mirror of https://github.com/wolfSSL/wolfssl.git
Merge branch 'master' of github.com:cyassl/cyassl
commit
8e5532eb42
|
@ -12,7 +12,7 @@ RESULT=$?
|
|||
|
||||
# make sure basic config is ok
|
||||
echo -e "\n\nTesting basic config too...\n\n"
|
||||
./configure;
|
||||
./configure --disable-fastmath;
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\n\nBasic config ./configure failed" && exit 1
|
||||
|
||||
|
|
|
@ -3400,7 +3400,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
|
|||
mp_rshd (&q, um - 1);
|
||||
|
||||
/* according to HAC this optimization is ok */
|
||||
if (((unsigned long) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
|
||||
if (((mp_word) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
|
||||
if ((res = mp_mul (&q, mu, &q)) != MP_OKAY) {
|
||||
goto CLEANUP;
|
||||
}
|
||||
|
|
|
@ -242,7 +242,8 @@ enum {
|
|||
DYNAMIC_TYPE_TMP_BUFFER = 38,
|
||||
DYNAMIC_TYPE_DTLS_MSG = 39,
|
||||
DYNAMIC_TYPE_CAVIUM_TMP = 40,
|
||||
DYNAMIC_TYPE_CAVIUM_RSA = 41
|
||||
DYNAMIC_TYPE_CAVIUM_RSA = 41,
|
||||
DYNAMIC_TYPE_X509 = 42
|
||||
};
|
||||
|
||||
/* stack protection */
|
||||
|
|
|
@ -1536,6 +1536,7 @@ struct CYASSL_X509 {
|
|||
buffer derCert; /* may need */
|
||||
DNS_entry* altNames; /* alt names list */
|
||||
DNS_entry* altNamesNext; /* hint for retrieval */
|
||||
byte dynamicMemory; /* dynamic memory flag */
|
||||
};
|
||||
|
||||
|
||||
|
@ -1882,11 +1883,12 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
|
|||
|
||||
#endif /* NO_TLS */
|
||||
|
||||
typedef double timer_d;
|
||||
|
||||
CYASSL_LOCAL timer_d Timer(void);
|
||||
CYASSL_LOCAL word32 LowResTimer(void);
|
||||
|
||||
CYASSL_LOCAL void InitX509(CYASSL_X509*, int);
|
||||
CYASSL_LOCAL void FreeX509(CYASSL_X509*);
|
||||
CYASSL_LOCAL int CopyDecodedToX509(CYASSL_X509*, DecodedCert*);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -167,6 +167,7 @@ CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int);
|
|||
CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int);
|
||||
CYASSL_API int CyaSSL_CTX_load_verify_locations(CYASSL_CTX*, const char*,
|
||||
const char*);
|
||||
CYASSL_API int CyaSSL_CTX_UnloadCAs(CYASSL_CTX*);
|
||||
CYASSL_API int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX *,
|
||||
const char *file);
|
||||
CYASSL_API int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX*, const char*, int);
|
||||
|
@ -713,6 +714,10 @@ CYASSL_API int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain);
|
|||
CYASSL_API int CyaSSL_get_chain_length(CYASSL_X509_CHAIN*, int idx);
|
||||
/* index cert */
|
||||
CYASSL_API unsigned char* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN*, int idx);
|
||||
/* index cert in X509 */
|
||||
CYASSL_API CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN*, int idx);
|
||||
/* free X509 */
|
||||
CYASSL_API void CyaSSL_FreeX509(CYASSL_X509*);
|
||||
/* get index cert in PEM */
|
||||
CYASSL_API int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx,
|
||||
unsigned char* buffer, int inLen, int* outLen);
|
||||
|
@ -869,6 +874,7 @@ typedef void (*CbMissingCRL)(const char* url);
|
|||
|
||||
CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
|
||||
const char* d);
|
||||
CYASSL_API int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm);
|
||||
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
|
||||
int format);
|
||||
CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
|
||||
|
|
|
@ -263,49 +263,53 @@ static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
|
|||
#endif
|
||||
|
||||
|
||||
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
|
||||
|
||||
static INLINE void ShowX509(CYASSL_X509* x509, const char* hdr)
|
||||
{
|
||||
char* altName;
|
||||
char* issuer = CyaSSL_X509_NAME_oneline(
