mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
John Safranek 2014-02-03 14:49:38 -08:00
commit f669e73c8d
15 changed files with 542 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
IDE/MDK5-ARM/Projects/CyaSSL-Full/client.c
View File

@ -469,7 +469,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
#ifdef HAVE_SNI #ifdef HAVE_SNI
if (sniHostName) if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))) if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
err_sys("UseSNI failed"); err_sys("UseSNI failed");
#endif #endif

2
IDE/MDK5-ARM/Projects/CyaSSL-Full/server.c
View File

@ -419,7 +419,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_SNI #ifdef HAVE_SNI
if (sniHostName) { if (sniHostName) {
if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName, if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
XSTRLEN(sniHostName))) XSTRLEN(sniHostName)) != SSL_SUCCESS)
err_sys("UseSNI failed"); err_sys("UseSNI failed");
else else
CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME, CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME,

3
IDE/MDK5-ARM/Projects/SimpleClient/client.c
View File

@ -471,7 +471,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
#ifdef HAVE_SNI #ifdef HAVE_SNI
if (sniHostName) if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))) if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
err_sys("UseSNI failed"); err_sys("UseSNI failed");
#endif #endif

2
IDE/MDK5-ARM/Projects/SimpleServer/server.c
View File

@ -418,7 +418,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_SNI #ifdef HAVE_SNI
if (sniHostName) { if (sniHostName) {
if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName, if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
XSTRLEN(sniHostName))) XSTRLEN(sniHostName)) != SSL_SUCCESS)
err_sys("UseSNI failed"); err_sys("UseSNI failed");
else else
CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME, CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME,

30
configure.ac
View File

@ -1105,6 +1105,20 @@ fi
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
if test "$ENABLED_OCSP" = "yes"
then
# check openssl command tool for testing ocsp
AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no])
if test "$HAVE_OPENSSL_CMD" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD"
else
AC_MSG_WARN([openssl command line tool not available for testing ocsp])
fi
fi
# CRL # CRL
AC_ARG_ENABLE([crl], AC_ARG_ENABLE([crl],
[ --enable-crl Enable CRL (default: disabled)], [ --enable-crl Enable CRL (default: disabled)],
@ -1212,6 +1226,18 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_RENEGOTIATION_INDICATION" AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_RENEGOTIATION_INDICATION"
fi fi
# Supported Elliptic Curves Extensions
AC_ARG_ENABLE([supportedcurves],
[ --enable-supportedcurves Enable Supported Elliptic Curves (default: disabled)],
[ ENABLED_SUPPORTED_CURVES=$enableval ],
[ ENABLED_SUPPORTED_CURVES=no ]
)
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"
fi
# TLS Extensions # TLS Extensions
AC_ARG_ENABLE([tlsx], AC_ARG_ENABLE([tlsx],
[ --enable-tlsx Enable all TLS Extensions (default: disabled)], [ --enable-tlsx Enable all TLS Extensions (default: disabled)],
@ -1225,7 +1251,8 @@ then
ENABLED_MAX_FRAGMENT=yes ENABLED_MAX_FRAGMENT=yes
ENABLED_TRUNCATED_HMAC=yes ENABLED_TRUNCATED_HMAC=yes
ENABLED_RENEGOTIATION_INDICATION=yes ENABLED_RENEGOTIATION_INDICATION=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION" ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION -DHAVE_SUPPORTED_CURVES"
fi fi
# PKCS7 # PKCS7
@ -1662,6 +1689,7 @@ echo " * SNI: $ENABLED_SNI"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT" echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC" echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION" echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
echo " * All TLS Extensions: $ENABLED_TLSX" echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7 $ENABLED_PKCS7" echo " * PKCS#7 $ENABLED_PKCS7"
echo " * wolfSCEP $ENABLED_WOLFSCEP" echo " * wolfSCEP $ENABLED_WOLFSCEP"

