mirror of https://github.com/wolfSSL/wolfssl.git
Merge branch 'master' of github.com:cyassl/cyassl
commit
8e5532eb42
|
@ -12,7 +12,7 @@ RESULT=$?
|
||||||
|
|
||||||
# make sure basic config is ok
|
# make sure basic config is ok
|
||||||
echo -e "\n\nTesting basic config too...\n\n"
|
echo -e "\n\nTesting basic config too...\n\n"
|
||||||
./configure;
|
./configure --disable-fastmath;
|
||||||
RESULT=$?
|
RESULT=$?
|
||||||
[ $RESULT -ne 0 ] && echo -e "\n\nBasic config ./configure failed" && exit 1
|
[ $RESULT -ne 0 ] && echo -e "\n\nBasic config ./configure failed" && exit 1
|
||||||
|
|
||||||
|
|
|
@ -3400,7 +3400,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
|
||||||
mp_rshd (&q, um - 1);
|
mp_rshd (&q, um - 1);
|
||||||
|
|
||||||
/* according to HAC this optimization is ok */
|
/* according to HAC this optimization is ok */
|
||||||
if (((unsigned long) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
|
if (((mp_word) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
|
||||||
if ((res = mp_mul (&q, mu, &q)) != MP_OKAY) {
|
if ((res = mp_mul (&q, mu, &q)) != MP_OKAY) {
|
||||||
goto CLEANUP;
|
goto CLEANUP;
|
||||||
}
|
}
|
||||||
|
|
|
@ -242,7 +242,8 @@ enum {
|
||||||
DYNAMIC_TYPE_TMP_BUFFER = 38,
|
DYNAMIC_TYPE_TMP_BUFFER = 38,
|
||||||
DYNAMIC_TYPE_DTLS_MSG = 39,
|
DYNAMIC_TYPE_DTLS_MSG = 39,
|
||||||
DYNAMIC_TYPE_CAVIUM_TMP = 40,
|
DYNAMIC_TYPE_CAVIUM_TMP = 40,
|
||||||
DYNAMIC_TYPE_CAVIUM_RSA = 41
|
DYNAMIC_TYPE_CAVIUM_RSA = 41,
|
||||||
|
DYNAMIC_TYPE_X509 = 42
|
||||||
};
|
};
|
||||||
|
|
||||||
/* stack protection */
|
/* stack protection */
|
||||||
|
|
|
@ -1536,6 +1536,7 @@ struct CYASSL_X509 {
|
||||||
buffer derCert; /* may need */
|
buffer derCert; /* may need */
|
||||||
DNS_entry* altNames; /* alt names list */
|
DNS_entry* altNames; /* alt names list */
|
||||||
DNS_entry* altNamesNext; /* hint for retrieval */
|
DNS_entry* altNamesNext; /* hint for retrieval */
|
||||||
|
byte dynamicMemory; /* dynamic memory flag */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -1882,11 +1883,12 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
|
||||||
|
|
||||||
#endif /* NO_TLS */
|
#endif /* NO_TLS */
|
||||||
|
|
||||||
typedef double timer_d;
|
|
||||||
|
|
||||||
CYASSL_LOCAL timer_d Timer(void);
|
|
||||||
CYASSL_LOCAL word32 LowResTimer(void);
|
CYASSL_LOCAL word32 LowResTimer(void);
|
||||||
|
|
||||||
|
CYASSL_LOCAL void InitX509(CYASSL_X509*, int);
|
||||||
|
CYASSL_LOCAL void FreeX509(CYASSL_X509*);
|
||||||
|
CYASSL_LOCAL int CopyDecodedToX509(CYASSL_X509*, DecodedCert*);
|
||||||
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
|
|
|
@ -167,6 +167,7 @@ CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int);
|
||||||
CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int);
|
CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int);
|
||||||
CYASSL_API int CyaSSL_CTX_load_verify_locations(CYASSL_CTX*, const char*,
|
CYASSL_API int CyaSSL_CTX_load_verify_locations(CYASSL_CTX*, const char*,
|
||||||
const char*);
|
const char*);
|
||||||
|
CYASSL_API int CyaSSL_CTX_UnloadCAs(CYASSL_CTX*);
|
||||||
CYASSL_API int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX *,
|
CYASSL_API int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX *,
|
||||||
const char *file);
|
const char *file);
|
||||||
CYASSL_API int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX*, const char*, int);
|
CYASSL_API int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX*, const char*, int);
|
||||||
|
@ -713,6 +714,10 @@ CYASSL_API int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain);
|
||||||
CYASSL_API int CyaSSL_get_chain_length(CYASSL_X509_CHAIN*, int idx);
|
CYASSL_API int CyaSSL_get_chain_length(CYASSL_X509_CHAIN*, int idx);
|
||||||
/* index cert */
|
/* index cert */
|
||||||
CYASSL_API unsigned char* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN*, int idx);
|
CYASSL_API unsigned char* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN*, int idx);
|
||||||
|
/* index cert in X509 */
|
||||||
|
CYASSL_API CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN*, int idx);
|
||||||
|
/* free X509 */
|
||||||
|
CYASSL_API void CyaSSL_FreeX509(CYASSL_X509*);
|
||||||
/* get index cert in PEM */
|
/* get index cert in PEM */
|
||||||
CYASSL_API int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx,
|
CYASSL_API int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx,
|
||||||
unsigned char* buffer, int inLen, int* outLen);
|
unsigned char* buffer, int inLen, int* outLen);
|
||||||
|
@ -869,6 +874,7 @@ typedef void (*CbMissingCRL)(const char* url);
|
||||||
|
|
||||||
CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
|
CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
|
||||||
const char* d);
|
const char* d);
|
||||||
|
CYASSL_API int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm);