|
||||
CyaSSL_X509_get_issuer_name(x509), 0, 0);
|
||||
char* subject = CyaSSL_X509_NAME_oneline(
|
||||
CyaSSL_X509_get_subject_name(x509), 0, 0);
|
||||
byte serial[32];
|
||||
int ret;
|
||||
int sz = sizeof(serial);
|
||||
|
||||
printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject);
|
||||
|
||||
while ( (altName = CyaSSL_X509_get_next_altname(x509)) )
|
||||
printf(" altname = %s\n", altName);
|
||||
|
||||
ret = CyaSSL_X509_get_serial_number(x509, serial, &sz);
|
||||
if (ret == SSL_SUCCESS) {
|
||||
int i;
|
||||
int strLen;
|
||||
char serialMsg[80];
|
||||
|
||||
/* testsuite has multiple threads writing to stdout, get output
|
||||
message ready to write once */
|
||||
strLen = sprintf(serialMsg, " serial number");
|
||||
for (i = 0; i < sz; i++)
|
||||
sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
|
||||
printf("%s\n", serialMsg);
|
||||
}
|
||||
|
||||
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
|
||||
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
|
||||
|
||||
|
||||
static INLINE void showPeer(CYASSL* ssl)
|
||||
{
|
||||
|
||||
CYASSL_CIPHER* cipher;
|
||||
#ifdef KEEP_PEER_CERT
|
||||
CYASSL_X509* peer = CyaSSL_get_peer_certificate(ssl);
|
||||
if (peer) {
|
||||
#ifdef OPENSSL_EXTRA
|
||||
char* altName;
|
||||
char* issuer = CyaSSL_X509_NAME_oneline(
|
||||
CyaSSL_X509_get_issuer_name(peer), 0, 0);
|
||||
char* subject = CyaSSL_X509_NAME_oneline(
|
||||
CyaSSL_X509_get_subject_name(peer), 0, 0);
|
||||
byte serial[32];
|
||||
int ret;
|
||||
int sz = sizeof(serial);
|
||||
|
||||
printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
|
||||
subject);
|
||||
|
||||
while ( (altName = CyaSSL_X509_get_next_altname(peer)) )
|
||||
printf(" altname = %s\n", altName);
|
||||
|
||||
ret = CyaSSL_X509_get_serial_number(peer, serial, &sz);
|
||||
if (ret == 0) {
|
||||
int i;
|
||||
int strLen;
|
||||
char serialMsg[80];
|
||||
|
||||
/* testsuite has multiple threads writing to stdout, get output
|
||||
message ready to write once */
|
||||
strLen = sprintf(serialMsg, " serial number");
|
||||
for (i = 0; i < sz; i++)
|
||||
sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
|
||||
printf("%s\n", serialMsg);
|
||||
}
|
||||
|
||||
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
#else
|
||||
printf("peer has a cert!\n");
|
||||
#endif
|
||||
}
|
||||
CYASSL_X509* peer = CyaSSL_get_peer_certificate(ssl);
|
||||
if (peer)
|
||||
ShowX509(peer, "peer's cert info:");
|
||||
else
|
||||
printf("peer has no cert!\n");
|
||||
#endif
|
||||
|
@ -323,10 +327,18 @@ static INLINE void showPeer(CYASSL* ssl)
|
|||
for (i = 0; i < count; i++) {
|
||||
int length;
|
||||
unsigned char buffer[3072];
|
||||
CYASSL_X509* chainX509;
|
||||
|
||||
CyaSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length);
|
||||
buffer[length] = 0;
|
||||
printf("cert %d has length %d data = \n%s\n", i, length, buffer);
|
||||
|
||||
chainX509 = CyaSSL_get_chain_X509(chain, i);
|
||||
if (chainX509)
|
||||
ShowX509(chainX509, "session cert info:");
|
||||
else
|
||||
printf("get_chain_X509 failed\n");
|
||||
CyaSSL_FreeX509(chainX509);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -113,6 +113,8 @@ static void Usage(void)
|
|||
printf("-m Match domain name in cert\n");
|
||||
printf("-N Use Non-blocking sockets\n");
|
||||
printf("-r Resume session\n");
|
||||
printf("-f Fewer packets/group messages\n");
|
||||
printf("-x Disable client cert/key loading\n");
|
||||
#ifdef SHOW_SIZES
|
||||
printf("-z Print structure sizes\n");
|
||||
#endif
|
||||
|
@ -152,6 +154,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
|||
int nonBlocking = 0;
|
||||
int resumeSession = 0;
|
||||
int trackMemory = 0;
|
||||
int useClientCert = 1;
|
||||
int fewerPackets = 0;