15
ctaocrypt/src/asn.c
View File

@ -1323,10 +1323,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extAuthKeyIdSz = 0; cert->extAuthKeyIdSz = 0;
cert->extSubjKeyIdSrc = NULL; cert->extSubjKeyIdSrc = NULL;
cert->extSubjKeyIdSz = 0; cert->extSubjKeyIdSz = 0;
#ifdef HAVE_ECC
cert->pkCurveOID = 0;
#endif /* HAVE_ECC */
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
#ifdef HAVE_ECC
cert->pkCurveOID = 0;
#endif /* HAVE_ECC */
#ifdef CYASSL_SEP #ifdef CYASSL_SEP
cert->deviceTypeSz = 0; cert->deviceTypeSz = 0;
cert->deviceType = NULL; cert->deviceType = NULL;
@ -1522,7 +1522,6 @@ static int GetKey(DecodedCert* cert)
#ifdef HAVE_ECC #ifdef HAVE_ECC
case ECDSAk: case ECDSAk:
{ {
word32 oid = 0;
int oidSz = 0; int oidSz = 0;
byte b = cert->source[cert->srcIdx++]; byte b = cert->source[cert->srcIdx++];
@ -1533,12 +1532,10 @@ static int GetKey(DecodedCert* cert)
return ASN_PARSE_E; return ASN_PARSE_E;
while(oidSz--) while(oidSz--)
oid += cert->source[cert->srcIdx++]; cert->pkCurveOID += cert->source[cert->srcIdx++];
if (CheckCurve(oid) < 0)
if (CheckCurve(cert->pkCurveOID) < 0)
return ECC_CURVE_OID_E; return ECC_CURVE_OID_E;
#ifdef OPENSSL_EXTRA
cert->pkCurveOID = oid;
#endif /* OPENSSL_EXTRA */
/* key header */ /* key header */
b = cert->source[cert->srcIdx++]; b = cert->source[cert->srcIdx++];

6
cyassl/ctaocrypt/asn.h
View File

@ -348,10 +348,10 @@ struct DecodedCert {
word32 extAuthKeyIdSz; word32 extAuthKeyIdSz;
byte* extSubjKeyIdSrc; byte* extSubjKeyIdSrc;
word32 extSubjKeyIdSz; word32 extSubjKeyIdSz;
#ifdef HAVE_ECC
word32 pkCurveOID; /* Public Key's curve OID */
#endif /* HAVE_ECC */
#endif #endif
#ifdef HAVE_ECC
word32 pkCurveOID; /* Public Key's curve OID */
#endif /* HAVE_ECC */
byte* beforeDate; byte* beforeDate;
int beforeDateLen; int beforeDateLen;
byte* afterDate; byte* afterDate;

24
cyassl/internal.h
View File

@ -1110,11 +1110,8 @@ typedef struct CYASSL_DTLS_CTX {
typedef enum { typedef enum {
SERVER_NAME_INDICATION = 0, SERVER_NAME_INDICATION = 0,
MAX_FRAGMENT_LENGTH = 1, MAX_FRAGMENT_LENGTH = 1,
/*CLIENT_CERTIFICATE_URL = 2,
TRUSTED_CA_KEYS = 3,*/
TRUNCATED_HMAC = 4, TRUNCATED_HMAC = 4,
/*STATUS_REQUEST = 5, ELLIPTIC_CURVES = 10
SIGNATURE_ALGORITHMS = 13,*/
} TLSX_Type; } TLSX_Type;
typedef struct TLSX { typedef struct TLSX {
@ -1181,6 +1178,23 @@ CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_SUPPORTED_CURVES
typedef struct EllipticCurve {
word16 name; /* CurveNames */
struct EllipticCurve* next; /* List Behavior */
} EllipticCurve;
CYASSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
#ifndef NO_CYASSL_SERVER
CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first,
byte second);
#endif
#endif /* HAVE_SUPPORTED_CURVES */
#endif /* HAVE_TLS_EXTENSIONS */ #endif /* HAVE_TLS_EXTENSIONS */
/* CyaSSL context type */ /* CyaSSL context type */
@ -1222,6 +1236,7 @@ struct CYASSL_CTX {
word32 timeout; /* session timeout */ word32 timeout; /* session timeout */
#ifdef HAVE_ECC #ifdef HAVE_ECC
word16 eccTempKeySz; /* in octets 20 - 66 */ word16 eccTempKeySz; /* in octets 20 - 66 */
word32 pkCurveOID; /* curve Ecc_Sum */
#endif #endif
#ifndef NO_PSK #ifndef NO_PSK
byte havePSK; /* psk key set by user */ byte havePSK; /* psk key set by user */
@ -1841,6 +1856,7 @@ struct CYASSL {
ecc_key* eccTempKey; /* private ECDHE key */ ecc_key* eccTempKey; /* private ECDHE key */
ecc_key* eccDsaKey; /* private ECDSA key */ ecc_key* eccDsaKey; /* private ECDSA key */
word16 eccTempKeySz; /* in octets 20 - 66 */ word16 eccTempKeySz; /* in octets 20 - 66 */
word32 pkCurveOID; /* curve Ecc_Sum */
byte peerEccKeyPresent; byte peerEccKeyPresent;
byte peerEccDsaKeyPresent; byte peerEccDsaKeyPresent;
byte eccTempKeyPresent; byte eccTempKeyPresent;

