merge conflict
This commit is contained in:
commit
dd431dbeff
19
configure.ac
19
configure.ac
@ -6,7 +6,7 @@
|
||||
#
|
||||
#
|
||||
|
||||
AC_INIT([cyassl],[2.1.0],[http://www.yassl.com])
|
||||
AC_INIT([cyassl],[2.1.1],[http://www.yassl.com])
|
||||
|
||||
AC_CONFIG_AUX_DIR(config)
|
||||
|
||||
@ -199,7 +199,7 @@ AC_ARG_ENABLE(bump,
|
||||
|
||||
if test "$ENABLED_BUMP" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD"
|
||||
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD -DCYASSL_ALT_NAMES"
|
||||
fi
|
||||
|
||||
# fastmath
|
||||
@ -470,6 +470,21 @@ then
|
||||
fi
|
||||
|
||||
|
||||
# OCSP
|
||||
AC_ARG_ENABLE(ocsp,
|
||||
[ --enable-ocsp Enable OCSP (default: disabled)],
|
||||
[ ENABLED_OCSP=$enableval ],
|
||||
[ ENABLED_OCSP=no ],
|
||||
)
|
||||
|
||||
if test "$ENABLED_OCSP" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
|
||||
fi
|
||||
|
||||
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
|
||||
|
||||
|
||||
# NTRU
|
||||
ntruHome=`pwd`/NTRU_algorithm
|
||||
ntruInclude=$ntruHome/cryptolib
|
||||
|
@ -724,10 +724,25 @@ static const word32 Td[5][256] = {
|
||||
|
||||
#ifdef CYASSL_AESNI
|
||||
|
||||
#ifndef _MSC_VER
|
||||
|
||||
#define cpuid(func,ax,bx,cx,dx)\
|
||||
__asm__ __volatile__ ("cpuid":\
|
||||
"=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func));
|
||||
|
||||
#else
|
||||
|
||||
#define cpuid(func,ax,bx,cx,dx)\
|
||||
__asm mov eax, func \
|
||||
__asm cpuid \
|
||||
__asm mov ax, eax \
|
||||
__asm mov bx, ebx \
|
||||
__asm mov cx, ecx \
|
||||
__asm mov dx, edx
|
||||
|
||||
#endif /* _MSC_VER */
|
||||
|
||||
|
||||
static int Check_CPU_support_AES()
|
||||
{
|
||||
unsigned int a,b,c,d;
|
||||
|
@ -1016,6 +1016,8 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
|
||||
cert->signature = 0;
|
||||
cert->subjectCN = 0;
|
||||
cert->subjectCNLen = 0;
|
||||
cert->issuer[0] = '\0';
|
||||
cert->subject[0] = '\0';
|
||||
cert->source = source; /* don't own */
|
||||
cert->srcIdx = 0;
|
||||
cert->maxIdx = inSz; /* can't go over this index */
|
||||
@ -2412,6 +2414,10 @@ void CTaoCryptErrorString(int error, char* buffer)
|
||||
XSTRNCPY(buffer, "No password provided by user", max);
|
||||
break;
|
||||
|
||||
case ALT_NAME_E :
|
||||
XSTRNCPY(buffer, "Alt Name problem, too big", max);
|
||||
break;
|
||||
|
||||
default:
|
||||
XSTRNCPY(buffer, "unknown error number", max);
|
||||
|
||||
@ -2601,7 +2607,9 @@ void InitCert(Cert* cert)
|
||||
cert->selfSigned = 1;
|
||||
cert->isCA = 0;
|
||||
cert->bodySz = 0;
|
||||
#ifdef CYASSL_ALT_NAMES
|
||||
cert->altNamesSz = 0;
|
||||
#endif
|
||||
cert->keyType = RSA_KEY;
|
||||
XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE);
|
||||
|
||||
@ -3149,12 +3157,14 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, RNG* rng,
|
||||
else
|
||||
der->extensionsSz = 0;
|
||||
|
||||
#ifdef CYASSL_ALT_NAMES
|
||||
if (der->extensionsSz == 0 && cert->altNamesSz) {
|
||||
der->extensionsSz = SetExtensions(der->extensions, cert->altNames,
|
||||
cert->altNamesSz);
|
||||
if (der->extensionsSz == 0)
|
||||
return EXTENSIONS_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
der->total = der->versionSz + der->serialSz + der->sigAlgoSz +
|
||||
der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz +
|
||||
@ -3340,6 +3350,8 @@ int MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng)
|
||||
}
|
||||
|
||||
|
||||
#ifdef CYASSL_ALT_NAMES
|
||||
|
||||
/* Set Alt Names from der cert, return 0 on success */
|
||||
static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
|
||||
{
|
||||
@ -3410,6 +3422,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
|
||||
else {
|
||||
cert->altNamesSz = 0;
|
||||
CYASSL_MSG("AltNames extensions too big");
|
||||
FreeDecodedCert(&decoded);
|
||||
return ALT_NAME_E;
|
||||
}
|
||||
}
|
||||
decoded.srcIdx = tmpIdx + length;
|
||||
@ -3420,6 +3434,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* CYASSL_ALT_NAMES */
|
||||
|
||||
|
||||
/* Set cn name from der buffer, return 0 on success */
|
||||
static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
|
||||
@ -3518,6 +3534,8 @@ int SetSubject(Cert* cert, const char* subjectFile)
|
||||
}
|
||||
|
||||
|
||||
#ifdef CYASSL_ALT_NAMES
|
||||
|
||||
/* Set atl names from file in PEM */
|
||||
int SetAltNames(Cert* cert, const char* file)
|
||||
{
|
||||
@ -3527,6 +3545,8 @@ int SetAltNames(Cert* cert, const char* file)
|
||||
return SetAltNamesFromCert(cert, der, derSz);
|
||||
}
|
||||
|
||||
#endif /* CYASSL_ALT_NAMES */
|
||||
|
||||
#endif /* NO_FILESYSTEM */
|
||||
|
||||
/* Set cert issuer from DER buffer */
|
||||
@ -3544,12 +3564,15 @@ int SetSubjectBuffer(Cert* cert, const byte* der, int derSz)
|
||||
}
|
||||
|
||||
|
||||
#ifdef CYASSL_ALT_NAMES
|
||||
|
||||
/* Set cert alt names from DER buffer */
|
||||
int SetAltNamesBuffer(Cert* cert, const byte* der, int derSz)
|
||||
{
|
||||
return SetAltNamesFromCert(cert, der, derSz);
|
||||
}
|
||||
|
||||
#endif /* CYASSL_ALT_NAMES */
|
||||
|
||||
#endif /* CYASSL_CERT_GEN */
|
||||
|
||||
|
@ -127,7 +127,11 @@ enum Misc_ASN {
|
||||
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
|
||||
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
|
||||
#ifdef CYASSL_CERT_GEN
|
||||
#ifdef CYASSL_ALT_NAMES
|
||||
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
|
||||
#else
|
||||
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
|
||||
#endif
|
||||
/* Max total extensions, id + len + others */
|
||||
#endif
|
||||
MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2
|
||||
|
@ -59,7 +59,7 @@ enum Ctc_SigType {
|
||||
|
||||
enum Ctc_Misc {
|
||||
CTC_NAME_SIZE = 64,
|
||||
CTC_MAX_ALT_SIZE = 512,
|
||||
CTC_MAX_ALT_SIZE = 8192, /* may be huge */
|
||||
CTC_SERIAL_SIZE = 8
|
||||
};
|
||||
|
||||
@ -88,8 +88,10 @@ typedef struct Cert {
|
||||
/* internal use only */
|
||||
int bodySz; /* pre sign total size */
|
||||
int keyType; /* public key type of subject */
|
||||
#ifdef CYASSL_ALT_NAMES
|
||||
byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
|
||||
int altNamesSz; /* altNames size in bytes */
|
||||
#endif
|
||||
} Cert;
|
||||
|
||||
|
||||
@ -113,7 +115,9 @@ CYASSL_API int MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
|
||||
RNG*);
|
||||
CYASSL_API int SetIssuer(Cert*, const char*);
|
||||
CYASSL_API int SetSubject(Cert*, const char*);
|
||||
#ifdef CYASSL_ALT_NAMES
|
||||
CYASSL_API int SetAltNames(Cert*, const char*);
|
||||
#endif
|
||||
CYASSL_API int SetIssuerBuffer(Cert*, const byte*, int);