|
||||||
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
|
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
|
||||||
int format);
|
int format);
|
||||||
CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
|
CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
|
||||||
|
|
|
@ -263,49 +263,53 @@ static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
|
||||||
|
|
||||||
|
static INLINE void ShowX509(CYASSL_X509* x509, const char* hdr)
|
||||||
|
{
|
||||||
|
char* altName;
|
||||||
|
char* issuer = CyaSSL_X509_NAME_oneline(
|
||||||
|
CyaSSL_X509_get_issuer_name(x509), 0, 0);
|
||||||
|
char* subject = CyaSSL_X509_NAME_oneline(
|
||||||
|
CyaSSL_X509_get_subject_name(x509), 0, 0);
|
||||||
|
byte serial[32];
|
||||||
|
int ret;
|
||||||
|
int sz = sizeof(serial);
|
||||||
|
|
||||||
|
printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject);
|
||||||
|
|
||||||
|
while ( (altName = CyaSSL_X509_get_next_altname(x509)) )
|
||||||
|
printf(" altname = %s\n", altName);
|
||||||
|
|
||||||
|
ret = CyaSSL_X509_get_serial_number(x509, serial, &sz);
|
||||||
|
if (ret == SSL_SUCCESS) {
|
||||||
|
int i;
|
||||||
|
int strLen;
|
||||||
|
char serialMsg[80];
|
||||||
|
|
||||||
|
/* testsuite has multiple threads writing to stdout, get output
|
||||||
|
message ready to write once */
|
||||||
|
strLen = sprintf(serialMsg, " serial number");
|
||||||
|
for (i = 0; i < sz; i++)
|
||||||
|
sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
|
||||||
|
printf("%s\n", serialMsg);
|
||||||
|
}
|
||||||
|
|
||||||
|
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
|
||||||
|
|
||||||
|
|
||||||
static INLINE void showPeer(CYASSL* ssl)
|
static INLINE void showPeer(CYASSL* ssl)
|
||||||
{
|
{
|
||||||
|
|
||||||
CYASSL_CIPHER* cipher;
|
CYASSL_CIPHER* cipher;
|
||||||
#ifdef KEEP_PEER_CERT
|
#ifdef KEEP_PEER_CERT
|
||||||
CYASSL_X509* peer = CyaSSL_get_peer_certificate(ssl);
|
CYASSL_X509* peer = CyaSSL_get_peer_certificate(ssl);
|
||||||
if (peer) {
|
if (peer)
|
||||||
#ifdef OPENSSL_EXTRA
|
ShowX509(peer, "peer's cert info:");
|
||||||
char* altName;
|
|
||||||
char* issuer = CyaSSL_X509_NAME_oneline(
|
|
||||||
CyaSSL_X509_get_issuer_name(peer), 0, 0);
|
|
||||||
char* subject = CyaSSL_X509_NAME_oneline(
|
|
||||||
CyaSSL_X509_get_subject_name(peer), 0, 0);
|
|
||||||
byte serial[32];
|
|
||||||
int ret;
|
|
||||||
int sz = sizeof(serial);
|
|
||||||
|
|
||||||
printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
|
|
||||||
subject);
|
|
||||||
|
|
||||||
while ( (altName = CyaSSL_X509_get_next_altname(peer)) )
|
|
||||||
printf(" altname = %s\n", altName);
|
|
||||||
|
|
||||||
ret = CyaSSL_X509_get_serial_number(peer, serial, &sz);
|
|
||||||
if (ret == 0) {
|
|
||||||
int i;
|
|
||||||
int strLen;
|
|
||||||
char serialMsg[80];
|
|
||||||
|
|
||||||
/* testsuite has multiple threads writing to stdout, get output
|
|
||||||
message ready to write once */
|
|
||||||
strLen = sprintf(serialMsg, " serial number");
|
|
||||||
for (i = 0; i < sz; i++)
|
|
||||||
sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
|
|
||||||
printf("%s\n", serialMsg);
|
|
||||||
}
|
|
||||||
|
|
||||||
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
|
|
||||||
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
|
|
||||||
#else
|
|
||||||
printf("peer has a cert!\n");
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
else
|
else
|
||||||
printf("peer has no cert!\n");
|
printf("peer has no cert!\n");
|
||||||
#endif
|
#endif
|
||||||
|
@ -323,10 +327,18 @@ static INLINE void showPeer(CYASSL* ssl)
|
||||||
for (i = 0; i < count; i++) {
|
for (i = 0; i < count; i++) {
|
||||||
int length;
|
int length;
|
||||||
unsigned char buffer[3072];
|
unsigned char buffer[3072];
|
||||||
|
CYASSL_X509* chainX509;
|
||||||
|
|
||||||
CyaSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length);
|
CyaSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length);
|
||||||
buffer[length] = 0;
|
buffer[length] = 0;
|
||||||
printf("cert %d has length %d data = \n%s\n", i, length, buffer);
|
printf("cert %d has length %d data = \n%s\n", i, length, buffer);
|
||||||
|
|
||||||
|
chainX509 = CyaSSL_get_chain_X509(chain, i);
|
||||||
|
if (chainX509)
|
||||||
|
ShowX509(chainX509, "session cert info:");
|
||||||
|
else
|
||||||
|
printf("get_chain_X509 failed\n");
|
||||||
|
CyaSSL_FreeX509(chainX509);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -113,6 +113,8 @@ static void Usage(void)
|
||||||
printf("-m Match domain name in cert\n");
|
printf("-m Match domain name in cert\n");
|
||||||
printf("-N Use Non-blocking sockets\n");
|
printf("-N Use Non-blocking sockets\n");
|
||||||
printf("-r Resume session\n");
|
printf("-r Resume session\n");
|
||||||
|
printf("-f Fewer packets/group messages\n");
|
||||||
|
printf("-x Disable client cert/key loading\n");
