mirror of https://github.com/wolfSSL/wolfssl.git
Merge branch 'nocerts'
John Safranek
commit
9aa8b71525
|
|
@ -216,7 +216,7 @@ AC_ARG_ENABLE(leanpsk,
|
|||
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH"
|
||||
AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS"
|
||||
fi
|
||||
|
||||
AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
|
||||
|
|
|
|||
|
|
@ -1237,7 +1237,7 @@ static int GetKey(DecodedCert* cert)
|
|||
if (b != ASN_BIT_STRING)
|
||||
return ASN_BITSTR_E;
|
||||
|
||||
if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
|
||||
if (GetLength(cert->source,&cert->srcIdx,&length,cert->maxIdx) < 0)
|
||||
return ASN_PARSE_E;
|
||||
b = cert->source[cert->srcIdx++];
|
||||
if (b != 0x00)
|
||||
|
|
@ -2134,9 +2134,9 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
|||
else {
|
||||
/* make sure we're right justified */
|
||||
encodedSigSz =
|
||||
EncodeSignature(encodedSig, digest, digestSz, typeH);
|
||||
EncodeSignature(encodedSig, digest, digestSz, typeH);
|
||||
if (encodedSigSz != verifySz ||
|
||||
XMEMCMP(out, encodedSig, encodedSigSz) != 0) {
|
||||
XMEMCMP(out, encodedSig, encodedSigSz) != 0) {
|
||||
CYASSL_MSG("Rsa SSL verify match encode error");
|
||||
ret = 0;
|
||||
}
|
||||
|
|
@ -2180,7 +2180,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
|||
return 0;
|
||||
}
|
||||
|
||||
ret = ecc_verify_hash(sig, sigSz, digest, digestSz, &verify, &pubKey);
|
||||
ret = ecc_verify_hash(sig,sigSz,digest,digestSz,&verify,&pubKey);
|
||||
ecc_free(&pubKey);
|
||||
if (ret == 0 && verify == 1)
|
||||
return 1; /* match */
|
||||
|
|
@ -2631,257 +2631,6 @@ void FreeSigners(Signer* signer, void* heap)
|
|||
}
|
||||
|
||||
|
||||
void CTaoCryptErrorString(int error, char* buffer)
|
||||
{
|
||||
const int max = MAX_ERROR_SZ; /* shorthand */
|
||||
|
||||
#ifdef NO_ERROR_STRINGS
|
||||
|
||||
XSTRNCPY(buffer, "no support for error strings built in", max);
|
||||
|
||||
#else
|
||||
|
||||
switch (error) {
|
||||
|
||||
case OPEN_RAN_E :
|
||||
XSTRNCPY(buffer, "opening random device error", max);
|
||||
break;
|
||||
|
||||
case READ_RAN_E :
|
||||
XSTRNCPY(buffer, "reading random device error", max);
|
||||
break;
|
||||
|
||||
case WINCRYPT_E :
|
||||
XSTRNCPY(buffer, "windows crypt init error", max);
|
||||
break;
|
||||
|
||||
case CRYPTGEN_E :
|
||||
XSTRNCPY(buffer, "windows crypt generation error", max);
|
||||
break;
|
||||
|
||||
case RAN_BLOCK_E :
|
||||
XSTRNCPY(buffer, "random device read would block error", max);
|
||||
break;
|
||||
|
||||
case MP_INIT_E :
|
||||
XSTRNCPY(buffer, "mp_init error state", max);
|
||||
break;
|
||||
|
||||
case MP_READ_E :
|
||||
XSTRNCPY(buffer, "mp_read error state", max);
|
||||
break;
|
||||
|
||||
case MP_EXPTMOD_E :
|
||||
XSTRNCPY(buffer, "mp_exptmod error state", max);
|
||||
break;
|
||||
|
||||
case MP_TO_E :
|
||||
XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max);
|
||||
break;
|
||||
|
||||
case MP_SUB_E :
|
||||
XSTRNCPY(buffer, "mp_sub error state, can't subtract", max);
|
||||
break;
|
||||
|
||||
case MP_ADD_E :
|
||||
XSTRNCPY(buffer, "mp_add error state, can't add", max);
|
||||
break;
|
||||
|
||||
case MP_MUL_E :
|
||||
XSTRNCPY(buffer, "mp_mul error state, can't multiply", max);
|
||||
break;
|
||||
|
||||
case MP_MULMOD_E :
|
||||
XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max);
|
||||
break;
|
||||
|
||||
case MP_MOD_E :
|
||||
XSTRNCPY(buffer, "mp_mod error state, can't mod", max);
|
||||
break;
|
||||
|
||||
case MP_INVMOD_E :
|
||||
XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max);
|
||||
break;
|
||||
|
||||
case MP_CMP_E :
|
||||
XSTRNCPY(buffer, "mp_cmp error state", max);
|
||||
break;
|
||||
|
||||
case MP_ZERO_E :
|
||||
XSTRNCPY(buffer, "mp zero result, not expected", max);
|
||||
break;
|
||||
|
||||
case MEMORY_E :
|
||||
XSTRNCPY(buffer, "out of memory error", max);
|
||||
break;
|
||||
|
||||
case RSA_WRONG_TYPE_E :
|
||||
XSTRNCPY(buffer, "RSA wrong block type for RSA function", max);
|
||||
break;
|
||||
|
||||
case RSA_BUFFER_E :
|
||||
XSTRNCPY(buffer, "RSA buffer error, output too small or input too big",
|
||||
max);
|
||||
break;
|
||||
|
||||
case BUFFER_E :
|
||||
XSTRNCPY(buffer, "Buffer error, output too small or input too big",max);
|
||||
break;
|
||||
|
||||
case ALGO_ID_E :
|
||||
XSTRNCPY(buffer, "Setting Cert AlogID error", max);
|
||||
break;
|
||||
|
||||
case PUBLIC_KEY_E :
|
||||
XSTRNCPY(buffer, "Setting Cert Public Key error", max);
|
||||
break;
|
||||
|
||||
case DATE_E :
|
||||
XSTRNCPY(buffer, "Setting Cert Date validity error", max);
|
||||
break;
|
||||
|
||||
case SUBJECT_E :
|
||||
XSTRNCPY(buffer, "Setting Cert Subject name error", max);
|
||||
break;
|
||||
|
||||
case ISSUER_E :
|
||||
XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
|
||||
break;
|
||||
|
||||
case CA_TRUE_E :
|
||||
XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
|
||||
break;
|
||||
|
||||
case EXTENSIONS_E :
|
||||
XSTRNCPY(buffer, "Setting extensions error", max);
|
||||
break;
|
||||
|
||||
case ASN_PARSE_E :
|
||||
XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
|
||||
break;
|
||||
|
||||
case ASN_VERSION_E :
|
||||
XSTRNCPY(buffer, "ASN version error, invalid number", max);
|
||||
break;
|
||||
|
||||
case ASN_GETINT_E :
|
||||
XSTRNCPY(buffer, "ASN get big int error, invalid data", max);
|
||||
break;
|
||||
|
||||
case ASN_RSA_KEY_E :
|
||||
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
|
||||
break;
|
||||
|
||||
case ASN_OBJECT_ID_E :
|
||||
XSTRNCPY(buffer, "ASN object id error, invalid id", max);
|
||||
break;
|
||||
|
||||
case ASN_TAG_NULL_E :
|
||||
XSTRNCPY(buffer, "ASN tag error, not null", max);
|
||||
break;
|
||||
|
||||
case ASN_EXPECT_0_E :
|
||||
XSTRNCPY(buffer, "ASN expect error, not zero", max);
|
||||
break;
|
||||
|
||||
case ASN_BITSTR_E :
|
||||
XSTRNCPY(buffer, "ASN bit string error, wrong id", max);
|
||||
break;
|
||||
|
||||
case ASN_UNKNOWN_OID_E :
|
||||
XSTRNCPY(buffer, "ASN oid error, unknown sum id", max);
|
||||
break;
|
||||
|
||||
case ASN_DATE_SZ_E :
|
||||
XSTRNCPY(buffer, "ASN date error, bad size", max);
|
||||
break;
|
||||
|
||||
case ASN_BEFORE_DATE_E :
|
||||
XSTRNCPY(buffer, "ASN date error, current date before", max);
|
||||
break;
|
||||
|
||||
case ASN_AFTER_DATE_E :
|
||||
XSTRNCPY(buffer, "ASN date error, current date after", max);
|
||||
break;
|
||||
|
||||
case ASN_SIG_OID_E :
|
||||
XSTRNCPY(buffer, "ASN signature error, mismatched oid", max);
|
||||
break;
|
||||
|
||||
case ASN_TIME_E :
|
||||
XSTRNCPY(buffer, "ASN time error, unkown time type", max);
|
||||
break;
|
||||
|
||||
case ASN_INPUT_E :
|
||||
XSTRNCPY(buffer, "ASN input error, not enough data", max);
|
||||
break;
|
||||
|
||||
case ASN_SIG_CONFIRM_E :
|
||||
XSTRNCPY(buffer, "ASN sig error, confirm failure", max);
|
||||
break;
|
||||
|
||||
case ASN_SIG_HASH_E :
|
||||
XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max);
|
||||
break;
|
||||
|
||||
case ASN_SIG_KEY_E :