|
||||
char* cipherList = NULL;
|
||||
char* verifyCert = (char*)caCert;
|
||||
char* ourCert = (char*)cliCert;
|
||||
|
@ -172,7 +176,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
|||
(void)sslResume;
|
||||
(void)trackMemory;
|
||||
|
||||
while ((ch = mygetopt(argc, argv, "?gdusmNrth:p:v:l:A:c:k:b:z")) != -1) {
|
||||
while ((ch = mygetopt(argc, argv, "?gdusmNrtfxh:p:v:l:A:c:k:b:z")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
Usage();
|
||||
|
@ -204,6 +208,14 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
|||
matchName = 1;
|
||||
break;
|
||||
|
||||
case 'x' :
|
||||
useClientCert = 0;
|
||||
break;
|
||||
|
||||
case 'f' :
|
||||
fewerPackets = 1;
|
||||
break;
|
||||
|
||||
case 'h' :
|
||||
host = myoptarg;
|
||||
domain = myoptarg;
|
||||
|
@ -344,6 +356,9 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
|||
usePsk = 1;
|
||||
#endif
|
||||
|
||||
if (fewerPackets)
|
||||
CyaSSL_CTX_set_group_messages(ctx);
|
||||
|
||||
if (usePsk) {
|
||||
#ifndef NO_PSK
|
||||
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
|
||||
|
@ -358,6 +373,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
|||
err_sys("client can't set cipher list 2");
|
||||
}
|
||||
#endif
|
||||
useClientCert = 0;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
|
@ -381,17 +397,18 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
|||
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
|
||||
#endif
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
if (!usePsk){
|
||||
if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS)
|
||||
if (useClientCert){
|
||||
if (CyaSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
|
||||
err_sys("can't load client cert file, check file and run from"
|
||||
" CyaSSL home dir");
|
||||
|
||||
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
|
||||
!= SSL_SUCCESS)
|
||||
err_sys("can't load client private key file, check file and run "
|
||||
"from CyaSSL home dir");
|
||||
"from CyaSSL home dir");
|
||||
}
|
||||
|
||||
if (!usePsk) {
|
||||
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
|
||||
err_sys("can't load ca file, Please run from CyaSSL home dir");
|
||||
}
|
||||
|
|
|
@ -108,6 +108,7 @@ static void Usage(void)
|
|||
printf("-t Track CyaSSL memory use\n");
|
||||
printf("-u Use UDP DTLS,"
|
||||
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
|
||||
printf("-f Fewer packets/group messages\n");
|
||||
printf("-N Use Non-blocking sockets\n");
|
||||
}
|
||||
|
||||
|
@ -131,9 +132,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||
int port = yasslPort;
|
||||
int usePsk = 0;
|
||||
int doDTLS = 0;
|
||||
int useNtruKey = 0;
|
||||
int nonBlocking = 0;
|
||||
int trackMemory = 0;
|
||||
int useNtruKey = 0;
|
||||
int nonBlocking = 0;
|
||||
int trackMemory = 0;
|
||||
int fewerPackets = 0;
|
||||
char* cipherList = NULL;
|
||||
char* verifyCert = (char*)cliCert;
|
||||
char* ourCert = (char*)svrCert;
|
||||
|
@ -150,7 +152,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||
#endif
|
||||
(void)trackMemory;
|
||||
|
||||
while ((ch = mygetopt(argc, argv, "?dbstnNup:v:l:A:c:k:")) != -1) {
|
||||
while ((ch = mygetopt(argc, argv, "?dbstnNufp:v:l:A:c:k:")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
Usage();
|
||||
|
@ -182,6 +184,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||
doDTLS = 1;
|
||||
break;
|
||||
|
||||
case 'f' :
|
||||
fewerPackets = 1;
|
||||
break;
|
||||
|
||||
case 'p' :
|
||||
port = atoi(myoptarg);
|
||||
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
|
||||
|
@ -299,6 +305,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||
usePsk = 1;
|
||||
#endif
|
||||
|
||||
if (fewerPackets)
|
||||
CyaSSL_CTX_set_group_messages(ctx);