|
||||||
#ifdef SHOW_SIZES
|
#ifdef SHOW_SIZES
|
||||||
printf("-z Print structure sizes\n");
|
printf("-z Print structure sizes\n");
|
||||||
#endif
|
#endif
|
||||||
|
@ -152,6 +154,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||||
int nonBlocking = 0;
|
int nonBlocking = 0;
|
||||||
int resumeSession = 0;
|
int resumeSession = 0;
|
||||||
int trackMemory = 0;
|
int trackMemory = 0;
|
||||||
|
int useClientCert = 1;
|
||||||
|
int fewerPackets = 0;
|
||||||
char* cipherList = NULL;
|
char* cipherList = NULL;
|
||||||
char* verifyCert = (char*)caCert;
|
char* verifyCert = (char*)caCert;
|
||||||
char* ourCert = (char*)cliCert;
|
char* ourCert = (char*)cliCert;
|
||||||
|
@ -172,7 +176,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||||
(void)sslResume;
|
(void)sslResume;
|
||||||
(void)trackMemory;
|
(void)trackMemory;
|
||||||
|
|
||||||
while ((ch = mygetopt(argc, argv, "?gdusmNrth:p:v:l:A:c:k:b:z")) != -1) {
|
while ((ch = mygetopt(argc, argv, "?gdusmNrtfxh:p:v:l:A:c:k:b:z")) != -1) {
|
||||||
switch (ch) {
|
switch (ch) {
|
||||||
case '?' :
|
case '?' :
|
||||||
Usage();
|
Usage();
|
||||||
|
@ -204,6 +208,14 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||||
matchName = 1;
|
matchName = 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 'x' :
|
||||||
|
useClientCert = 0;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'f' :
|
||||||
|
fewerPackets = 1;
|
||||||
|
break;
|
||||||
|
|
||||||
case 'h' :
|
case 'h' :
|
||||||
host = myoptarg;
|
host = myoptarg;
|
||||||
domain = myoptarg;
|
domain = myoptarg;
|
||||||
|
@ -344,6 +356,9 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||||
usePsk = 1;
|
usePsk = 1;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (fewerPackets)
|
||||||
|
CyaSSL_CTX_set_group_messages(ctx);
|
||||||
|
|
||||||
if (usePsk) {
|
if (usePsk) {
|
||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
|
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
|
||||||
|
@ -358,6 +373,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||||
err_sys("client can't set cipher list 2");
|
err_sys("client can't set cipher list 2");
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
useClientCert = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
|
@ -381,17 +397,18 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
||||||
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
|
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
|
||||||
#endif
|
#endif
|
||||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||||
if (!usePsk){
|
if (useClientCert){
|
||||||
if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
|
if (CyaSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
|
||||||
!= SSL_SUCCESS)
|
|
||||||
err_sys("can't load client cert file, check file and run from"
|
err_sys("can't load client cert file, check file and run from"
|
||||||
" CyaSSL home dir");
|
" CyaSSL home dir");
|
||||||
|
|
||||||
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
|
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
|
||||||
!= SSL_SUCCESS)
|
!= SSL_SUCCESS)
|
||||||
err_sys("can't load client private key file, check file and run "
|
err_sys("can't load client private key file, check file and run "
|
||||||
"from CyaSSL home dir");
|
"from CyaSSL home dir");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!usePsk) {
|
||||||
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
|
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
|
||||||
err_sys("can't load ca file, Please run from CyaSSL home dir");
|
err_sys("can't load ca file, Please run from CyaSSL home dir");
|
||||||
}
|
}
|
||||||
|
|
|
@ -108,6 +108,7 @@ static void Usage(void)
|
||||||
printf("-t Track CyaSSL memory use\n");
|
printf("-t Track CyaSSL memory use\n");
|
||||||
printf("-u Use UDP DTLS,"
|
printf("-u Use UDP DTLS,"
|
||||||
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
|
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
|
||||||
|
printf("-f Fewer packets/group messages\n");
|
||||||
printf("-N Use Non-blocking sockets\n");
|
printf("-N Use Non-blocking sockets\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -131,9 +132,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||||
int port = yasslPort;
|
int port = yasslPort;
|
||||||
int usePsk = 0;
|
int usePsk = 0;
|
||||||
int doDTLS = 0;
|
int doDTLS = 0;
|
||||||
int useNtruKey = 0;
|
int useNtruKey = 0;
|
||||||
int nonBlocking = 0;
|
int nonBlocking = 0;
|
||||||
int trackMemory = 0;
|
int trackMemory = 0;
|
||||||
|
int fewerPackets = 0;
|
||||||
char* cipherList = NULL;
|
char* cipherList = NULL;
|
||||||
char* verifyCert = (char*)cliCert;
|
char* verifyCert = (char*)cliCert;
|
||||||
char* ourCert = (char*)svrCert;
|
char* ourCert = (char*)svrCert;
|
||||||
|
@ -150,7 +152,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||||
#endif
|
#endif
|
||||||
(void)trackMemory;
|
(void)trackMemory;
|
||||||
|
|
||||||
while ((ch = mygetopt(argc, argv, "?dbstnNup:v:l:A:c:k:")) != -1) {
|
while ((ch = mygetopt(argc, argv, "?dbstnNufp:v:l:A:c:k:")) != -1) {
|
||||||
switch (ch) {
|
switch (ch) {
|
||||||
case '?' :
|
case '?' :
|
||||||
Usage();
|
Usage();
|
||||||
|
@ -182,6 +184,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||||
doDTLS = 1;
|
doDTLS = 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 'f' :
|
||||||
|
fewerPackets = 1;
|
||||||
|
break;
|
||||||
|
|
||||||
case 'p' :
|
case 'p' :
|
||||||
port = atoi(myoptarg);
|
port = atoi(myoptarg);
|
||||||
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
|
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
|
||||||
|
@ -299,6 +305,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||||
usePsk = 1;
|
usePsk = 1;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (fewerPackets)
|
||||||
|
CyaSSL_CTX_set_group_messages(ctx);
|
||||||
|
|
||||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||||
if (!usePsk) {
|
if (!usePsk) {
|
||||||
if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
|
if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
|
||||||
|
|
124
src/internal.c
124
src/internal.c
|
@ -1182,6 +1182,30 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Initialize CyaSSL X509 type */
|
||||||
|
void InitX509(CYASSL_X509* x509, int dynamicFlag)
|
||||||
|
{
|
||||||
|
x509->derCert.buffer = NULL;
|
||||||
|
x509->altNames = NULL;
|
||||||
|
x509->altNamesNext = NULL;
|
||||||
|
x509->dynamicMemory = dynamicFlag;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Free CyaSSL X509 type */
|
||||||
|
void FreeX509(CYASSL_X509* x509)
|
||||||
|
{
|
||||||
|
if (x509 == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_CERT);
|
||||||
|
if (x509->altNames)
|
||||||
|
FreeAltNames(x509->altNames, NULL);
|
||||||
|
if (x509->dynamicMemory)
|
||||||
|
XFREE(x509, NULL, DYNAMIC_TYPE_X509);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* init everything to 0, NULL, default values before calling anything that may
|
/* init everything to 0, NULL, default values before calling anything that may
|
||||||
fail so that desctructor has a "good" state to cleanup */
|
fail so that desctructor has a "good" state to cleanup */
|
||||||
int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
||||||
|
@ -1231,9 +1255,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
||||||
ssl->buffers.plainSz = 0;
|
ssl->buffers.plainSz = 0;
|
||||||
|
|
||||||
#ifdef KEEP_PEER_CERT
|
#ifdef KEEP_PEER_CERT
|
||||||
ssl->peerCert.derCert.buffer = NULL;
|
InitX509(&ssl->peerCert, 0);
|
||||||
ssl->peerCert.altNames = NULL;
|
|
||||||
ssl->peerCert.altNamesNext = NULL;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
|
@ -1590,9 +1612,7 @@ void SSL_ResourceFree(CYASSL* ssl)
|
||||||
ssl->buffers.dtlsCtx.peer.sa = NULL;
|
ssl->buffers.dtlsCtx.peer.sa = NULL;
|
||||||
#endif
|
#endif
|
||||||
#if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
|
#if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
|
||||||
XFREE(ssl->peerCert.derCert.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
|
FreeX509(&ssl->peerCert);
|
||||||
if (ssl->peerCert.altNames)
|
|
||||||
FreeAltNames(ssl->peerCert.altNames, ssl->heap);
|
|
||||||
#endif
|
#endif
|
||||||
#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
|
#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
|
||||||
CyaSSL_BIO_free(ssl->biord);
|
CyaSSL_BIO_free(ssl->biord);
|
||||||
|
@ -2023,7 +2043,7 @@ ProtocolVersion MakeDTLSv1_2(void)
|
||||||
|
|
||||||
#ifdef USE_WINDOWS_API
|
#ifdef USE_WINDOWS_API
|
||||||
|
|
||||||
timer_d Timer(void)
|
word32 LowResTimer(void)
|
||||||
{
|
{
|
||||||
static int init = 0;
|
static int init = 0;
|
||||||
static LARGE_INTEGER freq;
|
static LARGE_INTEGER freq;
|
||||||
|
@ -2036,16 +2056,9 @@ ProtocolVersion MakeDTLSv1_2(void)
|
||||||
|
|
||||||
QueryPerformanceCounter(&count);
|
QueryPerformanceCounter(&count);
|
||||||
|
|
||||||
return (double)count.QuadPart / freq.QuadPart;
|
return (word32)(count.QuadPart / freq.QuadPart);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
word32 LowResTimer(void)
|
|
||||||
{
|
|
||||||
return (word32)Timer();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#elif defined(THREADX)
|
#elif defined(THREADX)
|
||||||
|
|
||||||
#include "rtptime.h"
|
#include "rtptime.h"
|
||||||
|
@ -2805,6 +2818,54 @@ static int CheckAltNames(DecodedCert* dCert, char* domain)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
|
||||||
|
|
||||||
|
/* Copy parts X509 needs from Decoded cert, 0 on success */
|
||||||
|
int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
|
||||||
|
{
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
|
if (x509 == NULL || dCert == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
|
||||||
|
x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
|
||||||
|
x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
|
||||||
|
|
||||||
|
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
|
||||||
|
x509->subject.name[ASN_NAME_MAX - 1] = '\0';
|
||||||
|
x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
|
||||||
|
|
||||||
|
XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
|
||||||
|
x509->serialSz = dCert->serialSz;
|
||||||
|
if (dCert->subjectCNLen < ASN_NAME_MAX) {
|
||||||
|
XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
|
||||||
|
x509->subjectCN[dCert->subjectCNLen] = '\0';
|
||||||
|
}
|
||||||
|
else
|
||||||
|
x509->subjectCN[0] = '\0';
|
||||||
|
|
||||||
|
/* store cert for potential retrieval */
|
||||||
|
x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL,
|
||||||
|
DYNAMIC_TYPE_CERT);
|
||||||
|
if (x509->derCert.buffer == NULL) {
|
||||||
|
ret = MEMORY_E;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
XMEMCPY(x509->derCert.buffer, dCert->source, dCert->maxIdx);
|
||||||
|
x509->derCert.length = dCert->maxIdx;
|
||||||
|
}
|
||||||
|
|
||||||
|
x509->altNames = dCert->altNames;
|
||||||
|
dCert->altNames = NULL; /* takes ownership */
|
||||||
|
x509->altNamesNext = x509->altNames; /* index hint */
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
|
||||||
|
|
||||||
|
|
||||||
static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||||
{
|
{
|
||||||
word32 listSz, i = *inOutIdx;
|
word32 listSz, i = *inOutIdx;
|
||||||
|
@ -2981,39 +3042,12 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||||
#endif /* HAVE_CRL */
|
#endif /* HAVE_CRL */
|
||||||
|
|
||||||
#ifdef KEEP_PEER_CERT
|
#ifdef KEEP_PEER_CERT
|
||||||
|
{
|
||||||
/* set X509 format for peer cert even if fatal */
|
/* set X509 format for peer cert even if fatal */
|
||||||
XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
|
int copyRet = CopyDecodedToX509(&ssl->peerCert, &dCert);
|
||||||
ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0';
|
if (copyRet == MEMORY_E)
|
||||||
ssl->peerCert.issuer.sz = (int)XSTRLEN(ssl->peerCert.issuer.name) + 1;
|
|
||||||
|
|
||||||
XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
|
|
||||||
ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0';
|
|
||||||
ssl->peerCert.subject.sz = (int)XSTRLEN(ssl->peerCert.subject.name) + 1;
|
|
||||||
|
|
||||||
XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE);
|
|
||||||
ssl->peerCert.serialSz = dCert.serialSz;
|
|
||||||
if (dCert.subjectCNLen < ASN_NAME_MAX) {
|
|
||||||
XMEMCPY(ssl->peerCert.subjectCN,dCert.subjectCN,dCert.subjectCNLen);
|
|
||||||
ssl->peerCert.subjectCN[dCert.subjectCNLen] = '\0';
|
|
||||||
}
|
|
||||||
else
|
|
||||||
ssl->peerCert.subjectCN[0] = '\0';
|
|
||||||
|
|
||||||
/* store cert for potential retrieval */
|
|
||||||
ssl->peerCert.derCert.buffer = (byte*)XMALLOC(myCert.length, ssl->heap,
|
|
||||||
DYNAMIC_TYPE_CERT);
|
|
||||||
if (ssl->peerCert.derCert.buffer == NULL) {
|
|
||||||
ret = MEMORY_E;
|
|
||||||
fatal = 1;
|
fatal = 1;
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
XMEMCPY(ssl->peerCert.derCert.buffer, myCert.buffer, myCert.length);
|
|
||||||
ssl->peerCert.derCert.length = myCert.length;
|
|
||||||
}
|
|
||||||
|
|
||||||
ssl->peerCert.altNames = dCert.altNames;
|
|
||||||
dCert.altNames = NULL; /* takes ownership */
|
|
||||||
ssl->peerCert.altNamesNext = ssl->peerCert.altNames; /* index hint */
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (fatal) {
|
if (fatal) {
|
||||||
|
|
303
src/ssl.c
303
src/ssl.c
|
@ -692,6 +692,31 @@ void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Unload the CA signer list */
|
||||||
|
int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm)
|
||||||
|
{
|
||||||
|
Signer* signers;
|
||||||
|
|
||||||
|
CYASSL_ENTER("CyaSSL_CertManagerUnloadCAs");
|
||||||
|
|
||||||
|
if (cm == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
if (LockMutex(&cm->caLock) != 0)
|
||||||
|
return BAD_MUTEX_ERROR;
|
||||||
|
|
||||||
|
signers = cm->caList;
|
||||||
|
cm->caList = NULL;
|
||||||
|
|
||||||
|
UnLockMutex(&cm->caLock);
|
||||||
|
|
||||||
|
FreeSigners(signers, NULL);
|
||||||
|
|
||||||
|
return SSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#endif /* !NO_CERTS */
|
#endif /* !NO_CERTS */
|
||||||
|
|
||||||
|
|
||||||
|
@ -986,7 +1011,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
||||||
|
|
||||||
int CyaSSL_Init(void)
|
int CyaSSL_Init(void)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = SSL_SUCCESS;
|
||||||
|
|
||||||
CYASSL_ENTER("CyaSSL_Init");
|
CYASSL_ENTER("CyaSSL_Init");
|
||||||
|
|
||||||
|
@ -2510,7 +2535,7 @@ void CyaSSL_load_error_strings(void) /* compatibility only */
|
||||||
int CyaSSL_library_init(void)
|
int CyaSSL_library_init(void)
|
||||||
{
|
{
|
||||||
CYASSL_ENTER("SSL_library_init");
|
CYASSL_ENTER("SSL_library_init");
|
||||||
if (CyaSSL_Init() == 0)
|
if (CyaSSL_Init() == SSL_SUCCESS)
|
||||||
return SSL_SUCCESS;
|
return SSL_SUCCESS;
|
||||||
else
|
else
|
||||||
return SSL_FATAL_ERROR;
|
return SSL_FATAL_ERROR;
|
||||||
|
@ -3131,13 +3156,13 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
|
||||||
|
|
||||||
int CyaSSL_Cleanup(void)
|
int CyaSSL_Cleanup(void)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = SSL_SUCCESS;
|
||||||
int release = 0;
|
int release = 0;
|
||||||
|
|
||||||
CYASSL_ENTER("CyaSSL_Cleanup");
|
CYASSL_ENTER("CyaSSL_Cleanup");
|
||||||
|
|
||||||
if (initRefCount == 0)
|
if (initRefCount == 0)
|
||||||
return 0; /* possibly no init yet */
|
return ret; /* possibly no init yet, but not failure either way */
|
||||||
|
|
||||||
if (LockMutex(&count_mutex) != 0) {
|
if (LockMutex(&count_mutex) != 0) {
|
||||||
CYASSL_MSG("Bad Lock Mutex count");
|
CYASSL_MSG("Bad Lock Mutex count");
|
||||||
|
@ -3469,7 +3494,7 @@ int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn)
|
||||||
|
|
||||||
|
|
||||||
/* turn on CyaSSL zlib compression
|
/* turn on CyaSSL zlib compression
|
||||||
returns 0 for success, else error (not built in)
|
returns SSL_SUCCESS for success, else error (not built in)
|
||||||
*/
|
*/
|
||||||
int CyaSSL_set_compression(CYASSL* ssl)
|
int CyaSSL_set_compression(CYASSL* ssl)
|
||||||
{
|
{
|
||||||
|
@ -3477,7 +3502,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||||
(void)ssl;
|
(void)ssl;
|
||||||
#ifdef HAVE_LIBZ
|
#ifdef HAVE_LIBZ
|
||||||
ssl->options.usingCompression = 1;
|
ssl->options.usingCompression = 1;
|
||||||
return 0;
|
return SSL_SUCCESS;
|
||||||
#else
|
#else
|
||||||
return NOT_COMPILED_IN;
|
return NOT_COMPILED_IN;
|
||||||
#endif
|
#endif
|
||||||
|
@ -3882,6 +3907,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||||
ssl, NULL, 1);
|
ssl, NULL, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx)
|
||||||
|
{
|
||||||
|
CYASSL_ENTER("CyaSSL_CTX_UnloadCAs");
|
||||||
|
|
||||||
|
if (ctx == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
return CyaSSL_CertManagerUnloadCAs(ctx->cm);
|
||||||
|
}
|
||||||
|
|
||||||
/* old NO_FILESYSTEM end */
|
/* old NO_FILESYSTEM end */
|
||||||
#endif /* !NO_CERTS */
|
#endif /* !NO_CERTS */
|
||||||
|
|
||||||
|
@ -4082,65 +4117,6 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* return the next, if any, altname from the peer cert */
|
|
||||||
char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
|
|
||||||
{
|
|
||||||
char* ret = NULL;
|
|
||||||
CYASSL_ENTER("CyaSSL_X509_get_next_altname");
|
|
||||||
|
|
||||||
/* don't have any to work with */
|
|
||||||
if (cert == NULL || cert->altNames == NULL)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
/* already went through them */
|
|
||||||
if (cert->altNamesNext == NULL)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
ret = cert->altNamesNext->name;
|
|
||||||
cert->altNamesNext = cert->altNamesNext->next;
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
|
|
||||||
{
|
|
||||||
CYASSL_ENTER("X509_get_issuer_name");
|
|
||||||
return &cert->issuer;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert)
|
|
||||||
{
|
|
||||||
CYASSL_ENTER("X509_get_subject_name");
|
|
||||||
return &cert->subject;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* copy name into in buffer, at most sz bytes, if buffer is null will
|
|
||||||
malloc buffer, call responsible for freeing */
|
|
||||||
char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz)
|
|
||||||
{
|
|
||||||
int copySz = min(sz, name->sz);
|
|
||||||
|
|
||||||
CYASSL_ENTER("CyaSSL_X509_NAME_oneline");
|
|
||||||
if (!name->sz) return in;
|
|
||||||
|
|
||||||
if (!in) {
|
|
||||||
in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
|
|
||||||
if (!in ) return in;
|
|
||||||
copySz = name->sz;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (copySz == 0)
|
|
||||||
return in;
|
|
||||||
|
|
||||||
XMEMCPY(in, name->name, copySz - 1);
|
|
||||||
in[copySz - 1] = 0;
|
|
||||||
|
|
||||||
return in;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert(
|
CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert(
|
||||||
CYASSL_X509_STORE_CTX* ctx)
|
CYASSL_X509_STORE_CTX* ctx)
|
||||||
|
@ -5112,7 +5088,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* store for external read of iv, 0 on success */
|
/* store for external read of iv, SSL_SUCCESS on success */
|
||||||
int CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
|
int CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
|
||||||
{
|
{
|
||||||
CYASSL_ENTER("CyaSSL_StoreExternalIV");
|
CYASSL_ENTER("CyaSSL_StoreExternalIV");
|
||||||
|
@ -5163,11 +5139,11 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||||
return -1; /* failure */
|
return -1; /* failure */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 0; /* success */
|
return SSL_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* set internal IV from external, 0 on success */
|
/* set internal IV from external, SSL_SUCCESS on success */
|
||||||
int CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
|
int CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
|
||||||
{
|
{
|
||||||
|
|
||||||
|
@ -5219,7 +5195,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||||
return -1; /* failure */
|
return -1; /* failure */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 0; /* success */
|
return SSL_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -5505,8 +5481,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||||
(void)flags;
|
(void)flags;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
#ifdef KEEP_PEER_CERT
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
|
|
||||||
|
#if defined(KEEP_PEER_CERT)
|
||||||
|
|
||||||
CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl)
|
CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl)
|
||||||
{
|
{
|
||||||
CYASSL_ENTER("SSL_get_peer_certificate");
|
CYASSL_ENTER("SSL_get_peer_certificate");
|
||||||
|
@ -5515,7 +5495,108 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||||
else
|
else
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
#endif /* KEEP_PEER_CERT */
|
||||||
|
|
||||||
|
|
||||||
|
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
|
||||||
|
|
||||||
|
void CyaSSL_FreeX509(CYASSL_X509* x509)
|
||||||
|
{
|
||||||
|
CYASSL_ENTER("CyaSSL_FreeX509");
|
||||||
|
FreeX509(x509);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* return the next, if any, altname from the peer cert */
|
||||||
|
char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
|
||||||
|
{
|
||||||
|
char* ret = NULL;
|
||||||
|
CYASSL_ENTER("CyaSSL_X509_get_next_altname");
|
||||||
|
|
||||||
|
/* don't have any to work with */
|
||||||
|
if (cert == NULL || cert->altNames == NULL)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
/* already went through them */
|
||||||
|
if (cert->altNamesNext == NULL)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
ret = cert->altNamesNext->name;
|
||||||
|
cert->altNamesNext = cert->altNamesNext->next;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
|
||||||
|
{
|
||||||
|
CYASSL_ENTER("X509_get_issuer_name");
|
||||||
|
return &cert->issuer;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert)
|
||||||
|
{
|
||||||
|
CYASSL_ENTER("X509_get_subject_name");
|
||||||
|
return &cert->subject;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* copy name into in buffer, at most sz bytes, if buffer is null will
|
||||||
|
malloc buffer, call responsible for freeing */
|
||||||
|
char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz)
|
||||||
|
{
|
||||||
|
int copySz = min(sz, name->sz);
|
||||||
|
|
||||||
|
CYASSL_ENTER("CyaSSL_X509_NAME_oneline");
|
||||||
|
if (!name->sz) return in;
|
||||||
|
|
||||||
|
if (!in) {
|
||||||
|
in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
if (!in ) return in;
|
||||||
|
copySz = name->sz;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (copySz == 0)
|
||||||
|
return in;
|
||||||
|
|
||||||
|
XMEMCPY(in, name->name, copySz - 1);
|
||||||
|
in[copySz - 1] = 0;
|
||||||
|
|
||||||
|
return in;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* write X509 serial number in unsigned binary to buffer
|
||||||
|
buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
|
||||||
|
return SSL_SUCCESS on success */
|
||||||
|
int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
|
||||||
|
{
|
||||||
|
CYASSL_ENTER("CyaSSL_X509_get_serial_number");
|
||||||
|
if (x509 == NULL || in == NULL || *inOutSz < x509->serialSz)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
XMEMCPY(in, x509->serial, x509->serialSz);
|
||||||
|
*inOutSz = x509->serialSz;
|
||||||
|
|
||||||
|
return SSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
|
||||||
|
{
|
||||||
|
CYASSL_ENTER("CyaSSL_X509_get_der");
|
||||||
|
|
||||||
|
if (x509 == NULL || outSz == NULL)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
*outSz = (int)x509->derCert.length;
|
||||||
|
return x509->derCert.buffer;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
|
||||||
|
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data)
|
int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data)
|
||||||
|
@ -6661,32 +6742,6 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* write X509 serial number in unsigned binary to buffer
|
|
||||||
buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
|
|
||||||
return 0 on success */
|
|
||||||
int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
|
|
||||||
{
|
|
||||||
CYASSL_ENTER("CyaSSL_X509_get_serial_number");
|
|
||||||
if (x509 == NULL || in == NULL || *inOutSz < x509->serialSz)
|
|
||||||
return BAD_FUNC_ARG;
|
|
||||||
|
|
||||||
XMEMCPY(in, x509->serial, x509->serialSz);
|
|
||||||
*inOutSz = x509->serialSz;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
|
|
||||||
{
|
|
||||||
CYASSL_ENTER("CyaSSL_X509_get_der");
|
|
||||||
|
|
||||||
if (x509 == NULL || outSz == NULL)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
*outSz = (int)x509->derCert.length;
|
|
||||||
return x509->derCert.buffer;
|
|
||||||
}
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
|
|
||||||
|
@ -7857,7 +7912,7 @@ static int initGlobalRNG = 0;
|
||||||
|
|
||||||
|
|
||||||
#ifndef NO_DSA
|
#ifndef NO_DSA
|
||||||
/* return 0 on success, < 0 otherwise */
|
/* return SSL_SUCCESS on success, < 0 otherwise */
|
||||||
int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
|
int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
|
||||||
CYASSL_DSA* dsa)
|
CYASSL_DSA* dsa)
|
||||||
{
|
{
|
||||||
|
@ -7890,7 +7945,7 @@ static int initGlobalRNG = 0;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return SSL_SUCCESS;
|
||||||
}
|
}
|
||||||
#endif /* NO_DSA */
|
#endif /* NO_DSA */
|
||||||
|
|
||||||
|
@ -8434,7 +8489,7 @@ int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Load RSA from Der, 0 on success < 0 on error */
|
/* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
|
||||||
int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
|
int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
|
||||||
{
|
{
|
||||||
word32 idx = 0;
|
word32 idx = 0;
|
||||||
|
@ -8460,12 +8515,12 @@ int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
|
||||||
|
|
||||||
rsa->inSet = 1;
|
rsa->inSet = 1;
|
||||||
|
|
||||||
return 0;
|
return SSL_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifndef NO_DSA
|
#ifndef NO_DSA
|
||||||
/* Load DSA from Der, 0 on success < 0 on error */
|
/* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
|
||||||
int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
|
int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
|
||||||
{
|
{
|
||||||
word32 idx = 0;
|
word32 idx = 0;
|
||||||
|
@ -8491,7 +8546,7 @@ int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
|
||||||
|
|
||||||
dsa->inSet = 1;
|
dsa->inSet = 1;
|
||||||
|
|
||||||
return 0;
|
return SSL_SUCCESS;
|
||||||
}
|
}
|
||||||
#endif /* NO_DSA */
|
#endif /* NO_DSA */
|
||||||
|
|
||||||
|
@ -8548,6 +8603,46 @@ byte* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN* chain, int idx)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Get peer's CyaSSL X509 ceritifcate at index (idx) */
|
||||||
|
CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN* chain, int idx)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
CYASSL_X509* x509;
|
||||||
|
DecodedCert dCert;
|
||||||
|
|
||||||
|
CYASSL_ENTER("CyaSSL_get_chain_X509");
|
||||||
|
if (chain == NULL)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
InitDecodedCert(&dCert, chain->certs[idx].buffer, chain->certs[idx].length,
|
||||||
|
NULL);
|
||||||
|
ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
|
||||||
|
if (ret != 0) {
|
||||||
|
CYASSL_MSG("Failed to parse cert");
|
||||||
|
FreeDecodedCert(&dCert);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509), NULL, DYNAMIC_TYPE_X509);
|
||||||
|
if (x509 == NULL) {
|
||||||
|
CYASSL_MSG("Failed alloc X509");
|
||||||
|
FreeDecodedCert(&dCert);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
InitX509(x509, 1);
|
||||||
|
|
||||||
|
ret = CopyDecodedToX509(x509, &dCert);
|
||||||
|
if (ret != 0) {
|
||||||
|
CYASSL_MSG("Failed to copy decoded");
|
||||||
|
XFREE(x509, NULL, DYNAMIC_TYPE_X509);
|
||||||
|
x509 = NULL;
|
||||||
|
}
|
||||||
|
FreeDecodedCert(&dCert);
|
||||||
|
|
||||||
|
return x509;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
|
/* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
|
||||||
enough else return error (-1), output length is in *outLen */
|
enough else return error (-1), output length is in *outLen */
|
||||||
int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx,
|
int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx,
|
||||||
|
|
|
@ -103,7 +103,7 @@ int test_CyaSSL_Init(void)
|
||||||
|
|
||||||
printf(testingFmt, "CyaSSL_Init()");
|
printf(testingFmt, "CyaSSL_Init()");
|
||||||
result = CyaSSL_Init();
|
result = CyaSSL_Init();
|
||||||
printf(resultFmt, result ? failed : passed);
|
printf(resultFmt, result == SSL_SUCCESS ? passed : failed);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
@ -114,7 +114,7 @@ static int test_CyaSSL_Cleanup(void)
|
||||||
|
|
||||||
printf(testingFmt, "CyaSSL_Cleanup()");
|
printf(testingFmt, "CyaSSL_Cleanup()");
|
||||||
result = CyaSSL_Cleanup();
|
result = CyaSSL_Cleanup();
|
||||||
printf(resultFmt, result ? failed : passed);
|
printf(resultFmt, result == SSL_SUCCESS ? passed : failed);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue