merge conflict

This commit is contained in:
toddouska 2012-04-26 15:01:00 -07:00
commit dd431dbeff
12 changed files with 160 additions and 22 deletions

View File

@ -6,7 +6,7 @@
#
#
AC_INIT([cyassl],[2.1.0],[http://www.yassl.com])
AC_INIT([cyassl],[2.1.1],[http://www.yassl.com])
AC_CONFIG_AUX_DIR(config)
@ -199,7 +199,7 @@ AC_ARG_ENABLE(bump,
if test "$ENABLED_BUMP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD"
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD -DCYASSL_ALT_NAMES"
fi
# fastmath
@ -470,6 +470,21 @@ then
fi
# OCSP
AC_ARG_ENABLE(ocsp,
[ --enable-ocsp Enable OCSP (default: disabled)],
[ ENABLED_OCSP=$enableval ],
[ ENABLED_OCSP=no ],
)
if test "$ENABLED_OCSP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
# NTRU
ntruHome=`pwd`/NTRU_algorithm
ntruInclude=$ntruHome/cryptolib

View File

@ -724,10 +724,25 @@ static const word32 Td[5][256] = {
#ifdef CYASSL_AESNI
#define cpuid(func,ax,bx,cx,dx)\
#ifndef _MSC_VER
#define cpuid(func,ax,bx,cx,dx)\
__asm__ __volatile__ ("cpuid":\
"=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func));
#else
#define cpuid(func,ax,bx,cx,dx)\
__asm mov eax, func \
__asm cpuid \
__asm mov ax, eax \
__asm mov bx, ebx \
__asm mov cx, ecx \
__asm mov dx, edx
#endif /* _MSC_VER */
static int Check_CPU_support_AES()
{
unsigned int a,b,c,d;

View File

@ -1016,6 +1016,8 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->signature = 0;
cert->subjectCN = 0;
cert->subjectCNLen = 0;
cert->issuer[0] = '\0';
cert->subject[0] = '\0';
cert->source = source; /* don't own */
cert->srcIdx = 0;
cert->maxIdx = inSz; /* can't go over this index */
@ -2412,6 +2414,10 @@ void CTaoCryptErrorString(int error, char* buffer)
XSTRNCPY(buffer, "No password provided by user", max);
break;
case ALT_NAME_E :
XSTRNCPY(buffer, "Alt Name problem, too big", max);
break;
default:
XSTRNCPY(buffer, "unknown error number", max);
@ -2601,7 +2607,9 @@ void InitCert(Cert* cert)
cert->selfSigned = 1;
cert->isCA = 0;
cert->bodySz = 0;
#ifdef CYASSL_ALT_NAMES
cert->altNamesSz = 0;
#endif
cert->keyType = RSA_KEY;
XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE);
@ -3149,12 +3157,14 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, RNG* rng,
else
der->extensionsSz = 0;
#ifdef CYASSL_ALT_NAMES
if (der->extensionsSz == 0 && cert->altNamesSz) {
der->extensionsSz = SetExtensions(der->extensions, cert->altNames,
cert->altNamesSz);
if (der->extensionsSz == 0)
return EXTENSIONS_E;
}
#endif
der->total = der->versionSz + der->serialSz + der->sigAlgoSz +
der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz +
@ -3340,6 +3350,8 @@ int MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng)
}
#ifdef CYASSL_ALT_NAMES
/* Set Alt Names from der cert, return 0 on success */
static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
{
@ -3410,6 +3422,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
else {
cert->altNamesSz = 0;
CYASSL_MSG("AltNames extensions too big");
FreeDecodedCert(&decoded);
return ALT_NAME_E;
}
}
decoded.srcIdx = tmpIdx + length;
@ -3420,6 +3434,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
return 0;
}
#endif /* CYASSL_ALT_NAMES */
/* Set cn name from der buffer, return 0 on success */
static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
@ -3518,6 +3534,8 @@ int SetSubject(Cert* cert, const char* subjectFile)
}
#ifdef CYASSL_ALT_NAMES
/* Set atl names from file in PEM */
int SetAltNames(Cert* cert, const char* file)
{
@ -3527,6 +3545,8 @@ int SetAltNames(Cert* cert, const char* file)
return SetAltNamesFromCert(cert, der, derSz);
}
#endif /* CYASSL_ALT_NAMES */
#endif /* NO_FILESYSTEM */
/* Set cert issuer from DER buffer */
@ -3544,12 +3564,15 @@ int SetSubjectBuffer(Cert* cert, const byte* der, int derSz)
}
#ifdef CYASSL_ALT_NAMES
/* Set cert alt names from DER buffer */
int SetAltNamesBuffer(Cert* cert, const byte* der, int derSz)
{
return SetAltNamesFromCert(cert, der, derSz);
}
#endif /* CYASSL_ALT_NAMES */
#endif /* CYASSL_CERT_GEN */

View File

@ -127,7 +127,11 @@ enum Misc_ASN {
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
#ifdef CYASSL_CERT_GEN
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
#ifdef CYASSL_ALT_NAMES
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
#else
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
#endif
/* Max total extensions, id + len + others */
#endif
MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2

View File

@ -58,9 +58,9 @@ enum Ctc_SigType {
#ifdef CYASSL_CERT_GEN
enum Ctc_Misc {
CTC_NAME_SIZE = 64,
CTC_MAX_ALT_SIZE = 512,
CTC_SERIAL_SIZE = 8
CTC_NAME_SIZE = 64,
CTC_MAX_ALT_SIZE = 8192, /* may be huge */
CTC_SERIAL_SIZE = 8
};
typedef struct CertName {
@ -88,8 +88,10 @@ typedef struct Cert {
/* internal use only */
int bodySz; /* pre sign total size */
int keyType; /* public key type of subject */
#ifdef CYASSL_ALT_NAMES
byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
int altNamesSz; /* altNames size in bytes */
#endif
} Cert;
@ -113,7 +115,9 @@ CYASSL_API int MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
RNG*);
CYASSL_API int SetIssuer(Cert*, const char*);
CYASSL_API int SetSubject(Cert*, const char*);
CYASSL_API int SetAltNames(Cert*, const char*);
#ifdef CYASSL_ALT_NAMES
CYASSL_API int SetAltNames(Cert*, const char*);
#endif
CYASSL_API int SetIssuerBuffer(Cert*, const byte*, int);
CYASSL_API int SetSubjectBuffer(Cert*, const byte*, int);
CYASSL_API int SetAltNamesBuffer(Cert*, const byte*, int);

View File

@ -96,6 +96,7 @@ enum {
NOT_COMPILED_IN = -174, /* Feature not compiled in */
UNICODE_SIZE_E = -175, /* Unicode password too big */
NO_PASSWORD = -176, /* no password provided by user */
ALT_NAME_E = -177, /* alt name size problem, too big */
MIN_CODE_E = -200 /* errors -101 - -199 */
};

View File

@ -66,3 +66,7 @@ if BUILD_ECC
src_libcyassl_la_SOURCES += ctaocrypt/src/ecc.c
endif
if BUILD_OCSP
src_libcyassl_la_SOURCES += src/ocsp.c
endif

View File

@ -1624,21 +1624,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
}
}
if (fatal) {
FreeDecodedCert(&dCert);
ssl->error = ret;
return ret;
}
ssl->options.havePeerCert = 1;
/* set X509 format */
#ifdef OPENSSL_EXTRA
/* set X509 format for peer cert even if fatal */
XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0';
ssl->peerCert.issuer.sz = (int)XSTRLEN(dCert.issuer) + 1;
ssl->peerCert.issuer.sz = (int)XSTRLEN(ssl->peerCert.issuer.name) + 1;
XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0';
ssl->peerCert.subject.sz = (int)XSTRLEN(dCert.subject) + 1;
ssl->peerCert.subject.sz = (int)XSTRLEN(ssl->peerCert.subject.name) + 1;
XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE);
ssl->peerCert.serialSz = dCert.serialSz;
@ -1658,6 +1652,13 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
ssl->peerCert.derCert.length = myCert.length;
#endif
if (fatal) {
FreeDecodedCert(&dCert);
ssl->error = ret;
return ret;
}
ssl->options.havePeerCert = 1;
/* store for callback use */
if (dCert.subjectCNLen < ASN_NAME_MAX) {
XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);

35
src/ocsp.c Normal file
View File

@ -0,0 +1,35 @@
/* ocsp.c
*
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/error.h>
#include <cyassl/ctaocrypt/asn.h>
#ifdef HAVE_OCSP
void ocsp_stub(void) {}
#endif /* HAVE_OCSP */

View File

@ -2095,17 +2095,28 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
#endif /* NO_CYASSL_SERVER */
/* prevent multiple mutex initializations */
static volatile int initRefCount = 0;
int CyaSSL_Init(void)
{
int ret = 0;
CYASSL_ENTER("CyaSSL_Init");
if (initRefCount == 0) {
#ifndef NO_SESSION_CACHE
if (InitMutex(&session_mutex) != 0)
ret = BAD_MUTEX_ERROR;
if (InitMutex(&session_mutex) != 0)
ret = BAD_MUTEX_ERROR;
#endif
if (InitMutex(&ca_mutex) != 0)
ret = BAD_MUTEX_ERROR;
if (InitMutex(&ca_mutex) != 0)
ret = BAD_MUTEX_ERROR;
}
if (ret == 0) {
LockMutex(&ca_mutex);
initRefCount++;
UnLockMutex(&ca_mutex);
}
return ret;
}
@ -2114,7 +2125,21 @@ int CyaSSL_Init(void)
int CyaSSL_Cleanup(void)
{
int ret = 0;
int release = 0;
CYASSL_ENTER("CyaSSL_Cleanup");
LockMutex(&ca_mutex);
release = initRefCount-- == 1;
if (initRefCount < 0)
initRefCount = 0;
UnLockMutex(&ca_mutex);
if (!release)
return ret;
#ifndef NO_SESSION_CACHE
if (FreeMutex(&session_mutex) != 0)
ret = BAD_MUTEX_ERROR;

View File

@ -32,16 +32,19 @@ static int test_CyaSSL_Init(void);
static int test_CyaSSL_Cleanup(void);
static int test_CyaSSL_Method_Allocators(void);
static int test_CyaSSL_CTX_new(CYASSL_METHOD *method);
#ifndef NO_FILESYSTEM
static int test_CyaSSL_CTX_use_certificate_file(void);
static int test_CyaSSL_CTX_use_PrivateKey_file(void);
static int test_CyaSSL_CTX_load_verify_locations(void);
static int test_server_CyaSSL_new(void);
static int test_client_CyaSSL_new(void);
static int test_CyaSSL_read_write(void);
#endif
/* test function helpers */
static int test_method(CYASSL_METHOD *method, const char *name);
static int test_method2(CYASSL_METHOD *method, const char *name);
#ifndef NO_FILESYSTEM
static int test_ucf(CYASSL_CTX *ctx, const char* file, int type,
int cond, const char* name);
static int test_upkf(CYASSL_CTX *ctx, const char* file, int type,
@ -52,6 +55,7 @@ static int test_lvl(CYASSL_CTX *ctx, const char* file, const char* path,
THREAD_RETURN CYASSL_THREAD test_server_nofail(void*);
void test_client_nofail(void*);
void wait_tcp_ready(func_args*);
#endif
static const char* bogusFile = "/dev/null";
static const char* testingFmt = " %s:";
@ -69,12 +73,14 @@ int ApiTest(void)
test_CyaSSL_Init();
test_CyaSSL_Method_Allocators();
test_CyaSSL_CTX_new(CyaSSLv23_server_method());
#ifndef NO_FILESYSTEM
test_CyaSSL_CTX_use_certificate_file();
test_CyaSSL_CTX_use_PrivateKey_file();
test_CyaSSL_CTX_load_verify_locations();
test_server_CyaSSL_new();
test_client_CyaSSL_new();
test_CyaSSL_read_write();
#endif
test_CyaSSL_Cleanup();
printf(" End API Tests\n");
@ -191,6 +197,7 @@ int test_CyaSSL_CTX_new(CYASSL_METHOD *method)
return TEST_SUCCESS;
}
#ifndef NO_FILESYSTEM
/* Helper for testing CyaSSL_CTX_use_certificate_file() */
int test_ucf(CYASSL_CTX *ctx, const char* file, int type, int cond,
const char* name)
@ -771,6 +778,6 @@ void FreeTcpReady(tcp_ready* ready)
pthread_cond_destroy(&ready->cond);
#endif
}
#endif /* NO_FILESYSTEM */

View File

@ -19,6 +19,10 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <cyassl/ctaocrypt/md4.h>