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
if (!usePsk) {
|
||||
if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
|
||||
|
|
124
src/internal.c
124
src/internal.c
|
@ -1182,6 +1182,30 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
|
|||
}
|
||||
|
||||
|
||||
/* Initialize CyaSSL X509 type */
|
||||
void InitX509(CYASSL_X509* x509, int dynamicFlag)
|
||||
{
|
||||
x509->derCert.buffer = NULL;
|
||||
x509->altNames = NULL;
|
||||
x509->altNamesNext = NULL;
|
||||
x509->dynamicMemory = dynamicFlag;
|
||||
}
|
||||
|
||||
|
||||
/* Free CyaSSL X509 type */
|
||||
void FreeX509(CYASSL_X509* x509)
|
||||
{
|
||||
if (x509 == NULL)
|
||||
return;
|
||||
|
||||
XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_CERT);
|
||||
if (x509->altNames)
|
||||
FreeAltNames(x509->altNames, NULL);
|
||||
if (x509->dynamicMemory)
|
||||
XFREE(x509, NULL, DYNAMIC_TYPE_X509);
|
||||
}
|
||||
|
||||
|
||||
/* init everything to 0, NULL, default values before calling anything that may
|
||||
fail so that desctructor has a "good" state to cleanup */
|
||||
int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
||||
|
@ -1231,9 +1255,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||
ssl->buffers.plainSz = 0;
|
||||
|
||||
#ifdef KEEP_PEER_CERT
|
||||
ssl->peerCert.derCert.buffer = NULL;
|
||||
ssl->peerCert.altNames = NULL;
|
||||
ssl->peerCert.altNamesNext = NULL;
|
||||
InitX509(&ssl->peerCert, 0);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
|
@ -1590,9 +1612,7 @@ void SSL_ResourceFree(CYASSL* ssl)
|
|||
ssl->buffers.dtlsCtx.peer.sa = NULL;
|
||||
#endif
|
||||
#if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
|
||||
XFREE(ssl->peerCert.derCert.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
|
||||
if (ssl->peerCert.altNames)
|
||||
FreeAltNames(ssl->peerCert.altNames, ssl->heap);
|
||||
FreeX509(&ssl->peerCert);
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
|
||||
CyaSSL_BIO_free(ssl->biord);
|
||||
|
@ -2023,7 +2043,7 @@ ProtocolVersion MakeDTLSv1_2(void)
|
|||
|
||||
#ifdef USE_WINDOWS_API
|
||||
|
||||
timer_d Timer(void)
|
||||
word32 LowResTimer(void)
|
||||
{
|
||||
static int init = 0;
|
||||
static LARGE_INTEGER freq;
|
||||
|
@ -2036,16 +2056,9 @@ ProtocolVersion MakeDTLSv1_2(void)
|
|||
|
||||
QueryPerformanceCounter(&count);
|
||||
|
||||
return (double)count.QuadPart / freq.QuadPart;
|
||||
return (word32)(count.QuadPart / freq.QuadPart);
|
||||
}
|
||||
|
||||
|
||||
word32 LowResTimer(void)
|
||||
{
|
||||
return (word32)Timer();
|
||||
}
|
||||
|
||||
|
||||
#elif defined(THREADX)
|
||||
|
||||
#include "rtptime.h"
|
||||
|
@ -2805,6 +2818,54 @@ static int CheckAltNames(DecodedCert* dCert, char* domain)
|
|||
}
|
||||
|
||||
|
||||
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
|
||||
|
||||
/* Copy parts X509 needs from Decoded cert, 0 on success */
|
||||
int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (x509 == NULL || dCert == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
|
||||
x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
|
||||
x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
|
||||
|
||||
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
|
||||
x509->subject.name[ASN_NAME_MAX - 1] = '\0';
|
||||
x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
|
||||
|
||||
XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
|
||||
x509->serialSz = dCert->serialSz;
|
||||
if (dCert->subjectCNLen < ASN_NAME_MAX) {
|
||||
XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
|
||||
x509->subjectCN[dCert->subjectCNLen] = '\0';
|
||||
}
|
||||
else
|
||||
x509->subjectCN[0] = '\0';
|
||||
|
||||
/* store cert for potential retrieval */
|
||||
x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL,
|
||||
DYNAMIC_TYPE_CERT);
