routines at runtime */
/* default C runtime, can install different routines at runtime via cbs */
#include <cyassl/ctaocrypt/memory.h>
#define XMALLOC(s, h, t) ((void)h, (void)t, CyaSSL_Malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) CyaSSL_Free((xp));}

2
cyassl/error.h
View File

@ -130,7 +130,7 @@ enum CyaSSL_ErrorCodes {
CYASSL_LOCAL
void SetErrorString(int error, char* buffer);
void SetErrorString(int err, char* buff);
#ifdef __cplusplus

253
cyassl/internal.h
View File

@ -33,6 +33,7 @@
#include <cyassl/ctaocrypt/rabbit.h>
#include <cyassl/ctaocrypt/asn.h>
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/sha.h>
#include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/camellia.h>
#include <cyassl/ctaocrypt/logging.h>
@ -111,6 +112,7 @@
#define SHA256_DIGEST_SIZE 32
#endif
#ifdef __cplusplus
extern "C" {
#endif
@ -134,27 +136,35 @@ void c32to24(word32 in, word24 out);
When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
*/
#if !defined(NO_RSA) && !defined(NO_RC4)
#if !defined(NO_SHA)
#define BUILD_SSL_RSA_WITH_RC4_128_SHA
#define BUILD_SSL_RSA_WITH_RC4_128_MD5
#if !defined(NO_TLS) && defined(HAVE_NTRU)
#endif
#if !defined(NO_MD5)
#define BUILD_SSL_RSA_WITH_RC4_128_MD5
#endif
#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
#endif
#endif
#if !defined(NO_RSA) && !defined(NO_DES3)
#if !defined(NO_SHA)
#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
#if !defined(NO_TLS) && defined(HAVE_NTRU)
#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#endif
#endif
#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
#if defined(HAVE_NTRU)
#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
#endif
#endif
#if !defined (NO_SHA256)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
@ -171,15 +181,19 @@ void c32to24(word32 in, word24 out);
#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
#ifndef NO_RSA
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
#endif
#if !defined(NO_DH) && defined(OPENSSL_EXTRA)
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
@ -189,8 +203,10 @@ void c32to24(word32 in, word24 out);
#endif
#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
#if !defined(NO_SHA)
#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
#endif
@ -198,11 +214,17 @@ void c32to24(word32 in, word24 out);
#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
#if !defined(NO_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_NULL_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_RSA_WITH_NULL_SHA256
#endif
#endif
#if !defined(NO_PSK)
#if !defined(NO_SHA)
#define BUILD_TLS_PSK_WITH_NULL_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_NULL_SHA256
#endif
@ -211,17 +233,23 @@ void c32to24(word32 in, word24 out);
#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
#define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
#endif
#endif
#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
#endif
#endif
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA) && defined(OPENSSL_EXTRA)
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
#endif
#if !defined (NO_SHA256)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
@ -234,25 +262,50 @@ void c32to24(word32 in, word24 out);
#if defined(HAVE_ECC) && !defined(NO_TLS)
#if !defined(NO_AES)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#if !defined(NO_SHA)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
#ifndef NO_SHA256
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
#endif
#ifdef CYASSL_SHA384
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
#endif
#if defined (HAVE_AESGCM)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
#endif
#if defined (HAVE_AESCCM)
@ -261,19 +314,26 @@ void c32to24(word32 in, word24 out);
#endif
#endif
#if !defined(NO_RC4)
#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#if !defined(NO_SHA)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
#endif
#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
#endif
#endif
#if !defined(NO_DES3)
#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
#endif
#endif
#endif
@ -287,11 +347,14 @@ void c32to24(word32 in, word24 out);
#endif
#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA)
defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
#undef BUILD_AES
#define BUILD_AES
#endif
#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256)
#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
#define BUILD_AESGCM
#endif
@ -306,12 +369,25 @@ void c32to24(word32 in, word24 out);
#ifdef NO_DES3
#define DES_BLOCK_SIZE 8
#else
#undef BUILD_DES3
#define BUILD_DES3
#endif
#ifdef NO_AES
#define AES_BLOCK_SIZE 16
#else
#undef BUILD_AES
#define BUILD_AES
#endif
#ifndef NO_RC4
#undef BUILD_ARC4
#define BUILD_ARC4
#endif
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
#define HAVE_AEAD
#endif
@ -342,8 +418,12 @@ enum {
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
@ -352,6 +432,10 @@ enum {
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
/* CyaSSL extension - eSTREAM */
TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB,
@ -408,6 +492,17 @@ enum {
};
#if defined(CYASSL_SHA384)
#define MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
#elif !defined(NO_SHA256)
#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
#elif !defined(NO_MD5) && !defined(NO_SHA)
#define MAX_DIGEST_SIZE (SHA_DIGEST_SIZE + MD5_DIGEST_SIZE)
#else
#error "You have configured the build so there isn't any hashing."
#endif
enum Misc {
SERVER_END = 0,
CLIENT_END,
@ -419,6 +514,7 @@ enum Misc {
DTLS_MAJOR = 0xfe, /* DTLS major version number */
DTLS_MINOR = 0xff, /* DTLS minor version number */
DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
SSLv3_MINOR = 0, /* TLSv1 minor version number */
TLSv1_MINOR = 1, /* TLSv1 minor version number */
@ -431,14 +527,11 @@ enum Misc {
SECRET_LEN = 48, /* pre RSA and all master */
ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
SIZEOF_SENDER = 4, /* clnt or srvr */
#ifndef NO_MD5
FINISHED_SZ = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE,
#else
FINISHED_SZ = 36,
#endif
FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
MAX_MSG_EXTRA = 70, /* max added to msg, mac + pad from */
/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + SHA_256
MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
/* max added to msg, mac + pad from */
/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
digest sz + BLOC_SZ (iv) + pad byte (1) */
MAX_COMP_EXTRA = 1024, /* max compression extra */
MAX_MTU = 1500, /* max expected MTU */
@ -610,12 +703,17 @@ enum states {
};
#if defined(__GNUC__)
#define CYASSL_PACK __attribute__ ((packed))
#else
#define CYASSL_PACK
#endif
/* SSL Version */
typedef struct ProtocolVersion {
byte major;
byte minor;
} ProtocolVersion;
} CYASSL_PACK ProtocolVersion;
CYASSL_LOCAL ProtocolVersion MakeSSLv3(void);
@ -625,6 +723,7 @@ CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
#ifdef CYASSL_DTLS
CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void);
CYASSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
#endif
@ -730,7 +829,7 @@ enum {
The length (in bytes) of the following TLSPlaintext.fragment.
The length should not exceed 2^14.
*/
#if defined(LARGE_STATIC_BUFFERS) || defined(CYASSL_DTLS)
#if defined(LARGE_STATIC_BUFFERS)
#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
MTU_EXTRA + MAX_MSG_EXTRA
#else
@ -786,18 +885,18 @@ int SetCipherList(Suites*, const char* list);
CYASSL_LOCAL
void EmbedOcspRespFree(void*, byte*);
#endif
#endif
#ifdef CYASSL_DTLS
CYASSL_LOCAL
int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL
int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL
int EmbedGenerateCookie(byte *buf, int sz, void *ctx);
CYASSL_LOCAL
int IsUDP(void*);
#endif
#ifdef CYASSL_DTLS
CYASSL_LOCAL
int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL
int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL
int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx);
CYASSL_LOCAL
int IsUDP(void*);
#endif /* CYASSL_DTLS */
#endif /* CYASSL_USER_IO */
/* CyaSSL Cipher type just points back to SSL */
@ -839,14 +938,23 @@ CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
typedef struct OCSP_Entry OCSP_Entry;
#ifdef SHA_DIGEST_SIZE
#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
#else
#define OCSP_DIGEST_SIZE 160
#endif
#ifdef NO_ASN
/* no_asn won't have */
typedef struct CertStatus CertStatus;
#endif
struct OCSP_Entry {
OCSP_Entry* next; /* next entry */
byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
byte issuerKeyHash[SHA_DIGEST_SIZE]; /* issuer public key hash */
byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
CertStatus* status; /* OCSP response list */
int totalStatus; /* number on list */
};
@ -864,14 +972,27 @@ struct CYASSL_OCSP {
CallbackIOOcspRespFree CBIOOcspRespFree;
};
#ifndef MAX_DATE_SIZE
#define MAX_DATE_SIZE 32
#endif
typedef struct CRL_Entry CRL_Entry;
#ifdef SHA_DIGEST_SIZE
#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
#else
#define CRL_DIGEST_SIZE 160
#endif
#ifdef NO_ASN
typedef struct RevokedCert RevokedCert;
#endif
/* Complete CRL */
struct CRL_Entry {
CRL_Entry* next; /* next entry */
byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
/* byte crlHash[SHA_DIGEST_SIZE]; raw crl data hash */
byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
/* restore the hash here if needed for optimized comparisons */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */
@ -891,6 +1012,10 @@ struct CRL_Monitor {
};
#ifndef HAVE_CRL
typedef struct CYASSL_CRL CYASSL_CRL;
#endif
/* CyaSSL CRL controller */
struct CYASSL_CRL {
CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
@ -903,6 +1028,11 @@ struct CYASSL_CRL {
};
#ifdef NO_ASN
typedef struct Signer Signer;
#endif
/* CyaSSL Certificate Manager */
struct CYASSL_CERT_MANAGER {
Signer* caList; /* the CA signer list */
@ -960,6 +1090,9 @@ struct CYASSL_CTX {
byte groupMessages; /* group handshake messages before sending */
CallbackIORecv CBIORecv;
CallbackIOSend CBIOSend;
#ifdef CYASSL_DTLS
CallbackGenCookie CBIOCookie; /* gen cookie callback */
#endif
VerifyCallback verifyCallback; /* cert verification callback */
word32 timeout; /* session timeout */
#ifdef HAVE_ECC
@ -1110,8 +1243,8 @@ enum CipherType { stream, block, aead };
/* keys and secrets */
typedef struct Keys {
byte client_write_MAC_secret[SHA256_DIGEST_SIZE]; /* max sizes */
byte server_write_MAC_secret[SHA256_DIGEST_SIZE];
byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
byte server_write_MAC_secret[MAX_DIGEST_SIZE];
byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
byte server_write_key[AES_256_KEY_SIZE];
byte client_write_IV[AES_IV_SIZE]; /* max sizes */
@ -1173,7 +1306,7 @@ CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
/* hashes type */
typedef struct Hashes {
#ifndef NO_MD5
#ifndef NO_OLD_TLS
byte md5[MD5_DIGEST_SIZE];
#endif
byte sha[SHA_DIGEST_SIZE];
@ -1284,7 +1417,6 @@ typedef struct Buffers {
#endif
} Buffers;
typedef struct Options {
byte sessionCacheOff;
byte sessionCacheFlushOff;
@ -1335,7 +1467,6 @@ typedef struct Options {
#endif /* NO_PSK */
} Options;
typedef struct Arrays {
byte clientRandom[RAN_LEN];
byte serverRandom[RAN_LEN];
@ -1355,12 +1486,22 @@ typedef struct Arrays {
word32 preMasterSz; /* differs for DH, actual size */
} Arrays;
#ifndef ASN_NAME_MAX
#define ASN_NAME_MAX 256
#endif
struct CYASSL_X509_NAME {
char name[ASN_NAME_MAX];
int sz;
};
#ifndef EXTERNAL_SERIAL_SIZE
#define EXTERNAL_SERIAL_SIZE 32
#endif
#ifdef NO_ASN
typedef struct DNS_entry DNS_entry;
#endif
struct CYASSL_X509 {
CYASSL_X509_NAME issuer;
@ -1430,10 +1571,14 @@ struct CYASSL {
void* IOCB_ReadCtx;
void* IOCB_WriteCtx;
RNG* rng;
#ifndef NO_OLD_TLS
#ifndef NO_SHA
Sha hashSha; /* sha hash of handshake msgs */
#endif
#ifndef NO_MD5
Md5 hashMd5; /* md5 hash of handshake msgs */
#endif
#endif
#ifndef NO_SHA256
Sha256 hashSha256; /* sha256 hash of handshake msgs */
#endif
@ -1482,6 +1627,7 @@ struct CYASSL {
int dtls_timeout;
DtlsPool* dtls_pool;
DtlsMsg* dtls_msg_list;
void* IOCB_CookieCtx; /* gen cookie ctx */
#endif
#ifdef CYASSL_CALLBACKS
HandShakeInfo handShakeInfo; /* info saved during handshake */
@ -1489,7 +1635,7 @@ struct CYASSL {
byte hsInfoOn; /* track handshake info */
byte toInfoOn; /* track timeout info */
#endif
#ifdef OPENSSL_EXTRA
#ifdef KEEP_PEER_CERT
CYASSL_X509 peerCert; /* X509 peer cert */
#endif
#ifdef FORTRESS
@ -1498,6 +1644,7 @@ struct CYASSL {
#ifdef HAVE_CAVIUM
int devId; /* cavium device id to use */
#endif
CYASSL_ALERT_HISTORY alert_history;
};
@ -1722,8 +1869,6 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
#endif /* NO_TLS */
typedef double timer_d;
CYASSL_LOCAL timer_d Timer(void);

2
cyassl/ocsp.h
View File

@ -25,6 +25,7 @@
#ifndef CYASSL_OCSP_H
#define CYASSL_OCSP_H
#ifdef HAVE_OCSP
#include <cyassl/ssl.h>
#include <cyassl/ctaocrypt/asn.h>
@ -47,6 +48,7 @@ CYASSL_LOCAL int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP*, DecodedCert*);
#endif
#endif /* HAVE_OCSP */
#endif /* CYASSL_OCSP_H */

2
cyassl/openssl/sha.h
View File

@ -54,7 +54,7 @@ CYASSL_API void CyaSSL_SHA256_Update(CYASSL_SHA256_CTX*, const void*,
CYASSL_API void CyaSSL_SHA256_Final(unsigned char*, CYASSL_SHA256_CTX*);
enum {
SHA256_DIGEST_LENGTH = 20
SHA256_DIGEST_LENGTH = 32
};

2
cyassl/openssl/ssl.h
View File

@ -92,6 +92,8 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
#ifdef CYASSL_DTLS
#define DTLSv1_client_method CyaDTLSv1_client_method
#define DTLSv1_server_method CyaDTLSv1_server_method
#define DTLSv1_2_client_method CyaDTLSv1_2_client_method
#define DTLSv1_2_server_method CyaDTLSv1_2_server_method
#endif

20
cyassl/ssl.h
View File

@ -59,7 +59,6 @@
extern "C" {
#endif
typedef struct CYASSL CYASSL;
typedef struct CYASSL_SESSION CYASSL_SESSION;
typedef struct CYASSL_METHOD CYASSL_METHOD;
@ -112,6 +111,15 @@ typedef struct CYASSL_X509_STORE {
int cache; /* stunnel dereference */
} CYASSL_X509_STORE;
typedef struct CYASSL_ALERT {
int code;
int level;
} CYASSL_ALERT;
typedef struct CYASSL_ALERT_HISTORY {
CYASSL_ALERT last_rx;
CYASSL_ALERT last_tx;
} CYASSL_ALERT_HISTORY;
typedef struct CYASSL_X509_REVOKED {
CYASSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */
@ -149,6 +157,8 @@ CYASSL_API CYASSL_METHOD *CyaTLSv1_2_client_method(void);
#ifdef CYASSL_DTLS
CYASSL_API CYASSL_METHOD *CyaDTLSv1_client_method(void);
CYASSL_API CYASSL_METHOD *CyaDTLSv1_server_method(void);
CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_client_method(void);
CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_server_method(void);
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
@ -202,6 +212,7 @@ CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int);
CYASSL_API void CyaSSL_set_quiet_shutdown(CYASSL*, int);
CYASSL_API int CyaSSL_get_error(CYASSL*, int);
CYASSL_API int CyaSSL_get_alert_history(CYASSL*, CYASSL_ALERT_HISTORY *);
CYASSL_API int CyaSSL_set_session(CYASSL* ssl,CYASSL_SESSION* session);
CYASSL_API CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl);
@ -256,6 +267,7 @@ CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session);
CYASSL_API int CyaSSL_is_init_finished(CYASSL*);
CYASSL_API const char* CyaSSL_get_version(CYASSL*);
CYASSL_API int CyaSSL_get_current_cipher_suite(CYASSL* ssl);
CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*);
CYASSL_API char* CyaSSL_CIPHER_description(CYASSL_CIPHER*, char*, int);
CYASSL_API const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher);
@ -423,7 +435,6 @@ CYASSL_API long CyaSSL_CTX_sess_timeouts(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_number(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX*);
#define CYASSL_DEFAULT_CIPHER_LIST "" /* default all */
#define CYASSL_RSA_F4 0x10001L
@ -798,6 +809,11 @@ CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx);
CYASSL_API void CyaSSL_SetIOReadFlags( CYASSL* ssl, int flags);
CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags);
typedef int (*CallbackGenCookie)(CYASSL* ssl, unsigned char* buf, int sz,
void* ctx);
CYASSL_API void CyaSSL_CTX_SetGenCookie(CYASSL_CTX*, CallbackGenCookie);
CYASSL_API void CyaSSL_SetCookieCtx(CYASSL* ssl, void *ctx);
typedef int (*CallbackIOOcsp)(void*, const char*, int,
unsigned char*, int, unsigned char**);
typedef void (*CallbackIOOcspRespFree)(void*,unsigned char*);

136
cyassl/test.h
View File

@ -20,6 +20,8 @@
#define SOCKET_T unsigned int
#else
#include <string.h>
#include <sys/types.h>
#ifndef CYASSL_LEANPSK
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
@ -27,13 +29,13 @@
#include <arpa/inet.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <pthread.h>
#include <fcntl.h>
#ifdef TEST_IPV6
#include <netdb.h>
#endif
#endif
#define SOCKET_T int
#ifndef SO_NOSIGPIPE
#include <signal.h> /* ignore SIGPIPE */
@ -106,7 +108,11 @@
#define SERVER_DEFAULT_VERSION 3
#define SERVER_DTLS_DEFAULT_VERSION (-2)
#define SERVER_INVALID_VERSION (-99)
#define CLIENT_DEFAULT_VERSION 3
#define CLIENT_DTLS_DEFAULT_VERSION (-2)
#define CLIENT_INVALID_VERSION (-99)
/* all certs relative to CyaSSL home directory now */
#define caCert "./certs/ca-cert.pem"
@ -247,11 +253,12 @@ static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
static INLINE void showPeer(CYASSL* ssl)
{
#ifdef OPENSSL_EXTRA
CYASSL_CIPHER* cipher;
#ifdef KEEP_PEER_CERT
CYASSL_X509* peer = CyaSSL_get_peer_certificate(ssl);
if (peer) {
#ifdef OPENSSL_EXTRA
char* altName;
char* issuer = CyaSSL_X509_NAME_oneline(
CyaSSL_X509_get_issuer_name(peer), 0, 0);
@ -283,14 +290,17 @@ static INLINE void showPeer(CYASSL* ssl)
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
#else
printf("peer has a cert!\n");
#endif
}
else
printf("peer has no cert!\n");
#endif
printf("SSL version is %s\n", CyaSSL_get_version(ssl));
cipher = CyaSSL_get_current_cipher(ssl);
printf("SSL cipher suite is %s\n", CyaSSL_CIPHER_get_name(cipher));
#endif
#if defined(SESSION_CERTS) && defined(SHOW_CERTS)
{
@ -931,5 +941,125 @@ static INLINE int CurrentDir(const char* str)
#endif /* USE_WINDOWS_API */
#ifdef USE_CYASSL_MEMORY
typedef struct memoryStats {
size_t totalAllocs; /* number of allocations */
size_t totalBytes; /* total number of bytes allocated */
size_t peakBytes; /* concurrent max bytes */
size_t currentBytes; /* total current bytes in use */
} memoryStats;
typedef struct memHint {
size_t thisSize; /* size of this memory */
void* thisMemory; /* actual memory for user */
} memHint;
typedef struct memoryTrack {
union {
memHint hint;
byte alignit[16]; /* make sure we have strong alignment */
} u;
} memoryTrack;
#if defined(CYASSL_TRACK_MEMORY)
#define DO_MEM_STATS
static memoryStats ourMemStats;
#endif
static INLINE void* TrackMalloc(size_t sz)
{
memoryTrack* mt;
if (sz == 0)
return NULL;
mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz);
if (mt == NULL)
return NULL;
mt->u.hint.thisSize = sz;
mt->u.hint.thisMemory = (byte*)mt + sizeof(memoryTrack);
#ifdef DO_MEM_STATS
ourMemStats.totalAllocs++;
ourMemStats.totalBytes += sz;
ourMemStats.currentBytes += sz;
if (ourMemStats.currentBytes > ourMemStats.peakBytes)
ourMemStats.peakBytes = ourMemStats.currentBytes;
#endif
return mt->u.hint.thisMemory;
}
static INLINE void TrackFree(void* ptr)
{
memoryTrack* mt;
if (ptr == NULL)
return;
mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack));
#ifdef DO_MEM_STATS
ourMemStats.currentBytes -= mt->u.hint.thisSize;
#endif
free(mt);
}
static INLINE void* TrackRealloc(void* ptr, size_t sz)
{
void* ret = TrackMalloc(sz);
if (ptr) {
/* if realloc is bigger, don't overread old ptr */
memoryTrack* mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack));
if (mt->u.hint.thisSize < sz)
sz = mt->u.hint.thisSize;
}
if (ret && ptr)
memcpy(ret, ptr, sz);
if (ret)
TrackFree(ptr);
return ret;
}
static INLINE void InitMemoryTracker(void)
{
if (CyaSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc) != 0)
err_sys("CyaSSL SetAllocators failed for track memory");
#ifdef DO_MEM_STATS
ourMemStats.totalAllocs = 0;
ourMemStats.totalBytes = 0;
ourMemStats.peakBytes = 0;
ourMemStats.currentBytes = 0;
#endif
}
static INLINE void ShowMemoryTracker(void)
{
#ifdef DO_MEM_STATS
printf("total Allocs = %9lu\n",
(unsigned long)ourMemStats.totalAllocs);
printf("total Bytes = %9lu\n",
(unsigned long)ourMemStats.totalBytes);
printf("peak Bytes = %9lu\n",
(unsigned long)ourMemStats.peakBytes);
printf("current Bytes = %9lu\n",
(unsigned long)ourMemStats.currentBytes);
#endif
}
#endif /* USE_CYASSL_MEMORY */
#endif /* CyaSSL_TEST_H */

4
cyassl/version.h
View File

@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBCYASSL_VERSION_STRING "2.5.1"
#define LIBCYASSL_VERSION_HEX 0x02005001
#define LIBCYASSL_VERSION_STRING "2.5.4"
#define LIBCYASSL_VERSION_HEX 0x02005004
#ifdef __cplusplus
}

91
examples/client/client.c
View File

@ -23,6 +23,11 @@
#include <config.h>
#endif
#if !defined(CYASSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER)
/* in case memory tracker wants stats */
#define CYASSL_TRACK_MEMORY
#endif
#include <cyassl/ssl.h>
#include <cyassl/test.h>
@ -35,6 +40,7 @@
Timeval timeout;
#endif
static void NonBlockingSSL_Connect(CYASSL* ssl)
{
#ifndef CYASSL_CALLBACKS
@ -97,9 +103,11 @@ static void Usage(void)
printf("-A <file> Certificate Authority file, default %s\n", caCert);
printf("-b <num> Benchmark <num> connections and print stats\n");
printf("-s Use pre Shared keys\n");
printf("-t Track CyaSSL memory use\n");
printf("-d Disable peer checks\n");
printf("-g Send server HTTP GET\n");
printf("-u Use UDP DTLS\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
printf("-m Match domain name in cert\n");
printf("-N Use Non-blocking sockets\n");
printf("-r Resume session\n");
@ -129,7 +137,7 @@ void client_test(void* args)
char* domain = (char*)"www.yassl.com";
int ch;
int version = CLIENT_DEFAULT_VERSION;
int version = CLIENT_INVALID_VERSION;
int usePsk = 0;
int sendGET = 0;
int benchmark = 0;
@ -138,6 +146,7 @@ void client_test(void* args)
int doPeerCheck = 1;
int nonBlocking = 0;
int resumeSession = 0;
int trackMemory = 0;
char* cipherList = NULL;
char* verifyCert = (char*)caCert;
char* ourCert = (char*)cliCert;
@ -148,7 +157,17 @@ void client_test(void* args)
((func_args*)args)->return_code = -1; /* error state */
while ((ch = mygetopt(argc, argv, "?gdusmNrh:p:v:l:A:c:k:b:")) != -1) {
#ifdef NO_RSA
verifyCert = (char*)eccCert;
ourCert = (char*)cliEccCert;
ourKey = (char*)cliEccKey;
#endif
(void)resumeSz;
(void)session;
(void)sslResume;
(void)trackMemory;
while ((ch = mygetopt(argc, argv, "?gdusmNrth:p:v:l:A:c:k:b:")) != -1) {
switch (ch) {
case '?' :
Usage();
@ -164,13 +183,18 @@ void client_test(void* args)
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 's' :
usePsk = 1;
break;
case 't' :
#ifdef USE_CYASSL_MEMORY
trackMemory = 1;
#endif
break;
case 'm' :
matchName = 1;
break;
@ -190,8 +214,6 @@ void client_test(void* args)
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* DTLS flag */
break;
case 'l' :
@ -234,6 +256,27 @@ void client_test(void* args)
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
case 0:
@ -257,6 +300,10 @@ void client_test(void* args)
case -1:
method = CyaDTLSv1_client_method();
break;
case -2:
method = CyaDTLSv1_2_client_method();
break;
#endif
default:
@ -278,15 +325,19 @@ void client_test(void* args)
usePsk = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC)
usePsk = 1;
#endif
if (usePsk) {
#ifndef NO_PSK
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA";
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES256-CBC-SHA";
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS)
err_sys("client can't set cipher list 2");
@ -301,7 +352,7 @@ void client_test(void* args)
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
if (cipherList == NULL) {
/* don't use EDH, can't sniff tmp keys */
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) {
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
err_sys("client can't set cipher list 3");
}
}
@ -314,7 +365,7 @@ void client_test(void* args)
#ifdef VERIFY_CALLBACK
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
#endif
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (!usePsk){
if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
@ -323,15 +374,17 @@ void client_test(void* args)
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
err_sys("can't load client private key file, check file and run "
"from CyaSSL home dir");
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#endif
#if !defined(NO_CERTS)
if (!usePsk && doPeerCheck == 0)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
#ifdef HAVE_CAVIUM
CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
@ -443,6 +496,7 @@ void client_test(void* args)
err_sys("CyaSSL_read failed");
}
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
strncpy(msg, "break", 6);
@ -453,12 +507,14 @@ void client_test(void* args)
session = CyaSSL_get_session(ssl);
sslResume = CyaSSL_new(ctx);
}
#endif
if (doDTLS == 0) /* don't send alert after "break" command */
CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */
CyaSSL_free(ssl);
CloseSocket(sockfd);
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
SOCKADDR_IN_T addr;
@ -492,13 +548,11 @@ void client_test(void* args)
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
#ifdef OPENSSL_EXTRA
if (CyaSSL_session_reused(sslResume))
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
#endif
if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
err_sys("SSL_write failed");
@ -524,10 +578,16 @@ void client_test(void* args)
CyaSSL_free(sslResume);
CloseSocket(sockfd);
}
#endif /* NO_SESSION_CACHE */
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
#endif /* USE_CYASSL_MEMORY */
}
@ -589,4 +649,3 @@ void client_test(void* args)
#endif

26
examples/echoclient/echoclient.c
View File

@ -46,7 +46,7 @@ void echoclient_test(void* args)
SSL* ssl = 0;
int doDTLS = 0;
int doLeanPSK = 0;
int doPSK = 0;
int sendSz;
int argc = 0;
char** argv = 0;
@ -72,7 +72,11 @@ void echoclient_test(void* args)
#endif
#ifdef CYASSL_LEANPSK
doLeanPSK = 1;
doPSK = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC)
doPSK = 1;
#endif
#if defined(CYASSL_DTLS)
@ -85,14 +89,16 @@ void echoclient_test(void* args)
ctx = SSL_CTX_new(method);
#ifndef NO_FILESYSTEM
#ifndef NO_RSA
if (SSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#endif
#ifdef HAVE_ECC
if (SSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#endif
#elif !defined(NO_CERTS)
if (!doLeanPSK)
if (!doPSK)
load_buffer(ctx, caCert, CYASSL_CA);
#endif
@ -100,10 +106,18 @@ void echoclient_test(void* args)
/* don't use EDH, can't sniff tmp keys */
SSL_CTX_set_cipher_list(ctx, "AES256-SHA");
#endif
if (doLeanPSK) {
#ifdef CYASSL_LEANPSK
if (doPSK) {
#ifndef NO_PSK
const char *defaultCipherList;
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
SSL_CTX_set_cipher_list(ctx, "PSK-NULL-SHA");
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS)
err_sys("client can't set cipher list 2");
#endif
}

29
examples/echoserver/echoserver.c
View File

@ -60,7 +60,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CYASSL_CTX* ctx = 0;
int doDTLS = 0;
int doLeanPSK = 0;
int doPSK = 0;
int outCreated = 0;
int shutDown = 0;
int useAnyAddr = 0;
@ -86,7 +86,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#endif
#ifdef CYASSL_LEANPSK
doLeanPSK = 1;
doPSK = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC)
doPSK = 1;
#endif
tcp_listen(&sockfd, yasslPort, useAnyAddr, doDTLS);
@ -106,6 +110,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#endif
#ifndef NO_FILESYSTEM
if (doPSK == 0) {
#ifdef HAVE_NTRU
/* ntru */
if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
@ -128,6 +133,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from CyaSSL home dir");
#elif defined(NO_CERTS)
/* do nothing, just don't load cert files */
#else
/* normal */
if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
@ -140,8 +147,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
err_sys("can't load server key file, "
"Please run from CyaSSL home dir");
#endif
} /* doPSK */
#elif !defined(NO_CERTS)
if (!doLeanPSK) {
if (!doPSK) {
load_buffer(ctx, svrCert, CYASSL_CERT);
load_buffer(ctx, svrKey, CYASSL_KEY);
}
@ -152,10 +160,19 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
#endif
if (doLeanPSK) {
#ifdef CYASSL_LEANPSK
if (doPSK) {
#ifndef NO_PSK
const char *defaultCipherList;
CyaSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
CyaSSL_CTX_set_cipher_list(ctx, "PSK-NULL-SHA");
CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 2");
#endif
}

75
examples/server/server.c
View File

@ -23,6 +23,11 @@
#include <config.h>
#endif
#if !defined(CYASSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER)
/* in case memory tracker wants stats */
#define CYASSL_TRACK_MEMORY
#endif
#include <cyassl/openssl/ssl.h>
#include <cyassl/test.h>
@ -98,7 +103,9 @@ static void Usage(void)
printf("-d Disable client cert check\n");
printf("-b Bind to any interface instead of localhost only\n");
printf("-s Use pre Shared keys\n");
printf("-u Use UDP DTLS\n");
printf("-t Track CyaSSL memory use\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
printf("-N Use Non-blocking sockets\n");
}
@ -124,6 +131,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int doDTLS = 0;
int useNtruKey = 0;
int nonBlocking = 0;
int trackMemory = 0;
char* cipherList = NULL;
char* verifyCert = (char*)cliCert;
char* ourCert = (char*)svrCert;
@ -133,7 +141,14 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
((func_args*)args)->return_code = -1; /* error state */
while ((ch = mygetopt(argc, argv, "?dbsnNup:v:l:A:c:k:")) != -1) {
#ifdef NO_RSA
verifyCert = (char*)cliEccCert;
ourCert = (char*)eccCert;
ourKey = (char*)eccKey;
#endif
(void)trackMemory;
while ((ch = mygetopt(argc, argv, "?dbstnNup:v:l:A:c:k:")) != -1) {
switch (ch) {
case '?' :
Usage();
@ -151,13 +166,18 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
usePsk = 1;
break;
case 't' :
#ifdef USE_CYASSL_MEMORY
trackMemory = 1;
#endif
break;
case 'n' :
useNtruKey = 1;
break;
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 'p' :
@ -170,8 +190,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* stay with DTLS */
break;
case 'l' :
@ -202,6 +220,27 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
case 0:
@ -225,6 +264,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
case -1:
method = DTLSv1_server_method();
break;
case -2:
method = DTLSv1_2_server_method();
break;
#endif
default:
@ -246,7 +289,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
usePsk = 1;
#endif
#ifndef NO_FILESYSTEM
#if defined(NO_RSA) && !defined(HAVE_ECC)
usePsk = 1;
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (!usePsk) {
if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
@ -264,7 +311,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
#endif
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (!useNtruKey && !usePsk) {
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
@ -280,9 +327,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA";
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES256-CBC-SHA";
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 2");
@ -290,7 +337,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
}
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
/* if not using PSK, verify peer with certs */
if (doCliCertCheck && usePsk == 0) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
@ -307,7 +354,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
if (cipherList == NULL) {
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS)
err_sys("server can't set cipher list 3");
}
#endif
@ -372,6 +419,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
CloseSocket(clientfd);
((func_args*)args)->return_code = 0;
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
#endif /* USE_CYASSL_MEMORY */
return 0;
}

751
mcapi/crypto.c Normal file
View File

@ -0,0 +1,751 @@
/* crypto.c
*
* Copyright (C) 2006-2013 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* Implements Microchip CRYPTO API layer */
#include "crypto.h"
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/sha.h>
#include <cyassl/ctaocrypt/sha256.h>
#include <cyassl/ctaocrypt/sha512.h>
#include <cyassl/ctaocrypt/hmac.h>
#include <cyassl/ctaocrypt/compress.h>
#include <cyassl/ctaocrypt/random.h>
#include <cyassl/ctaocrypt/des3.h>
#include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/rsa.h>
#include <cyassl/ctaocrypt/ecc.h>
#include <cyassl/ctaocrypt/error.h>
/* Initialize MD5 */
int CRYPT_MD5_Initialize(CRYPT_MD5_CTX* md5)
{
typedef char md5_test[sizeof(CRYPT_MD5_CTX) >= sizeof(Md5) ? 1 : -1];
(void)sizeof(md5_test);
if (md5 == NULL)
return BAD_FUNC_ARG;
InitMd5((Md5*)md5);
return 0;
}
/* Add data to MD5 */
int CRYPT_MD5_DataAdd(CRYPT_MD5_CTX* md5, const unsigned char* input,
unsigned int sz)
{
if (md5 == NULL || input == NULL)
return BAD_FUNC_ARG;
Md5Update((Md5*)md5, input, sz);
return 0;
}
/* Get MD5 Final into digest */
int CRYPT_MD5_Finalize(CRYPT_MD5_CTX* md5, unsigned char* digest)
{
if (md5 == NULL || digest == NULL)
return BAD_FUNC_ARG;
Md5Final((Md5*)md5, digest);
return 0;
}
/* Initialize SHA */
int CRYPT_SHA_Initialize(CRYPT_SHA_CTX* sha)
{
typedef char sha_test[sizeof(CRYPT_SHA_CTX) >= sizeof(Sha) ? 1 : -1];
(void)sizeof(sha_test);
if (sha == NULL)
return BAD_FUNC_ARG;
InitSha((Sha*)sha);
return 0;
}
/* Add data to SHA */
int CRYPT_SHA_DataAdd(CRYPT_SHA_CTX* sha, const unsigned char* input,
unsigned int sz)
{
if (sha == NULL || input == NULL)
return BAD_FUNC_ARG;
ShaUpdate((Sha*)sha, input, sz);
return 0;
}
/* Get SHA Final into digest */
int CRYPT_SHA_Finalize(CRYPT_SHA_CTX* sha, unsigned char* digest)
{
if (sha == NULL || digest == NULL)
return BAD_FUNC_ARG;
ShaFinal((Sha*)sha, digest);
return 0;
}
/* Initialize SHA-256 */
int CRYPT_SHA256_Initialize(CRYPT_SHA256_CTX* sha256)
{
typedef char sha_test[sizeof(CRYPT_SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
(void)sizeof(sha_test);
if (sha256 == NULL)
return BAD_FUNC_ARG;
InitSha256((Sha256*)sha256);
return 0;
}
/* Add data to SHA-256 */
int CRYPT_SHA256_DataAdd(CRYPT_SHA256_CTX* sha256, const unsigned char* input,
unsigned int sz)
{
if (sha256 == NULL || input == NULL)
return BAD_FUNC_ARG;
Sha256Update((Sha256*)sha256, input, sz);
return 0;
}
/* Get SHA-256 Final into digest */
int CRYPT_SHA256_Finalize(CRYPT_SHA256_CTX* sha256, unsigned char* digest)
{
if (sha256 == NULL || digest == NULL)
return BAD_FUNC_ARG;
Sha256Final((Sha256*)sha256, digest);
return 0;
}
/* Initialize SHA-384 */
int CRYPT_SHA384_Initialize(CRYPT_SHA384_CTX* sha384)
{
typedef char sha_test[sizeof(CRYPT_SHA384_CTX) >= sizeof(Sha384) ? 1 : -1];
(void)sizeof(sha_test);
if (sha384 == NULL)
return BAD_FUNC_ARG;
InitSha384((Sha384*)sha384);
return 0;
}
/* Add data to SHA-384 */
int CRYPT_SHA384_DataAdd(CRYPT_SHA384_CTX* sha384, const unsigned char* input,
unsigned int sz)
{
if (sha384 == NULL || input == NULL)
return BAD_FUNC_ARG;
Sha384Update((Sha384*)sha384, input, sz);
return 0;
}
/* Get SHA-384 Final into digest */
int CRYPT_SHA384_Finalize(CRYPT_SHA384_CTX* sha384, unsigned char* digest)
{
if (sha384 == NULL || digest == NULL)
return BAD_FUNC_ARG;
Sha384Final((Sha384*)sha384, digest);
return 0;
}
/* Initialize SHA-512 */
int CRYPT_SHA512_Initialize(CRYPT_SHA512_CTX* sha512)
{
typedef char sha_test[sizeof(CRYPT_SHA512_CTX) >= sizeof(Sha512) ? 1 : -1];
(void)sizeof(sha_test);
if (sha512 == NULL)
return BAD_FUNC_ARG;
InitSha512((Sha512*)sha512);
return 0;
}
/* Add data to SHA-512 */
int CRYPT_SHA512_DataAdd(CRYPT_SHA512_CTX* sha512, const unsigned char* input,
unsigned int sz)
{
if (sha512 == NULL || input == NULL)
return BAD_FUNC_ARG;
Sha512Update((Sha512*)sha512, input, sz);
return 0;
}
/* Get SHA-512 Final into digest */
int CRYPT_SHA512_Finalize(CRYPT_SHA512_CTX* sha512, unsigned char* digest)
{
if (sha512 == NULL || digest == NULL)
return BAD_FUNC_ARG;
Sha512Final((Sha512*)sha512, digest);
return 0;
}
/* Set HMAC key with type */
int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX* hmac, int type, const unsigned char* key,
unsigned int sz)
{
typedef char hmac_test[sizeof(CRYPT_HMAC_CTX) >= sizeof(Hmac) ? 1 : -1];
(void)sizeof(hmac_test);
if (hmac == NULL || key == NULL)
return BAD_FUNC_ARG;
if (type != CRYPT_HMAC_SHA && type != CRYPT_HMAC_SHA256 &&
type != CRYPT_HMAC_SHA384 && type != CRYPT_HMAC_SHA512) {
return BAD_FUNC_ARG; /* bad hmac type */
}
HmacSetKey((Hmac*)hmac, type, key, sz);
return 0;
}
int CRYPT_HMAC_DataAdd(CRYPT_HMAC_CTX* hmac, const unsigned char* input,
unsigned int sz)
{
if (hmac == NULL || input == NULL)
return BAD_FUNC_ARG;
HmacUpdate((Hmac*)hmac, input, sz);
return 0;
}
/* Get HMAC Final into digest */
int CRYPT_HMAC_Finalize(CRYPT_HMAC_CTX* hmac, unsigned char* digest)
{
if (hmac == NULL || digest == NULL)
return BAD_FUNC_ARG;
HmacFinal((Hmac*)hmac, digest);
return 0;
}
/* Huffman Compression, set flag to do static, otherwise dynamic */
/* return compressed size, otherwise < 0 for error */
int CRYPT_HUFFMAN_Compress(unsigned char* out, unsigned int outSz,
const unsigned char* in, unsigned int inSz,
unsigned int flags)
{
if (out == NULL || in == NULL)
return BAD_FUNC_ARG;
return Compress(out, outSz, in, inSz, flags);
}
/* Huffman DeCompression, self determines type */
/* return decompressed size, otherwise < 0 for error */
int CRYPT_HUFFMAN_DeCompress(unsigned char* out, unsigned int outSz,
const unsigned char* in, unsigned int inSz)
{
if (out == NULL || in == NULL)
return BAD_FUNC_ARG;
return DeCompress(out, outSz, in, inSz);
}
/* RNG Initialize, < 0 on error */
int CRYPT_RNG_Initialize(CRYPT_RNG_CTX* rng)
{
typedef char rng_test[sizeof(CRYPT_RNG_CTX) >= sizeof(RNG) ? 1 : -1];
(void)sizeof(rng_test);
if (rng == NULL)
return BAD_FUNC_ARG;
return InitRng((RNG*)rng);
}
/* RNG Get single bytes, < 0 on error */
int CRYPT_RNG_Get(CRYPT_RNG_CTX* rng, unsigned char* b)
{
if (rng == NULL || b == NULL)
return BAD_FUNC_ARG;
*b = RNG_GenerateByte((RNG*)rng);
return 0;
}
/* RNG Block Generation of sz bytes, < 0 on error */
int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX* rng, unsigned char* b,
unsigned int sz)
{
if (rng == NULL || b == NULL)
return BAD_FUNC_ARG;
RNG_GenerateBlock((RNG*)rng, b, sz);
return 0;
}
/* Triple DES Key Set, may have iv, will have direction */
int CRYPT_TDES_KeySet(CRYPT_TDES_CTX* tdes, const unsigned char* key,
const unsigned char* iv, int dir)
{
typedef char tdes_test[sizeof(CRYPT_TDES_CTX) >= sizeof(Des3) ? 1 : -1];
(void)sizeof(tdes_test);
if (tdes == NULL || key == NULL)
return BAD_FUNC_ARG;
Des3_SetKey((Des3*)tdes, key, iv, dir);
return 0;
}
/* Triple DES Iv Set, sometimes added later */
int CRYPT_TDES_IvSet(CRYPT_TDES_CTX* tdes, const unsigned char* iv)
{
if (tdes == NULL || iv == NULL)
return BAD_FUNC_ARG;
Des3_SetIV((Des3*)tdes, iv);
return 0;
}
/* Triple DES CBC Encrypt */
int CRYPT_TDES_CBC_Encrypt(CRYPT_TDES_CTX* tdes, unsigned char* out,
const unsigned char* in, unsigned int inSz)
{
if (tdes == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
Des3_CbcEncrypt((Des3*)tdes, out, in, inSz);
return 0;
}
/* Triple DES CBC Decrypt */
int CRYPT_TDES_CBC_Decrypt(CRYPT_TDES_CTX* tdes, unsigned char* out,
const unsigned char* in, unsigned int inSz)
{
if (tdes == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
Des3_CbcDecrypt((Des3*)tdes, out, in, inSz);
return 0;
}
/* AES Key Set, may have iv, will have direction */
int CRYPT_AES_KeySet(CRYPT_AES_CTX* aes, const unsigned char* key,
unsigned int keyLen, const unsigned char* iv, int dir)
{
typedef char aes_test[sizeof(CRYPT_AES_CTX) >= sizeof(Aes) ? 1 : -1];
(void)sizeof(aes_test);
if (aes == NULL || key == NULL)
return BAD_FUNC_ARG;
return AesSetKey((Aes*)aes, key, keyLen, iv, dir);
}
/* AES Iv Set, sometimes added later */
int CRYPT_AES_IvSet(CRYPT_AES_CTX* aes, const unsigned char* iv)
{
if (aes == NULL || iv == NULL)
return BAD_FUNC_ARG;
AesSetIV((Aes*)aes, iv);
return 0;
}
/* AES CBC Encrypt */
int CRYPT_AES_CBC_Encrypt(CRYPT_AES_CTX* aes, unsigned char* out,
const unsigned char* in, unsigned int inSz)
{
if (aes == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
AesCbcEncrypt((Aes*)aes, out, in, inSz);
return 0;
}
/* AES CBC Decrypt */
int CRYPT_AES_CBC_Decrypt(CRYPT_AES_CTX* aes, unsigned char* out,
const unsigned char* in, unsigned int inSz)
{
if (aes == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
AesCbcDecrypt((Aes*)aes, out, in, inSz);
return 0;
}
/* AES CTR Encrypt (used for decrypt too, with ENCRYPT key setup) */
int CRYPT_AES_CTR_Encrypt(CRYPT_AES_CTX* aes, unsigned char* out,
const unsigned char* in, unsigned int inSz)
{
if (aes == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
AesCtrEncrypt((Aes*)aes, out, in, inSz);
return 0;
}
/* AES Direct mode encrypt, one block at a time */
int CRYPT_AES_DIRECT_Encrypt(CRYPT_AES_CTX* aes, unsigned char* out,
const unsigned char* in)
{
if (aes == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
AesEncryptDirect((Aes*)aes, out, in);
return 0;
}
/* AES Direct mode decrypt, one block at a time */
int CRYPT_AES_DIRECT_Decrypt(CRYPT_AES_CTX* aes, unsigned char* out,
const unsigned char* in)
{
if (aes == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
AesDecryptDirect((Aes*)aes, out, in);
return 0;
}
/* RSA Initialize */
int CRYPT_RSA_Initialize(CRYPT_RSA_CTX* rsa)
{
if (rsa == NULL)
return BAD_FUNC_ARG;
rsa->holder = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
if (rsa->holder == NULL)
return -1;
InitRsaKey((RsaKey*)rsa->holder, NULL);
return 0;
}
/* RSA Free resources */
int CRYPT_RSA_Free(CRYPT_RSA_CTX* rsa)
{
if (rsa == NULL)
return BAD_FUNC_ARG;
FreeRsaKey((RsaKey*)rsa->holder);
XFREE(rsa->holder, NULL, DYNAMIC_TYPE_RSA);
rsa->holder = NULL;
return 0;
}
/* RSA Public key decode ASN.1 */
int CRYPT_RSA_PublicKeyDecode(CRYPT_RSA_CTX* rsa, const unsigned char* in,
unsigned int inSz)
{
unsigned int idx = 0;
(void)idx;
if (rsa == NULL || in == NULL)
return BAD_FUNC_ARG;
return RsaPublicKeyDecode(in, &idx, (RsaKey*)rsa->holder, inSz);
}
/* RSA Private key decode ASN.1 */
int CRYPT_RSA_PrivateKeyDecode(CRYPT_RSA_CTX* rsa, const unsigned char* in,
unsigned int inSz)
{
unsigned int idx = 0;
(void)idx;
if (rsa == NULL || in == NULL)
return BAD_FUNC_ARG;
return RsaPrivateKeyDecode(in, &idx, (RsaKey*)rsa->holder, inSz);
}
/* RSA Public Encrypt */
int CRYPT_RSA_PublicEncrypt(CRYPT_RSA_CTX* rsa, unsigned char* out,
unsigned int outSz, const unsigned char* in,
unsigned int inSz, CRYPT_RNG_CTX* rng)
{
if (rsa == NULL || in == NULL || out == NULL || rng == NULL)
return BAD_FUNC_ARG;
return RsaPublicEncrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder,
(RNG*)rng);
}
/* RSA Private Decrypt */
int CRYPT_RSA_PrivateDecrypt(CRYPT_RSA_CTX* rsa, unsigned char* out,
unsigned int outSz, const unsigned char* in,
unsigned int inSz)
{
if (rsa == NULL || in == NULL || out == NULL)
return BAD_FUNC_ARG;
return RsaPrivateDecrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder);
}
/* RSA Get Encrypt size helper */
int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX* rsa)
{
if (rsa == NULL)
return BAD_FUNC_ARG;
return RsaEncryptSize((RsaKey*)rsa->holder);
}
/* ECC init */
int CRYPT_ECC_Initialize(CRYPT_ECC_CTX* ecc)
{
if (ecc == NULL)
return BAD_FUNC_ARG;
ecc->holder = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
if (ecc->holder == NULL)
return -1;
ecc_init((ecc_key*)ecc->holder);
return 0;
}
/* ECC free resources */
int CRYPT_ECC_Free(CRYPT_ECC_CTX* ecc)
{
if (ecc == NULL)
return BAD_FUNC_ARG;
ecc_free((ecc_key*)ecc->holder);
XFREE(ecc->holder, NULL, DYNAMIC_TYPE_ECC);
ecc->holder = NULL;
return 0;
}
/* ECC Public x963 Export */
int CRYPT_ECC_PublicExport(CRYPT_ECC_CTX* ecc, unsigned char* out,
unsigned int outSz, unsigned int* usedSz)
{
int ret;
unsigned int inOut = outSz;
if (ecc == NULL || out == NULL)
return BAD_FUNC_ARG;
ret = ecc_export_x963((ecc_key*)ecc->holder, out, &inOut);
*usedSz = inOut;
return ret;
}
/* ECC Public x963 Import */
int CRYPT_ECC_PublicImport(CRYPT_ECC_CTX* ecc, const unsigned char* in,
unsigned int inSz)
{
if (ecc == NULL || in == NULL)
return BAD_FUNC_ARG;
return ecc_import_x963(in, inSz, (ecc_key*)ecc->holder);
}
/* ECC Private x963 Import */
int CRYPT_ECC_PrivateImport(CRYPT_ECC_CTX* ecc, const unsigned char* priv,
unsigned int privSz, const unsigned char* pub, unsigned int pubSz)
{
if (ecc == NULL || priv == NULL || pub == NULL)
return BAD_FUNC_ARG;
return ecc_import_private_key(priv, privSz, pub, pubSz,
(ecc_key*)ecc->holder);
}
/* ECC DHE Make key */
int CRYPT_ECC_DHE_KeyMake(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng, int keySz)
{
if (ecc == NULL || rng == NULL)
return BAD_FUNC_ARG;
return ecc_make_key((RNG*)rng, keySz, (ecc_key*)ecc->holder);
}
/* ECC DHE Make shared secret with our private and peer public */
int CRYPT_ECC_DHE_SharedSecretMake(CRYPT_ECC_CTX* priv, CRYPT_ECC_CTX* pub,
unsigned char* out, unsigned int outSz, unsigned int* usedSz)
{
int ret;
unsigned int inOut = outSz;
if (priv == NULL || pub == NULL || out == NULL || usedSz == NULL)
return BAD_FUNC_ARG;
ret = ecc_shared_secret((ecc_key*)priv->holder, (ecc_key*)pub->holder,
out, &inOut);
*usedSz = inOut;
return ret;
}
/* ECC DSA Hash Sign */
int CRYPT_ECC_DSA_HashSign(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng,
unsigned char* sig, unsigned int sigSz,
unsigned int* usedSz, const unsigned char* in,
unsigned int inSz)
{
int ret;
unsigned int inOut = sigSz;
if (ecc == NULL || rng == NULL || sig == NULL || usedSz == NULL ||
in == NULL)
return BAD_FUNC_ARG;
ret = ecc_sign_hash(in, inSz, sig, &inOut, (RNG*)rng,
(ecc_key*)ecc->holder);
*usedSz = inOut;
return ret;
}
/* ECC DSA Hash Verify */
int CRYPT_ECC_DSA_HashVerify(CRYPT_ECC_CTX* ecc, const unsigned char* sig,
unsigned int sigSz, unsigned char* hash,
unsigned int hashSz, int* status)
{
if (ecc == NULL || sig == NULL || hash == NULL || status == NULL)
return BAD_FUNC_ARG;
return ecc_verify_hash(sig, sigSz, hash, hashSz, status,
(ecc_key*)ecc->holder);
}
/* ECC get key size helper */
int CRYPT_ECC_KeySizeGet(CRYPT_ECC_CTX* ecc)
{
if (ecc == NULL)
return BAD_FUNC_ARG;
return ecc_size((ecc_key*)ecc->holder);
}
/* ECC get signature size helper */
int CRYPT_ECC_SignatureSizeGet(CRYPT_ECC_CTX* ecc)
{
if (ecc == NULL)
return BAD_FUNC_ARG;
return ecc_sig_size((ecc_key*)ecc->holder);
}
/* Save error string from err to str which needs to be >= 80 chars */
int CRYPT_ERROR_StringGet(int err, char* str)
{
if (str == NULL)
return BAD_FUNC_ARG;
CTaoCryptErrorString(err, str);
return 0;
}

268
mcapi/crypto.h Normal file
View File

@ -0,0 +1,268 @@
/* crypto.h
*
* Copyright (C) 2006-2013 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* Defines Microchip CRYPTO API layer */
#ifndef MC_CRYPTO_API_H
#define MC_CRYPTO_API_H
#ifdef __cplusplus
extern "C" {
#endif
/* MD5 */
typedef struct CRYPT_MD5_CTX {
int holder[24]; /* big enough to hold internal, but check on init */
} CRYPT_MD5_CTX;
int CRYPT_MD5_Initialize(CRYPT_MD5_CTX*);
int CRYPT_MD5_DataAdd(CRYPT_MD5_CTX*, const unsigned char*, unsigned int);
int CRYPT_MD5_Finalize(CRYPT_MD5_CTX*, unsigned char*);
enum {
CRYPT_MD5_DIGEST_SIZE = 16
};
/* SHA */
typedef struct CRYPT_SHA_CTX {
int holder[24]; /* big enough to hold internal, but check on init */
} CRYPT_SHA_CTX;
int CRYPT_SHA_Initialize(CRYPT_SHA_CTX*);
int CRYPT_SHA_DataAdd(CRYPT_SHA_CTX*, const unsigned char*, unsigned int);
int CRYPT_SHA_Finalize(CRYPT_SHA_CTX*, unsigned char*);
enum {
CRYPT_SHA_DIGEST_SIZE = 20
};
/* SHA-256 */
typedef struct CRYPT_SHA256_CTX {
int holder[28]; /* big enough to hold internal, but check on init */
} CRYPT_SHA256_CTX;
int CRYPT_SHA256_Initialize(CRYPT_SHA256_CTX*);
int CRYPT_SHA256_DataAdd(CRYPT_SHA256_CTX*, const unsigned char*, unsigned int);
int CRYPT_SHA256_Finalize(CRYPT_SHA256_CTX*, unsigned char*);
enum {
CRYPT_SHA256_DIGEST_SIZE = 32
};
/* SHA-384 */
typedef struct CRYPT_SHA384_CTX {
long long holder[32]; /* big enough to hold internal, but check on init */
} CRYPT_SHA384_CTX;
int CRYPT_SHA384_Initialize(CRYPT_SHA384_CTX*);
int CRYPT_SHA384_DataAdd(CRYPT_SHA384_CTX*, const unsigned char*, unsigned int);
int CRYPT_SHA384_Finalize(CRYPT_SHA384_CTX*, unsigned char*);
enum {
CRYPT_SHA384_DIGEST_SIZE = 48
};
/* SHA-512 */
typedef struct CRYPT_SHA512_CTX {
long long holder[36]; /* big enough to hold internal, but check on init */
} CRYPT_SHA512_CTX;
int CRYPT_SHA512_Initialize(CRYPT_SHA512_CTX*);
int CRYPT_SHA512_DataAdd(CRYPT_SHA512_CTX*, const unsigned char*, unsigned int);
int CRYPT_SHA512_Finalize(CRYPT_SHA512_CTX*, unsigned char*);
enum {
CRYPT_SHA512_DIGEST_SIZE = 64
};
/* HMAC */
typedef struct CRYPT_HMAC_CTX {
long long holder[67]; /* big enough to hold internal, but check on init */
} CRYPT_HMAC_CTX;
int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX*, int, const unsigned char*, unsigned int);
int CRYPT_HMAC_DataAdd(CRYPT_HMAC_CTX*, const unsigned char*, unsigned int);
int CRYPT_HMAC_Finalize(CRYPT_HMAC_CTX*, unsigned char*);
/* HMAC types */
enum {
CRYPT_HMAC_SHA = 1,
CRYPT_HMAC_SHA256 = 2,
CRYPT_HMAC_SHA384 = 5,
CRYPT_HMAC_SHA512 = 4
};
/* Huffman */
int CRYPT_HUFFMAN_Compress(unsigned char*, unsigned int, const unsigned char*,
unsigned int, unsigned int);
int CRYPT_HUFFMAN_DeCompress(unsigned char*, unsigned int, const unsigned char*,
unsigned int);
/* flag to use static huffman */
enum {
CRYPT_HUFFMAN_COMPRESS_STATIC = 1
};
/* RNG */
typedef struct CRYPT_RNG_CTX {
int holder[66]; /* big enough to hold internal, but check on init */
} CRYPT_RNG_CTX;
int CRYPT_RNG_Initialize(CRYPT_RNG_CTX*);
int CRYPT_RNG_Get(CRYPT_RNG_CTX*, unsigned char*);
int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX*, unsigned char*, unsigned int);
/* TDES */
typedef struct CRYPT_TDES_CTX {
int holder[100]; /* big enough to hold internal, but check on init */
} CRYPT_TDES_CTX;
int CRYPT_TDES_KeySet(CRYPT_TDES_CTX*, const unsigned char*,
const unsigned char*, int);
int CRYPT_TDES_IvSet(CRYPT_TDES_CTX*, const unsigned char*);
int CRYPT_TDES_CBC_Encrypt(CRYPT_TDES_CTX*, unsigned char*,
const unsigned char*, unsigned int);
int CRYPT_TDES_CBC_Decrypt(CRYPT_TDES_CTX*, unsigned char*,
const unsigned char*, unsigned int);
/* key direction flags for setup */
enum {
CRYPT_TDES_ENCRYPTION = 0,
CRYPT_TDES_DECRYPTION = 1
};
/* AES */
typedef struct CRYPT_AES_CTX {
int holder[69]; /* big enough to hold internal, but check on init */
} CRYPT_AES_CTX;
/* key */
int CRYPT_AES_KeySet(CRYPT_AES_CTX*, const unsigned char*, unsigned int,
const unsigned char*, int);
int CRYPT_AES_IvSet(CRYPT_AES_CTX*, const unsigned char*);
/* cbc */
int CRYPT_AES_CBC_Encrypt(CRYPT_AES_CTX*, unsigned char*,
const unsigned char*, unsigned int);
int CRYPT_AES_CBC_Decrypt(CRYPT_AES_CTX*, unsigned char*,
const unsigned char*, unsigned int);
/* ctr (counter), use Encrypt both ways with ENCRYPT key setup */
int CRYPT_AES_CTR_Encrypt(CRYPT_AES_CTX*, unsigned char*,
const unsigned char*, unsigned int);
/* direct, one block at a time */
int CRYPT_AES_DIRECT_Encrypt(CRYPT_AES_CTX*, unsigned char*,
const unsigned char*);
int CRYPT_AES_DIRECT_Decrypt(CRYPT_AES_CTX*, unsigned char*,
const unsigned char*);
/* key direction flags for setup, ctr always uses ENCRYPT flag */
enum {
CRYPT_AES_ENCRYPTION = 0,
CRYPT_AES_DECRYPTION = 1,
CRYPT_AES_BLOCK_SIZE = 16
};
/* RSA */
typedef struct CRYPT_RSA_CTX {
void* holder;
} CRYPT_RSA_CTX;
/* init/free */
int CRYPT_RSA_Initialize(CRYPT_RSA_CTX*);
int CRYPT_RSA_Free(CRYPT_RSA_CTX*);
/* key decode */
int CRYPT_RSA_PublicKeyDecode(CRYPT_RSA_CTX*, const unsigned char*,
unsigned int);
int CRYPT_RSA_PrivateKeyDecode(CRYPT_RSA_CTX*, const unsigned char*,
unsigned int);
/* encrypt/decrypt */
int CRYPT_RSA_PublicEncrypt(CRYPT_RSA_CTX*, unsigned char*,
unsigned int, const unsigned char*, unsigned int,
CRYPT_RNG_CTX*);
int CRYPT_RSA_PrivateDecrypt(CRYPT_RSA_CTX*, unsigned char*,
unsigned int, const unsigned char*, unsigned int);
/* helpers */
int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX*);
/* ECC */
typedef struct CRYPT_ECC_CTX {
void* holder;
} CRYPT_ECC_CTX;
/* init/free */
int CRYPT_ECC_Initialize(CRYPT_ECC_CTX*);
int CRYPT_ECC_Free(CRYPT_ECC_CTX*);
/* key coders */
int CRYPT_ECC_PublicExport(CRYPT_ECC_CTX*, unsigned char*, unsigned int,
unsigned int*);
int CRYPT_ECC_PublicImport(CRYPT_ECC_CTX*, const unsigned char*, unsigned int);
int CRYPT_ECC_PrivateImport(CRYPT_ECC_CTX*, const unsigned char*, unsigned int,
const unsigned char*, unsigned int);
/* dhe */
int CRYPT_ECC_DHE_KeyMake(CRYPT_ECC_CTX*, CRYPT_RNG_CTX*, int);
int CRYPT_ECC_DHE_SharedSecretMake(CRYPT_ECC_CTX*, CRYPT_ECC_CTX*,
unsigned char*, unsigned int, unsigned int*);
/* dsa */
int CRYPT_ECC_DSA_HashSign(CRYPT_ECC_CTX*, CRYPT_RNG_CTX*, unsigned char*,
unsigned int, unsigned int*, const unsigned char*, unsigned int);
int CRYPT_ECC_DSA_HashVerify(CRYPT_ECC_CTX*, const unsigned char*,
unsigned int, unsigned char*, unsigned int, int*);
/* helpers */
int CRYPT_ECC_KeySizeGet(CRYPT_ECC_CTX*);
int CRYPT_ECC_SignatureSizeGet(CRYPT_ECC_CTX*);
/* Error string helper, string needs to be >= 80 chars */
int CRYPT_ERROR_StringGet(int, char*);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* MC_CRYPTO_API_H */

14
mcapi/include.am Normal file
View File

@ -0,0 +1,14 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
if BUILD_MCAPI
check_PROGRAMS += mcapi/test
noinst_PROGRAMS += mcapi/test
mcapi_test_SOURCES = mcapi/crypto.c \
mcapi/test.c
mcapi_test_LDADD = src/libcyassl.la
mcapi_test_DEPENDENCIES = src/libcyassl.la
endif
noinst_HEADERS += mcapi/crypto.h

1359
mcapi/test.c Normal file
View File

File diff suppressed because it is too large Load Diff

3
mplabx/ctaocrypt_test.X/main.c
View File

@ -24,6 +24,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <p32xxxx.h>
#include <plib.h>
#include <sys/appio.h>
/* func_args from test.h, so don't have to pull in other junk */
@ -38,6 +39,8 @@ typedef struct func_args {
*/
int main(int argc, char** argv) {
SYSTEMConfigPerformance(80000000);
DBINIT();
printf("CTaoCrypt Test:\n");

21
src/crl.c
View File

@ -30,6 +30,7 @@
#include <cyassl/error.h>
#include <dirent.h>
#include <sys/stat.h>
#include <string.h>
@ -532,8 +533,19 @@ int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
return BAD_PATH_ERROR;
}
while ( (entry = readdir(dir)) != NULL) {
if (entry->d_type & DT_REG) {
char name[MAX_FILENAME_SZ];
char name[MAX_FILENAME_SZ];
struct stat s;
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
if (stat(name, &s) != 0) {
CYASSL_MSG("stat on name failed");
continue;
}
if (s.st_mode & S_IFREG) {
if (type == SSL_FILETYPE_PEM) {
if (strstr(entry->d_name, ".pem") == NULL) {
@ -550,11 +562,6 @@ int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
}
}
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
!= SSL_SUCCESS) {
CYASSL_MSG("CRL file load failed, continuing");

70
src/include.am
View File

@ -11,7 +11,6 @@ src_libcyassl_la_SOURCES = \
src/tls.c \
ctaocrypt/src/hmac.c \
ctaocrypt/src/random.c \
ctaocrypt/src/sha.c \
ctaocrypt/src/sha256.c \
ctaocrypt/src/logging.c \
ctaocrypt/src/error.c
@ -20,19 +19,56 @@ src_libcyassl_la_LIBADD = $(LIBM)
src_libcyassl_la_CFLAGS = -DBUILDING_CYASSL $(AM_CFLAGS)
src_libcyassl_la_CPPFLAGS = -DBUILDING_CYASSL $(AM_CPPFLAGS)
if !BUILD_LEANPSK
src_libcyassl_la_SOURCES += ctaocrypt/src/rsa.c \
ctaocrypt/src/des3.c \
ctaocrypt/src/coding.c \
ctaocrypt/src/arc4.c \
ctaocrypt/src/md4.c \
ctaocrypt/src/md5.c \
ctaocrypt/src/asn.c \
ctaocrypt/src/dh.c \
ctaocrypt/src/dsa.c \
ctaocrypt/src/pwdbased.c \
ctaocrypt/src/aes.c \
ctaocrypt/src/memory.c
if BUILD_MEMORY
src_libcyassl_la_SOURCES += ctaocrypt/src/memory.c
endif
if BUILD_RSA
src_libcyassl_la_SOURCES += ctaocrypt/src/rsa.c
endif
if BUILD_DH
src_libcyassl_la_SOURCES += ctaocrypt/src/dh.c
endif
if BUILD_ASN
src_libcyassl_la_SOURCES += ctaocrypt/src/asn.c
endif
if BUILD_CODING
src_libcyassl_la_SOURCES += ctaocrypt/src/coding.c
endif
if BUILD_AES
src_libcyassl_la_SOURCES += ctaocrypt/src/aes.c
endif
if BUILD_DES3
src_libcyassl_la_SOURCES += ctaocrypt/src/des3.c
endif
if BUILD_SHA
src_libcyassl_la_SOURCES += ctaocrypt/src/sha.c
endif
if BUILD_RC4
src_libcyassl_la_SOURCES += ctaocrypt/src/arc4.c
endif
if BUILD_MD4
src_libcyassl_la_SOURCES += ctaocrypt/src/md4.c
endif
if BUILD_MD5
src_libcyassl_la_SOURCES += ctaocrypt/src/md5.c
endif
if BUILD_PWDBASED
src_libcyassl_la_SOURCES += ctaocrypt/src/pwdbased.c
endif
if BUILD_DSA
src_libcyassl_la_SOURCES += ctaocrypt/src/dsa.c
endif
if BUILD_AESNI
@ -71,7 +107,7 @@ if BUILD_RABBIT
src_libcyassl_la_SOURCES += ctaocrypt/src/rabbit.c
endif
if BUILD_NOINLINE
if !BUILD_INLINE
src_libcyassl_la_SOURCES += ctaocrypt/src/misc.c
endif
@ -100,3 +136,7 @@ src_libcyassl_la_CFLAGS += $(PTHREAD_CFLAGS)
src_libcyassl_la_LIBADD += $(PTHREAD_LIBS)
endif
if BUILD_LIBZ
src_libcyassl_la_SOURCES += ctaocrypt/src/compress.c
endif

657
src/internal.c
View File

File diff suppressed because it is too large Load Diff

52
src/io.c
View File

@ -96,6 +96,7 @@
#define SOCKET_EINTR WSAEINTR
#define SOCKET_EPIPE WSAEPIPE
#define SOCKET_ECONNREFUSED WSAENOTCONN
#define SOCKET_ECONNABORTED WSAECONNABORTED
#elif defined(__PPU)
#define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK
#define SOCKET_EAGAIN SYS_NET_EAGAIN
@ -103,6 +104,7 @@
#define SOCKET_EINTR SYS_NET_EINTR
#define SOCKET_EPIPE SYS_NET_EPIPE
#define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED
#define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED
#elif defined(FREESCALE_MQX)
/* RTCS doesn't have an EWOULDBLOCK error */
#define SOCKET_EWOULDBLOCK EAGAIN
@ -111,6 +113,7 @@
#define SOCKET_EINTR EINTR
#define SOCKET_EPIPE EPIPE
#define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
#define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED
#else
#define SOCKET_EWOULDBLOCK EWOULDBLOCK
#define SOCKET_EAGAIN EAGAIN
@ -118,6 +121,7 @@
#define SOCKET_EINTR EINTR
#define SOCKET_EPIPE EPIPE
#define SOCKET_ECONNREFUSED ECONNREFUSED
#define SOCKET_ECONNABORTED ECONNABORTED
#endif /* USE_WINDOWS_API */
@ -136,16 +140,6 @@
#endif
#ifdef CYASSL_DTLS
/* sizeof(struct timeval) will pass uninit bytes to setsockopt if padded */
#ifdef USE_WINDOWS_API
#define TIMEVAL_BYTES sizeof(timeout)
#else
#define TIMEVAL_BYTES sizeof(timeout.tv_sec) + sizeof(timeout.tv_usec)
#endif
#endif
/* Translates return codes returned from
* send() and recv() if need be.
*/
@ -198,10 +192,12 @@ int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx)
#ifdef USE_WINDOWS_API
DWORD timeout = dtls_timeout * 1000;
#else
struct timeval timeout = {dtls_timeout, 0};
struct timeval timeout;
XMEMSET(&timeout, 0, sizeof(timeout));
timeout.tv_sec = dtls_timeout;
#endif
if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
TIMEVAL_BYTES) != 0) {
sizeof(timeout)) != 0) {
CYASSL_MSG("setsockopt rcvtimeo failed");
}
}
@ -238,6 +234,10 @@ int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx)
CYASSL_MSG(" Connection refused");
return IO_ERR_WANT_READ;
}
else if (err == SOCKET_ECONNABORTED) {
CYASSL_MSG(" Connection aborted");
return IO_ERR_CONN_CLOSE;
}
else {
CYASSL_MSG(" General error");
return IO_ERR_GENERAL;
@ -326,10 +326,12 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx)
#ifdef USE_WINDOWS_API
DWORD timeout = dtls_timeout * 1000;
#else
struct timeval timeout = { dtls_timeout, 0 };
struct timeval timeout;
XMEMSET(&timeout, 0, sizeof(timeout));
timeout.tv_sec = dtls_timeout;
#endif
if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
TIMEVAL_BYTES) != 0) {
sizeof(timeout)) != 0) {
CYASSL_MSG("setsockopt rcvtimeo failed");
}
}
@ -431,9 +433,8 @@ int EmbedSendTo(CYASSL* ssl, char *buf, int sz, void *ctx)
/* The DTLS Generate Cookie callback
* return : number of bytes copied into buf, or error
*/
int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx)
{
CYASSL* ssl = (CYASSL*)ctx;
int sd = ssl->wfd;
struct sockaddr_in peer;
XSOCKLENT peerSz = sizeof(peer);
@ -441,6 +442,8 @@ int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
int cookieSrcSz = 0;
Sha sha;
(void)ctx;
if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) {
CYASSL_MSG("getpeername failed in EmbedGenerateCookie");
return GEN_COOKIE_E;
@ -785,6 +788,23 @@ CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags)
ssl->wflags = flags;
}
#ifdef CYASSL_DTLS
CYASSL_API void CyaSSL_CTX_SetGenCookie(CYASSL_CTX* ctx, CallbackGenCookie cb)
{
ctx->CBIOCookie = cb;
}
CYASSL_API void CyaSSL_SetCookieCtx(CYASSL* ssl, void *ctx)
{
ssl->IOCB_CookieCtx = ctx;
}
#endif /* CYASSL_DTLS */
#ifdef HAVE_OCSP
CYASSL_API void CyaSSL_SetIOOcsp(CYASSL_CTX* ctx, CallbackIOOcsp cb)

136
src/keys.c
View File

@ -44,6 +44,134 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef HAVE_ECC
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
@ -1617,7 +1745,7 @@ static int MakeSslMasterSecret(CYASSL* ssl)
#ifdef SHOW_SECRETS
{
int j;
word32 j;
printf("pre master secret: ");
for (j = 0; j < pmsSz; j++)
printf("%02x", ssl->arrays->preMasterSecret[j]);
@ -1658,10 +1786,10 @@ static int MakeSslMasterSecret(CYASSL* ssl)
#ifdef SHOW_SECRETS
{
int i;
word32 j;
printf("master secret: ");
for (i = 0; i < SECRET_LEN; i++)
printf("%02x", ssl->arrays->masterSecret[i]);
for (j = 0; j < SECRET_LEN; j++)
printf("%02x", ssl->arrays->masterSecret[j]);
printf("\n");
}
#endif

339
src/ssl.c
View File

@ -27,8 +27,6 @@
#include <errno.h>
#endif
#define TRUE 1
#define FALSE 0
#include <cyassl/ssl.h>
#include <cyassl/internal.h>
@ -64,6 +62,7 @@
#if !defined(USE_WINDOWS_API) && !defined(NO_CYASSL_DIR) \
&& !defined(EBSNET)
#include <dirent.h>
#include <sys/stat.h>
#endif
#ifdef EBSNET
#include "vfapi.h"
@ -71,6 +70,12 @@
#endif
#endif /* NO_FILESYSTEM */
#ifndef TRUE
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
#ifndef min
@ -175,7 +180,6 @@ void CyaSSL_free(CYASSL* ssl)
}
#ifndef CYASSL_LEANPSK
int CyaSSL_set_fd(CYASSL* ssl, int fd)
{
CYASSL_ENTER("SSL_set_fd");
@ -204,7 +208,6 @@ int CyaSSL_get_fd(const CYASSL* ssl)
CYASSL_LEAVE("SSL_get_fd", ssl->rfd);
return ssl->rfd;
}
#endif
#ifndef CYASSL_LEANPSK
@ -545,6 +548,13 @@ int CyaSSL_get_error(CYASSL* ssl, int ret)
return ssl->error;
}
int CyaSSL_get_alert_history(CYASSL* ssl, CYASSL_ALERT_HISTORY *h)
{
if (ssl && h) {
*h = ssl->alert_history;
}
return 0;
}
int CyaSSL_want_read(CYASSL* ssl)
{
@ -910,6 +920,8 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
or systems where the default of nearly 3kB is too much RAM, this define
uses less than 500 bytes RAM
default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
*/
#ifdef HUGE_SESSION_CACHE
#define SESSIONS_PER_ROW 11
@ -1136,7 +1148,7 @@ int CyaSSL_Init(void)
if (pkcs8)
return ToTraditional(der->buffer, der->length);
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED)
if (pkcs8Enc) {
int passwordSz;
char password[80];
@ -1166,6 +1178,7 @@ int CyaSSL_Init(void)
int ret;
int dynamicType = 0;
int eccKey = 0;
int rsaKey = 0;
void* heap = ctx ? ctx->heap : NULL;
info.set = 0;
@ -1404,12 +1417,14 @@ int CyaSSL_Init(void)
FreeRsaKey(&key);
return SSL_BAD_FILE;
}
} else {
rsaKey = 1;
}
FreeRsaKey(&key);
}
#endif
#ifdef HAVE_ECC
if (eccKey ) {
if (!rsaKey) {
/* make sure ECC key can be used */
word32 idx = 0;
ecc_key key;
@ -1420,6 +1435,7 @@ int CyaSSL_Init(void)
return SSL_BAD_FILE;
}
ecc_free(&key);
eccKey = 1;
ctx->haveStaticECC = 1;
if (ssl)
ssl->options.haveStaticECC = 1;
@ -1664,14 +1680,20 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
return BAD_PATH_ERROR;
}
while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
if (entry->d_type & DT_REG) {
char name[MAX_FILENAME_SZ];
char name[MAX_FILENAME_SZ];
struct stat s;
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
if (stat(name, &s) != 0) {
CYASSL_MSG("stat on name failed");
closedir(dir);
return BAD_PATH_ERROR;
}
if (s.st_mode & S_IFREG) {
ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
NULL);
}
@ -1786,7 +1808,13 @@ int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
CYASSL_MSG("No CertManager error");
return ret;
}
tmp = CyaSSL_CTX_new(CyaSSLv3_client_method());
tmp = CyaSSL_CTX_new(
#ifdef NO_OLD_TLS
CyaTLSv1_2_client_method()
#else
CyaSSLv3_client_method()
#endif
);
if (tmp == NULL) {
CYASSL_MSG("CTX new failed");
@ -2562,6 +2590,17 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
InitSSL_Method(method, MakeDTLSv1());
return method;
}
CYASSL_METHOD* CyaDTLSv1_2_client_method(void)
{
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_ENTER("DTLSv1_2_client_method");
if (method)
InitSSL_Method(method, MakeDTLSv1_2());
return method;
}
#endif
@ -2583,7 +2622,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
#ifdef CYASSL_DTLS
if (ssl->version.major == DTLS_MAJOR &&
ssl->version.minor == DTLS_MINOR) {
ssl->version.minor >= DTLSv1_2_MINOR) {
ssl->options.dtls = 1;
ssl->options.tls = 1;
ssl->options.tls1_1 = 1;
@ -2654,12 +2693,18 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
#ifdef CYASSL_DTLS
if (ssl->options.dtls) {
/* re-init hashes, exclude first hello and verify request */
#ifndef NO_OLD_TLS
InitMd5(&ssl->hashMd5);
InitSha(&ssl->hashSha);
#ifndef NO_SHA256
if (IsAtLeastTLSv1_2(ssl))
#endif
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
InitSha256(&ssl->hashSha256);
#endif
#endif
#ifdef CYASSL_SHA384
InitSha384(&ssl->hashSha384);
#endif
}
if ( (ssl->error = SendClientHello(ssl)) != 0) {
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
@ -2695,31 +2740,38 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
case FIRST_REPLY_DONE :
#ifndef NO_CERTS
if (ssl->options.sendVerify)
if (ssl->options.sendVerify) {
if ( (ssl->error = SendCertificate(ssl)) != 0) {
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
CYASSL_MSG("sent: certificate");
}
#endif
ssl->options.connectState = FIRST_REPLY_FIRST;
CYASSL_MSG("connect state: FIRST_REPLY_FIRST");
case FIRST_REPLY_FIRST :
if (!ssl->options.resuming)
if (!ssl->options.resuming) {
if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
CYASSL_MSG("sent: client key exchange");
}
ssl->options.connectState = FIRST_REPLY_SECOND;
CYASSL_MSG("connect state: FIRST_REPLY_SECOND");
case FIRST_REPLY_SECOND :
#ifndef NO_CERTS
if (ssl->options.sendVerify)
if (ssl->options.sendVerify) {
if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
CYASSL_MSG("sent: certificate verify");
}
#endif
ssl->options.connectState = FIRST_REPLY_THIRD;
@ -2730,6 +2782,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
CYASSL_MSG("sent: change cipher spec");
ssl->options.connectState = FIRST_REPLY_FOURTH;
CYASSL_MSG("connect state: FIRST_REPLY_FOURTH");
@ -2738,7 +2791,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
CYASSL_MSG("sent: finished");
ssl->options.connectState = FINISHED_DONE;
CYASSL_MSG("connect state: FINISHED_DONE");
@ -2799,6 +2852,19 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
}
return method;
}
CYASSL_METHOD* CyaDTLSv1_2_server_method(void)
{
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_ENTER("DTLSv1_2_server_method");
if (method) {
InitSSL_Method(method, MakeDTLSv1_2());
method->side = SERVER_END;
}
return method;
}
#endif
@ -2814,6 +2880,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
#ifndef NO_PSK
havePSK = ssl->options.havePSK;
#endif
(void)havePSK;
if (ssl->options.side != SERVER_END) {
CYASSL_ERROR(ssl->error = SIDE_ERROR);
@ -2846,7 +2913,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
#ifdef CYASSL_DTLS
if (ssl->version.major == DTLS_MAJOR &&
ssl->version.minor == DTLS_MINOR) {
ssl->version.minor >= DTLSv1_2_MINOR) {
ssl->options.dtls = 1;
ssl->options.tls = 1;
ssl->options.tls1_1 = 1;
@ -2898,12 +2965,18 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
if (ssl->options.dtls) {
ssl->options.clientState = NULL_STATE; /* get again */
/* re-init hashes, exclude first hello and verify request */
#ifndef NO_OLD_TLS
InitMd5(&ssl->hashMd5);
InitSha(&ssl->hashSha);
#ifndef NO_SHA256
if (IsAtLeastTLSv1_2(ssl))
InitSha256(&ssl->hashSha256);
#endif
#endif
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
InitSha256(&ssl->hashSha256);
#endif
#ifdef CYASSL_SHA384
InitSha384(&ssl->hashSha384);
#endif
}
while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
if ( (ssl->error = ProcessReply(ssl)) < 0) {
@ -3052,13 +3125,64 @@ int CyaSSL_Cleanup(void)
#ifndef NO_SESSION_CACHE
/* Make a work from the front of random hash */
static INLINE word32 MakeWordFromHash(const byte* hashID)
{
return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |
hashID[3];
}
#ifndef NO_MD5
/* some session IDs aren't random afterall, let's make them random */
static INLINE word32 HashSession(const byte* sessionID)
{
/* id is random, just make 32 bit number from first 4 bytes for now */
return (sessionID[0] << 24) | (sessionID[1] << 16) | (sessionID[2] << 8) |
sessionID[3];
byte digest[MD5_DIGEST_SIZE];
Md5 md5;
InitMd5(&md5);
Md5Update(&md5, sessionID, ID_LEN);
Md5Final(&md5, digest);
return MakeWordFromHash(digest);
}
#elif !defined(NO_SHA)
static INLINE word32 HashSession(const byte* sessionID)
{
byte digest[SHA_DIGEST_SIZE];
Sha sha;
InitSha(&sha);
ShaUpdate(&sha, sessionID, ID_LEN);
ShaFinal(&sha, digest);
return MakeWordFromHash(digest);
}
#elif !defined(NO_SHA256)
static INLINE word32 HashSession(const byte* sessionID)
{
byte digest[SHA256_DIGEST_SIZE];
Sha256 sha256;
InitSha256(&sha256);
Sha256Update(&sha256, sessionID, ID_LEN);
Sha256Final(&sha256, digest);
return MakeWordFromHash(digest);
}
#else
#error "We need a digest to hash the session IDs"
#endif /* NO_MD5 */
void CyaSSL_flush_sessions(CYASSL_CTX* ctx, long tm)
{
@ -3840,8 +3964,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
ssl->options.side);
}
#endif
/* return true if connection established */
int CyaSSL_is_init_finished(CYASSL* ssl)
{
@ -3854,7 +3978,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
return 0;
}
#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx,
CYASSL_RSA*(*f)(CYASSL*, int, int))
{
@ -5332,8 +5456,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
(void)flags;
return 0;
}
#endif
#ifdef KEEP_PEER_CERT
CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl)
{
CYASSL_ENTER("SSL_get_peer_certificate");
@ -5342,9 +5466,9 @@ int CyaSSL_set_compression(CYASSL* ssl)
else
return 0;
}
#endif
#ifdef OPENSSL_EXTRA
int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data)
{
#ifdef FORTRESS
@ -5384,19 +5508,19 @@ int CyaSSL_set_compression(CYASSL* ssl)
(void)ssl;
/* client by default */
}
#endif
int CyaSSL_session_reused(CYASSL* ssl)
{
return ssl->options.resuming;
}
#ifdef OPENSSL_EXTRA
void CyaSSL_SESSION_free(CYASSL_SESSION* session)
{
(void)session;
}
#endif
const char* CyaSSL_get_version(CYASSL* ssl)
{
@ -5415,11 +5539,26 @@ int CyaSSL_set_compression(CYASSL* ssl)
return "unknown";
}
}
else if (ssl->version.major == DTLS_MAJOR)
return "DTLS";
else if (ssl->version.major == DTLS_MAJOR) {
switch (ssl->version.minor) {
case DTLS_MINOR :
return "DTLS";
case DTLSv1_2_MINOR :
return "DTLSv1.2";
default:
return "unknown";
}
}
return "unknown";
}
int CyaSSL_get_current_cipher_suite(CYASSL* ssl)
{
CYASSL_ENTER("SSL_get_current_cipher_suite");
if (ssl)
return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite;
return 0;
}
CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL* ssl)
{
@ -5433,130 +5572,228 @@ int CyaSSL_set_compression(CYASSL* ssl)
const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher)
{
(void)cipher;
CYASSL_ENTER("SSL_CIPHER_get_name");
#ifndef NO_ERROR_STRINGS
if (cipher) {
#ifdef HAVE_ECC
if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
/* ECC suites */
switch (cipher->ssl->options.cipherSuite) {
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
#endif
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
#endif
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
#endif
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
#endif
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
#ifndef NO_SHA
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
#endif
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
#ifndef NO_RC4
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
#endif
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
#endif
#ifndef NO_DES3
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
#endif
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
#endif
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
#endif
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
#ifndef NO_RC4
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
#endif
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
#endif
#ifndef NO_DES3
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
#endif
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
#endif
#endif /* NO_SHA */
#ifdef HAVE_AESGCM
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
#endif
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
#endif
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
#endif
#ifdef HAVE_AESCCM
#ifndef NO_RSA
case TLS_RSA_WITH_AES_128_CCM_8_SHA256 :
return "TLS_RSA_WITH_AES_128_CCM_8_SHA256";
case TLS_RSA_WITH_AES_256_CCM_8_SHA384 :
return "TLS_RSA_WITH_AES_256_CCM_8_SHA384";
#endif
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256";
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384";
#endif
default:
return "NONE";
}
}
#endif
#endif /* ECC */
if (cipher->ssl->options.cipherSuite0 != ECC_BYTE) {
/* normal suites */
switch (cipher->ssl->options.cipherSuite) {
#ifndef NO_RSA
#ifndef NO_RC4
#ifndef NO_SHA
case SSL_RSA_WITH_RC4_128_SHA :
return "SSL_RSA_WITH_RC4_128_SHA";
#endif
#ifndef NO_MD5
case SSL_RSA_WITH_RC4_128_MD5 :
return "SSL_RSA_WITH_RC4_128_MD5";
#endif
#endif
#ifndef NO_SHA
#ifndef NO_DES3
case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
#endif
case TLS_RSA_WITH_AES_128_CBC_SHA :
return "TLS_RSA_WITH_AES_128_CBC_SHA";
case TLS_RSA_WITH_AES_256_CBC_SHA :
return "TLS_RSA_WITH_AES_256_CBC_SHA";
#endif
case TLS_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_RSA_WITH_AES_128_CBC_SHA256";
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_RSA_WITH_AES_256_CBC_SHA256";
#ifndef NO_SHA
case TLS_RSA_WITH_NULL_SHA :
return "TLS_RSA_WITH_NULL_SHA";
#endif
case TLS_RSA_WITH_NULL_SHA256 :
return "TLS_RSA_WITH_NULL_SHA256";
#endif /* NO_RSA */
#ifndef NO_PSK
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_PSK_WITH_AES_128_CBC_SHA256";
#ifndef NO_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA :
return "TLS_PSK_WITH_AES_128_CBC_SHA";
case TLS_PSK_WITH_AES_256_CBC_SHA :
return "TLS_PSK_WITH_AES_256_CBC_SHA";
#endif
case TLS_PSK_WITH_NULL_SHA256 :
return "TLS_PSK_WITH_NULL_SHA256";
#ifndef NO_SHA
case TLS_PSK_WITH_NULL_SHA :
return "TLS_PSK_WITH_NULL_SHA";
#endif
#endif /* NO_PSK */
#ifndef NO_RSA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
#ifndef NO_SHA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
#endif
#ifndef NO_HC128
#ifndef NO_MD5
case TLS_RSA_WITH_HC_128_CBC_MD5 :
return "TLS_RSA_WITH_HC_128_CBC_MD5";
#endif
#ifndef NO_SHA
case TLS_RSA_WITH_HC_128_CBC_SHA :
return "TLS_RSA_WITH_HC_128_CBC_SHA";
#endif
#endif /* NO_HC128 */
#ifndef NO_SHA
#ifndef NO_RABBIT
case TLS_RSA_WITH_RABBIT_CBC_SHA :
return "TLS_RSA_WITH_RABBIT_CBC_SHA";
#endif
#ifdef HAVE_NTRU
#ifndef NO_RC4
case TLS_NTRU_RSA_WITH_RC4_128_SHA :
return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
#endif
#ifndef NO_DES3
case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
#endif
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
#endif /* HAVE_NTRU */
#endif /* NO_SHA */
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_RSA_WITH_AES_128_GCM_SHA256";
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
@ -5565,28 +5802,33 @@ int CyaSSL_set_compression(CYASSL* ssl)
return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
#ifndef NO_SHA
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
#endif
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
#ifndef NO_SHA
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
#endif
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
#endif /* NO_RSA */
default:
return "NONE";
} /* switch */
} /* normal / ECC */
}
#endif /* NO_ERROR_STRINGS */
return "NONE";
}
@ -5597,6 +5839,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
return CyaSSL_CIPHER_get_name(CyaSSL_get_current_cipher(ssl));
}
#ifdef OPENSSL_EXTRA
/* XXX shuld be NO_DH */
#ifndef NO_CERTS
@ -7164,6 +7407,7 @@ static int initGlobalRNG = 0;
}
#ifndef NO_DSA
static void InitCyaSSL_DSA(CYASSL_DSA* dsa)
{
if (dsa) {
@ -7256,7 +7500,7 @@ static int initGlobalRNG = 0;
return 0; /* key gen not needed by server */
}
#endif /* NO_DSA */
static void InitCyaSSL_Rsa(CYASSL_RSA* rsa)
{
@ -7356,6 +7600,7 @@ static int initGlobalRNG = 0;
}
#ifndef NO_DSA
static int SetDsaExternal(CYASSL_DSA* dsa)
{
DsaKey* key;
@ -7397,6 +7642,7 @@ static int initGlobalRNG = 0;
return 0;
}
#endif /* NO_DSA */
static int SetRsaExternal(CYASSL_RSA* rsa)
@ -7548,6 +7794,7 @@ static int initGlobalRNG = 0;
}
#ifndef NO_DSA
/* return 0 on success, < 0 otherwise */
int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
CYASSL_DSA* dsa)
@ -7583,6 +7830,7 @@ static int initGlobalRNG = 0;
return 0;
}
#endif /* NO_DSA */
/* return 1 on success, 0 otherwise */
@ -8154,6 +8402,7 @@ int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
}
#ifndef NO_DSA
/* Load DSA from Der, 0 on success < 0 on error */
int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
{
@ -8182,7 +8431,7 @@ int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
return 0;
}
#endif /* NO_DSA */

22
src/tls.c
View File

@ -53,7 +53,7 @@
static void p_hash(byte* result, word32 resLen, const byte* secret,
word32 secLen, const byte* seed, word32 seedLen, int hash)
{
word32 len = SHA_DIGEST_SIZE;
word32 len = PHASH_MAX_DIGEST_SIZE;
word32 times;
word32 lastLen;
word32 lastTime;
@ -89,6 +89,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
}
break;
#endif
#ifndef NO_SHA
case sha_mac:
default:
{
@ -96,6 +97,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
hash = SHA;
}
break;
#endif
}
times = resLen / len;
@ -121,11 +123,14 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
HmacFinal(&hmac, previous);
}
}
XMEMSET(previous, 0, sizeof previous);
XMEMSET(current, 0, sizeof current);
XMEMSET(&hmac, 0, sizeof hmac);
}
#ifndef NO_MD5
#ifndef NO_OLD_TLS
/* calculate XOR for TLSv1 PRF */
static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
@ -194,7 +199,7 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen,
hash_type);
}
#ifndef NO_MD5
#ifndef NO_OLD_TLS
else
doPRF(digest, digLen, secret, secLen, label, labLen, seed, seedLen);
#endif
@ -214,7 +219,7 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
byte handshake_hash[HSHASH_SZ];
word32 hashSz = FINISHED_SZ;
#ifndef NO_MD5
#ifndef NO_OLD_TLS
Md5Final(&ssl->hashMd5, handshake_hash);
ShaFinal(&ssl->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
#endif
@ -423,12 +428,21 @@ void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
}
break;
#endif
#ifdef CYASSL_SHA384
case sha384_mac:
{
type = SHA384;
}
break;
#endif
#ifndef NO_SHA
case sha_mac:
default:
{
type = SHA;
}
break;
#endif
}
HmacSetKey(&hmac, type, GetMacSecret(ssl, verify), ssl->specs.hash_size);

3
sslSniffer/sslSnifferTest/snifftest.c
View File

@ -214,6 +214,9 @@ int main(int argc, char** argv)
ret = ssl_SetPrivateKey(server, port, "../../certs/server-key.pem",
FILETYPE_PEM, NULL, err);
if (ret != 0) {
printf("Please run directly from sslSniffer/sslSnifferTest dir\n");
}
}
else if (argc >= 3) {
saveFile = 1;

8
tests/api.c
View File

@ -35,7 +35,7 @@ static int test_CyaSSL_Init(void);
static int test_CyaSSL_Cleanup(void);
static int test_CyaSSL_Method_Allocators(void);
static int test_CyaSSL_CTX_new(CYASSL_METHOD *method);
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
static int test_CyaSSL_CTX_use_certificate_file(void);
static int test_CyaSSL_CTX_use_PrivateKey_file(void);
static int test_CyaSSL_CTX_load_verify_locations(void);
@ -51,7 +51,7 @@ static int test_method(CYASSL_METHOD *method, const char *name);
#ifdef OPENSSL_EXTRA
static int test_method2(CYASSL_METHOD *method, const char *name);
#endif
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
static int test_ucf(CYASSL_CTX *ctx, const char* file, int type,
int cond, const char* name);
static int test_upkf(CYASSL_CTX *ctx, const char* file, int type,
@ -79,7 +79,7 @@ int ApiTest(void)
test_CyaSSL_Init();
test_CyaSSL_Method_Allocators();
test_CyaSSL_CTX_new(CyaSSLv23_server_method());
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
test_CyaSSL_CTX_use_certificate_file();
test_CyaSSL_CTX_use_PrivateKey_file();
test_CyaSSL_CTX_load_verify_locations();
@ -209,7 +209,7 @@ int test_CyaSSL_CTX_new(CYASSL_METHOD *method)
return TEST_SUCCESS;
}
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
/* Helper for testing CyaSSL_CTX_use_certificate_file() */
int test_ucf(CYASSL_CTX *ctx, const char* file, int type, int cond,
const char* name)

4
tests/hash.c
View File

@ -76,11 +76,13 @@ int HashTest(void)
printf( " MD5 test passed!\n");
#endif
#ifndef NO_SHA
if ( (ret = sha_test()) ) {
printf( " SHA test failed!\n");
return ret;
} else
printf( " SHA test passed!\n");
#endif
#ifndef NO_SHA256
if ( (ret = sha256_test()) ) {
@ -290,6 +292,7 @@ int md5_test(void)
#endif /* NO_MD5 */
#ifndef NO_SHA
int sha_test(void)
{
Sha sha;
@ -343,6 +346,7 @@ int sha_test(void)
return 0;
}
#endif /* NO_SHA */
#ifndef NO_SHA256
int sha256_test(void)

18
tests/include.am
View File

@ -19,21 +19,5 @@ tests_unit_DEPENDENCIES = src/libcyassl.la
endif
EXTRA_DIST += tests/unit.h
EXTRA_DIST += tests/test.conf \
tests/test-openssl.conf \
tests/test-hc128.conf \
tests/test-psk.conf \
tests/test-ntru.conf \
tests/test-ecc.conf \
tests/test-aesgcm.conf \
tests/test-aesgcm-ecc.conf \
tests/test-aesgcm-openssl.conf \
tests/test-aesccm.conf \
tests/test-aesccm-ecc.conf \
tests/test-camellia.conf \
tests/test-camellia-openssl.conf \
tests/test-dtls.conf \
tests/test-rabbit.conf \
tests/test-null.conf \
tests/test-psk-null.conf \
tests/test-leanpsk.conf
tests/test-dtls.conf
DISTCLEANFILES+= tests/.libs/unit

316
tests/suites.c
View File

@ -32,12 +32,85 @@
#define MAX_ARGS 40
#define MAX_COMMAND_SZ 240
#define MAX_SUITE_SZ 80
#define NOT_BUILT_IN -123
#define VERSION_TOO_OLD -124
#include "examples/client/client.h"
#include "examples/server/server.h"
static void execute_test_case(int svr_argc, char** svr_argv,
int cli_argc, char** cli_argv, int addNoVerify)
CYASSL_CTX* cipherSuiteCtx = NULL;
#ifdef NO_OLD_TLS
/* if the protocol version is less than tls 1.2 return 1, else 0 */
static int IsOldTlsVersion(const char* line)
{
const char* find = "-v ";
char* begin = strstr(line, find);
if (begin) {
int version = -1;
begin += 3;
version = atoi(begin);
if (version < 3)
return 1;
}
return 0;
}
#endif /* NO_OLD_TLS */
/* if the cipher suite on line is valid store in suite and return 1, else 0 */
static int IsValidCipherSuite(const char* line, char* suite)
{
int found = 0;
int valid = 0;
const char* find = "-l ";
char* begin = strstr(line, find);
char* end;
suite[0] = '\0';
if (begin) {
begin += 3;
end = strstr(begin, " ");
if (end) {
long len = end - begin;
if (len > MAX_SUITE_SZ) {
printf("suite too long!\n");
return 0;
}
memcpy(suite, begin, len);
suite[len] = '\0';
}
else
strncpy(suite, begin, MAX_SUITE_SZ);
suite[MAX_SUITE_SZ] = '\0';
found = 1;
}
if (found) {
if (CyaSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == SSL_SUCCESS)
valid = 1;
}
return valid;
}
static int execute_test_case(int svr_argc, char** svr_argv,
int cli_argc, char** cli_argv,
int addNoVerify, int addNonBlocking)
{
func_args cliArgs = {cli_argc, cli_argv, 0, NULL};
func_args svrArgs = {svr_argc, svr_argv, 0, NULL};
@ -45,6 +118,7 @@ static void execute_test_case(int svr_argc, char** svr_argv,
tcp_ready ready;
THREAD_TYPE serverThread;
char commandLine[MAX_COMMAND_SZ];
char cipherSuite[MAX_SUITE_SZ+1];
int i;
size_t added = 0;
static int tests = 1;
@ -59,13 +133,38 @@ static void execute_test_case(int svr_argc, char** svr_argv,
strcat(commandLine, svr_argv[i]);
strcat(commandLine, " ");
}
if (IsValidCipherSuite(commandLine, cipherSuite) == 0) {
#ifdef DEBUG_SUITE_TESTS
printf("cipher suite %s not supported in build\n", cipherSuite);
#endif
return NOT_BUILT_IN;
}
#ifdef NO_OLD_TLS
if (IsOldTlsVersion(commandLine) == 1) {
#ifdef DEBUG_SUITE_TESTS
printf("protocol version on line %s is too old\n", commandLine);
#endif
return VERSION_TOO_OLD;
}
#endif
if (addNoVerify) {
printf("repeating test with client cert request off\n");
added += 3; /* -d plus terminator */
added += 4; /* -d plus space plus terminator */
if (added >= MAX_COMMAND_SZ)
printf("server command line too long\n");
else
strcat(commandLine, "-d");
strcat(commandLine, "-d ");
}
if (addNonBlocking) {
printf("repeating test with non blocking on\n");
added += 4; /* -N plus terminator */
if (added >= MAX_COMMAND_SZ)
printf("server command line too long\n");
else
strcat(commandLine, "-N ");
}
printf("trying server command line[%d]: %s\n", tests, commandLine);
@ -80,6 +179,13 @@ static void execute_test_case(int svr_argc, char** svr_argv,
strcat(commandLine, cli_argv[i]);
strcat(commandLine, " ");
}
if (addNonBlocking) {
added += 4; /* -N plus space plus terminator */
if (added >= MAX_COMMAND_SZ)
printf("client command line too long\n");
else
strcat(commandLine, "-N ");
}
printf("trying client command line[%d]: %s\n", tests++, commandLine);
InitTcpReady(&ready);
@ -105,7 +211,8 @@ static void execute_test_case(int svr_argc, char** svr_argv,
}
FreeTcpReady(&ready);
return 0;
}
static void test_harness(void* vargs)
@ -114,6 +221,7 @@ static void test_harness(void* vargs)
char* script;
long sz, len;
int cliMode = 0; /* server or client command flag, server first */
int ret;
FILE* file;
char* svrArgs[MAX_ARGS];
int svrArgsSz;
@ -193,7 +301,11 @@ static void test_harness(void* vargs)
case '#':
/* Ignore lines that start with a #. */
comment = strsep(&cursor, "\n");
#ifdef DEBUG_SUITE_TESTS
printf("%s\n", comment);
#else
(void)comment;
#endif
break;
case '-':
/* Parameters start with a -. They end in either a newline
@ -221,8 +333,13 @@ static void test_harness(void* vargs)
}
if (do_it) {
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 0);
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 1);
ret = execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs,0,0);
/* don't repeat if not supported in build */
if (ret == 0) {
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 0, 1);
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 1, 0);
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 1, 1);
}
svrArgsSz = 1;
cliArgsSz = 1;
cliMode = 0;
@ -248,7 +365,14 @@ int SuiteTest(void)
args.argv = myArgv;
strcpy(argv0[0], "SuiteTest");
#if !defined(NO_RSA)
(void)test_harness;
cipherSuiteCtx = CyaSSL_CTX_new(CyaTLSv1_2_client_method());
if (cipherSuiteCtx == NULL) {
printf("can't get cipher suite ctx\n");
exit(EXIT_FAILURE);
}
/* default case */
args.argc = 1;
printf("starting default cipher suite tests\n");
@ -257,184 +381,10 @@ int SuiteTest(void)
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
/* any extra cases will need another argument */
args.argc = 2;
#ifdef OPENSSL_EXTRA
/* add openssl extra suites */
strcpy(argv0[1], "tests/test-openssl.conf");
printf("starting openssl extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#if !defined(NO_RSA) && defined(HAVE_NULL_CIPHER)
/* add rsa null cipher suites */
strcpy(argv0[1], "tests/test-null.conf");
printf("starting null cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_HC128
/* add hc128 extra suites */
strcpy(argv0[1], "tests/test-hc128.conf");
printf("starting hc128 extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_RABBIT
/* add rabbit extra suites */
strcpy(argv0[1], "tests/test-rabbit.conf");
printf("starting rabbit extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#if !defined(NO_PSK) && !defined(NO_AES)
/* add psk extra suites */
strcpy(argv0[1], "tests/test-psk.conf");
printf("starting psk extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#if !defined(NO_PSK) && defined(HAVE_NULL_CIPHER) && !defined(NO_OLD_TLS)
strcpy(argv0[1], "tests/test-psk-null.conf");
printf("starting psk extra null cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef CYASSL_LEANPSK
strcpy(argv0[1], "tests/test-leanpsk.conf");
printf("starting lean-psk cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_NTRU
/* add ntru extra suites */
strcpy(argv0[1], "tests/test-ntru.conf");
printf("starting ntru extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_ECC
/* add ecc extra suites */
strcpy(argv0[1], "tests/test-ecc.conf");
printf("starting ecc extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_AESGCM
/* add aesgcm extra suites */
strcpy(argv0[1], "tests/test-aesgcm.conf");
printf("starting aesgcm extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#if defined(HAVE_AESGCM) && defined(OPENSSL_EXTRA)
/* add aesgcm openssl extra suites */
strcpy(argv0[1], "tests/test-aesgcm-openssl.conf");
printf("starting aesgcm openssl extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#if defined(HAVE_AESGCM) && defined(HAVE_ECC)
/* add aesgcm ecc extra suites */
strcpy(argv0[1], "tests/test-aesgcm-ecc.conf");
printf("starting aesgcm ecc extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#if defined(HAVE_AESCCM)
/* add aesccm extra suites */
strcpy(argv0[1], "tests/test-aesccm.conf");
printf("starting aesccm cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef HAVE_ECC
/* add aesccm ecc extra suites */
strcpy(argv0[1], "tests/test-aesccm-ecc.conf");
printf("starting aesccm ecc cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#ifdef HAVE_CAMELLIA
/* add camellia suites */
strcpy(argv0[1], "tests/test-camellia.conf");
printf("starting camellia suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef OPENSSL_EXTRA
/* add camellia openssl extra suites */
strcpy(argv0[1], "tests/test-camellia-openssl.conf");
printf("starting camellia openssl extra suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#ifdef CYASSL_DTLS
/* add dtls extra suites */
strcpy(argv0[1], "tests/test-dtls.conf");
@ -448,6 +398,8 @@ int SuiteTest(void)
printf(" End Cipher Suite Tests\n");
CyaSSL_CTX_free(cipherSuiteCtx);
return args.return_code;
}

48
tests/test-aesccm-ecc.conf
View File

@ -1,48 +0,0 @@
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
-N
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-A ./certs/server-ecc.pem
-N
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
-N
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-A ./certs/server-ecc.pem
-N

36
tests/test-aesccm.conf
View File

@ -1,36 +0,0 @@
# server TLSv1.2 AES128-CCM-8-SHA256
-v 3
-l AES128-CCM-8-SHA256
# client TLSv1.2 AES128-CCM-8-SHA256
-v 3
-l AES128-CCM-8-SHA256
# server TLSv1.2 AES256-CCM-8-SHA384
-v 3
-l AES256-CCM-8-SHA384
# client TLSv1.2 AES256-CCM-8-SHA384
-v 3
-l AES256-CCM-8-SHA384
# server TLSv1.2 AES128-CCM-8-SHA256 NON-BLOCKING
-v 3
-l AES128-CCM-8-SHA256
-N
# client TLSv1.2 AES128-CCM-8-SHA256 NON-BLOCKING
-v 3
-l AES128-CCM-8-SHA256
-N
# server TLSv1.2 AES256-CCM-8-SHA384 NON-BLOCKING
-v 3
-l AES256-CCM-8-SHA384
-N
# client TLSv1.2 AES256-CCM-8-SHA384 NON-BLOCKING
-v 3
-l AES256-CCM-8-SHA384
-N

80
tests/test-aesgcm-ecc.conf
View File

@ -1,80 +0,0 @@
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
# server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
-v 3
-l ECDH-RSA-AES256-GCM-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
-v 3
-l ECDH-RSA-AES256-GCM-SHA384

16
tests/test-aesgcm-openssl.conf
View File

@ -1,16 +0,0 @@
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3
-l DHE-RSA-AES256-GCM-SHA384
# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3
-l DHE-RSA-AES256-GCM-SHA384

16
tests/test-aesgcm.conf
View File

@ -1,16 +0,0 @@
# server TLSv1.2 RSA-AES128-GCM-SHA256
-v 3
-l AES128-GCM-SHA256
# client TLSv1.2 RSA-AES128-GCM-SHA256
-v 3
-l AES128-GCM-SHA256
# server TLSv1.2 RSA-AES256-GCM-SHA384
-v 3
-l AES256-GCM-SHA384
# client TLSv1.2 RSA-AES256-GCM-SHA384
-v 3
-l AES256-GCM-SHA384

216
tests/test-camellia-openssl.conf
View File

@ -1,216 +0,0 @@
# server TLSv1 DHE-RSA-CAMELLIA128-SHA
-v 1
-l DHE-RSA-CAMELLIA128-SHA
# client TLSv1 DHE-RSA-CAMELLIA128-SHA
-v 1
-l DHE-RSA-CAMELLIA128-SHA
# server TLSv1 DHE-RSA-CAMELLIA256-SHA
-v 1
-l DHE-RSA-CAMELLIA256-SHA
# client TLSv1 DHE-RSA-CAMELLIA256-SHA
-v 1
-l DHE-RSA-CAMELLIA256-SHA
# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l DHE-RSA-CAMELLIA128-SHA256
# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l DHE-RSA-CAMELLIA128-SHA256
# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l DHE-RSA-CAMELLIA256-SHA256
# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA
-v 2
-l DHE-RSA-CAMELLIA128-SHA
# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA
-v 2
-l DHE-RSA-CAMELLIA128-SHA
# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA
-v 2
-l DHE-RSA-CAMELLIA256-SHA
# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA
-v 2
-l DHE-RSA-CAMELLIA256-SHA
# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l DHE-RSA-CAMELLIA128-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l DHE-RSA-CAMELLIA128-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l DHE-RSA-CAMELLIA256-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA
-v 3
-l DHE-RSA-CAMELLIA128-SHA
# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA
-v 3
-l DHE-RSA-CAMELLIA128-SHA
# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA
-v 3
-l DHE-RSA-CAMELLIA256-SHA
# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA
-v 3
-l DHE-RSA-CAMELLIA256-SHA
# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256
-v 3
-l DHE-RSA-CAMELLIA128-SHA256
# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256
-v 3
-l DHE-RSA-CAMELLIA128-SHA256
# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256
-v 3
-l DHE-RSA-CAMELLIA256-SHA256
# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256
-v 3
-l DHE-RSA-CAMELLIA256-SHA256
# server TLSv1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING
-v 1
-l DHE-RSA-CAMELLIA128-SHA
-N
# client TLSv1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING
-v 1
-l DHE-RSA-CAMELLIA128-SHA
-N
# server TLSv1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING
-v 1
-l DHE-RSA-CAMELLIA256-SHA
-N
# client TLSv1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING
-v 1
-l DHE-RSA-CAMELLIA256-SHA
-N
# server TLSv1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING
-v 1
-l DHE-RSA-CAMELLIA128-SHA256
-N
# client TLSv1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING
-v 1
-l DHE-RSA-CAMELLIA128-SHA256
-N
# server TLSv1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING
-v 1
-l DHE-RSA-CAMELLIA256-SHA256
-N
# client TLSv1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING
-v 1
-l DHE-RSA-CAMELLIA256-SHA256
-N
# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING
-v 2
-l DHE-RSA-CAMELLIA128-SHA
-N
# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING
-v 2
-l DHE-RSA-CAMELLIA128-SHA
-N
# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING
-v 2
-l DHE-RSA-CAMELLIA256-SHA
-N
# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING
-v 2
-l DHE-RSA-CAMELLIA256-SHA
-N
# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING
-v 2
-l DHE-RSA-CAMELLIA128-SHA256
-N
# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING
-v 2
-l DHE-RSA-CAMELLIA128-SHA256
-N
# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING
-v 2
-l DHE-RSA-CAMELLIA256-SHA256
-N
# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING
-v 2
-l DHE-RSA-CAMELLIA256-SHA256
-N
# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING
-v 3
-l DHE-RSA-CAMELLIA128-SHA
-N
# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING
-v 3
-l DHE-RSA-CAMELLIA128-SHA
-N
# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING
-v 3
-l DHE-RSA-CAMELLIA256-SHA
-N
# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING
-v 3
-l DHE-RSA-CAMELLIA256-SHA
-N
# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING
-v 3
-l DHE-RSA-CAMELLIA128-SHA256
-N
# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING
-v 3
-l DHE-RSA-CAMELLIA128-SHA256
-N
# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING
-v 3
-l DHE-RSA-CAMELLIA256-SHA256
-N
# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING
-v 3
-l DHE-RSA-CAMELLIA256-SHA256
-N

216
tests/test-camellia.conf
View File

@ -1,216 +0,0 @@
# server TLSv1 CAMELLIA128-SHA
-v 1
-l CAMELLIA128-SHA
# client TLSv1 CAMELLIA128-SHA
-v 1
-l CAMELLIA128-SHA
# server TLSv1 CAMELLIA256-SHA
-v 1
-l CAMELLIA256-SHA
# client TLSv1 CAMELLIA256-SHA
-v 1
-l CAMELLIA256-SHA
# server TLSv1 CAMELLIA128-SHA256
-v 1
-l CAMELLIA128-SHA256
# client TLSv1 CAMELLIA128-SHA256
-v 1
-l CAMELLIA128-SHA256
# server TLSv1 CAMELLIA256-SHA256
-v 1
-l CAMELLIA256-SHA256
# client TLSv1 CAMELLIA256-SHA256
-v 1
-l CAMELLIA256-SHA256
# server TLSv1.1 CAMELLIA128-SHA
-v 2
-l CAMELLIA128-SHA
# client TLSv1.1 CAMELLIA128-SHA
-v 2
-l CAMELLIA128-SHA
# server TLSv1.1 CAMELLIA256-SHA
-v 2
-l CAMELLIA256-SHA
# client TLSv1.1 CAMELLIA256-SHA
-v 2
-l CAMELLIA256-SHA
# server TLSv1.1 CAMELLIA128-SHA256
-v 2
-l CAMELLIA128-SHA256
# client TLSv1.1 CAMELLIA128-SHA256
-v 2
-l CAMELLIA128-SHA256
# server TLSv1.1 CAMELLIA256-SHA256
-v 2
-l CAMELLIA256-SHA256
# client TLSv1.1 CAMELLIA256-SHA256
-v 2
-l CAMELLIA256-SHA256
# server TLSv1.2 CAMELLIA128-SHA
-v 3
-l CAMELLIA128-SHA
# client TLSv1.2 CAMELLIA128-SHA
-v 3
-l CAMELLIA128-SHA
# server TLSv1.2 CAMELLIA256-SHA
-v 3
-l CAMELLIA256-SHA
# client TLSv1.2 CAMELLIA256-SHA
-v 3
-l CAMELLIA256-SHA
# server TLSv1.2 CAMELLIA128-SHA256
-v 3
-l CAMELLIA128-SHA256
# client TLSv1.2 CAMELLIA128-SHA256
-v 3
-l CAMELLIA128-SHA256
# server TLSv1.2 CAMELLIA256-SHA256
-v 3
-l CAMELLIA256-SHA256
# client TLSv1.2 CAMELLIA256-SHA256
-v 3
-l CAMELLIA256-SHA256
# server TLSv1 CAMELLIA128-SHA NON-BLOCKING
-v 1
-l CAMELLIA128-SHA
-N
# client TLSv1 CAMELLIA128-SHA NON-BLOCKING
-v 1
-l CAMELLIA128-SHA
-N
# server TLSv1 CAMELLIA256-SHA NON-BLOCKING
-v 1
-l CAMELLIA256-SHA
-N
# client TLSv1 CAMELLIA256-SHA NON-BLOCKING
-v 1
-l CAMELLIA256-SHA
-N
# server TLSv1 CAMELLIA128-SHA256 NON-BLOCKING
-v 1
-l CAMELLIA128-SHA256
-N
# client TLSv1 CAMELLIA128-SHA256 NON-BLOCKING
-v 1
-l CAMELLIA128-SHA256
-N
# server TLSv1 CAMELLIA256-SHA256 NON-BLOCKING
-v 1
-l CAMELLIA256-SHA256
-N
# client TLSv1 CAMELLIA256-SHA256 NON-BLOCKING
-v 1
-l CAMELLIA256-SHA256
-N
# server TLSv1.1 CAMELLIA128-SHA NON-BLOCKING
-v 2
-l CAMELLIA128-SHA
-N
# client TLSv1.1 CAMELLIA128-SHA NON-BLOCKING
-v 2
-l CAMELLIA128-SHA
-N
# server TLSv1.1 CAMELLIA256-SHA NON-BLOCKING
-v 2
-l CAMELLIA256-SHA
-N
# client TLSv1.1 CAMELLIA256-SHA NON-BLOCKING
-v 2
-l CAMELLIA256-SHA
-N
# server TLSv1.1 CAMELLIA128-SHA256 NON-BLOCKING
-v 2
-l CAMELLIA128-SHA256
-N
# client TLSv1.1 CAMELLIA128-SHA256 NON-BLOCKING
-v 2
-l CAMELLIA128-SHA256
-N
# server TLSv1.1 CAMELLIA256-SHA256 NON-BLOCKING
-v 2
-l CAMELLIA256-SHA256
-N
# client TLSv1.1 CAMELLIA256-SHA256 NON-BLOCKING
-v 2
-l CAMELLIA256-SHA256
-N
# server TLSv1.2 CAMELLIA128-SHA NON-BLOCKING
-v 3
-l CAMELLIA128-SHA
-N
# client TLSv1.2 CAMELLIA128-SHA NON-BLOCKING
-v 3
-l CAMELLIA128-SHA
-N
# server TLSv1.2 CAMELLIA256-SHA NON-BLOCKING
-v 3
-l CAMELLIA256-SHA
-N
# client TLSv1.2 CAMELLIA256-SHA NON-BLOCKING
-v 3
-l CAMELLIA256-SHA
-N
# server TLSv1.2 CAMELLIA128-SHA256 NON-BLOCKING
-v 3
-l CAMELLIA128-SHA256
-N
# client TLSv1.2 CAMELLIA128-SHA256 NON-BLOCKING
-v 3
-l CAMELLIA128-SHA256
-N
# server TLSv1.2 CAMELLIA256-SHA256 NON-BLOCKING
-v 3
-l CAMELLIA256-SHA256
-N
# client TLSv1.2 CAMELLIA256-SHA256 NON-BLOCKING
-v 3
-l CAMELLIA256-SHA256
-N

772
tests/test-dtls.conf
View File

@ -1,98 +1,782 @@
# server DTLSv1 RC4-SHA
-u
-v 2
-l RC4-SHA
# client DTLSv1 RC4-SHA
-u
-v 2
-l RC4-SHA
# server DTLSv1.2 RC4-SHA
-u
-v 3
-l RC4-SHA
# client DTLSv1.2 RC4-SHA
-u
-v 3
-l RC4-SHA
# server DTLSv1 DES-CBC3-SHA
-u
-v 2
-l DES-CBC3-SHA
# client DTLSv1 DES-CBC3-SHA
-u
-v 2
-l DES-CBC3-SHA
# server DTLSv1.2 DES-CBC3-SHA
-u
-v 3
-l DES-CBC3-SHA
# client DTLSv1.2 DES-CBC3-SHA
-u
-v 3
-l DES-CBC3-SHA
# server DTLSv1 AES128-SHA
-u
-v 2
-l AES128-SHA
# client DTLSv1 AES128-SHA
-u
-v 2
-l AES128-SHA
# server DTLSv1.2 AES128-SHA
-u
-v 3
-l AES128-SHA
# client DTLSv1.2 AES128-SHA
-u
-v 3
-l AES128-SHA
# server DTLSv1 AES256-SHA
-u
-v 2
-l AES256-SHA
# client DTLSv1 AES256-SHA
-u
-v 2
-l AES256-SHA
# server DTLSv1.2 AES256-SHA
-u
-v 3
-l AES256-SHA
# client DTLSv1.2 AES256-SHA
-u
-v 3
-l AES256-SHA
# server DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# client DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# server DTLSv1.2 AES128-SHA256
-u
-v 3
-l AES128-SHA256
# client DTLSv1.2 AES128-SHA256
-u
-v 3
-l AES128-SHA256
# server DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# client DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# server DTLSv1 DES-CBC3-SHA NON-BLOCKING
-u
-l DES-CBC3-SHA
-N
# client DTLSv1 DES-CBC3-SHA NON-BLOCKING
-u
-l DES-CBC3-SHA
-N
# server DTLSv1 AES128-SHA NON-BLOCKING
-u
-l AES128-SHA
-N
# client DTLSv1 AES128-SHA NON-BLOCKING
-u
-l AES128-SHA
-N
# server DTLSv1 AES256-SHA NON-BLOCKING
-u
-l AES256-SHA
-N
# client DTLSv1 AES256-SHA NON-BLOCKING
-u
-l AES256-SHA
-N
# server DTLSv1 AES128-SHA256 NON-BLOCKING
-u
-l AES128-SHA256
-N
# client DTLSv1 AES128-SHA256 NON-BLOCKING
-u
-l AES128-SHA256
-N
# server DTLSv1 AES256-SHA256 NON-BLOCKING
# server DTLSv1.2 AES256-SHA256
-u
-v 3
-l AES256-SHA256
-N
# client DTLSv1 AES256-SHA256 NON-BLOCKING
# client DTLSv1.2 AES256-SHA256
-u
-v 3
-l AES256-SHA256
-N
# server DTLSv1 ECDHE-RSA-RC4
-u
-v 2
-l ECDHE-RSA-RC4-SHA
# client DTLSv1 ECDHE-RSA-RC4
-u
-v 2
-l ECDHE-RSA-RC4-SHA
# server DTLSv1.1 ECDHE-RSA-DES3
-u
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# client DTLSv1.1 ECDHE-RSA-DES3
-u
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# server DTLSv1.1 ECDHE-RSA-AES128
-u
-v 2
-l ECDHE-RSA-AES128-SHA
# client DTLSv1.1 ECDHE-RSA-AES128
-u
-v 2
-l ECDHE-RSA-AES128-SHA
# server DTLSv1.1 ECDHE-RSA-AES256
-u
-v 2
-l ECDHE-RSA-AES256-SHA
# client DTLSv1.1 ECDHE-RSA-AES256
-u
-v 2
-l ECDHE-RSA-AES256-SHA
# server DTLSv1.2 ECDHE-RSA-RC4
-u
-v 3
-l ECDHE-RSA-RC4-SHA
# client DTLSv1.2 ECDHE-RSA-RC4
-u
-v 3
-l ECDHE-RSA-RC4-SHA
# server DTLSv1.2 ECDHE-RSA-DES3
-u
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# client DTLSv1.2 ECDHE-RSA-DES3
-u
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# server DTLSv1.2 ECDHE-RSA-AES128
-u
-v 3
-l ECDHE-RSA-AES128-SHA
# client DTLSv1.2 ECDHE-RSA-AES128
-u
-v 3
-l ECDHE-RSA-AES128-SHA
# server DTLSv1.2 ECDHE-RSA-AES128-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-SHA256
# server DTLSv1.2 ECDHE-RSA-AES256
-u
-v 3
-l ECDHE-RSA-AES256-SHA
# client DTLSv1.2 ECDHE-RSA-AES256
-u
-v 3
-l ECDHE-RSA-AES256-SHA
# server DTLSv1.1 ECDHE-EDCSA-RC4
-u
-v 2
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDHE-ECDSA-RC4
-u
-v 2
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDHE-ECDSA-DES3
-u
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDHE-ECDSA-DES3
-u
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDHE-ECDSA-AES128
-u
-v 2
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDHE-ECDSA-AES128
-u
-v 2
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDHE-ECDSA-AES256
-u
-v 2
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDHE-ECDSA-AES256
-u
-v 2
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-RC4
-u
-v 3
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-RC4
-u
-v 3
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-DES3
-u
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-DES3
-u
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256
-u
-v 3
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256
-u
-v 3
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDH-RSA-RC4
-u
-v 2
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-RSA-RC4
-u
-v 2
-l ECDH-RSA-RC4-SHA
# server DTLSv1.1 ECDH-RSA-DES3
-u
-v 2
-l ECDH-RSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-RSA-DES3
-u
-v 2
-l ECDH-RSA-DES-CBC3-SHA
# server DTLSv1.1 ECDH-RSA-AES128
-u
-v 2
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-RSA-AES128
-u
-v 2
-l ECDH-RSA-AES128-SHA
# server DTLSv1.1 ECDH-RSA-AES256
-u
-v 2
-l ECDH-RSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-RSA-AES256
-u
-v 2
-l ECDH-RSA-AES256-SHA
# server DTLSv1.2 ECDH-RSA-RC4
-u
-v 3
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-RC4
-u
-v 3
-l ECDH-RSA-RC4-SHA
# server DTLSv1.2 ECDH-RSA-DES3
-u
-v 3
-l ECDH-RSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-DES3
-u
-v 3
-l ECDH-RSA-DES-CBC3-SHA
# server DTLSv1.2 ECDH-RSA-AES128
-u
-v 3
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128
-u
-v 3
-l ECDH-RSA-AES128-SHA
# server DTLSv1.2 ECDH-RSA-AES128-SHA256
-u
-v 3
-l ECDH-RSA-AES128-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128-SHA256
-u
-v 3
-l ECDH-RSA-AES128-SHA256
# server DTLSv1.2 ECDH-RSA-AES256
-u
-v 3
-l ECDH-RSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES256
-u
-v 3
-l ECDH-RSA-AES256-SHA
# server DTLSv1.1 ECDH-EDCSA-RC4
-u
-v 2
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-ECDSA-RC4
-u
-v 2
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDH-ECDSA-DES3
-u
-v 2
-l ECDH-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-ECDSA-DES3
-u
-v 2
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDH-ECDSA-AES128
-u
-v 2
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-ECDSA-AES128
-u
-v 2
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDH-ECDSA-AES256
-u
-v 2
-l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-ECDSA-AES256
-u
-v 2
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-RC4
-u
-v 3
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-RC4
-u
-v 3
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-DES3
-u
-v 3
-l ECDH-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-DES3
-u
-v 3
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES128
-u
-v 3
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128
-u
-v 3
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES256
-u
-v 3
-l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES256
-u
-v 3
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-RSA-AES256-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-SHA384
# client DTLSv1.2 ECDHE-RSA-AES256-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-SHA384
# server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-RSA-AES256-SHA384
-u
-v 3
-l ECDH-RSA-AES256-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES256-SHA384
-u
-v 3
-l ECDH-RSA-AES256-SHA384
# server DTLSv1.2 ECDH-ECDSA-AES256-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1 PSK-AES128
-s
-u
-v 2
-l PSK-AES128-CBC-SHA
# client DTLSv1 PSK-AES128
-s
-u
-v 2
-l PSK-AES128-CBC-SHA
# server DTLSv1 PSK-AES256
-s
-u
-v 2
-l PSK-AES256-CBC-SHA
# client DTLSv1 PSK-AES256
-s
-u
-v 2
-l PSK-AES256-CBC-SHA
# server DTLSv1.2 PSK-AES128
-s
-u
-v 3
-l PSK-AES128-CBC-SHA
# client DTLSv1.2 PSK-AES128
-s
-u
-v 3
-l PSK-AES128-CBC-SHA
# server DTLSv1.2 PSK-AES256
-s
-u
-v 3
-l PSK-AES256-CBC-SHA
# client DTLSv1.2 PSK-AES256
-s
-u
-v 3
-l PSK-AES256-CBC-SHA
# server DTLSv1.2 PSK-AES128-SHA256
-s
-u
-v 3
-l PSK-AES128-CBC-SHA256
# client DTLSv1.2 PSK-AES128-SHA256
-s
-u
-v 3
-l PSK-AES128-CBC-SHA256
# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-RSA-AES256-GCM-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384
-u
-v 3
-l ECDH-RSA-AES256-GCM-SHA384
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-A ./certs/server-ecc.pem

480
tests/test-ecc.conf
View File

@ -1,480 +0,0 @@
# server TLSv1 ECDHE-RSA-RC4
-v 1
-l ECDHE-RSA-RC4-SHA
# client TLSv1 ECDHE-RSA-RC4
-v 1
-l ECDHE-RSA-RC4-SHA
# server TLSv1 ECDHE-RSA-DES3
-v 1
-l ECDHE-RSA-DES-CBC3-SHA
# client TLSv1 ECDHE-RSA-DES3
-v 1
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1 ECDHE-RSA-AES128
-v 1
-l ECDHE-RSA-AES128-SHA
# client TLSv1 ECDHE-RSA-AES128
-v 1
-l ECDHE-RSA-AES128-SHA
# server TLSv1 ECDHE-RSA-AES256
-v 1
-l ECDHE-RSA-AES256-SHA
# client TLSv1 ECDHE-RSA-AES256
-v 1
-l ECDHE-RSA-AES256-SHA
# server TLSv1.1 ECDHE-RSA-RC4
-v 2
-l ECDHE-RSA-RC4-SHA
# client TLSv1.1 ECDHE-RSA-RC4
-v 2
-l ECDHE-RSA-RC4-SHA
# server TLSv1.1 ECDHE-RSA-DES3
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# client TLSv1.1 ECDHE-RSA-DES3
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1.1 ECDHE-RSA-AES128
-v 2
-l ECDHE-RSA-AES128-SHA
# client TLSv1.1 ECDHE-RSA-AES128
-v 2
-l ECDHE-RSA-AES128-SHA
# server TLSv1.1 ECDHE-RSA-AES256
-v 2
-l ECDHE-RSA-AES256-SHA
# client TLSv1.1 ECDHE-RSA-AES256
-v 2
-l ECDHE-RSA-AES256-SHA
# server TLSv1.2 ECDHE-RSA-RC4
-v 3
-l ECDHE-RSA-RC4-SHA
# client TLSv1.2 ECDHE-RSA-RC4
-v 3
-l ECDHE-RSA-RC4-SHA
# server TLSv1.2 ECDHE-RSA-DES3
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# client TLSv1.2 ECDHE-RSA-DES3
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1.2 ECDHE-RSA-AES128
-v 3
-l ECDHE-RSA-AES128-SHA
# client TLSv1.2 ECDHE-RSA-AES128
-v 3
-l ECDHE-RSA-AES128-SHA
# server TLSv1.2 ECDHE-RSA-AES256
-v 3
-l ECDHE-RSA-AES256-SHA
# client TLSv1.2 ECDHE-RSA-AES256
-v 3
-l ECDHE-RSA-AES256-SHA
# server TLSv1 ECDHE-ECDSA-RC4
-v 1
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-RC4
-v 1
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDHE-ECDSA-DES3
-v 1
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-DES3
-v 1
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDHE-ECDSA-AES256
-v 1
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-AES256
-v 1
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDHE-EDCSA-RC4
-v 2
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-RC4
-v 2
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDHE-ECDSA-DES3
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-DES3
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDHE-ECDSA-AES256
-v 2
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-AES256
-v 2
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-RC4
-v 3
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-RC4
-v 3
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-DES3
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-DES3
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES256
-v 3
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES256
-v 3
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDH-RSA-RC4
-v 1
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-RSA-RC4
-v 1
-l ECDH-RSA-RC4-SHA
# server TLSv1 ECDH-RSA-DES3
-v 1
-l ECDH-RSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-RSA-DES3
-v 1
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1 ECDH-RSA-AES128
-v 1
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-RSA-AES128
-v 1
-l ECDH-RSA-AES128-SHA
# server TLSv1 ECDH-RSA-AES256
-v 1
-l ECDH-RSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-RSA-AES256
-v 1
-l ECDH-RSA-AES256-SHA
# server TLSv1.1 ECDH-RSA-RC4
-v 2
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-RSA-RC4
-v 2
-l ECDH-RSA-RC4-SHA
# server TLSv1.1 ECDH-RSA-DES3
-v 2
-l ECDH-RSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-RSA-DES3
-v 2
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1.1 ECDH-RSA-AES128
-v 2
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-RSA-AES128
-v 2
-l ECDH-RSA-AES128-SHA
# server TLSv1.1 ECDH-RSA-AES256
-v 2
-l ECDH-RSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-RSA-AES256
-v 2
-l ECDH-RSA-AES256-SHA
# server TLSv1.2 ECDH-RSA-RC4
-v 3
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-RC4
-v 3
-l ECDH-RSA-RC4-SHA
# server TLSv1.2 ECDH-RSA-DES3
-v 3
-l ECDH-RSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-DES3
-v 3
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1.2 ECDH-RSA-AES128
-v 3
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES128
-v 3
-l ECDH-RSA-AES128-SHA
# server TLSv1.2 ECDH-RSA-AES256
-v 3
-l ECDH-RSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES256
-v 3
-l ECDH-RSA-AES256-SHA
# server TLSv1 ECDH-ECDSA-RC4
-v 1
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-ECDSA-RC4
-v 1
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDH-ECDSA-DES3
-v 1
-l ECDH-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-ECDSA-DES3
-v 1
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDH-ECDSA-AES128
-v 1
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-ECDSA-AES128
-v 1
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDH-ECDSA-AES256
-v 1
-l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-ECDSA-AES256
-v 1
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDH-EDCSA-RC4
-v 2
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-ECDSA-RC4
-v 2
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDH-ECDSA-DES3
-v 2
-l ECDH-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-ECDSA-DES3
-v 2
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDH-ECDSA-AES128
-v 2
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-ECDSA-AES128
-v 2
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDH-ECDSA-AES256
-v 2
-l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-ECDSA-AES256
-v 2
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-RC4
-v 3
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-RC4
-v 3
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-DES3
-v 3
-l ECDH-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-DES3
-v 3
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-AES128
-v 3
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES128
-v 3
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-AES256
-v 3
-l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES256
-v 3
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem

48
tests/test-hc128.conf
View File

@ -1,48 +0,0 @@
# server TLSv1 HC128-SHA
-v 1
-l HC128-SHA
# client TLSv1 HC128-SHA
-v 1
-l HC128-SHA
# server TLSv1 HC128-MD5
-v 1
-l HC128-MD5
# client TLSv1 HC128-MD5
-v 1
-l HC128-MD5
# server TLSv1.1 HC128-SHA
-v 2
-l HC128-SHA
# client TLSv1.1 HC128-SHA
-v 2
-l HC128-SHA
# server TLSv1.1 HC128-MD5
-v 2
-l HC128-MD5
# client TLSv1.1 HC128-MD5
-v 2
-l HC128-MD5
# server TLSv1.2 HC128-SHA
-v 3
-l HC128-SHA
# client TLSv1.2 HC128-SHA
-v 3
-l HC128-SHA
# server TLSv1.2 HC128-MD5
-v 3
-l HC128-MD5
# client TLSv1.2 HC128-MD5
-v 3
-l HC128-MD5

20
tests/test-leanpsk.conf
View File

@ -1,20 +0,0 @@
# server TLSv1.2 PSK-NULL
-s
-v 3
-l PSK-NULL-SHA
# client TLSv1.2 PSK-NULL
-s
-v 3
-l PSK-NULL-SHA
# server TLSv1.2 PSK-NULL-SHA256
-s
-v 3
-l PSK-NULL-SHA256
# client TLSv1.2 PSK-NULL-SHA256
-s
-v 3
-l PSK-NULL-SHA256

132
tests/test-ntru.conf
View File

@ -1,132 +0,0 @@
# server TLSv1 NTRU_RC4
-v 1
-l NTRU-RC4-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_RC4
-v 1
-l NTRU-RC4-SHA
# server TLSv1 NTRU_DES3
-v 1
-l NTRU-DES-CBC3-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_DES3
-v 1
-l NTRU-DES-CBC3-SHA
# server TLSv1 NTRU_AES128
-v 1
-l NTRU-AES128-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_AES128
-v 1
-l NTRU-AES128-SHA
# server TLSv1 NTRU_AES256
-v 1
-l NTRU-AES256-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_AES256
-v 1
-l NTRU-AES256-SHA
# server TLSv1.1 NTRU_RC4
-v 2
-l NTRU-RC4-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_RC4
-v 2
-l NTRU-RC4-SHA
# server TLSv1.1 NTRU_DES3
-v 2
-l NTRU-DES-CBC3-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_DES3
-v 2
-l NTRU-DES-CBC3-SHA
# server TLSv1.1 NTRU_AES128
-v 2
-l NTRU-AES128-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_AES128
-v 2
-l NTRU-AES128-SHA
# server TLSv1.1 NTRU_AES256
-v 2
-l NTRU-AES256-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_AES256
-v 2
-l NTRU-AES256-SHA
# server TLSv1.2 NTRU_RC4
-v 3
-l NTRU-RC4-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_RC4
-v 3
-l NTRU-RC4-SHA
# server TLSv1.2 NTRU_DES3
-v 3
-l NTRU-DES-CBC3-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_DES3
-v 3
-l NTRU-DES-CBC3-SHA
# server TLSv1.2 NTRU_AES128
-v 3
-l NTRU-AES128-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_AES128
-v 3
-l NTRU-AES128-SHA
# server TLSv1.2 NTRU_AES256
-v 3
-l NTRU-AES256-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_AES256
-v 3
-l NTRU-AES256-SHA

48
tests/test-null.conf
View File

@ -1,48 +0,0 @@
# server TLSv1.0 RSA-NULL-SHA
-v 1
-l NULL-SHA
# client TLSv1.0 RSA-NULL-SHA
-v 1
-l NULL-SHA
# server TLSv1.1 RSA-NULL-SHA
-v 2
-l NULL-SHA
# client TLSv1.1 RSA-NULL-SHA
-v 2
-l NULL-SHA
# server TLSv1.2 RSA-NULL-SHA
-v 3
-l NULL-SHA
# client TLSv1.2 RSA-NULL-SHA
-v 3
-l NULL-SHA
# server TLSv1.0 RSA-NULL-SHA256
-v 1
-l NULL-SHA256
# client TLSv1.0 RSA-NULL-SHA256
-v 1
-l NULL-SHA256
# server TLSv1.1 RSA-NULL-SHA256
-v 2
-l NULL-SHA256
# client TLSv1.1 RSA-NULL-SHA256
-v 2
-l NULL-SHA256
# server TLSv1.2 RSA-NULL-SHA256
-v 3
-l NULL-SHA256
# client TLSv1.2 RSA-NULL-SHA256
-v 3
-l NULL-SHA256

96
tests/test-openssl.conf
View File

@ -1,96 +0,0 @@
# server TLSv1 DHE AES128
-v 1
-l DHE-RSA-AES128-SHA
# client TLSv1 DHE AES128
-v 1
-l DHE-RSA-AES128-SHA
# server TLSv1 DHE AES256
-v 1
-l DHE-RSA-AES256-SHA
# client TLSv1 DHE AES256
-v 1
-l DHE-RSA-AES256-SHA
# server TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# client TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# server TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# client TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE AES128
-v 2
-l DHE-RSA-AES128-SHA
# client TLSv1.1 DHE AES128
-v 2
-l DHE-RSA-AES128-SHA
# server TLSv1.1 DHE AES256
-v 2
-l DHE-RSA-AES256-SHA
# client TLSv1.1 DHE AES256
-v 2
-l DHE-RSA-AES256-SHA
# server TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# client TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# server TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# client TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# server TLSv1.2 DHE AES128
-v 3
-l DHE-RSA-AES128-SHA
# client TLSv1.2 DHE AES128
-v 3
-l DHE-RSA-AES128-SHA
# server TLSv1.2 DHE AES256
-v 3
-l DHE-RSA-AES256-SHA
# client TLSv1.2 DHE AES256
-v 3
-l DHE-RSA-AES256-SHA
# server TLSv1.2 DHE AES128-SHA256
-v 3
-l DHE-RSA-AES128-SHA256
# client TLSv1.2 DHE AES128-SHA256
-v 3
-l DHE-RSA-AES128-SHA256
# server TLSv1.2 DHE AES256-SHA256
-v 3
-l DHE-RSA-AES256-SHA256
# client TLSv1.2 DHE AES256-SHA256
-v 3
-l DHE-RSA-AES256-SHA256

40
tests/test-psk-null.conf
View File

@ -1,40 +0,0 @@
# server TLSv1.0 PSK-NULL
-s
-v 1
-l PSK-NULL-SHA
# client TLSv1.0 PSK-NULL
-s
-v 1
-l PSK-NULL-SHA
# server TLSv1.1 PSK-NULL
-s
-v 2
-l PSK-NULL-SHA
# client TLSv1.1 PSK-NULL
-s
-v 2
-l PSK-NULL-SHA
# server TLSv1.2 PSK-NULL
-s
-v 3
-l PSK-NULL-SHA
# client TLSv1.2 PSK-NULL
-s
-v 3
-l PSK-NULL-SHA
# server TLSv1.2 PSK-NULL-SHA256
-s
-v 3
-l PSK-NULL-SHA256
# client TLSv1.2 PSK-NULL-SHA256
-s
-v 3
-l PSK-NULL-SHA256

70
tests/test-psk.conf
View File

@ -1,70 +0,0 @@
# server TLSv1 PSK-AES128
-s
-v 1
-l PSK-AES128-CBC-SHA
# client TLSv1 PSK-AES128
-s
-v 1
-l PSK-AES128-CBC-SHA
# server TLSv1 PSK-AES256
-s
-v 1
-l PSK-AES256-CBC-SHA
# client TLSv1 PSK-AES256
-s
-v 1
-l PSK-AES256-CBC-SHA
# server TLSv1.1 PSK-AES128
-s
-v 2
-l PSK-AES128-CBC-SHA
# client TLSv1.1 PSK-AES128
-s
-v 2
-l PSK-AES128-CBC-SHA
# server TLSv1.1 PSK-AES256
-s
-v 2
-l PSK-AES256-CBC-SHA
# client TLSv1.1 PSK-AES256
-s
-v 2
-l PSK-AES256-CBC-SHA
# server TLSv1.2 PSK-AES128
-s
-v 3
-l PSK-AES128-CBC-SHA
# client TLSv1.2 PSK-AES128
-s
-v 3
-l PSK-AES128-CBC-SHA
# server TLSv1.2 PSK-AES256
-s
-v 3
-l PSK-AES256-CBC-SHA
# client TLSv1.2 PSK-AES256
-s
-v 3
-l PSK-AES256-CBC-SHA
# server TLSv1.2 PSK-AES128-SHA256
-s
-v 3
-l PSK-AES128-CBC-SHA256
# client TLSv1.2 PSK-AES128-SHA256
-s
-v 3
-l PSK-AES128-CBC-SHA256

24
tests/test-rabbit.conf
View File

@ -1,24 +0,0 @@
# server TLSv1 RABBIT-SHA
-v 1
-l RABBIT-SHA
# client TLSv1 RABBIT-SHA
-v 1
-l RABBIT-SHA
# server TLSv1.1 RABBIT-SHA
-v 2
-l RABBIT-SHA
# client TLSv1.1 RABBIT-SHA
-v 2
-l RABBIT-SHA
# server TLSv1.2 RABBIT-SHA
-v 3
-l RABBIT-SHA
# client TLSv1.2 RABBIT-SHA
-v 3
-l RABBIT-SHA

1452
tests/test.conf
View File

File diff suppressed because it is too large Load Diff

18
testsuite/testsuite.c
View File

@ -25,7 +25,7 @@
#include <cyassl/openssl/ssl.h>
#include <cyassl/test.h>
#include <cyassl/ctaocrypt/sha.h>
#include <cyassl/ctaocrypt/sha256.h>
#include "ctaocrypt/test/test.h"
@ -138,8 +138,8 @@ int main(int argc, char** argv)
/* validate output equals input */
{
byte input[SHA_DIGEST_SIZE];
byte output[SHA_DIGEST_SIZE];
byte input[SHA256_DIGEST_SIZE];
byte output[SHA256_DIGEST_SIZE];
file_test("input", input);
file_test("output", output);
@ -220,22 +220,22 @@ void file_test(const char* file, byte* check)
{
FILE* f;
int i = 0, j;
Sha sha;
Sha256 sha256;
byte buf[1024];
byte shasum[SHA_DIGEST_SIZE];
byte shasum[SHA256_DIGEST_SIZE];
InitSha(&sha);
InitSha256(&sha256);
if( !( f = fopen( file, "rb" ) )) {
printf("Can't open %s\n", file);
return;
}
while( ( i = (int)fread(buf, 1, sizeof(buf), f )) > 0 )
ShaUpdate(&sha, buf, i);
Sha256Update(&sha256, buf, i);
ShaFinal(&sha, shasum);
Sha256Final(&sha256, shasum);
memcpy(check, shasum, sizeof(shasum));
for(j = 0; j < SHA_DIGEST_SIZE; ++j )
for(j = 0; j < SHA256_DIGEST_SIZE; ++j )
printf( "%02x", shasum[j] );
printf(" %s\n", file);