22
cyassl/ssl.h
View File

@ -1231,6 +1231,7 @@ CYASSL_API int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, unsigned char mfl);
#endif /* NO_CYASSL_CLIENT */ #endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_MAX_FRAGMENT */ #endif /* HAVE_MAX_FRAGMENT */
/* Truncated HMAC */
#ifdef HAVE_TRUNCATED_HMAC #ifdef HAVE_TRUNCATED_HMAC
#ifndef NO_CYASSL_CLIENT #ifndef NO_CYASSL_CLIENT
@ -1240,6 +1241,27 @@ CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx);
#endif /* NO_CYASSL_CLIENT */ #endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
/* Elliptic Curves */
#ifdef HAVE_SUPPORTED_CURVES
enum {
CYASSL_ECC_SECP160R1 = 0x10,
CYASSL_ECC_SECP192R1 = 0x13,
CYASSL_ECC_SECP224R1 = 0x15,
CYASSL_ECC_SECP256R1 = 0x17,
CYASSL_ECC_SECP384R1 = 0x18,
CYASSL_ECC_SECP521R1 = 0x19
};
#ifndef NO_CYASSL_CLIENT
CYASSL_API int CyaSSL_UseSupportedCurve(CYASSL* ssl, unsigned short name);
CYASSL_API int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx,
unsigned short name);
#endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_SUPPORTED_CURVES */
#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */ #define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */
#define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */ #define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */

7
examples/client/client.c
View File

@ -550,17 +550,18 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
#ifdef HAVE_SNI #ifdef HAVE_SNI
if (sniHostName) if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))) if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
err_sys("UseSNI failed"); err_sys("UseSNI failed");
#endif #endif
#ifdef HAVE_MAX_FRAGMENT #ifdef HAVE_MAX_FRAGMENT
if (maxFragment) if (maxFragment)
if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment)) if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
err_sys("UseMaxFragment failed"); err_sys("UseMaxFragment failed");
#endif #endif
#ifdef HAVE_TRUNCATED_HMAC #ifdef HAVE_TRUNCATED_HMAC
if (truncatedHMAC) if (truncatedHMAC)
if (CyaSSL_CTX_UseTruncatedHMAC(ctx)) if (CyaSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
err_sys("UseTruncatedHMAC failed"); err_sys("UseTruncatedHMAC failed");
#endif #endif

2
examples/server/server.c
View File

@ -443,7 +443,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_SNI #ifdef HAVE_SNI
if (sniHostName) if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName, if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
XSTRLEN(sniHostName))) XSTRLEN(sniHostName)) != SSL_SUCCESS)
err_sys("UseSNI failed"); err_sys("UseSNI failed");
#endif #endif

20
src/internal.c
View File

@ -1282,6 +1282,9 @@ void InitX509(CYASSL_X509* x509, int dynamicFlag)
x509->altNamesNext = NULL; x509->altNamesNext = NULL;
x509->dynamicMemory = (byte)dynamicFlag; x509->dynamicMemory = (byte)dynamicFlag;
x509->isCa = 0; x509->isCa = 0;
#ifdef HAVE_ECC
x509->pkCurveOID = 0;
#endif /* HAVE_ECC */
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
x509->pathLength = 0; x509->pathLength = 0;
x509->basicConstSet = 0; x509->basicConstSet = 0;
@ -1300,9 +1303,6 @@ void InitX509(CYASSL_X509* x509, int dynamicFlag)
x509->keyUsageSet = 0; x509->keyUsageSet = 0;
x509->keyUsageCrit = 0; x509->keyUsageCrit = 0;
x509->keyUsage = 0; x509->keyUsage = 0;
#ifdef HAVE_ECC
x509->pkCurveOID = 0;
#endif /* HAVE_ECC */
#ifdef CYASSL_SEP #ifdef CYASSL_SEP
x509->certPolicySet = 0; x509->certPolicySet = 0;
x509->certPolicyCrit = 0; x509->certPolicyCrit = 0;
@ -1400,6 +1400,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
#ifdef HAVE_ECC #ifdef HAVE_ECC
ssl->eccTempKeySz = ctx->eccTempKeySz; ssl->eccTempKeySz = ctx->eccTempKeySz;
ssl->pkCurveOID = ctx->pkCurveOID;
ssl->peerEccKeyPresent = 0; ssl->peerEccKeyPresent = 0;
ssl->peerEccDsaKeyPresent = 0; ssl->peerEccDsaKeyPresent = 0;
ssl->eccDsaKeyPresent = 0; ssl->eccDsaKeyPresent = 0;
@ -3224,14 +3225,14 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
} }
x509->keyUsageSet = dCert->extKeyUsageSet; x509->keyUsageSet = dCert->extKeyUsageSet;
x509->keyUsageCrit = dCert->extKeyUsageCrit; x509->keyUsageCrit = dCert->extKeyUsageCrit;
#ifdef HAVE_ECC
x509->pkCurveOID = dCert->pkCurveOID;
#endif /* HAVE_ECC */
#ifdef CYASSL_SEP #ifdef CYASSL_SEP
x509->certPolicySet = dCert->extCertPolicySet; x509->certPolicySet = dCert->extCertPolicySet;
x509->certPolicyCrit = dCert->extCertPolicyCrit; x509->certPolicyCrit = dCert->extCertPolicyCrit;
#endif /* CYASSL_SEP */ #endif /* CYASSL_SEP */
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
#ifdef HAVE_ECC
x509->pkCurveOID = dCert->pkCurveOID;
#endif /* HAVE_ECC */
return ret; return ret;
} }
@ -9764,6 +9765,13 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
} }
#ifdef HAVE_SUPPORTED_CURVES
if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
CYASSL_MSG("Don't have matching curves");
return 0;
}
#endif
/* ECCDHE is always supported if ECC on */ /* ECCDHE is always supported if ECC on */
return 1; return 1;

31
src/ssl.c
View File

@ -622,6 +622,30 @@ int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx)
#endif /* NO_CYASSL_CLIENT */ #endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
/* Elliptic Curves */
#ifdef HAVE_SUPPORTED_CURVES
#ifndef NO_CYASSL_CLIENT
int CyaSSL_UseSupportedCurve(CYASSL* ssl, word16 name)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
return TLSX_UseSupportedCurve(&ssl->extensions, name);
}
int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, word16 name)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
return TLSX_UseSupportedCurve(&ctx->extensions, name);
}
#endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_SUPPORTED_CURVES */
#ifndef CYASSL_LEANPSK #ifndef CYASSL_LEANPSK
int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags) int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags)
{ {
@ -2113,6 +2137,13 @@ int CyaSSL_Init(void)
break; break;
} }
#ifdef HAVE_ECC
if (ctx)
ctx->pkCurveOID = cert.pkCurveOID;
if (ssl)
ssl->pkCurveOID = cert.pkCurveOID;
#endif
FreeDecodedCert(&cert); FreeDecodedCert(&cert);
} }

356
src/tls.c
View File

@ -515,6 +515,12 @@ void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_TLS_EXTENSIONS
#define IS_OFF(semaphore, light) \
((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
#define TURN_ON(semaphore, light) \
((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
static int TLSX_Append(TLSX** list, TLSX_Type type) static int TLSX_Append(TLSX** list, TLSX_Type type)
{ {
TLSX* extension; TLSX* extension;
@ -536,7 +542,9 @@ static int TLSX_Append(TLSX** list, TLSX_Type type)
#ifndef NO_CYASSL_SERVER #ifndef NO_CYASSL_SERVER
static void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type) void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type);
void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type)
{ {
TLSX *ext = TLSX_Find(ssl->extensions, type); TLSX *ext = TLSX_Find(ssl->extensions, type);
@ -768,7 +776,7 @@ static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
int r = TLSX_UseSNI(&ssl->extensions, int r = TLSX_UseSNI(&ssl->extensions,
type, input + offset, size); type, input + offset, size);
if (r) return r; /* throw error */ if (r != SSL_SUCCESS) return r; /* throw error */
TLSX_SNI_SetStatus(ssl->extensions, type, TLSX_SNI_SetStatus(ssl->extensions, type,
matched ? CYASSL_SNI_REAL_MATCH : CYASSL_SNI_FAKE_MATCH); matched ? CYASSL_SNI_REAL_MATCH : CYASSL_SNI_FAKE_MATCH);
@ -834,7 +842,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
} }
} while ((sni = sni->next)); } while ((sni = sni->next));
return 0; return SSL_SUCCESS;
} }
#ifndef NO_CYASSL_SERVER #ifndef NO_CYASSL_SERVER
@ -1039,7 +1047,7 @@ static int TLSX_MFL_Parse(CYASSL* ssl, byte* input, word16 length,
if (isRequest) { if (isRequest) {
int r = TLSX_UseMaxFragment(&ssl->extensions, *input); int r = TLSX_UseMaxFragment(&ssl->extensions, *input);
if (r) return r; /* throw error */ if (r != SSL_SUCCESS) return r; /* throw error */
TLSX_SetResponse(ssl, MAX_FRAGMENT_LENGTH); TLSX_SetResponse(ssl, MAX_FRAGMENT_LENGTH);
} }
@ -1089,7 +1097,7 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
} }
} while ((extension = extension->next)); } while ((extension = extension->next));
return 0; return SSL_SUCCESS;
} }
@ -1120,7 +1128,7 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions)
if ((ret = TLSX_Append(extensions, TRUNCATED_HMAC)) != 0) if ((ret = TLSX_Append(extensions, TRUNCATED_HMAC)) != 0)
return ret; return ret;
return 0; return SSL_SUCCESS;
} }
static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length, static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
@ -1133,7 +1141,7 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
if (isRequest) { if (isRequest) {
int r = TLSX_UseTruncatedHMAC(&ssl->extensions); int r = TLSX_UseTruncatedHMAC(&ssl->extensions);
if (r) return r; /* throw error */ if (r != SSL_SUCCESS) return r; /* throw error */
TLSX_SetResponse(ssl, TRUNCATED_HMAC); TLSX_SetResponse(ssl, TRUNCATED_HMAC);
} }
@ -1152,6 +1160,304 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_SUPPORTED_CURVES
#ifndef HAVE_ECC
#error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \
Use --enable-ecc in the configure script or define HAVE_ECC."
#endif
static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list)
{
EllipticCurve* curve;
while ((curve = list)) {
list = curve->next;
XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
}
}
static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name)
{
EllipticCurve* curve;
if (list == NULL)
return BAD_FUNC_ARG;
if ((curve = XMALLOC(sizeof(EllipticCurve), 0, DYNAMIC_TYPE_TLSX)) == NULL)
return MEMORY_E;
curve->name = name;
curve->next = *list;
*list = curve;
return 0;
}
#ifndef NO_CYASSL_CLIENT
static void TLSX_EllipticCurve_ValidateRequest(CYASSL* ssl, byte* semaphore)
{
int i;
for (i = 0; i < ssl->suites->suiteSz; i+= 2)
if (ssl->suites->suites[i] == ECC_BYTE)
return;
/* No elliptic curve suite found */
TURN_ON(semaphore, ELLIPTIC_CURVES);
}
static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
{
EllipticCurve* curve;
word16 length = OPAQUE16_LEN; /* list length */
while ((curve = list)) {
list = curve->next;
length += OPAQUE16_LEN; /* curve length */
}
return length;
}
static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output);
static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output)
{
word16 offset = 0;
if (!curve)
return offset;
offset = TLSX_EllipticCurve_WriteR(curve->next, output);
c16toa(curve->name, output + offset);
return OPAQUE16_LEN + offset;
}
static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output)
{
word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN);
c16toa(length, output); /* writing list length */
return OPAQUE16_LEN + length;
}
#endif /* NO_CYASSL_CLIENT */
#ifndef NO_CYASSL_SERVER
static int TLSX_EllipticCurve_Parse(CYASSL* ssl, byte* input, word16 length,
byte isRequest)
{
word16 offset;
word16 name;
int r;
(void) isRequest; /* shut up compiler! */
if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
return INCOMPLETE_DATA;
ato16(input, &offset);
/* validating curve list length */
if (length != OPAQUE16_LEN + offset)
return INCOMPLETE_DATA;
while (offset) {
ato16(input + offset, &name);
offset -= OPAQUE16_LEN;
r = TLSX_UseSupportedCurve(&ssl->extensions, name);
if (r) return r; /* throw error */
}
return 0;
}
int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) {
TLSX* extension = (first == ECC_BYTE)
? TLSX_Find(ssl->extensions, ELLIPTIC_CURVES)
: NULL;
EllipticCurve* curve = NULL;
word32 oid = 0;
word16 octets = 0; /* acording to 'ecc_set_type ecc_sets[];' */
int sig = 0; /* valitade signature */
int key = 0; /* validate key */
if (!extension)
return 1; /* no suite restriction */
for (curve = extension->data; curve && !(sig && key); curve = curve->next) {
switch (curve->name) {
case CYASSL_ECC_SECP160R1: oid = ECC_160R1; octets = 20; break;
case CYASSL_ECC_SECP192R1: oid = ECC_192R1; octets = 24; break;
case CYASSL_ECC_SECP224R1: oid = ECC_224R1; octets = 28; break;
case CYASSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
case CYASSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
case CYASSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
}
switch (second) {
#ifndef NO_DSA
/* ECDHE_ECDSA */
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
sig |= ssl->pkCurveOID == oid;
key |= ssl->eccTempKeySz == octets;
break;
/* ECDH_ECDSA */
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
sig |= ssl->pkCurveOID == oid;
key |= ssl->pkCurveOID == oid;
break;
#endif
#ifndef NO_RSA
/* ECDHE_RSA */
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
sig = 1;
key |= ssl->eccTempKeySz == octets;
break;
/* ECDH_RSA */
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
case TLS_ECDH_RSA_WITH_RC4_128_SHA:
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
sig = 1;
key |= ssl->pkCurveOID == oid;
break;
#endif
default:
sig = 1;
key = 1;
break;
}
}
return sig && key;
}
#endif /* NO_CYASSL_SERVER */
int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
{
TLSX* extension = NULL;
EllipticCurve* curve = NULL;
int ret = 0;
if (extensions == NULL)
return BAD_FUNC_ARG;
switch (name) {
case CYASSL_ECC_SECP160R1:
case CYASSL_ECC_SECP192R1:
case CYASSL_ECC_SECP224R1:
case CYASSL_ECC_SECP256R1:
case CYASSL_ECC_SECP384R1:
case CYASSL_ECC_SECP521R1:
break;
default:
return BAD_FUNC_ARG;
}
if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
return ret;
extension = *extensions;
/* find EllipticCurve extension if it already exists. */
while (extension && extension->type != ELLIPTIC_CURVES)
extension = extension->next;
/* push new EllipticCurve extension if it doesn't exists. */
if (!extension) {
if ((ret = TLSX_Append(extensions, ELLIPTIC_CURVES)) != 0) {
XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
return ret;
}
extension = *extensions;
}
/* push new EllipticCurve object to extension data. */
curve->next = (EllipticCurve*) extension->data;
extension->data = (void*) curve;
/* look for another curve of the same name to remove (replacement) */
do {
if (curve->next && curve->next->name == name) {
EllipticCurve *next = curve->next;
curve->next = next->next;
XFREE(next, 0, DYNAMIC_TYPE_TLSX);
break;
}
} while ((curve = curve->next));
return SSL_SUCCESS;
}
#define EC_FREE_ALL TLSX_EllipticCurve_FreeAll
#define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest
#ifndef NO_CYASSL_CLIENT
#define EC_GET_SIZE TLSX_EllipticCurve_GetSize
#define EC_WRITE TLSX_EllipticCurve_Write
#else
#define EC_GET_SIZE(list) 0
#define EC_WRITE(a, b) 0
#endif
#ifndef NO_CYASSL_SERVER
#define EC_PARSE TLSX_EllipticCurve_Parse
#else
#define EC_PARSE(a, b, c, d) 0
#endif
#else
#define EC_FREE_ALL(list)
#define EC_GET_SIZE(list) 0
#define EC_WRITE(a, b) 0
#define EC_PARSE(a, b, c, d) 0
#define EC_VALIDATE_REQUEST(a, b)
#endif /* HAVE_SUPPORTED_CURVES */
TLSX* TLSX_Find(TLSX* list, TLSX_Type type) TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
{ {
TLSX* extension = list; TLSX* extension = list;
@ -1181,18 +1487,16 @@ void TLSX_FreeAll(TLSX* list)
case TRUNCATED_HMAC: case TRUNCATED_HMAC:
/* Nothing to do. */ /* Nothing to do. */
break; break;
case ELLIPTIC_CURVES:
EC_FREE_ALL(extension->data);
break;
} }
XFREE(extension, 0, DYNAMIC_TYPE_TLSX); XFREE(extension, 0, DYNAMIC_TYPE_TLSX);
} }
} }
#define IS_OFF(semaphore, light) \
((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
#define TURN_ON(semaphore, light) \
((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
{ {
TLSX* extension; TLSX* extension;
@ -1220,6 +1524,10 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
case TRUNCATED_HMAC: case TRUNCATED_HMAC:
/* empty extension. */ /* empty extension. */
break; break;
case ELLIPTIC_CURVES:
length += EC_GET_SIZE((EllipticCurve *) extension->data);
break;
} }
TURN_ON(semaphore, extension->type); TURN_ON(semaphore, extension->type);
@ -1264,6 +1572,11 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
case TRUNCATED_HMAC: case TRUNCATED_HMAC:
/* empty extension. */ /* empty extension. */
break; break;
case ELLIPTIC_CURVES:
offset += EC_WRITE((EllipticCurve *) extension->data,
output + offset);
break;
} }
/* writing extension data length */ /* writing extension data length */
@ -1286,6 +1599,8 @@ word16 TLSX_GetRequestSize(CYASSL* ssl)
if (ssl && IsTLS(ssl)) { if (ssl && IsTLS(ssl)) {
byte semaphore[16] = {0}; byte semaphore[16] = {0};
EC_VALIDATE_REQUEST(ssl, semaphore);
if (ssl->extensions) if (ssl->extensions)
length += TLSX_GetSize(ssl->extensions, semaphore, 1); length += TLSX_GetSize(ssl->extensions, semaphore, 1);
@ -1311,6 +1626,8 @@ word16 TLSX_WriteRequest(CYASSL* ssl, byte* output)
offset += OPAQUE16_LEN; /* extensions length */ offset += OPAQUE16_LEN; /* extensions length */
EC_VALIDATE_REQUEST(ssl, semaphore);
if (ssl->extensions) if (ssl->extensions)
offset += TLSX_Write(ssl->extensions, output + offset, offset += TLSX_Write(ssl->extensions, output + offset,
semaphore, 1); semaphore, 1);
@ -1430,6 +1747,12 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
ret = THM_PARSE(ssl, input + offset, size, isRequest); ret = THM_PARSE(ssl, input + offset, size, isRequest);
break; break;
case ELLIPTIC_CURVES:
CYASSL_MSG("Elliptic Curves extension received");
ret = EC_PARSE(ssl, input + offset, size, isRequest);
break;
case HELLO_EXT_SIG_ALGO: case HELLO_EXT_SIG_ALGO:
if (isRequest) { if (isRequest) {
/* do not mess with offset inside the switch! */ /* do not mess with offset inside the switch! */
@ -1462,6 +1785,13 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
#undef IS_OFF #undef IS_OFF
#undef TURN_ON #undef TURN_ON
#elif defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_SUPPORTED_CURVES)
#error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined."
#endif /* HAVE_TLS_EXTENSIONS */ #endif /* HAVE_TLS_EXTENSIONS */

96
tests/api.c
View File

@ -56,6 +56,9 @@ static void test_CyaSSL_UseMaxFragment(void);
#ifdef HAVE_TRUNCATED_HMAC #ifdef HAVE_TRUNCATED_HMAC
static void test_CyaSSL_UseTruncatedHMAC(void); static void test_CyaSSL_UseTruncatedHMAC(void);
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_SUPPORTED_CURVES
static void test_CyaSSL_UseSupportedCurve(void);
#endif /* HAVE_SUPPORTED_CURVES */
/* test function helpers */ /* test function helpers */
static int test_method(CYASSL_METHOD *method, const char *name); static int test_method(CYASSL_METHOD *method, const char *name);
@ -116,6 +119,9 @@ int ApiTest(void)
#ifdef HAVE_TRUNCATED_HMAC #ifdef HAVE_TRUNCATED_HMAC
test_CyaSSL_UseTruncatedHMAC(); test_CyaSSL_UseTruncatedHMAC();
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_SUPPORTED_CURVES
test_CyaSSL_UseSupportedCurve();
#endif /* HAVE_SUPPORTED_CURVES */
test_CyaSSL_Cleanup(); test_CyaSSL_Cleanup();
printf(" End API Tests\n"); printf(" End API Tests\n");
@ -236,14 +242,13 @@ int test_CyaSSL_CTX_new(CYASSL_METHOD *method)
return TEST_SUCCESS; return TEST_SUCCESS;
} }
#ifdef HAVE_TLS_EXTENSIONS
#ifdef HAVE_SNI #ifdef HAVE_SNI
static void use_SNI_at_ctx(CYASSL_CTX* ctx) static void use_SNI_at_ctx(CYASSL_CTX* ctx)
{ {
byte type = CYASSL_SNI_HOST_NAME; byte type = CYASSL_SNI_HOST_NAME;
char name[] = "www.yassl.com"; char name[] = "www.yassl.com";
AssertIntEQ(0, CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name))); AssertIntEQ(1, CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name)));
} }
static void use_SNI_at_ssl(CYASSL* ssl) static void use_SNI_at_ssl(CYASSL* ssl)
@ -251,7 +256,7 @@ static void use_SNI_at_ssl(CYASSL* ssl)
byte type = CYASSL_SNI_HOST_NAME; byte type = CYASSL_SNI_HOST_NAME;
char name[] = "www.yassl.com"; char name[] = "www.yassl.com";
AssertIntEQ(0, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); AssertIntEQ(1, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
} }
static void different_SNI_at_ssl(CYASSL* ssl) static void different_SNI_at_ssl(CYASSL* ssl)
@ -259,7 +264,7 @@ static void different_SNI_at_ssl(CYASSL* ssl)
byte type = CYASSL_SNI_HOST_NAME; byte type = CYASSL_SNI_HOST_NAME;
char name[] = "ww2.yassl.com"; char name[] = "ww2.yassl.com";
AssertIntEQ(0, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); AssertIntEQ(1, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
} }
static void use_SNI_WITH_CONTINUE_at_ssl(CYASSL* ssl) static void use_SNI_WITH_CONTINUE_at_ssl(CYASSL* ssl)
@ -426,16 +431,16 @@ void test_CyaSSL_UseSNI(void)
AssertNotNull(ssl); AssertNotNull(ssl);
/* error cases */ /* error cases */
AssertIntNE(0, CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx"))); AssertIntNE(1, CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(0, CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl"))); AssertIntNE(1, CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(0, CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx"))); AssertIntNE(1, CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(0, CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl"))); AssertIntNE(1, CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(0, CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx"))); AssertIntNE(1, CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx")));
AssertIntNE(0, CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl"))); AssertIntNE(1, CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl")));
/* success case */ /* success case */
AssertIntEQ(0, CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx"))); AssertIntEQ(1, CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntEQ(0, CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl"))); AssertIntEQ(1, CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl")));
CyaSSL_free(ssl); CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx); CyaSSL_CTX_free(ctx);
@ -491,24 +496,24 @@ static void test_CyaSSL_UseMaxFragment(void)
AssertNotNull(ssl); AssertNotNull(ssl);
/* error cases */ /* error cases */
AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9)); AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9));
AssertIntNE(0, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9)); AssertIntNE(1, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9));
AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(ctx, 0)); AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(ctx, 0));
AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(ctx, 6)); AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(ctx, 6));
AssertIntNE(0, CyaSSL_UseMaxFragment(ssl, 0)); AssertIntNE(1, CyaSSL_UseMaxFragment(ssl, 0));
AssertIntNE(0, CyaSSL_UseMaxFragment(ssl, 6)); AssertIntNE(1, CyaSSL_UseMaxFragment(ssl, 6));
/* success case */ /* success case */
AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9)); AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9));
AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10)); AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10));
AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11)); AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11));
AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12)); AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12));
AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13)); AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13));
AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9)); AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9));
AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10)); AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10));
AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11)); AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11));
AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12)); AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12));
AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13)); AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13));
CyaSSL_free(ssl); CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx); CyaSSL_CTX_free(ctx);
@ -525,19 +530,44 @@ static void test_CyaSSL_UseTruncatedHMAC(void)
AssertNotNull(ssl); AssertNotNull(ssl);
/* error cases */ /* error cases */
AssertIntNE(0, CyaSSL_CTX_UseTruncatedHMAC(NULL)); AssertIntNE(1, CyaSSL_CTX_UseTruncatedHMAC(NULL));
AssertIntNE(0, CyaSSL_UseTruncatedHMAC(NULL)); AssertIntNE(1, CyaSSL_UseTruncatedHMAC(NULL));
/* success case */ /* success case */
AssertIntEQ(0, CyaSSL_CTX_UseTruncatedHMAC(ctx)); AssertIntEQ(1, CyaSSL_CTX_UseTruncatedHMAC(ctx));
AssertIntEQ(0, CyaSSL_UseTruncatedHMAC(ssl)); AssertIntEQ(1, CyaSSL_UseTruncatedHMAC(ssl));
CyaSSL_free(ssl); CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx); CyaSSL_CTX_free(ctx);
} }
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
#endif /* HAVE_TLS_EXTENSIONS */ #ifdef HAVE_SUPPORTED_CURVES
static void test_CyaSSL_UseSupportedCurve(void)
{
CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
CYASSL *ssl = CyaSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
#ifndef NO_CYASSL_CLIENT
/* error cases */
AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(ctx, 0));
AssertIntNE(1, CyaSSL_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_UseSupportedCurve(ssl, 0));
/* success case */
AssertIntEQ(1, CyaSSL_CTX_UseSupportedCurve(ctx, CYASSL_ECC_SECP160R1));
AssertIntEQ(1, CyaSSL_UseSupportedCurve(ssl, CYASSL_ECC_SECP160R1));
#endif
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
}
#endif /* HAVE_SUPPORTED_CURVES */
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
/* Helper for testing CyaSSL_CTX_use_certificate_file() */ /* Helper for testing CyaSSL_CTX_use_certificate_file() */