|
||||
if (x509->derCert.buffer == NULL) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
else {
|
||||
XMEMCPY(x509->derCert.buffer, dCert->source, dCert->maxIdx);
|
||||
x509->derCert.length = dCert->maxIdx;
|
||||
}
|
||||
|
||||
x509->altNames = dCert->altNames;
|
||||
dCert->altNames = NULL; /* takes ownership */
|
||||
x509->altNamesNext = x509->altNames; /* index hint */
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
|
||||
|
||||
|
||||
static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||
{
|
||||
word32 listSz, i = *inOutIdx;
|
||||
|
@ -2981,39 +3042,12 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
|||
#endif /* HAVE_CRL */
|
||||
|
||||
#ifdef KEEP_PEER_CERT
|
||||
{
|
||||
/* set X509 format for peer cert even if fatal */
|
||||
XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
|
||||
ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0';
|
||||
ssl->peerCert.issuer.sz = (int)XSTRLEN(ssl->peerCert.issuer.name) + 1;
|
||||
|
||||
XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
|
||||
ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0';
|
||||
ssl->peerCert.subject.sz = (int)XSTRLEN(ssl->peerCert.subject.name) + 1;
|
||||
|
||||
XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE);
|
||||
ssl->peerCert.serialSz = dCert.serialSz;
|
||||
if (dCert.subjectCNLen < ASN_NAME_MAX) {
|
||||
XMEMCPY(ssl->peerCert.subjectCN,dCert.subjectCN,dCert.subjectCNLen);
|
||||
ssl->peerCert.subjectCN[dCert.subjectCNLen] = '\0';
|
||||
}
|
||||
else
|
||||
ssl->peerCert.subjectCN[0] = '\0';
|
||||
|
||||
/* store cert for potential retrieval */
|
||||
ssl->peerCert.derCert.buffer = (byte*)XMALLOC(myCert.length, ssl->heap,
|
||||
DYNAMIC_TYPE_CERT);
|
||||
if (ssl->peerCert.derCert.buffer == NULL) {
|
||||
ret = MEMORY_E;
|
||||
int copyRet = CopyDecodedToX509(&ssl->peerCert, &dCert);
|
||||
if (copyRet == MEMORY_E)
|
||||
fatal = 1;
|
||||
}
|
||||
else {
|
||||
XMEMCPY(ssl->peerCert.derCert.buffer, myCert.buffer, myCert.length);
|
||||
ssl->peerCert.derCert.length = myCert.length;
|
||||
}
|
||||
|
||||
ssl->peerCert.altNames = dCert.altNames;
|
||||
dCert.altNames = NULL; /* takes ownership */
|
||||
ssl->peerCert.altNamesNext = ssl->peerCert.altNames; /* index hint */
|
||||
#endif
|
||||
|
||||
if (fatal) {
|
||||
|
|
303
src/ssl.c
303
src/ssl.c
|
@ -692,6 +692,31 @@ void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
|
|||
|
||||
}
|
||||
|
||||
|
||||
/* Unload the CA signer list */
|
||||
int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm)
|
||||
{
|
||||
Signer* signers;
|
||||
|
||||
CYASSL_ENTER("CyaSSL_CertManagerUnloadCAs");
|
||||
|
||||
if (cm == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (LockMutex(&cm->caLock) != 0)
|
||||
return BAD_MUTEX_ERROR;
|
||||
|
||||
signers = cm->caList;
|
||||
cm->caList = NULL;
|
||||
|
||||
UnLockMutex(&cm->caLock);
|
||||
|
||||
FreeSigners(signers, NULL);
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
||||
|
@ -986,7 +1011,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||
|
||||
int CyaSSL_Init(void)
|
||||
{
|
||||
int ret = 0;
|
||||
int ret = SSL_SUCCESS;
|
||||
|
||||
CYASSL_ENTER("CyaSSL_Init");
|
||||
|
||||
|
@ -2510,7 +2535,7 @@ void CyaSSL_load_error_strings(void) /* compatibility only */
|
|||
int CyaSSL_library_init(void)
|
||||
{
|
||||
CYASSL_ENTER("SSL_library_init");
|
||||
if (CyaSSL_Init() == 0)
|
||||
if (CyaSSL_Init() == SSL_SUCCESS)
|
||||
return SSL_SUCCESS;
|
||||
else
|
||||
return SSL_FATAL_ERROR;
|
||||
|
@ -3131,13 +3156,13 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
|
|||
|
||||
int CyaSSL_Cleanup(void)
|
||||
{
|
||||
int ret = 0;
|
||||
int ret = SSL_SUCCESS;
|
||||
int release = 0;
|
||||
|
||||
CYASSL_ENTER("CyaSSL_Cleanup");
|
||||
|
||||
if (initRefCount == 0)
|
||||
return 0; /* possibly no init yet */
|
||||
return ret; /* possibly no init yet, but not failure either way */
|
||||
|
||||
if (LockMutex(&count_mutex) != 0) {
|
||||
CYASSL_MSG("Bad Lock Mutex count");
|
||||
|
@ -3469,7 +3494,7 @@ int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn)
|
|||
|
||||
|
||||
/* turn on CyaSSL zlib compression
|
||||
returns 0 for success, else error (not built in)
|
||||
returns SSL_SUCCESS for success, else error (not built in)
|
||||
*/
|
||||
int CyaSSL_set_compression(CYASSL* ssl)
|
||||
{
|
||||
|
@ -3477,7 +3502,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
(void)ssl;
|
||||
#ifdef HAVE_LIBZ
|
||||
ssl->options.usingCompression = 1;
|
||||
return 0;
|
||||
return SSL_SUCCESS;
|
||||
#else
|
||||
return NOT_COMPILED_IN;
|
||||
#endif
|
||||
|
@ -3882,6 +3907,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
ssl, NULL, 1);
|
||||
}
|
||||
|
||||
int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_CTX_UnloadCAs");
|
||||
|
||||
if (ctx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
return CyaSSL_CertManagerUnloadCAs(ctx->cm);
|
||||
}
|
||||
|
||||
/* old NO_FILESYSTEM end */
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
@ -4082,65 +4117,6 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
}
|
||||
|
||||
|
||||
/* return the next, if any, altname from the peer cert */
|
||||
char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
|
||||
{
|
||||
char* ret = NULL;
|
||||
CYASSL_ENTER("CyaSSL_X509_get_next_altname");
|
||||
|
||||
/* don't have any to work with */
|
||||
if (cert == NULL || cert->altNames == NULL)
|
||||
return NULL;
|
||||
|
||||
/* already went through them */
|
||||
if (cert->altNamesNext == NULL)
|
||||
return NULL;
|
||||
|
||||
ret = cert->altNamesNext->name;
|
||||
cert->altNamesNext = cert->altNamesNext->next;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
|
||||
{
|
||||
CYASSL_ENTER("X509_get_issuer_name");
|
||||
return &cert->issuer;
|
||||
}
|
||||
|
||||
|
||||
CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert)
|
||||
{
|
||||
CYASSL_ENTER("X509_get_subject_name");
|
||||
return &cert->subject;
|
||||
}
|
||||
|
||||
|
||||
/* copy name into in buffer, at most sz bytes, if buffer is null will
|
||||
malloc buffer, call responsible for freeing */
|
||||
char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz)
|
||||
{
|
||||
int copySz = min(sz, name->sz);
|
||||
|
||||
CYASSL_ENTER("CyaSSL_X509_NAME_oneline");
|
||||
if (!name->sz) return in;
|
||||
|
||||
if (!in) {
|
||||
in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
if (!in ) return in;
|
||||
copySz = name->sz;
|
||||
}
|
||||
|
||||
if (copySz == 0)
|
||||
return in;
|
||||
|
||||
XMEMCPY(in, name->name, copySz - 1);
|
||||
in[copySz - 1] = 0;
|
||||
|
||||
return in;
|
||||
}
|
||||
|
||||
|
||||
CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert(
|
||||
CYASSL_X509_STORE_CTX* ctx)
|
||||
|
@ -5112,7 +5088,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
}
|
||||
|
||||
|
||||
/* store for external read of iv, 0 on success */
|
||||
/* store for external read of iv, SSL_SUCCESS on success */
|
||||
int CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_StoreExternalIV");
|
||||
|
@ -5163,11 +5139,11 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
return -1; /* failure */
|
||||
}
|
||||
}
|
||||
return 0; /* success */
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/* set internal IV from external, 0 on success */
|
||||
/* set internal IV from external, SSL_SUCCESS on success */
|
||||
int CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
|
||||
{
|
||||
|
||||
|
@ -5219,7 +5195,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