|
||||
XSTRNCPY(buffer, "ASN sig error, unsupported key type", max);
|
||||
break;
|
||||
|
||||
case ASN_DH_KEY_E :
|
||||
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
|
||||
break;
|
||||
|
||||
case ASN_NTRU_KEY_E :
|
||||
XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max);
|
||||
break;
|
||||
|
||||
case ECC_BAD_ARG_E :
|
||||
XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max);
|
||||
break;
|
||||
|
||||
case ASN_ECC_KEY_E :
|
||||
XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max);
|
||||
break;
|
||||
|
||||
case ECC_CURVE_OID_E :
|
||||
XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max);
|
||||
break;
|
||||
|
||||
case BAD_FUNC_ARG :
|
||||
XSTRNCPY(buffer, "Bad function argument", max);
|
||||
break;
|
||||
|
||||
case NOT_COMPILED_IN :
|
||||
XSTRNCPY(buffer, "Feature not compiled in", max);
|
||||
break;
|
||||
|
||||
case UNICODE_SIZE_E :
|
||||
XSTRNCPY(buffer, "Unicode password too big", max);
|
||||
break;
|
||||
|
||||
case NO_PASSWORD :
|
||||
XSTRNCPY(buffer, "No password provided by user", max);
|
||||
break;
|
||||
|
||||
case ALT_NAME_E :
|
||||
XSTRNCPY(buffer, "Alt Name problem, too big", max);
|
||||
break;
|
||||
|
||||
case AES_GCM_AUTH_E:
|
||||
XSTRNCPY(buffer, "AES-GCM Authentication check fail", max);
|
||||
break;
|
||||
|
||||
default:
|
||||
XSTRNCPY(buffer, "unknown error number", max);
|
||||
|
||||
}
|
||||
|
||||
#endif /* NO_ERROR_STRINGS */
|
||||
|
||||
}
|
||||
|
||||
|
||||
#if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN)
|
||||
|
||||
static int SetMyVersion(word32 version, byte* output, int header)
|
||||
|
|
@ -4396,90 +4145,90 @@ static int GetEnumerated(const byte* input, word32* inOutIdx, int *value)
|
|||
static int DecodeSingleResponse(byte* source,
|
||||
word32* ioIndex, OcspResponse* resp, word32 size)
|
||||
{
|
||||
word32 index = *ioIndex, prevIndex, oid;
|
||||
word32 idx = *ioIndex, prevIndex, oid;
|
||||
int length, wrapperSz;
|
||||
CertStatus* cs = resp->status;
|
||||
|
||||
CYASSL_ENTER("DecodeSingleResponse");
|
||||
|
||||
/* Outer wrapper of the SEQUENCE OF Single Responses. */
|
||||
if (GetSequence(source, &index, &wrapperSz, size) < 0)
|
||||
if (GetSequence(source, &idx, &wrapperSz, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
prevIndex = index;
|
||||
prevIndex = idx;
|
||||
|
||||
/* When making a request, we only request one status on one certificate
|
||||
* at a time. There should only be one SingleResponse */
|
||||
|
||||
/* Wrapper around the Single Response */
|
||||
if (GetSequence(source, &index, &length, size) < 0)
|
||||
if (GetSequence(source, &idx, &length, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
/* Wrapper around the CertID */
|
||||
if (GetSequence(source, &index, &length, size) < 0)
|
||||
if (GetSequence(source, &idx, &length, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
/* Skip the hash algorithm */
|
||||
if (GetAlgoId(source, &index, &oid, size) < 0)
|
||||
if (GetAlgoId(source, &idx, &oid, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
/* Save reference to the hash of CN */
|
||||
if (source[index++] != ASN_OCTET_STRING)
|
||||
if (source[idx++] != ASN_OCTET_STRING)
|
||||
return ASN_PARSE_E;
|
||||
if (GetLength(source, &index, &length, size) < 0)
|
||||
if (GetLength(source, &idx, &length, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
resp->issuerHash = source + index;
|
||||
index += length;
|
||||
resp->issuerHash = source + idx;
|
||||
idx += length;
|
||||
/* Save reference to the hash of the issuer public key */
|
||||
if (source[index++] != ASN_OCTET_STRING)
|
||||
if (source[idx++] != ASN_OCTET_STRING)
|
||||
return ASN_PARSE_E;
|
||||
if (GetLength(source, &index, &length, size) < 0)
|
||||
if (GetLength(source, &idx, &length, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
resp->issuerKeyHash = source + index;
|
||||
index += length;
|
||||
resp->issuerKeyHash = source + idx;
|
||||
idx += length;
|
||||
|
||||
/* Read the serial number, it is handled as a string, not as a
|
||||
* proper number. Just XMEMCPY the data over, rather than load it
|
||||
* as an mp_int. */
|
||||
if (source[index++] != ASN_INTEGER)
|
||||
if (source[idx++] != ASN_INTEGER)
|
||||
return ASN_PARSE_E;
|
||||
if (GetLength(source, &index, &length, size) < 0)
|
||||
if (GetLength(source, &idx, &length, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
if (length <= EXTERNAL_SERIAL_SIZE)
|
||||
{
|
||||
if (source[index] == 0)
|
||||
if (source[idx] == 0)
|
||||
{
|
||||
index++;
|
||||
idx++;
|
||||
length--;
|
||||
}
|
||||
XMEMCPY(cs->serial, source + index, length);
|
||||
XMEMCPY(cs->serial, source + idx, length);
|
||||
cs->serialSz = length;
|
||||
}
|
||||
else
|
||||
{
|
||||
return ASN_GETINT_E;
|
||||
}
|
||||
index += length;
|
||||
idx += length;
|
||||
|
||||
/* CertStatus */
|
||||
switch (source[index++])
|
||||
switch (source[idx++])
|
||||
{
|
||||
case (ASN_CONTEXT_SPECIFIC | CERT_GOOD):
|
||||
cs->status = CERT_GOOD;
|
||||
index++;
|
||||
idx++;
|
||||
break;
|
||||
case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED):
|
||||
cs->status = CERT_REVOKED;
|
||||
GetLength(source, &index, &length, size);
|
||||
index += length;
|
||||
GetLength(source, &idx, &length, size);
|
||||
idx += length;
|
||||
break;
|
||||
case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN):
|
||||
cs->status = CERT_UNKNOWN;
|
||||
index++;
|
||||
idx++;
|
||||
break;
|
||||
default:
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
if (GetBasicDate(source, &index, cs->thisDate,
|
||||
if (GetBasicDate(source, &idx, cs->thisDate,
|
||||
&cs->thisDateFormat, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
if (!ValidateDate(cs->thisDate, cs->thisDateFormat, BEFORE))
|
||||
|
|
@ -4488,26 +4237,26 @@ static int DecodeSingleResponse(byte* source,
|
|||
/* The following items are optional. Only check for them if there is more
|
||||
* unprocessed data in the singleResponse wrapper. */
|
||||
|
||||
if ((index - prevIndex < wrapperSz) &&
|
||||
(source[index] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)))
|
||||
if (((int)(idx - prevIndex) < wrapperSz) &&
|
||||
(source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)))
|
||||
{
|
||||
index++;
|
||||
if (GetLength(source, &index, &length, size) < 0)
|
||||
idx++;
|
||||
if (GetLength(source, &idx, &length, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
if (GetBasicDate(source, &index, cs->nextDate,
|
||||
if (GetBasicDate(source, &idx, cs->nextDate,
|
||||
&cs->nextDateFormat, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
if ((index - prevIndex < wrapperSz) &&
|
||||
(source[index] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)))
|
||||
if (((int)(idx - prevIndex) < wrapperSz) &&
|
||||
(source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)))
|
||||
{
|
||||
index++;
|
||||
if (GetLength(source, &index, &length, size) < 0)
|
||||
idx++;
|
||||
if (GetLength(source, &idx, &length, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
index += length;
|
||||
idx += length;
|
||||
}
|
||||
|
||||
*ioIndex = index;
|
||||
*ioIndex = idx;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -4833,7 +4582,7 @@ static word32 SetOcspReqExtensions(word32 extSz, byte* output,
|
|||
seqArray[1][0] = ASN_OBJECT_ID;
|
||||
seqSz[1] = 1 + SetLength(sizeof(NonceObjId), &seqArray[1][1]);
|
||||
|
||||
totalSz = seqSz[0] + seqSz[1] + nonceSz + sizeof(NonceObjId);
|
||||
totalSz = seqSz[0] + seqSz[1] + nonceSz + (word32)sizeof(NonceObjId);
|
||||
|
||||
seqSz[2] = SetSequence(totalSz, seqArray[2]);
|
||||
totalSz += seqSz[2];
|
||||
|
|
@ -4857,7 +4606,7 @@ static word32 SetOcspReqExtensions(word32 extSz, byte* output,
|
|||
XMEMCPY(output + totalSz, seqArray[1], seqSz[1]);
|
||||
totalSz += seqSz[1];
|
||||
XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId));
|
||||
totalSz += sizeof(NonceObjId);
|
||||
totalSz += (word32)sizeof(NonceObjId);
|
||||
XMEMCPY(output + totalSz, seqArray[0], seqSz[0]);
|
||||
totalSz += seqSz[0];
|
||||
XMEMCPY(output + totalSz, nonce, nonceSz);
|
||||
|
|
@ -4878,7 +4627,6 @@ int EncodeOcspRequest(OcspRequest* req)
|
|||
byte snArray[MAX_SN_SZ];
|
||||
byte extArray[MAX_OCSP_EXT_SZ];
|
||||
byte* output = req->dest;
|
||||
word32 outputSz = req->destSz;
|
||||
RNG rng;
|
||||
word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, extSz, totalSz;
|
||||
int i;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,276 @@
|
|||
/* error.c
|
||||
*
|
||||
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
|
||||
*
|
||||
* This file is part of CyaSSL.
|
||||
*
|
||||
* CyaSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* CyaSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <cyassl/ctaocrypt/error.h>
|
||||
|
||||
void CTaoCryptErrorString(int error, char* buffer)
|
||||
{
|
||||
const int max = MAX_ERROR_SZ; /* shorthand */
|
||||
|
||||
#ifdef NO_ERROR_STRINGS
|
||||
|
||||
XSTRNCPY(buffer, "no support for error strings built in", max);
|
||||
|
||||
#else
|
||||
|
||||
switch (error) {
|
||||
|
||||
case OPEN_RAN_E :
|
||||
XSTRNCPY(buffer, "opening random device error", max);
|
||||
break;
|
||||
|
||||
case READ_RAN_E :
|
||||
XSTRNCPY(buffer, "reading random device error", max);
|
||||
break;
|
||||
|
||||
case WINCRYPT_E :
|
||||
XSTRNCPY(buffer, "windows crypt init error", max);
|
||||
break;
|
||||
|
||||
case CRYPTGEN_E :
|
||||
XSTRNCPY(buffer, "windows crypt generation error", max);
|
||||
break;
|
||||
|
||||
case RAN_BLOCK_E :
|
||||
XSTRNCPY(buffer, "random device read would block error", max);
|
||||
break;
|
||||
|
||||
case MP_INIT_E :
|
||||
XSTRNCPY(buffer, "mp_init error state", max);
|
||||
break;
|
||||
|
||||
case MP_READ_E :
|
||||
XSTRNCPY(buffer, "mp_read error state", max);
|
||||
break;
|
||||
|
||||
case MP_EXPTMOD_E :
|
||||
XSTRNCPY(buffer, "mp_exptmod error state", max);
|
||||
break;
|
||||
|
||||
case MP_TO_E :
|
||||
XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max);
|
||||
break;
|
||||
|
||||
case MP_SUB_E :
|
||||
XSTRNCPY(buffer, "mp_sub error state, can't subtract", max);
|
||||
break;
|
||||
|
||||
case MP_ADD_E :
|
||||
XSTRNCPY(buffer, "mp_add error state, can't add", max);
|
||||
break;
|
||||
|
||||
case MP_MUL_E :
|
||||
XSTRNCPY(buffer, "mp_mul error state, can't multiply", max);
|
||||
break;
|
||||
|
||||
case MP_MULMOD_E :
|
||||
XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max);
|
||||
break;
|
||||
|
||||
case MP_MOD_E :
|
||||
XSTRNCPY(buffer, "mp_mod error state, can't mod", max);
|
||||
break;
|
||||
|
||||
case MP_INVMOD_E :
|
||||
XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max);
|
||||
break;
|
||||
|
||||
case MP_CMP_E :
|
||||
XSTRNCPY(buffer, "mp_cmp error state", max);
|
||||
break;
|
||||
|
||||
case MP_ZERO_E :
|
||||
XSTRNCPY(buffer, "mp zero result, not expected", max);
|
||||
break;
|
||||
|
||||
case MEMORY_E :
|
||||
XSTRNCPY(buffer, "out of memory error", max);
|
||||
break;
|
||||
|
||||
case RSA_WRONG_TYPE_E :
|
||||
XSTRNCPY(buffer, "RSA wrong block type for RSA function", max);
|
||||
break;
|
||||
|
||||
case RSA_BUFFER_E :
|
||||
XSTRNCPY(buffer, "RSA buffer error, output too small or input too big",
|
||||
max);
|
||||
break;
|
||||
|
||||
case BUFFER_E :
|
||||
XSTRNCPY(buffer, "Buffer error, output too small or input too big",max);
|
||||
break;
|
||||
|
||||
case ALGO_ID_E :
|
||||
XSTRNCPY(buffer, "Setting Cert AlogID error", max);
|
||||
break;
|
||||
|
||||
case PUBLIC_KEY_E :
|
||||
XSTRNCPY(buffer, "Setting Cert Public Key error", max);
|
||||
break;
|
||||
|
||||
case DATE_E :
|
||||
XSTRNCPY(buffer, "Setting Cert Date validity error", max);
|
||||
break;
|
||||
|
||||
case SUBJECT_E :
|
||||
XSTRNCPY(buffer, "Setting Cert Subject name error", max);
|
||||
break;
|
||||
|
||||
case ISSUER_E :
|
||||
XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
|
||||
break;
|
||||
|
||||
case CA_TRUE_E :
|
||||
XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
|
||||
break;
|
||||
|
||||
case EXTENSIONS_E :
|
||||
XSTRNCPY(buffer, "Setting extensions error", max);
|
||||
break;
|
||||
|
||||
case ASN_PARSE_E :
|
||||
XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
|
||||
break;
|
||||
|
||||
case ASN_VERSION_E :
|
||||
XSTRNCPY(buffer, "ASN version error, invalid number", max);
|
||||
break;
|
||||
|
||||
case ASN_GETINT_E :
|
||||
XSTRNCPY(buffer, "ASN get big int error, invalid data", max);
|
||||
break;
|
||||
|
||||
case ASN_RSA_KEY_E :
|
||||
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
|
||||
break;
|
||||
|
||||
case ASN_OBJECT_ID_E :
|
||||
XSTRNCPY(buffer, "ASN object id error, invalid id", max);
|
||||
break;
|
||||
|
||||
case ASN_TAG_NULL_E :
|
||||
XSTRNCPY(buffer, "ASN tag error, not null", max);
|
||||
break;
|
||||
|
||||
case ASN_EXPECT_0_E :
|
||||
XSTRNCPY(buffer, "ASN expect error, not zero", max);
|
||||
break;
|
||||
|
||||
case ASN_BITSTR_E :
|
||||
XSTRNCPY(buffer, "ASN bit string error, wrong id", max);
|
||||
break;
|
||||
|
||||
case ASN_UNKNOWN_OID_E :
|
||||
XSTRNCPY(buffer, "ASN oid error, unknown sum id", max);
|
||||
break;
|
||||
|
||||
case ASN_DATE_SZ_E :
|
||||
XSTRNCPY(buffer, "ASN date error, bad size", max);
|
||||
break;
|
||||
|
||||
case ASN_BEFORE_DATE_E :
|
||||
XSTRNCPY(buffer, "ASN date error, current date before", max);
|
||||
break;
|
||||
|
||||
case ASN_AFTER_DATE_E :
|
||||
XSTRNCPY(buffer, "ASN date error, current date after", max);
|
||||
break;
|
||||
|
||||
case ASN_SIG_OID_E :
|
||||
XSTRNCPY(buffer, "ASN signature error, mismatched oid", max);
|
||||
break;
|
||||
|
||||
case ASN_TIME_E :
|
||||
XSTRNCPY(buffer, "ASN time error, unkown time type", max);
|
||||
break;
|
||||
|
||||
case ASN_INPUT_E :
|
||||
XSTRNCPY(buffer, "ASN input error, not enough data", max);
|
||||
break;
|
||||
|
||||
case ASN_SIG_CONFIRM_E :
|
||||
XSTRNCPY(buffer, "ASN sig error, confirm failure", max);
|
||||
break;
|
||||
|
||||
case ASN_SIG_HASH_E :
|
||||
XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max);
|
||||
break;
|
||||
|
||||
case ASN_SIG_KEY_E :
|
||||
XSTRNCPY(buffer, "ASN sig error, unsupported key type", max);
|
||||
break;
|
||||
|
||||
case ASN_DH_KEY_E :
|
||||
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
|
||||
break;
|
||||
|
||||
case ASN_NTRU_KEY_E :
|
||||
XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max);
|
||||
break;
|
||||
|
||||
case ECC_BAD_ARG_E :
|
||||
XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max);
|
||||
break;
|
||||
|
||||
case ASN_ECC_KEY_E :
|
||||
XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max);
|
||||
break;
|
||||
|
||||
case ECC_CURVE_OID_E :
|
||||
XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max);
|
||||
break;
|
||||
|
||||
case BAD_FUNC_ARG :
|
||||
XSTRNCPY(buffer, "Bad function argument", max);
|
||||
break;
|
||||
|
||||
case NOT_COMPILED_IN :
|
||||
XSTRNCPY(buffer, "Feature not compiled in", max);
|
||||
break;
|
||||
|
||||
case UNICODE_SIZE_E :
|
||||
XSTRNCPY(buffer, "Unicode password too big", max);
|
||||
break;
|
||||
|
||||
case NO_PASSWORD :
|
||||
XSTRNCPY(buffer, "No password provided by user", max);
|
||||
break;
|
||||
|
||||
case ALT_NAME_E :
|
||||
XSTRNCPY(buffer, "Alt Name problem, too big", max);
|
||||
break;
|
||||
|
||||
case AES_GCM_AUTH_E:
|
||||
XSTRNCPY(buffer, "AES-GCM Authentication check fail", max);
|
||||
break;
|
||||
|
||||
default:
|
||||
XSTRNCPY(buffer, "unknown error number", max);
|
||||
|
||||
}
|
||||
|
||||
#endif /* NO_ERROR_STRINGS */
|
||||
|
||||
}
|
||||
|
|
@ -19,7 +19,7 @@
|
|||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
*/
|
||||
|
||||
//#ifndef NO_ASN
|
||||
#ifndef NO_ASN
|
||||
|
||||
#ifndef CTAO_CRYPT_ASN_H
|
||||
#define CTAO_CRYPT_ASN_H
|
||||
|
|
@ -485,4 +485,4 @@ CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
|
|||
|
||||
#endif /* CTAO_CRYPT_ASN_H */
|
||||
|
||||
//#endif /* NO_ASN */
|
||||
#endif /* !NO_ASN */
|
||||
|
|
|
|||
|
|
@ -80,4 +80,4 @@ CYASSL_API int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*,
|
|||
|
||||
#endif /* CTAO_CRYPT_RSA_H */
|
||||
|
||||
#endif /* NO_RSA */
|
||||
#endif /* NO_RSA */
|
||||
|
|
|
|||
|
|
@ -182,7 +182,8 @@ void c32to24(word32 in, word24 out);
|
|||
#define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
|
||||
#endif
|
||||
|
||||
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA)
|
||||
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
|
||||
!defined(NO_RSA) && defined(OPENSSL_EXTRA)
|
||||
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
||||
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
||||
#if !defined (NO_SHA256)
|
||||
|
|
@ -829,6 +830,7 @@ struct CYASSL_CTX {
|
|||
CYASSL_METHOD* method;
|
||||
CyaSSL_Mutex countMutex; /* reference count mutex */
|
||||
int refCount; /* reference count */
|
||||
#ifndef NO_CERTS
|
||||
buffer certificate;
|
||||
buffer certChain;
|
||||
/* chain after self, in DER, with leading size for each cert */
|
||||
|
|
@ -836,6 +838,7 @@ struct CYASSL_CTX {
|
|||
buffer serverDH_P;
|
||||
buffer serverDH_G;
|
||||
CYASSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
|
||||
#endif
|
||||
Suites suites;
|
||||
void* heap; /* for user memory overrides */
|
||||
byte verifyPeer;
|
||||
|
|
@ -887,10 +890,12 @@ int DeriveTlsKeys(CYASSL* ssl);
|
|||
CYASSL_LOCAL
|
||||
int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
||||
word32 inSz, word16 sz);
|
||||
CYASSL_LOCAL
|
||||
int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
|
||||
CYASSL_LOCAL
|
||||
int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
|
||||
#ifndef NO_CERTS
|
||||
CYASSL_LOCAL
|
||||
int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
|
||||
CYASSL_LOCAL
|
||||
int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
|
||||
#endif
|
||||
|
||||
/* All cipher suite related info */
|
||||
typedef struct CipherSpecs {
|
||||
|
|
@ -1129,15 +1134,17 @@ enum AcceptState {
|
|||
|
||||
|
||||
typedef struct Buffers {
|
||||
#ifndef NO_CERTS
|
||||
buffer certificate; /* CYASSL_CTX owns, unless we own */
|
||||
buffer key; /* CYASSL_CTX owns, unless we own */
|
||||
buffer certChain; /* CYASSL_CTX owns */
|
||||
/* chain after self, in DER, with leading size for each cert */
|
||||
buffer domainName; /* for client check */
|
||||
buffer serverDH_P; /* CYASSL_CTX owns, unless we own */
|
||||
buffer serverDH_G; /* CYASSL_CTX owns, unless we own */
|
||||
buffer serverDH_Pub;
|
||||
buffer serverDH_Priv;
|
||||
#endif
|
||||
buffer domainName; /* for client check */
|
||||
bufferStatic inputBuffer;
|
||||
bufferStatic outputBuffer;
|
||||
buffer clearOutputBuffer;
|
||||
|
|
@ -1376,13 +1383,16 @@ typedef struct EncryptedInfo {
|
|||
CYASSL_CTX* ctx; /* CTX owner */
|
||||
} EncryptedInfo;
|
||||
|
||||
CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
|
||||
buffer* der, void* heap, EncryptedInfo* info,
|
||||
int* eccKey);
|
||||
|
||||
CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
|
||||
int type, CYASSL* ssl, int userChain,
|
||||
CYASSL_CRL* crl);
|
||||
#ifndef NO_CERTS
|
||||
CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
|
||||
buffer* der, void* heap, EncryptedInfo* info,
|
||||
int* eccKey);
|
||||
|
||||
CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
|
||||
int type, CYASSL* ssl, int userChain,
|
||||
CYASSL_CRL* crl);
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef CYASSL_CALLBACKS
|
||||
|
|
@ -1520,7 +1530,9 @@ CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
|
|||
CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl);
|
||||
CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
|
||||
CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
|
||||
CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
|
||||
#ifndef NO_CERTS
|
||||
CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
|
||||
#endif
|
||||
CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
|
||||
const byte* sender);
|
||||
CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
|
||||
|
|
|
|||
97
cyassl/ssl.h
97
cyassl/ssl.h
|
|
@ -151,7 +151,7 @@ CYASSL_API CYASSL_METHOD *CyaTLSv1_2_client_method(void);
|
|||
CYASSL_API CYASSL_METHOD *CyaDTLSv1_server_method(void);
|
||||
#endif
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
|
||||
CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int);
|
||||
CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int);
|
||||
|
|
@ -178,7 +178,7 @@ CYASSL_API int CyaSSL_use_RSAPrivateKey_file(CYASSL*, const char*, int);
|
|||
|
||||
CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int);
|
||||
|
||||
#endif /* NO_FILESYSTEM */
|
||||
#endif /* !NO_FILESYSTEM && !NO_CERTS */
|
||||
|
||||
CYASSL_API CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD*);
|
||||
CYASSL_API CYASSL* CyaSSL_new(CYASSL_CTX*);
|
||||
|
|
@ -618,8 +618,9 @@ CYASSL_API int CyaSSL_RAND_status(void);
|
|||
CYASSL_API int CyaSSL_RAND_bytes(unsigned char* buf, int num);
|
||||
CYASSL_API CYASSL_METHOD *CyaSSLv23_server_method(void);
|
||||
CYASSL_API long CyaSSL_CTX_set_options(CYASSL_CTX*, long);
|
||||
CYASSL_API int CyaSSL_CTX_check_private_key(CYASSL_CTX*);
|
||||
|
||||
#ifndef NO_CERTS
|
||||
CYASSL_API int CyaSSL_CTX_check_private_key(CYASSL_CTX*);
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
CYASSL_API void CyaSSL_ERR_free_strings(void);
|
||||
CYASSL_API void CyaSSL_ERR_remove_state(unsigned long);
|
||||
|
|
@ -657,8 +658,8 @@ CYASSL_API void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX*,
|
|||
void (*f)(CYASSL_CTX*, CYASSL_SESSION*));
|
||||
|
||||
CYASSL_API int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION*,unsigned char**);
|
||||
CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**,const unsigned char**,
|
||||
long);
|
||||
CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**,
|
||||
const unsigned char**, long);
|
||||
|
||||
CYASSL_API long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION*);
|
||||
CYASSL_API long CyaSSL_SESSION_get_time(const CYASSL_SESSION*);
|
||||
|
|
@ -714,6 +715,8 @@ CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*);
|
|||
/* connect enough to get peer cert */
|
||||
CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl);
|
||||
|
||||
/* XXX This should be #ifndef NO_DH */
|
||||
#ifndef NO_CERTS
|
||||
/* server Diffie-Hellman parameters */
|
||||
CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, const unsigned char* p, int pSz,
|
||||
const unsigned char* g, int gSz);
|
||||
|
|
@ -734,6 +737,7 @@ CYASSL_API int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX*, unsigned short);
|
|||
CYASSL_API int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX*, const char* f,
|
||||
int format);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* keyblock size in bytes or -1 */
|
||||
/* need to call CyaSSL_KeepArrays before handshake to save keys */
|
||||
|
|
@ -757,24 +761,27 @@ CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen,
|
|||
#endif
|
||||
|
||||
|
||||
/* SSL_CTX versions */
|
||||
CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*, const unsigned char*,
|
||||
long, int);
|
||||
CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*,
|
||||
#ifndef NO_CERTS
|
||||
/* SSL_CTX versions */
|
||||
CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*,
|
||||
const unsigned char*, long, int);
|
||||
CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*,
|
||||
CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*,
|
||||
const unsigned char*, long, int);
|
||||
CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*,
|
||||
CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*,
|
||||
const unsigned char*, long, int);
|
||||
CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*,
|
||||
const unsigned char*, long);
|
||||
CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*);
|
||||
|
||||
/* SSL versions */
|
||||
CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*,
|
||||
long, int);
|
||||
CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*, long,
|
||||
int);
|
||||
CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*,
|
||||
const unsigned char*, long);
|
||||
/* SSL versions */
|
||||
CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*,
|
||||
long, int);
|
||||
CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*,
|
||||
long, int);
|
||||
CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*,
|
||||
const unsigned char*, long);
|
||||
#endif
|
||||
|
||||
CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*);
|
||||
CYASSL_API int CyaSSL_set_group_messages(CYASSL*);
|
||||
|
||||
/* I/O callbacks */
|
||||
|
|
@ -808,35 +815,39 @@ CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
|
|||
typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
|
||||
typedef void (*CbMissingCRL)(const char* url);
|
||||
|
||||
CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);
|
||||
|
||||
#ifndef NO_CERTS
|
||||
CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);
|
||||
|
||||
CYASSL_API CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void);
|
||||
CYASSL_API void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER*);
|
||||
CYASSL_API CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void);
|
||||
CYASSL_API void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER*);
|
||||
|
||||
CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
|
||||
const char* d);
|
||||
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
|
||||
int format);
|
||||
CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
|
||||
CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
|
||||
const char* d);
|
||||
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
|
||||
int format);
|
||||
CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
|
||||
const unsigned char* buff, int sz, int format);
|
||||
CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
|
||||
int sz);
|
||||
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
|
||||
CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
|
||||
CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*, int,
|
||||
int);
|
||||
CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL);
|
||||
CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*,
|
||||
unsigned char*, int sz);
|
||||
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*,
|
||||
int options);
|
||||
CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
|
||||
CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*,
|
||||
int, int);
|
||||
CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*,
|
||||
CbMissingCRL);
|
||||
|
||||
CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
|
||||
CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
|
||||
CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int);
|
||||
CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);
|
||||
CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
|
||||
CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
|
||||
CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int);
|
||||
CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);
|
||||
|
||||
CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
|
||||
CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
|
||||
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
|
||||
CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);
|
||||
CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
|
||||
CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
|
||||
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
|
||||
CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
/* end of handshake frees temporary arrays, if user needs for get_keys or
|
||||
psk hints, call KeepArrays before handshake and then FreeArrays when done
|
||||
|
|
|
|||
|
|
@ -643,7 +643,7 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
|
|||
#endif /* USE_WINDOWS_API */
|
||||
|
||||
|
||||
#ifdef NO_FILESYSTEM
|
||||
#if defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
|
||||
enum {
|
||||
CYASSL_CA = 1,
|
||||
|
|
@ -731,6 +731,8 @@ static INLINE void CRL_CallBack(const char* url)
|
|||
#endif
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
static INLINE void CaCb(unsigned char* der, int sz, int type)
|
||||
{
|
||||
(void)der;
|
||||
|
|
@ -792,6 +794,8 @@ static INLINE void SetDHCtx(CYASSL_CTX* ctx)
|
|||
CyaSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
|
||||
}
|
||||
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
#ifdef USE_WINDOWS_API
|
||||
|
||||
/* do back x number of directories */
|
||||
|
|
|
|||
|
|
@ -91,7 +91,7 @@ void echoclient_test(void* args)
|
|||
if (SSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
|
||||
err_sys("can't load ca file, Please run from CyaSSL home dir");
|
||||
#endif
|
||||
#else
|
||||
#elif !defined(NO_CERTS)
|
||||
if (!doLeanPSK)
|
||||
load_buffer(ctx, caCert, CYASSL_CA);
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -140,7 +140,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
|||
err_sys("can't load server key file, "
|
||||
"Please run from CyaSSL home dir");
|
||||
#endif
|
||||
#else
|
||||
#elif !defined(NO_CERTS)
|
||||
if (!doLeanPSK) {
|
||||
load_buffer(ctx, svrCert, CYASSL_CERT);
|
||||
load_buffer(ctx, svrKey, CYASSL_KEY);
|
||||
|
|
@ -184,7 +184,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
|||
CyaSSL_set_fd(ssl, clientfd);
|
||||
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
|
||||
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
|
||||
#else
|
||||
#elif !defined(NO_CERTS)
|
||||
SetDH(ssl); /* will repick suites with DHE, higher than PSK */
|
||||
#endif
|
||||
if (CyaSSL_accept(ssl) != SSL_SUCCESS) {
|
||||
|
|
|
|||
|
|
@ -330,7 +330,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||
if (usePsk == 0) {
|
||||
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
|
||||
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
|
||||
#else
|
||||
#elif !defined(NO_CERTS)
|
||||
SetDH(ssl); /* repick suites with DHE, higher priority than PSK */
|
||||
#endif
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,24 +4,24 @@
|
|||
|
||||
lib_LTLIBRARIES+= src/libcyassl.la
|
||||
src_libcyassl_la_SOURCES = \
|
||||
src/internal.c \
|
||||
src/io.c \
|
||||
src/keys.c \
|
||||
src/ssl.c \
|
||||
src/tls.c \
|
||||
ctaocrypt/src/asn.c \
|
||||
ctaocrypt/src/coding.c \
|
||||
ctaocrypt/src/des3.c \
|
||||
ctaocrypt/src/hmac.c \
|
||||
ctaocrypt/src/md5.c \
|
||||
ctaocrypt/src/md4.c \
|
||||
ctaocrypt/src/random.c \
|
||||
ctaocrypt/src/sha.c \
|
||||
ctaocrypt/src/sha256.c \
|
||||
ctaocrypt/src/arc4.c \
|
||||
ctaocrypt/src/pwdbased.c \
|
||||
ctaocrypt/src/logging.c \
|
||||
ctaocrypt/src/memory.c
|
||||
src/internal.c \
|
||||
src/io.c \
|
||||
src/keys.c \
|
||||
src/ssl.c \
|
||||
src/tls.c \
|
||||
ctaocrypt/src/coding.c \
|
||||
ctaocrypt/src/des3.c \
|
||||
ctaocrypt/src/hmac.c \
|
||||
ctaocrypt/src/md5.c \
|
||||
ctaocrypt/src/md4.c \
|
||||
ctaocrypt/src/random.c \
|
||||
ctaocrypt/src/sha.c \
|
||||
ctaocrypt/src/sha256.c \
|
||||
ctaocrypt/src/arc4.c \
|
||||
ctaocrypt/src/pwdbased.c \
|
||||
ctaocrypt/src/logging.c \
|
||||
ctaocrypt/src/error.c \
|
||||
ctaocrypt/src/memory.c
|
||||
src_libcyassl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${CYASSL_LIBRARY_VERSION}
|
||||
src_libcyassl_la_LIBADD = $(LIBM)
|
||||
src_libcyassl_la_CFLAGS = -DBUILDING_CYASSL $(AM_CFLAGS)
|
||||
|
|
@ -29,9 +29,10 @@ src_libcyassl_la_CPPFLAGS = -DBUILDING_CYASSL $(AM_CPPFLAGS)
|
|||
|
||||
if !BUILD_LEANPSK
|
||||
src_libcyassl_la_SOURCES += ctaocrypt/src/rsa.c \
|
||||
ctaocrypt/src/dh.c \
|
||||
ctaocrypt/src/dsa.c \
|
||||
ctaocrypt/src/aes.c
|
||||
ctaocrypt/src/asn.c \
|
||||
ctaocrypt/src/dh.c \
|
||||
ctaocrypt/src/dsa.c \
|
||||
ctaocrypt/src/aes.c
|
||||
endif
|
||||
|
||||
if BUILD_AESNI
|
||||
|
|
|
|||
|
|
@ -64,8 +64,10 @@
|
|||
#ifndef NO_CYASSL_CLIENT
|
||||
static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*);
|
||||
static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32);
|
||||
static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*);
|
||||
static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*);
|
||||
#ifndef NO_CERTS
|
||||
static int DoCertificateRequest(CYASSL* ssl, const byte* input,word32*);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
|
|
@ -324,11 +326,13 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
|
|||
{
|
||||
ctx->method = method;
|
||||
ctx->refCount = 1; /* so either CTX_free or SSL_free can release */
|
||||
#ifndef NO_CERTS
|
||||
ctx->certificate.buffer = 0;
|
||||
ctx->certChain.buffer = 0;
|
||||
ctx->privateKey.buffer = 0;
|
||||
ctx->serverDH_P.buffer = 0;
|
||||
ctx->serverDH_G.buffer = 0;
|
||||
#endif
|
||||
ctx->haveDH = 0;
|
||||
ctx->haveNTRU = 0; /* start off */
|
||||
ctx->haveECDSAsig = 0; /* start off */
|
||||
|
|
@ -369,7 +373,9 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
|
|||
ctx->partialWrite = 0;
|
||||
ctx->verifyCallback = 0;
|
||||
|
||||
#ifndef NO_CERTS
|
||||
ctx->cm = CyaSSL_CertManagerNew();
|
||||
#endif
|
||||
#ifdef HAVE_NTRU
|
||||
if (method->side == CLIENT_END)
|
||||
ctx->haveNTRU = 1; /* always on cliet side */
|
||||
|
|
@ -401,10 +407,12 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
|
|||
CYASSL_MSG("Mutex error on CTX init");
|
||||
return BAD_MUTEX_ERROR;
|
||||
}
|
||||
#ifndef NO_CERTS
|
||||
if (ctx->cm == NULL) {
|
||||
CYASSL_MSG("Bad Cert Manager New");
|
||||
return BAD_CERT_MANAGER_ERROR;
|
||||
}
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -412,15 +420,16 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
|
|||
/* In case contexts are held in array and don't want to free actual ctx */
|
||||
void SSL_CtxResourceFree(CYASSL_CTX* ctx)
|
||||
{
|
||||
XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
|
||||
|
||||
#ifndef NO_CERTS
|
||||
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
|
||||
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
|
||||
XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
|
||||
XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
|
||||
XFREE(ctx->certChain.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
|
||||
XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
|
||||
|
||||
CyaSSL_CertManagerFree(ctx->cm);
|
||||
|
||||
#endif
|
||||
#ifdef HAVE_OCSP
|
||||
CyaSSL_OCSP_Cleanup(&ctx->ocsp);
|
||||
#endif
|
||||
|
|
@ -940,9 +949,11 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||
haveRSA = 1;
|
||||
#endif
|
||||
|
||||
#ifndef NO_CERTS
|
||||
ssl->buffers.certificate.buffer = 0;
|
||||
ssl->buffers.key.buffer = 0;
|
||||
ssl->buffers.certChain.buffer = 0;
|
||||
#endif
|
||||
ssl->buffers.inputBuffer.length = 0;
|
||||
ssl->buffers.inputBuffer.idx = 0;
|
||||
ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
|
||||
|
|
@ -954,10 +965,12 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||
ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
|
||||
ssl->buffers.outputBuffer.dynamicFlag = 0;
|
||||
ssl->buffers.domainName.buffer = 0;
|
||||
#ifndef NO_CERTS
|
||||
ssl->buffers.serverDH_P.buffer = 0;
|
||||
ssl->buffers.serverDH_G.buffer = 0;
|
||||
ssl->buffers.serverDH_Pub.buffer = 0;
|
||||
ssl->buffers.serverDH_Priv.buffer = 0;
|
||||
#endif
|
||||
ssl->buffers.clearOutputBuffer.buffer = 0;
|
||||
ssl->buffers.clearOutputBuffer.length = 0;
|
||||
ssl->buffers.prevSent = 0;
|
||||
|
|
@ -1076,6 +1089,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||
ssl->options.usingNonblock = 0;
|
||||
ssl->options.saveArrays = 0;
|
||||
|
||||
#ifndef NO_CERTS
|
||||
/* ctx still owns certificate, certChain, key, dh, and cm */
|
||||
ssl->buffers.certificate = ctx->certificate;
|
||||
ssl->buffers.certChain = ctx->certChain;
|
||||
|
|
@ -1084,6 +1098,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||
ssl->buffers.serverDH_P = ctx->serverDH_P;
|
||||
ssl->buffers.serverDH_G = ctx->serverDH_G;
|
||||
}
|
||||
#endif
|
||||
ssl->buffers.weOwnCert = 0;
|
||||
ssl->buffers.weOwnKey = 0;
|
||||
ssl->buffers.weOwnDH = 0;
|
||||
|
|
@ -1183,12 +1198,14 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||
}
|
||||
InitRsaKey(ssl->peerRsaKey, ctx->heap);
|
||||
#endif
|
||||
#ifndef NO_CERTS
|
||||
/* make sure server has cert and key unless using PSK */
|
||||
if (ssl->options.side == SERVER_END && !havePSK)
|
||||
if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) {
|
||||
CYASSL_MSG("Server missing certificate and/or private key");
|
||||
return NO_PRIVATE_KEY;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* make sure server has DH parms, and add PSK if there, add NTRU too */
|
||||
if (ssl->options.side == SERVER_END)
|
||||
|
|
@ -1224,6 +1241,9 @@ void SSL_ResourceFree(CYASSL* ssl)
|
|||
FreeArrays(ssl, 0);
|
||||
XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
|
||||
XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
|
||||
XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
|
||||
|
||||
#ifndef NO_CERTS
|
||||
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
|
||||
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
|
||||
/* parameters (p,g) may be owned by ctx */
|
||||
|
|
@ -1231,14 +1251,13 @@ void SSL_ResourceFree(CYASSL* ssl)
|
|||
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
|
||||
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
|
||||
}
|
||||
XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
|
||||
|
||||
/* CYASSL_CTX always owns certChain */
|
||||
if (ssl->buffers.weOwnCert)
|
||||
XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
|
||||
if (ssl->buffers.weOwnKey)
|
||||
XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
|
||||
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
if (ssl->peerRsaKey) {
|
||||
FreeRsaKey(ssl->peerRsaKey);
|
||||
|
|
@ -2093,6 +2112,8 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
|
|||
}
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||
{
|
||||
word32 listSz, i = *inOutIdx;
|
||||
|
|
@ -2427,6 +2448,8 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
|||
return ret;
|
||||
}
|
||||
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
||||
static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx)
|
||||
{
|
||||
|
|
@ -2583,10 +2606,12 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
|
|||
ret = DoServerHello(ssl, input, inOutIdx, size);
|
||||
break;
|
||||
|
||||
#ifndef NO_CERTS
|
||||
case certificate_request:
|
||||
CYASSL_MSG("processing certificate request");
|
||||
ret = DoCertificateRequest(ssl, input, inOutIdx);
|
||||
break;
|
||||
#endif
|
||||
|
||||
case server_key_exchange:
|
||||
CYASSL_MSG("processing server key exchange");
|
||||
|
|
@ -2594,10 +2619,12 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
|
|||
break;
|
||||
#endif
|
||||
|
||||
#ifndef NO_CERTS
|
||||
case certificate:
|
||||
CYASSL_MSG("processing certificate");
|
||||
ret = DoCertificate(ssl, input, inOutIdx);
|
||||
break;
|
||||
#endif
|
||||
|
||||
case server_hello_done:
|
||||
CYASSL_MSG("processing server hello done");
|
||||
|
|
@ -3777,7 +3804,7 @@ int SendFinished(CYASSL* ssl)
|
|||
return SendBuffered(ssl);
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
int SendCertificate(CYASSL* ssl)
|
||||
{
|
||||
int sendSz, length, ret = 0;
|
||||
|
|
@ -3938,6 +3965,7 @@ int SendCertificateRequest(CYASSL* ssl)
|
|||
else
|
||||
return SendBuffered(ssl);
|
||||
}
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
||||
int SendData(CYASSL* ssl, const void* data, int sz)
|
||||
|
|
@ -5380,6 +5408,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||
}
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
/* just read in and ignore for now TODO: */
|
||||
static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*
|
||||
inOutIdx)
|
||||
|
|
@ -5424,6 +5453,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
||||
static int DoServerKeyExchange(CYASSL* ssl, const byte* input,
|
||||
|
|
|
|||
12
src/ocsp.c
12
src/ocsp.c
|
|
@ -278,8 +278,8 @@ static int decode_http_response(byte* httpBuf, int httpBufSz, byte** dst)
|
|||
idx += 2; /* skip the crlf */
|
||||
} else {
|
||||
/* Advance idx past the next \r\n */
|
||||
char* end = strstr(&buf[idx], "\r\n");
|
||||
idx = end - buf + 2;
|
||||
char* end = XSTRSTR(&buf[idx], "\r\n");
|
||||
idx = (int)(end - buf + 2);
|
||||
stop = 1;
|
||||
}
|
||||
}
|
||||
|
|
@ -411,11 +411,11 @@ static int http_ocsp_transaction(CYASSL_OCSP* ocsp, DecodedCert* cert,
|
|||
tcp_connect(&sfd, domainName, port);
|
||||
if (sfd > 0) {
|
||||
int written;
|
||||
written = write(sfd, httpBuf, httpBufSz);
|
||||
written = (int)write(sfd, httpBuf, httpBufSz);
|
||||
if (written == httpBufSz) {
|
||||
written = write(sfd, ocspReqBuf, ocspReqSz);
|
||||
written = (int)write(sfd, ocspReqBuf, ocspReqSz);
|
||||
if (written == ocspReqSz) {
|
||||
httpBufSz = read(sfd, httpBuf, SCRATCH_BUFFER_SIZE);
|
||||
httpBufSz = (int)read(sfd, httpBuf, SCRATCH_BUFFER_SIZE);
|
||||
if (httpBufSz > 0) {
|
||||
ocspRespSz = decode_http_response(httpBuf, httpBufSz,
|
||||
ocspRespBuf);
|
||||
|
|
@ -457,7 +457,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
|||
byte ocspReqBuf[SCRATCH_BUFFER_SIZE];
|
||||
int ocspReqSz = SCRATCH_BUFFER_SIZE;
|
||||
byte* ocspRespBuf = NULL;
|
||||
int ocspRespSz;
|
||||
int ocspRespSz = 0;
|
||||
OcspRequest ocspRequest;
|
||||
OcspResponse ocspResponse;
|
||||
int result = 0;
|
||||
|
|
|
|||
80
src/ssl.c
80
src/ssl.c
|
|
@ -303,7 +303,8 @@ int CyaSSL_GetObjectSize(void)
|
|||
return sizeof(CYASSL);
|
||||
}
|
||||
|
||||
|
||||
/* XXX should be NO_DH */
|
||||
#ifndef NO_CERTS
|
||||
/* server Diffie-Hellman parameters */
|
||||
int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
|
||||
const unsigned char* g, int gSz)
|
||||
|
|
@ -355,6 +356,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
|
|||
CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
|
||||
return 0;
|
||||
}
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
||||
int CyaSSL_write(CYASSL* ssl, const void* data, int sz)
|
||||
|
|
@ -537,6 +539,8 @@ void CyaSSL_FreeArrays(CYASSL* ssl)
|
|||
}
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void)
|
||||
{
|
||||
CYASSL_CERT_MANAGER* cm = NULL;
|
||||
|
|
@ -581,6 +585,7 @@ void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
|
|||
|
||||
}
|
||||
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
||||
|
||||
|
|
@ -697,6 +702,7 @@ int CyaSSL_SetVersion(CYASSL* ssl, int version)
|
|||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
/* does CA already exist on signer list */
|
||||
int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash)
|
||||
|
|
@ -811,6 +817,8 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||
return ret;
|
||||
}
|
||||
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
||||
#ifndef NO_SESSION_CACHE
|
||||
|
||||
|
|
@ -859,6 +867,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||
|
||||
#endif /* NO_SESSION_CACHE */
|
||||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
/* Remove PEM header/footer, convert to ASN1, store any encrypted data
|
||||
info->consumed tracks of PEM bytes consumed in case multiple parts */
|
||||
|
|
@ -2190,7 +2199,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
|
|||
|
||||
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
|
||||
int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file,
|
||||
int format)
|
||||
|
|
@ -2217,6 +2226,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
|
|||
|
||||
#endif /* NO_FILESYSTEM */
|
||||
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
|
||||
{
|
||||
|
|
@ -2258,6 +2268,8 @@ void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc)
|
|||
}
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
/* store context CA Cache addition callback */
|
||||
void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb)
|
||||
{
|
||||
|
|
@ -2265,6 +2277,8 @@ void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb)
|
|||
ctx->cm->caCacheCallback = cb;
|
||||
}
|
||||
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
||||
#ifndef NO_SESSION_CACHE
|
||||
|
||||
|
|
@ -2542,12 +2556,13 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
|
|||
CYASSL_MSG("connect state: FIRST_REPLY_DONE");
|
||||
|
||||
case FIRST_REPLY_DONE :
|
||||
if (ssl->options.sendVerify)
|
||||
if ( (ssl->error = SendCertificate(ssl)) != 0) {
|
||||
CYASSL_ERROR(ssl->error);
|
||||
return SSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
#ifndef NO_CERTS
|
||||
if (ssl->options.sendVerify)
|
||||
if ( (ssl->error = SendCertificate(ssl)) != 0) {
|
||||
CYASSL_ERROR(ssl->error);
|
||||
return SSL_FATAL_ERROR;
|
||||
}
|
||||
#endif
|
||||
ssl->options.connectState = FIRST_REPLY_FIRST;
|
||||
CYASSL_MSG("connect state: FIRST_REPLY_FIRST");
|
||||
|
||||
|
|
@ -2665,14 +2680,16 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
|
|||
return SSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
/* in case used set_accept_state after init */
|
||||
if (!havePSK && (ssl->buffers.certificate.buffer == NULL ||
|
||||
ssl->buffers.key.buffer == NULL)) {
|
||||
CYASSL_MSG("accept error: don't have server cert and key");
|
||||
ssl->error = NO_PRIVATE_KEY;
|
||||
CYASSL_ERROR(ssl->error);
|
||||
return SSL_FATAL_ERROR;
|
||||
}
|
||||
#ifndef NO_CERTS
|
||||
/* in case used set_accept_state after init */
|
||||
if (!havePSK && (ssl->buffers.certificate.buffer == NULL ||
|
||||
ssl->buffers.key.buffer == NULL)) {
|
||||
CYASSL_MSG("accept error: don't have server cert and key");
|
||||
ssl->error = NO_PRIVATE_KEY;
|
||||
CYASSL_ERROR(ssl->error);
|
||||
return SSL_FATAL_ERROR;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
/* in case used set_accept_state after init */
|
||||
|
|
@ -2767,11 +2784,13 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
|
|||
CYASSL_MSG("accept state SERVER_HELLO_SENT");
|
||||
|
||||
case SERVER_HELLO_SENT :
|
||||
if (!ssl->options.resuming)
|
||||
if ( (ssl->error = SendCertificate(ssl)) != 0) {
|
||||
CYASSL_ERROR(ssl->error);
|
||||
return SSL_FATAL_ERROR;
|
||||
}
|
||||
#ifndef NO_CERTS
|
||||
if (!ssl->options.resuming)
|
||||
if ( (ssl->error = SendCertificate(ssl)) != 0) {
|
||||
CYASSL_ERROR(ssl->error);
|
||||
return SSL_FATAL_ERROR;
|
||||
}
|
||||
#endif
|
||||
ssl->options.acceptState = CERT_SENT;
|
||||
CYASSL_MSG("accept state CERT_SENT");
|
||||
|
||||
|
|
@ -2785,12 +2804,14 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
|
|||
CYASSL_MSG("accept state KEY_EXCHANGE_SENT");
|
||||
|
||||
case KEY_EXCHANGE_SENT :
|
||||
if (!ssl->options.resuming)
|
||||
if (ssl->options.verifyPeer)
|
||||
if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
|
||||
CYASSL_ERROR(ssl->error);
|
||||
return SSL_FATAL_ERROR;
|
||||
}
|
||||
#ifndef NO_CERTS
|
||||
if (!ssl->options.resuming)
|
||||
if (ssl->options.verifyPeer)
|
||||
if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
|
||||
CYASSL_ERROR(ssl->error);
|
||||
return SSL_FATAL_ERROR;
|
||||
}
|
||||
#endif
|
||||
ssl->options.acceptState = CERT_REQ_SENT;
|
||||
CYASSL_MSG("accept state CERT_REQ_SENT");
|
||||
|
||||
|
|
@ -3511,6 +3532,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
#endif /* NO_PSK */
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
/* used to be defined on NO_FILESYSTEM only, but are generally useful */
|
||||
|
||||
/* CyaSSL extension allows DER files to be loaded from buffers as well */
|
||||
|
|
@ -3575,6 +3597,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
}
|
||||
|
||||
/* old NO_FILESYSTEM end */
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
|
||||
|
|
@ -5423,6 +5446,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
}
|
||||
|
||||
|
||||
/* XXX shuld be NO_DH */
|
||||
#ifndef NO_CERTS
|
||||
/* server ctx Diffie-Hellman parameters */
|
||||
int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz,
|
||||
const unsigned char* g, int gSz)
|
||||
|
|
@ -5454,6 +5479,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0);
|
||||
return 0;
|
||||
}
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
||||
char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len)
|
||||
|
|
|
|||
|
|
@ -6,12 +6,12 @@
|
|||
check_PROGRAMS += tests/unit
|
||||
noinst_PROGRAMS += tests/unit
|
||||
tests_unit_SOURCES = \
|
||||
tests/unit.c \
|
||||
tests/api.c \
|
||||
tests/suites.c \
|
||||
tests/unit.c \
|
||||
tests/api.c \
|
||||
tests/suites.c \
|
||||
tests/hash.c \
|
||||
examples/client/client.c \
|
||||
examples/server/server.c
|
||||
examples/client/client.c \
|
||||
examples/server/server.c
|
||||
tests_unit_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(PTHREAD_CFLAGS)
|
||||
tests_unit_LDADD = src/libcyassl.la $(PTHREAD_LIBS)
|
||||
tests_unit_DEPENDENCIES = src/libcyassl.la
|
||||
|
|
@ -26,4 +26,4 @@ EXTRA_DIST += tests/test.conf \
|
|||
tests/test-aesgcm-ecc.conf \
|
||||
tests/test-aesgcm-openssl.conf \
|
||||
tests/test-dtls.conf \
|
||||
tests/test-psk-null.conf
|
||||
tests/test-psk-null.conf
|
||||
|
|
|
|||
Loading…
Reference in New Issue