|
||||
CYASSL_API int SetSubjectBuffer(Cert*, const byte*, int);
|
||||
CYASSL_API int SetAltNamesBuffer(Cert*, const byte*, int);
|
||||
|
@ -96,6 +96,7 @@ enum {
|
||||
NOT_COMPILED_IN = -174, /* Feature not compiled in */
|
||||
UNICODE_SIZE_E = -175, /* Unicode password too big */
|
||||
NO_PASSWORD = -176, /* no password provided by user */
|
||||
ALT_NAME_E = -177, /* alt name size problem, too big */
|
||||
|
||||
MIN_CODE_E = -200 /* errors -101 - -199 */
|
||||
};
|
||||
|
@ -66,3 +66,7 @@ if BUILD_ECC
|
||||
src_libcyassl_la_SOURCES += ctaocrypt/src/ecc.c
|
||||
endif
|
||||
|
||||
if BUILD_OCSP
|
||||
src_libcyassl_la_SOURCES += src/ocsp.c
|
||||
endif
|
||||
|
||||
|
@ -1624,21 +1624,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||
}
|
||||
}
|
||||
|
||||
if (fatal) {
|
||||
FreeDecodedCert(&dCert);
|
||||
ssl->error = ret;
|
||||
return ret;
|
||||
}
|
||||
ssl->options.havePeerCert = 1;
|
||||
/* set X509 format */
|
||||
#ifdef OPENSSL_EXTRA
|
||||
/* set X509 format for peer cert even if fatal */
|
||||
XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
|
||||
ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0';
|
||||
ssl->peerCert.issuer.sz = (int)XSTRLEN(dCert.issuer) + 1;
|
||||
ssl->peerCert.issuer.sz = (int)XSTRLEN(ssl->peerCert.issuer.name) + 1;
|
||||
|
||||
XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
|
||||
ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0';
|
||||
ssl->peerCert.subject.sz = (int)XSTRLEN(dCert.subject) + 1;
|
||||
ssl->peerCert.subject.sz = (int)XSTRLEN(ssl->peerCert.subject.name) + 1;
|
||||
|
||||
XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE);
|
||||
ssl->peerCert.serialSz = dCert.serialSz;
|
||||
@ -1658,6 +1652,13 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||
ssl->peerCert.derCert.length = myCert.length;
|
||||
#endif
|
||||
|
||||
if (fatal) {
|
||||
FreeDecodedCert(&dCert);
|
||||
ssl->error = ret;
|
||||
return ret;
|
||||
}
|
||||
ssl->options.havePeerCert = 1;
|
||||
|
||||
/* store for callback use */
|
||||
if (dCert.subjectCNLen < ASN_NAME_MAX) {
|
||||
XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);
|
||||
|
35
src/ocsp.c
Normal file
35
src/ocsp.c
Normal file
@ -0,0 +1,35 @@
|
||||
/* ocsp.c
|
||||
*
|
||||
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
|
||||
*
|
||||
* This file is part of CyaSSL.
|
||||
*
|
||||
* CyaSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* CyaSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <cyassl/error.h>
|
||||
#include <cyassl/ctaocrypt/asn.h>
|
||||
|
||||
|
||||
#ifdef HAVE_OCSP
|
||||
|
||||
void ocsp_stub(void) {}
|
||||
|
||||
#endif /* HAVE_OCSP */
|
||||
|
25
src/ssl.c
25
src/ssl.c
@ -2095,17 +2095,28 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
|
||||
|
||||
#endif /* NO_CYASSL_SERVER */
|
||||
|
||||
/* prevent multiple mutex initializations */
|
||||
static volatile int initRefCount = 0;
|
||||
|
||||
int CyaSSL_Init(void)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
CYASSL_ENTER("CyaSSL_Init");
|
||||
|
||||
if (initRefCount == 0) {
|
||||
#ifndef NO_SESSION_CACHE
|
||||
if (InitMutex(&session_mutex) != 0)
|
||||
ret = BAD_MUTEX_ERROR;
|
||||
#endif
|
||||
if (InitMutex(&ca_mutex) != 0)
|
||||
ret = BAD_MUTEX_ERROR;
|
||||
}
|
||||
if (ret == 0) {
|
||||
LockMutex(&ca_mutex);
|
||||
initRefCount++;
|
||||
UnLockMutex(&ca_mutex);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
@ -2114,7 +2125,21 @@ int CyaSSL_Init(void)
|
||||
int CyaSSL_Cleanup(void)
|
||||
{
|
||||
int ret = 0;
|
||||
int release = 0;
|
||||
|
||||
CYASSL_ENTER("CyaSSL_Cleanup");
|
||||
|
||||
LockMutex(&ca_mutex);
|
||||
|
||||
release = initRefCount-- == 1;
|
||||
if (initRefCount < 0)
|
||||
initRefCount = 0;
|
||||
|
||||
UnLockMutex(&ca_mutex);
|
||||
|
||||
if (!release)
|
||||
return ret;
|
||||
|
||||
#ifndef NO_SESSION_CACHE
|
||||
if (FreeMutex(&session_mutex) != 0)
|
||||
ret = BAD_MUTEX_ERROR;
|
||||
|
@ -32,16 +32,19 @@ static int test_CyaSSL_Init(void);
|
||||
static int test_CyaSSL_Cleanup(void);
|
||||
static int test_CyaSSL_Method_Allocators(void);
|
||||
static int test_CyaSSL_CTX_new(CYASSL_METHOD *method);
|
||||
#ifndef NO_FILESYSTEM
|
||||
static int test_CyaSSL_CTX_use_certificate_file(void);
|
||||
static int test_CyaSSL_CTX_use_PrivateKey_file(void);
|
||||
static int test_CyaSSL_CTX_load_verify_locations(void);
|
||||
static int test_server_CyaSSL_new(void);
|
||||
static int test_client_CyaSSL_new(void);
|
||||
static int test_CyaSSL_read_write(void);
|
||||
#endif
|
||||
|
||||
/* test function helpers */
|
||||
static int test_method(CYASSL_METHOD *method, const char *name);
|
||||
static int test_method2(CYASSL_METHOD *method, const char *name);
|
||||
#ifndef NO_FILESYSTEM
|
||||
static int test_ucf(CYASSL_CTX *ctx, const char* file, int type,
|
||||
int cond, const char* name);
|
||||
static int test_upkf(CYASSL_CTX *ctx, const char* file, int type,
|
||||
@ -52,6 +55,7 @@ static int test_lvl(CYASSL_CTX *ctx, const char* file, const char* path,
|
||||
THREAD_RETURN CYASSL_THREAD test_server_nofail(void*);
|
||||
void test_client_nofail(void*);
|
||||
void wait_tcp_ready(func_args*);
|
||||
#endif
|
||||
|
||||
static const char* bogusFile = "/dev/null";
|
||||
static const char* testingFmt = " %s:";
|
||||
@ -69,12 +73,14 @@ int ApiTest(void)
|
||||
test_CyaSSL_Init();
|
||||
test_CyaSSL_Method_Allocators();
|
||||
test_CyaSSL_CTX_new(CyaSSLv23_server_method());
|
||||
#ifndef NO_FILESYSTEM
|
||||
test_CyaSSL_CTX_use_certificate_file();
|
||||
test_CyaSSL_CTX_use_PrivateKey_file();
|
||||
test_CyaSSL_CTX_load_verify_locations();
|
||||
test_server_CyaSSL_new();
|
||||
test_client_CyaSSL_new();
|
||||
test_CyaSSL_read_write();
|
||||
#endif
|
||||
test_CyaSSL_Cleanup();
|
||||
printf(" End API Tests\n");
|
||||
|
||||
@ -191,6 +197,7 @@ int test_CyaSSL_CTX_new(CYASSL_METHOD *method)
|
||||
return TEST_SUCCESS;
|
||||
}
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
/* Helper for testing CyaSSL_CTX_use_certificate_file() */
|
||||
int test_ucf(CYASSL_CTX *ctx, const char* file, int type, int cond,
|
||||
const char* name)
|
||||
@ -771,6 +778,6 @@ void FreeTcpReady(tcp_ready* ready)
|
||||
pthread_cond_destroy(&ready->cond);
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* NO_FILESYSTEM */
|
||||
|
||||
|
||||
|
@ -19,6 +19,10 @@
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#include <cyassl/ctaocrypt/md4.h>
|
||||
|
Loading…
Reference in New Issue
Block a user