return -1; /* failure */
|
||||
}
|
||||
}
|
||||
return 0; /* success */
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
|
@ -5505,8 +5481,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
(void)flags;
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
#ifdef KEEP_PEER_CERT
|
||||
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
|
||||
#if defined(KEEP_PEER_CERT)
|
||||
|
||||
CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl)
|
||||
{
|
||||
CYASSL_ENTER("SSL_get_peer_certificate");
|
||||
|
@ -5515,7 +5495,108 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
else
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* KEEP_PEER_CERT */
|
||||
|
||||
|
||||
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
|
||||
|
||||
void CyaSSL_FreeX509(CYASSL_X509* x509)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_FreeX509");
|
||||
FreeX509(x509);
|
||||
}
|
||||
|
||||
|
||||
/* return the next, if any, altname from the peer cert */
|
||||
char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
|
||||
{
|
||||
char* ret = NULL;
|
||||
CYASSL_ENTER("CyaSSL_X509_get_next_altname");
|
||||
|
||||
/* don't have any to work with */
|
||||
if (cert == NULL || cert->altNames == NULL)
|
||||
return NULL;
|
||||
|
||||
/* already went through them */
|
||||
if (cert->altNamesNext == NULL)
|
||||
return NULL;
|
||||
|
||||
ret = cert->altNamesNext->name;
|
||||
cert->altNamesNext = cert->altNamesNext->next;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
|
||||
{
|
||||
CYASSL_ENTER("X509_get_issuer_name");
|
||||
return &cert->issuer;
|
||||
}
|
||||
|
||||
|
||||
CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert)
|
||||
{
|
||||
CYASSL_ENTER("X509_get_subject_name");
|
||||
return &cert->subject;
|
||||
}
|
||||
|
||||
|
||||
/* copy name into in buffer, at most sz bytes, if buffer is null will
|
||||
malloc buffer, call responsible for freeing */
|
||||
char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz)
|
||||
{
|
||||
int copySz = min(sz, name->sz);
|
||||
|
||||
CYASSL_ENTER("CyaSSL_X509_NAME_oneline");
|
||||
if (!name->sz) return in;
|
||||
|
||||
if (!in) {
|
||||
in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
if (!in ) return in;
|
||||
copySz = name->sz;
|
||||
}
|
||||
|
||||
if (copySz == 0)
|
||||
return in;
|
||||
|
||||
XMEMCPY(in, name->name, copySz - 1);
|
||||
in[copySz - 1] = 0;
|
||||
|
||||
return in;
|
||||
}
|
||||
|
||||
|
||||
/* write X509 serial number in unsigned binary to buffer
|
||||
buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
|
||||
return SSL_SUCCESS on success */
|
||||
int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_X509_get_serial_number");
|
||||
if (x509 == NULL || in == NULL || *inOutSz < x509->serialSz)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
XMEMCPY(in, x509->serial, x509->serialSz);
|
||||
*inOutSz = x509->serialSz;
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_X509_get_der");
|
||||
|
||||
if (x509 == NULL || outSz == NULL)
|
||||
return NULL;
|
||||
|
||||
*outSz = (int)x509->derCert.length;
|
||||
return x509->derCert.buffer;
|
||||
}
|
||||
|
||||
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
|
||||
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data)
|
||||
|
@ -6661,32 +6742,6 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* write X509 serial number in unsigned binary to buffer
|
||||
buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
|
||||
return 0 on success */
|
||||
int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_X509_get_serial_number");
|
||||
if (x509 == NULL || in == NULL || *inOutSz < x509->serialSz)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
XMEMCPY(in, x509->serial, x509->serialSz);
|
||||
*inOutSz = x509->serialSz;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_X509_get_der");
|
||||
|
||||
if (x509 == NULL || outSz == NULL)
|
||||
return NULL;
|
||||
|
||||
*outSz = (int)x509->derCert.length;
|
||||
return x509->derCert.buffer;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
|
||||
|
@ -7857,7 +7912,7 @@ static int initGlobalRNG = 0;
|
|||
|
||||
|
||||
#ifndef NO_DSA
|
||||
/* return 0 on success, < 0 otherwise */
|
||||
/* return SSL_SUCCESS on success, < 0 otherwise */
|
||||
int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
|
||||
CYASSL_DSA* dsa)
|
||||
{
|
||||
|
@ -7890,7 +7945,7 @@ static int initGlobalRNG = 0;
|
|||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
#endif /* NO_DSA */
|
||||
|
||||
|
@ -8434,7 +8489,7 @@ int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
|
|||
}
|
||||
|
||||
|
||||
/* Load RSA from Der, 0 on success < 0 on error */
|
||||
/* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
|
||||
int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
|
||||
{
|
||||
word32 idx = 0;
|
||||
|
@ -8460,12 +8515,12 @@ int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
|
|||
|
||||
rsa->inSet = 1;
|
||||
|
||||
return 0;
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_DSA
|
||||
/* Load DSA from Der, 0 on success < 0 on error */
|
||||
/* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
|
||||
int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
|
||||
{
|
||||
word32 idx = 0;
|
||||
|
@ -8491,7 +8546,7 @@ int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
|
|||
|
||||
dsa->inSet = 1;
|
||||
|
||||
return 0;
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
#endif /* NO_DSA */
|
||||
|
||||
|
@ -8548,6 +8603,46 @@ byte* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN* chain, int idx)
|
|||
}
|
||||
|
||||
|
||||
/* Get peer's CyaSSL X509 ceritifcate at index (idx) */
|
||||
CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN* chain, int idx)
|
||||
{
|
||||
int ret;
|
||||
CYASSL_X509* x509;
|
||||
DecodedCert dCert;
|
||||
|
||||
CYASSL_ENTER("CyaSSL_get_chain_X509");
|
||||
if (chain == NULL)
|
||||
return NULL;
|
||||
|
||||
InitDecodedCert(&dCert, chain->certs[idx].buffer, chain->certs[idx].length,
|
||||
NULL);
|
||||
ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
|
||||
if (ret != 0) {
|
||||
CYASSL_MSG("Failed to parse cert");
|
||||
FreeDecodedCert(&dCert);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509), NULL, DYNAMIC_TYPE_X509);
|
||||
if (x509 == NULL) {
|
||||
CYASSL_MSG("Failed alloc X509");
|
||||
FreeDecodedCert(&dCert);
|
||||
return NULL;
|
||||
}
|
||||
InitX509(x509, 1);
|
||||
|
||||
ret = CopyDecodedToX509(x509, &dCert);
|
||||
if (ret != 0) {
|
||||
CYASSL_MSG("Failed to copy decoded");
|
||||
XFREE(x509, NULL, DYNAMIC_TYPE_X509);
|
||||
x509 = NULL;
|
||||
}
|
||||
FreeDecodedCert(&dCert);
|
||||
|
||||
return x509;
|
||||
}
|
||||
|
||||
|
||||
/* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
|
||||
enough else return error (-1), output length is in *outLen */
|
||||
int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx,
|
||||
|
|
|
@ -103,7 +103,7 @@ int test_CyaSSL_Init(void)
|
|||
|
||||
printf(testingFmt, "CyaSSL_Init()");
|
||||
result = CyaSSL_Init();
|
||||
printf(resultFmt, result ? failed : passed);
|
||||
printf(resultFmt, result == SSL_SUCCESS ? passed : failed);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
@ -114,7 +114,7 @@ static int test_CyaSSL_Cleanup(void)
|
|||
|
||||
printf(testingFmt, "CyaSSL_Cleanup()");
|
||||
result = CyaSSL_Cleanup();
|
||||
printf(resultFmt, result ? failed : passed);
|
||||
printf(resultFmt, result == SSL_SUCCESS ? passed : failed);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue