WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'nocerts'

pull/1/head
John Safranek 2012-11-01 15:47:02 -07:00
parent ae905d70c4 90e6a4dd8c
commit 9aa8b71525
16 changed files with 535 additions and 427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -216,7 +216,7 @@ AC_ARG_ENABLE(leanpsk,
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH" AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS"
fi fi
AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"]) AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])

338
ctaocrypt/src/asn.c
View File

@ -1237,7 +1237,7 @@ static int GetKey(DecodedCert* cert)
if (b != ASN_BIT_STRING) if (b != ASN_BIT_STRING)
return ASN_BITSTR_E; return ASN_BITSTR_E;
if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) if (GetLength(cert->source,&cert->srcIdx,&length,cert->maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
b = cert->source[cert->srcIdx++]; b = cert->source[cert->srcIdx++];
if (b != 0x00) if (b != 0x00)
@ -2134,9 +2134,9 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
else { else {
/* make sure we're right justified */ /* make sure we're right justified */
encodedSigSz = encodedSigSz =
EncodeSignature(encodedSig, digest, digestSz, typeH); EncodeSignature(encodedSig, digest, digestSz, typeH);
if (encodedSigSz != verifySz || if (encodedSigSz != verifySz ||
XMEMCMP(out, encodedSig, encodedSigSz) != 0) { XMEMCMP(out, encodedSig, encodedSigSz) != 0) {
CYASSL_MSG("Rsa SSL verify match encode error"); CYASSL_MSG("Rsa SSL verify match encode error");
ret = 0; ret = 0;
} }
@ -2180,7 +2180,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
return 0; return 0;
} }
ret = ecc_verify_hash(sig, sigSz, digest, digestSz, &verify, &pubKey); ret = ecc_verify_hash(sig,sigSz,digest,digestSz,&verify,&pubKey);
ecc_free(&pubKey); ecc_free(&pubKey);
if (ret == 0 && verify == 1) if (ret == 0 && verify == 1)
return 1; /* match */ return 1; /* match */
@ -2631,257 +2631,6 @@ void FreeSigners(Signer* signer, void* heap)
} }
void CTaoCryptErrorString(int error, char* buffer)
{
const int max = MAX_ERROR_SZ; /* shorthand */
#ifdef NO_ERROR_STRINGS
XSTRNCPY(buffer, "no support for error strings built in", max);
#else
switch (error) {
case OPEN_RAN_E :
XSTRNCPY(buffer, "opening random device error", max);
break;
case READ_RAN_E :
XSTRNCPY(buffer, "reading random device error", max);
break;
case WINCRYPT_E :
XSTRNCPY(buffer, "windows crypt init error", max);
break;
case CRYPTGEN_E :
XSTRNCPY(buffer, "windows crypt generation error", max);
break;
case RAN_BLOCK_E :
XSTRNCPY(buffer, "random device read would block error", max);
break;
case MP_INIT_E :
XSTRNCPY(buffer, "mp_init error state", max);
break;
case MP_READ_E :
XSTRNCPY(buffer, "mp_read error state", max);
break;
case MP_EXPTMOD_E :
XSTRNCPY(buffer, "mp_exptmod error state", max);
break;
case MP_TO_E :
XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max);
break;
case MP_SUB_E :
XSTRNCPY(buffer, "mp_sub error state, can't subtract", max);
break;
case MP_ADD_E :
XSTRNCPY(buffer, "mp_add error state, can't add", max);
break;
case MP_MUL_E :
XSTRNCPY(buffer, "mp_mul error state, can't multiply", max);
break;
case MP_MULMOD_E :
XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max);
break;
case MP_MOD_E :
XSTRNCPY(buffer, "mp_mod error state, can't mod", max);
break;
case MP_INVMOD_E :
XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max);
break;
case MP_CMP_E :
XSTRNCPY(buffer, "mp_cmp error state", max);
break;
case MP_ZERO_E :
XSTRNCPY(buffer, "mp zero result, not expected", max);
break;
case MEMORY_E :
XSTRNCPY(buffer, "out of memory error", max);
break;
case RSA_WRONG_TYPE_E :
XSTRNCPY(buffer, "RSA wrong block type for RSA function", max);
break;
case RSA_BUFFER_E :
XSTRNCPY(buffer, "RSA buffer error, output too small or input too big",
max);
break;
case BUFFER_E :
XSTRNCPY(buffer, "Buffer error, output too small or input too big",max);
break;
case ALGO_ID_E :
XSTRNCPY(buffer, "Setting Cert AlogID error", max);
break;
case PUBLIC_KEY_E :
XSTRNCPY(buffer, "Setting Cert Public Key error", max);
break;
case DATE_E :
XSTRNCPY(buffer, "Setting Cert Date validity error", max);
break;
case SUBJECT_E :
XSTRNCPY(buffer, "Setting Cert Subject name error", max);
break;
case ISSUER_E :
XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
break;
case CA_TRUE_E :
XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
break;
case EXTENSIONS_E :
XSTRNCPY(buffer, "Setting extensions error", max);
break;
case ASN_PARSE_E :
XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
break;
case ASN_VERSION_E :
XSTRNCPY(buffer, "ASN version error, invalid number", max);
break;
case ASN_GETINT_E :
XSTRNCPY(buffer, "ASN get big int error, invalid data", max);
break;
case ASN_RSA_KEY_E :
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
break;
case ASN_OBJECT_ID_E :
XSTRNCPY(buffer, "ASN object id error, invalid id", max);
break;
case ASN_TAG_NULL_E :
XSTRNCPY(buffer, "ASN tag error, not null", max);
break;
case ASN_EXPECT_0_E :
XSTRNCPY(buffer, "ASN expect error, not zero", max);
break;
case ASN_BITSTR_E :
XSTRNCPY(buffer, "ASN bit string error, wrong id", max);
break;
case ASN_UNKNOWN_OID_E :
XSTRNCPY(buffer, "ASN oid error, unknown sum id", max);
break;
case ASN_DATE_SZ_E :
XSTRNCPY(buffer, "ASN date error, bad size", max);
break;
case ASN_BEFORE_DATE_E :
XSTRNCPY(buffer, "ASN date error, current date before", max);
break;
case ASN_AFTER_DATE_E :
XSTRNCPY(buffer, "ASN date error, current date after", max);
break;
case ASN_SIG_OID_E :
XSTRNCPY(buffer, "ASN signature error, mismatched oid", max);
break;
case ASN_TIME_E :
XSTRNCPY(buffer, "ASN time error, unkown time type", max);
break;
case ASN_INPUT_E :
XSTRNCPY(buffer, "ASN input error, not enough data", max);
break;
case ASN_SIG_CONFIRM_E :
XSTRNCPY(buffer, "ASN sig error, confirm failure", max);
break;
case ASN_SIG_HASH_E :
XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max);
break;
case ASN_SIG_KEY_E :
XSTRNCPY(buffer, "ASN sig error, unsupported key type", max);
break;
case ASN_DH_KEY_E :
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
break;
case ASN_NTRU_KEY_E :
XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max);
break;
case ECC_BAD_ARG_E :
XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max);
break;
case ASN_ECC_KEY_E :
XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max);
break;
case ECC_CURVE_OID_E :
XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max);
break;
case BAD_FUNC_ARG :
XSTRNCPY(buffer, "Bad function argument", max);
break;
case NOT_COMPILED_IN :
XSTRNCPY(buffer, "Feature not compiled in", max);
break;
case UNICODE_SIZE_E :
XSTRNCPY(buffer, "Unicode password too big", max);
break;
case NO_PASSWORD :
XSTRNCPY(buffer, "No password provided by user", max);
break;
case ALT_NAME_E :
XSTRNCPY(buffer, "Alt Name problem, too big", max);
break;
case AES_GCM_AUTH_E:
XSTRNCPY(buffer, "AES-GCM Authentication check fail", max);
break;
default:
XSTRNCPY(buffer, "unknown error number", max);
}
#endif /* NO_ERROR_STRINGS */
}
#if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) #if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN)
static int SetMyVersion(word32 version, byte* output, int header) static int SetMyVersion(word32 version, byte* output, int header)
@ -4396,90 +4145,90 @@ static int GetEnumerated(const byte* input, word32* inOutIdx, int *value)
static int DecodeSingleResponse(byte* source, static int DecodeSingleResponse(byte* source,
word32* ioIndex, OcspResponse* resp, word32 size) word32* ioIndex, OcspResponse* resp, word32 size)
{ {
word32 index = *ioIndex, prevIndex, oid; word32 idx = *ioIndex, prevIndex, oid;
int length, wrapperSz; int length, wrapperSz;
CertStatus* cs = resp->status; CertStatus* cs = resp->status;
CYASSL_ENTER("DecodeSingleResponse"); CYASSL_ENTER("DecodeSingleResponse");
/* Outer wrapper of the SEQUENCE OF Single Responses. */ /* Outer wrapper of the SEQUENCE OF Single Responses. */
if (GetSequence(source, &index, &wrapperSz, size) < 0) if (GetSequence(source, &idx, &wrapperSz, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
prevIndex = index; prevIndex = idx;
/* When making a request, we only request one status on one certificate /* When making a request, we only request one status on one certificate
* at a time. There should only be one SingleResponse */ * at a time. There should only be one SingleResponse */
/* Wrapper around the Single Response */ /* Wrapper around the Single Response */
if (GetSequence(source, &index, &length, size) < 0) if (GetSequence(source, &idx, &length, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
/* Wrapper around the CertID */ /* Wrapper around the CertID */
if (GetSequence(source, &index, &length, size) < 0) if (GetSequence(source, &idx, &length, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
/* Skip the hash algorithm */ /* Skip the hash algorithm */
if (GetAlgoId(source, &index, &oid, size) < 0) if (GetAlgoId(source, &idx, &oid, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
/* Save reference to the hash of CN */ /* Save reference to the hash of CN */
if (source[index++] != ASN_OCTET_STRING) if (source[idx++] != ASN_OCTET_STRING)
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetLength(source, &index, &length, size) < 0) if (GetLength(source, &idx, &length, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
resp->issuerHash = source + index; resp->issuerHash = source + idx;
index += length; idx += length;
/* Save reference to the hash of the issuer public key */ /* Save reference to the hash of the issuer public key */
if (source[index++] != ASN_OCTET_STRING) if (source[idx++] != ASN_OCTET_STRING)
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetLength(source, &index, &length, size) < 0) if (GetLength(source, &idx, &length, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
resp->issuerKeyHash = source + index; resp->issuerKeyHash = source + idx;
index += length; idx += length;
/* Read the serial number, it is handled as a string, not as a /* Read the serial number, it is handled as a string, not as a
* proper number. Just XMEMCPY the data over, rather than load it * proper number. Just XMEMCPY the data over, rather than load it
* as an mp_int. */ * as an mp_int. */
if (source[index++] != ASN_INTEGER) if (source[idx++] != ASN_INTEGER)
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetLength(source, &index, &length, size) < 0) if (GetLength(source, &idx, &length, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (length <= EXTERNAL_SERIAL_SIZE) if (length <= EXTERNAL_SERIAL_SIZE)
{ {
if (source[index] == 0) if (source[idx] == 0)
{ {
index++; idx++;
length--; length--;
} }
XMEMCPY(cs->serial, source + index, length); XMEMCPY(cs->serial, source + idx, length);
cs->serialSz = length; cs->serialSz = length;
} }
else else
{ {
return ASN_GETINT_E; return ASN_GETINT_E;
} }
index += length; idx += length;
/* CertStatus */ /* CertStatus */
switch (source[index++]) switch (source[idx++])
{ {
case (ASN_CONTEXT_SPECIFIC | CERT_GOOD): case (ASN_CONTEXT_SPECIFIC | CERT_GOOD):
cs->status = CERT_GOOD; cs->status = CERT_GOOD;
index++; idx++;
break; break;
case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED): case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED):
cs->status = CERT_REVOKED; cs->status = CERT_REVOKED;
GetLength(source, &index, &length, size); GetLength(source, &idx, &length, size);
index += length; idx += length;
break; break;
case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN): case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN):
cs->status = CERT_UNKNOWN; cs->status = CERT_UNKNOWN;
index++; idx++;
break; break;
default: default:
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if (GetBasicDate(source, &index, cs->thisDate, if (GetBasicDate(source, &idx, cs->thisDate,
&cs->thisDateFormat, size) < 0) &cs->thisDateFormat, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (!ValidateDate(cs->thisDate, cs->thisDateFormat, BEFORE)) if (!ValidateDate(cs->thisDate, cs->thisDateFormat, BEFORE))
@ -4488,26 +4237,26 @@ static int DecodeSingleResponse(byte* source,
/* The following items are optional. Only check for them if there is more /* The following items are optional. Only check for them if there is more
* unprocessed data in the singleResponse wrapper. */ * unprocessed data in the singleResponse wrapper. */
if ((index - prevIndex < wrapperSz) && if (((int)(idx - prevIndex) < wrapperSz) &&
(source[index] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))) (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)))
{ {
index++; idx++;
if (GetLength(source, &index, &length, size) < 0) if (GetLength(source, &idx, &length, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetBasicDate(source, &index, cs->nextDate, if (GetBasicDate(source, &idx, cs->nextDate,
&cs->nextDateFormat, size) < 0) &cs->nextDateFormat, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if ((index - prevIndex < wrapperSz) && if (((int)(idx - prevIndex) < wrapperSz) &&
(source[index] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))) (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)))
{ {
index++; idx++;
if (GetLength(source, &index, &length, size) < 0) if (GetLength(source, &idx, &length, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
index += length; idx += length;
} }
*ioIndex = index; *ioIndex = idx;
return 0; return 0;
} }
@ -4833,7 +4582,7 @@ static word32 SetOcspReqExtensions(word32 extSz, byte* output,
seqArray[1][0] = ASN_OBJECT_ID; seqArray[1][0] = ASN_OBJECT_ID;
seqSz[1] = 1 + SetLength(sizeof(NonceObjId), &seqArray[1][1]); seqSz[1] = 1 + SetLength(sizeof(NonceObjId), &seqArray[1][1]);
totalSz = seqSz[0] + seqSz[1] + nonceSz + sizeof(NonceObjId); totalSz = seqSz[0] + seqSz[1] + nonceSz + (word32)sizeof(NonceObjId);
seqSz[2] = SetSequence(totalSz, seqArray[2]); seqSz[2] = SetSequence(totalSz, seqArray[2]);
totalSz += seqSz[2]; totalSz += seqSz[2];
@ -4857,7 +4606,7 @@ static word32 SetOcspReqExtensions(word32 extSz, byte* output,
XMEMCPY(output + totalSz, seqArray[1], seqSz[1]); XMEMCPY(output + totalSz, seqArray[1], seqSz[1]);
totalSz += seqSz[1]; totalSz += seqSz[1];
XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId)); XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId));
totalSz += sizeof(NonceObjId); totalSz += (word32)sizeof(NonceObjId);
XMEMCPY(output + totalSz, seqArray[0], seqSz[0]); XMEMCPY(output + totalSz, seqArray[0], seqSz[0]);
totalSz += seqSz[0]; totalSz += seqSz[0];
XMEMCPY(output + totalSz, nonce, nonceSz); XMEMCPY(output + totalSz, nonce, nonceSz);
@ -4878,7 +4627,6 @@ int EncodeOcspRequest(OcspRequest* req)
byte snArray[MAX_SN_SZ]; byte snArray[MAX_SN_SZ];
byte extArray[MAX_OCSP_EXT_SZ]; byte extArray[MAX_OCSP_EXT_SZ];
byte* output = req->dest; byte* output = req->dest;
word32 outputSz = req->destSz;
RNG rng; RNG rng;
word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, extSz, totalSz; word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, extSz, totalSz;
int i; int i;

276
ctaocrypt/src/error.c 100644
View File

@ -0,0 +1,276 @@
/* error.c
*
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/ctaocrypt/error.h>
void CTaoCryptErrorString(int error, char* buffer)
{
const int max = MAX_ERROR_SZ; /* shorthand */
#ifdef NO_ERROR_STRINGS
XSTRNCPY(buffer, "no support for error strings built in", max);
#else
switch (error) {
case OPEN_RAN_E :
XSTRNCPY(buffer, "opening random device error", max);
break;
case READ_RAN_E :
XSTRNCPY(buffer, "reading random device error", max);
break;
case WINCRYPT_E :
XSTRNCPY(buffer, "windows crypt init error", max);
break;
case CRYPTGEN_E :
XSTRNCPY(buffer, "windows crypt generation error", max);
break;
case RAN_BLOCK_E :
XSTRNCPY(buffer, "random device read would block error", max);
break;
case MP_INIT_E :
XSTRNCPY(buffer, "mp_init error state", max);
break;
case MP_READ_E :
XSTRNCPY(buffer, "mp_read error state", max);
break;
case MP_EXPTMOD_E :
XSTRNCPY(buffer, "mp_exptmod error state", max);
break;
case MP_TO_E :
XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max);
break;
case MP_SUB_E :
XSTRNCPY(buffer, "mp_sub error state, can't subtract", max);
break;
case MP_ADD_E :
XSTRNCPY(buffer, "mp_add error state, can't add", max);
break;
case MP_MUL_E :
XSTRNCPY(buffer, "mp_mul error state, can't multiply", max);
break;
case MP_MULMOD_E :
XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max);
break;
case MP_MOD_E :
XSTRNCPY(buffer, "mp_mod error state, can't mod", max);
break;
case MP_INVMOD_E :
XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max);
break;
case MP_CMP_E :
XSTRNCPY(buffer, "mp_cmp error state", max);
break;
case MP_ZERO_E :
XSTRNCPY(buffer, "mp zero result, not expected", max);
break;
case MEMORY_E :
XSTRNCPY(buffer, "out of memory error", max);
break;
case RSA_WRONG_TYPE_E :
XSTRNCPY(buffer, "RSA wrong block type for RSA function", max);
break;
case RSA_BUFFER_E :
XSTRNCPY(buffer, "RSA buffer error, output too small or input too big",
max);
break;
case BUFFER_E :
XSTRNCPY(buffer, "Buffer error, output too small or input too big",max);
break;
case ALGO_ID_E :
XSTRNCPY(buffer, "Setting Cert AlogID error", max);
break;
case PUBLIC_KEY_E :
XSTRNCPY(buffer, "Setting Cert Public Key error", max);
break;
case DATE_E :
XSTRNCPY(buffer, "Setting Cert Date validity error", max);
break;
case SUBJECT_E :
XSTRNCPY(buffer, "Setting Cert Subject name error", max);
break;
case ISSUER_E :
XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
break;
case CA_TRUE_E :
XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
break;
case EXTENSIONS_E :
XSTRNCPY(buffer, "Setting extensions error", max);
break;
case ASN_PARSE_E :
XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
break;
case ASN_VERSION_E :
XSTRNCPY(buffer, "ASN version error, invalid number", max);
break;
case ASN_GETINT_E :
XSTRNCPY(buffer, "ASN get big int error, invalid data", max);
break;
case ASN_RSA_KEY_E :
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
break;
case ASN_OBJECT_ID_E :
XSTRNCPY(buffer, "ASN object id error, invalid id", max);
break;
case ASN_TAG_NULL_E :
XSTRNCPY(buffer, "ASN tag error, not null", max);
break;
case ASN_EXPECT_0_E :
XSTRNCPY(buffer, "ASN expect error, not zero", max);
break;
case ASN_BITSTR_E :
XSTRNCPY(buffer, "ASN bit string error, wrong id", max);
break;
case ASN_UNKNOWN_OID_E :
XSTRNCPY(buffer, "ASN oid error, unknown sum id", max);
break;
case ASN_DATE_SZ_E :
XSTRNCPY(buffer, "ASN date error, bad size", max);
break;
case ASN_BEFORE_DATE_E :
XSTRNCPY(buffer, "ASN date error, current date before", max);
break;
case ASN_AFTER_DATE_E :
XSTRNCPY(buffer, "ASN date error, current date after", max);
break;
case ASN_SIG_OID_E :
XSTRNCPY(buffer, "ASN signature error, mismatched oid", max);
break;
case ASN_TIME_E :
XSTRNCPY(buffer, "ASN time error, unkown time type", max);
break;
case ASN_INPUT_E :
XSTRNCPY(buffer, "ASN input error, not enough data", max);
break;
case ASN_SIG_CONFIRM_E :
XSTRNCPY(buffer, "ASN sig error, confirm failure", max);
break;
case ASN_SIG_HASH_E :
XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max);
break;
case ASN_SIG_KEY_E :
XSTRNCPY(buffer, "ASN sig error, unsupported key type", max);
break;
case ASN_DH_KEY_E :
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
break;
case ASN_NTRU_KEY_E :
XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max);
break;
case ECC_BAD_ARG_E :
XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max);
break;
case ASN_ECC_KEY_E :
XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max);
break;
case ECC_CURVE_OID_E :
XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max);
break;
case BAD_FUNC_ARG :
XSTRNCPY(buffer, "Bad function argument", max);
break;
case NOT_COMPILED_IN :
XSTRNCPY(buffer, "Feature not compiled in", max);
break;
case UNICODE_SIZE_E :
XSTRNCPY(buffer, "Unicode password too big", max);
break;
case NO_PASSWORD :
XSTRNCPY(buffer, "No password provided by user", max);
break;
case ALT_NAME_E :
XSTRNCPY(buffer, "Alt Name problem, too big", max);
break;
case AES_GCM_AUTH_E:
XSTRNCPY(buffer, "AES-GCM Authentication check fail", max);
break;
default:
XSTRNCPY(buffer, "unknown error number", max);
}
#endif /* NO_ERROR_STRINGS */
}

4
cyassl/ctaocrypt/asn.h
View File

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/ */
//#ifndef NO_ASN #ifndef NO_ASN
#ifndef CTAO_CRYPT_ASN_H #ifndef CTAO_CRYPT_ASN_H
#define CTAO_CRYPT_ASN_H #define CTAO_CRYPT_ASN_H
@ -485,4 +485,4 @@ CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
#endif /* CTAO_CRYPT_ASN_H */ #endif /* CTAO_CRYPT_ASN_H */
//#endif /* NO_ASN */ #endif /* !NO_ASN */

2
cyassl/ctaocrypt/rsa.h
View File

@ -80,4 +80,4 @@ CYASSL_API int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*,
#endif /* CTAO_CRYPT_RSA_H */ #endif /* CTAO_CRYPT_RSA_H */
#endif /* NO_RSA */ #endif /* NO_RSA */

38
cyassl/internal.h
View File

@ -182,7 +182,8 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA #define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
#endif #endif
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA) && defined(OPENSSL_EXTRA)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
#if !defined (NO_SHA256) #if !defined (NO_SHA256)
@ -829,6 +830,7 @@ struct CYASSL_CTX {
CYASSL_METHOD* method; CYASSL_METHOD* method;
CyaSSL_Mutex countMutex; /* reference count mutex */ CyaSSL_Mutex countMutex; /* reference count mutex */
int refCount; /* reference count */ int refCount; /* reference count */
#ifndef NO_CERTS
buffer certificate; buffer certificate;
buffer certChain; buffer certChain;
/* chain after self, in DER, with leading size for each cert */ /* chain after self, in DER, with leading size for each cert */
@ -836,6 +838,7 @@ struct CYASSL_CTX {
buffer serverDH_P; buffer serverDH_P;
buffer serverDH_G; buffer serverDH_G;
CYASSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ CYASSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
#endif
Suites suites; Suites suites;
void* heap; /* for user memory overrides */ void* heap; /* for user memory overrides */
byte verifyPeer; byte verifyPeer;
@ -887,10 +890,12 @@ int DeriveTlsKeys(CYASSL* ssl);
CYASSL_LOCAL CYASSL_LOCAL
int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx, int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
word32 inSz, word16 sz); word32 inSz, word16 sz);
CYASSL_LOCAL #ifndef NO_CERTS
int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify); CYASSL_LOCAL
CYASSL_LOCAL int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash); CYASSL_LOCAL
int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
#endif
/* All cipher suite related info */ /* All cipher suite related info */
typedef struct CipherSpecs { typedef struct CipherSpecs {
@ -1129,15 +1134,17 @@ enum AcceptState {
typedef struct Buffers { typedef struct Buffers {
#ifndef NO_CERTS
buffer certificate; /* CYASSL_CTX owns, unless we own */ buffer certificate; /* CYASSL_CTX owns, unless we own */
buffer key; /* CYASSL_CTX owns, unless we own */ buffer key; /* CYASSL_CTX owns, unless we own */
buffer certChain; /* CYASSL_CTX owns */ buffer certChain; /* CYASSL_CTX owns */
/* chain after self, in DER, with leading size for each cert */ /* chain after self, in DER, with leading size for each cert */
buffer domainName; /* for client check */
buffer serverDH_P; /* CYASSL_CTX owns, unless we own */ buffer serverDH_P; /* CYASSL_CTX owns, unless we own */
buffer serverDH_G; /* CYASSL_CTX owns, unless we own */ buffer serverDH_G; /* CYASSL_CTX owns, unless we own */
buffer serverDH_Pub; buffer serverDH_Pub;
buffer serverDH_Priv; buffer serverDH_Priv;
#endif
buffer domainName; /* for client check */
bufferStatic inputBuffer; bufferStatic inputBuffer;
bufferStatic outputBuffer; bufferStatic outputBuffer;
buffer clearOutputBuffer; buffer clearOutputBuffer;
@ -1376,13 +1383,16 @@ typedef struct EncryptedInfo {
CYASSL_CTX* ctx; /* CTX owner */ CYASSL_CTX* ctx; /* CTX owner */
} EncryptedInfo; } EncryptedInfo;
CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
buffer* der, void* heap, EncryptedInfo* info,
int* eccKey);
CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, #ifndef NO_CERTS
int type, CYASSL* ssl, int userChain, CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
CYASSL_CRL* crl); buffer* der, void* heap, EncryptedInfo* info,
int* eccKey);
CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
int type, CYASSL* ssl, int userChain,
CYASSL_CRL* crl);
#endif
#ifdef CYASSL_CALLBACKS #ifdef CYASSL_CALLBACKS
@ -1520,7 +1530,9 @@ CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl); CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl);
CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree); CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl); CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash); #ifndef NO_CERTS
CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
#endif
CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
const byte* sender); const byte* sender);
CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep); CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);

97
cyassl/ssl.h
View File

@ -151,7 +151,7 @@ CYASSL_API CYASSL_METHOD *CyaTLSv1_2_client_method(void);
CYASSL_API CYASSL_METHOD *CyaDTLSv1_server_method(void); CYASSL_API CYASSL_METHOD *CyaDTLSv1_server_method(void);
#endif #endif
#ifndef NO_FILESYSTEM #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int); CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int);
CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int); CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int);
@ -178,7 +178,7 @@ CYASSL_API int CyaSSL_use_RSAPrivateKey_file(CYASSL*, const char*, int);
CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int); CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int);
#endif /* NO_FILESYSTEM */ #endif /* !NO_FILESYSTEM && !NO_CERTS */
CYASSL_API CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD*); CYASSL_API CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD*);
CYASSL_API CYASSL* CyaSSL_new(CYASSL_CTX*); CYASSL_API CYASSL* CyaSSL_new(CYASSL_CTX*);
@ -618,8 +618,9 @@ CYASSL_API int CyaSSL_RAND_status(void);
CYASSL_API int CyaSSL_RAND_bytes(unsigned char* buf, int num); CYASSL_API int CyaSSL_RAND_bytes(unsigned char* buf, int num);
CYASSL_API CYASSL_METHOD *CyaSSLv23_server_method(void); CYASSL_API CYASSL_METHOD *CyaSSLv23_server_method(void);
CYASSL_API long CyaSSL_CTX_set_options(CYASSL_CTX*, long); CYASSL_API long CyaSSL_CTX_set_options(CYASSL_CTX*, long);
CYASSL_API int CyaSSL_CTX_check_private_key(CYASSL_CTX*); #ifndef NO_CERTS
CYASSL_API int CyaSSL_CTX_check_private_key(CYASSL_CTX*);
#endif /* !NO_CERTS */
CYASSL_API void CyaSSL_ERR_free_strings(void); CYASSL_API void CyaSSL_ERR_free_strings(void);
CYASSL_API void CyaSSL_ERR_remove_state(unsigned long); CYASSL_API void CyaSSL_ERR_remove_state(unsigned long);
@ -657,8 +658,8 @@ CYASSL_API void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX*,
void (*f)(CYASSL_CTX*, CYASSL_SESSION*)); void (*f)(CYASSL_CTX*, CYASSL_SESSION*));
CYASSL_API int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION*,unsigned char**); CYASSL_API int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION*,unsigned char**);
CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**,const unsigned char**, CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**,
long); const unsigned char**, long);
CYASSL_API long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION*); CYASSL_API long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION*);
CYASSL_API long CyaSSL_SESSION_get_time(const CYASSL_SESSION*); CYASSL_API long CyaSSL_SESSION_get_time(const CYASSL_SESSION*);
@ -714,6 +715,8 @@ CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*);
/* connect enough to get peer cert */ /* connect enough to get peer cert */
CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl); CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl);
/* XXX This should be #ifndef NO_DH */
#ifndef NO_CERTS
/* server Diffie-Hellman parameters */ /* server Diffie-Hellman parameters */
CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, const unsigned char* p, int pSz, CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, const unsigned char* p, int pSz,
const unsigned char* g, int gSz); const unsigned char* g, int gSz);
@ -734,6 +737,7 @@ CYASSL_API int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX*, unsigned short);
CYASSL_API int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX*, const char* f, CYASSL_API int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX*, const char* f,
int format); int format);
#endif #endif
#endif
/* keyblock size in bytes or -1 */ /* keyblock size in bytes or -1 */
/* need to call CyaSSL_KeepArrays before handshake to save keys */ /* need to call CyaSSL_KeepArrays before handshake to save keys */
@ -757,24 +761,27 @@ CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen,
#endif #endif
/* SSL_CTX versions */ #ifndef NO_CERTS
CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*, const unsigned char*, /* SSL_CTX versions */
long, int); CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*,
CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*,
const unsigned char*, long, int); const unsigned char*, long, int);
CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*, CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*,
const unsigned char*, long, int); const unsigned char*, long, int);
CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*, CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*,
const unsigned char*, long, int);
CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*,
const unsigned char*, long); const unsigned char*, long);
CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*);
/* SSL versions */ /* SSL versions */
CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*, CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*,
long, int); long, int);
CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*, long, CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*,
int); long, int);
CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*, CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*,
const unsigned char*, long); const unsigned char*, long);
#endif
CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*);
CYASSL_API int CyaSSL_set_group_messages(CYASSL*); CYASSL_API int CyaSSL_set_group_messages(CYASSL*);
/* I/O callbacks */ /* I/O callbacks */
@ -808,35 +815,39 @@ CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
typedef void (*CbMissingCRL)(const char* url); typedef void (*CbMissingCRL)(const char* url);
CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);
#ifndef NO_CERTS
CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);
CYASSL_API CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void); CYASSL_API CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void);
CYASSL_API void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER*); CYASSL_API void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER*);
CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f, CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
const char* d); const char* d);
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f, CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
int format); int format);
CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
const unsigned char* buff, int sz, int format); const unsigned char* buff, int sz, int format);
CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*, CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*,
int sz); unsigned char*, int sz);
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options); CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*,
CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*); int options);
CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*, int, CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
int); CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*,
CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL); int, int);
CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*,
CbMissingCRL);
CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options); CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl); CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int); CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int);
CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL); CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);
CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options); CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx); CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int); CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL); CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);
#endif /* !NO_CERTS */
/* end of handshake frees temporary arrays, if user needs for get_keys or /* end of handshake frees temporary arrays, if user needs for get_keys or
psk hints, call KeepArrays before handshake and then FreeArrays when done psk hints, call KeepArrays before handshake and then FreeArrays when done

6
cyassl/test.h
View File

@ -643,7 +643,7 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
#endif /* USE_WINDOWS_API */ #endif /* USE_WINDOWS_API */
#ifdef NO_FILESYSTEM #if defined(NO_FILESYSTEM) && !defined(NO_CERTS)
enum { enum {
CYASSL_CA = 1, CYASSL_CA = 1,
@ -731,6 +731,8 @@ static INLINE void CRL_CallBack(const char* url)
#endif #endif
#ifndef NO_CERTS
static INLINE void CaCb(unsigned char* der, int sz, int type) static INLINE void CaCb(unsigned char* der, int sz, int type)
{ {
(void)der; (void)der;
@ -792,6 +794,8 @@ static INLINE void SetDHCtx(CYASSL_CTX* ctx)
CyaSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g)); CyaSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
} }
#endif /* !NO_CERTS */
#ifdef USE_WINDOWS_API #ifdef USE_WINDOWS_API
/* do back x number of directories */ /* do back x number of directories */

2
examples/echoclient/echoclient.c
View File

@ -91,7 +91,7 @@ void echoclient_test(void* args)
if (SSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS) if (SSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir"); err_sys("can't load ca file, Please run from CyaSSL home dir");
#endif #endif
#else #elif !defined(NO_CERTS)
if (!doLeanPSK) if (!doLeanPSK)
load_buffer(ctx, caCert, CYASSL_CA); load_buffer(ctx, caCert, CYASSL_CA);
#endif #endif

4
examples/echoserver/echoserver.c
View File

@ -140,7 +140,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
err_sys("can't load server key file, " err_sys("can't load server key file, "
"Please run from CyaSSL home dir"); "Please run from CyaSSL home dir");
#endif #endif
#else #elif !defined(NO_CERTS)
if (!doLeanPSK) { if (!doLeanPSK) {
load_buffer(ctx, svrCert, CYASSL_CERT); load_buffer(ctx, svrCert, CYASSL_CERT);
load_buffer(ctx, svrKey, CYASSL_KEY); load_buffer(ctx, svrKey, CYASSL_KEY);
@ -184,7 +184,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_set_fd(ssl, clientfd); CyaSSL_set_fd(ssl, clientfd);
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#else #elif !defined(NO_CERTS)
SetDH(ssl); /* will repick suites with DHE, higher than PSK */ SetDH(ssl); /* will repick suites with DHE, higher than PSK */
#endif #endif
if (CyaSSL_accept(ssl) != SSL_SUCCESS) { if (CyaSSL_accept(ssl) != SSL_SUCCESS) {

2
examples/server/server.c
View File

@ -330,7 +330,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (usePsk == 0) { if (usePsk == 0) {
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#else #elif !defined(NO_CERTS)
SetDH(ssl); /* repick suites with DHE, higher priority than PSK */ SetDH(ssl); /* repick suites with DHE, higher priority than PSK */
#endif #endif
} }

43
src/include.am
View File

@ -4,24 +4,24 @@
lib_LTLIBRARIES+= src/libcyassl.la lib_LTLIBRARIES+= src/libcyassl.la
src_libcyassl_la_SOURCES = \ src_libcyassl_la_SOURCES = \
src/internal.c \ src/internal.c \
src/io.c \ src/io.c \
src/keys.c \ src/keys.c \
src/ssl.c \ src/ssl.c \
src/tls.c \ src/tls.c \
ctaocrypt/src/asn.c \ ctaocrypt/src/coding.c \
ctaocrypt/src/coding.c \ ctaocrypt/src/des3.c \
ctaocrypt/src/des3.c \ ctaocrypt/src/hmac.c \
ctaocrypt/src/hmac.c \ ctaocrypt/src/md5.c \
ctaocrypt/src/md5.c \ ctaocrypt/src/md4.c \
ctaocrypt/src/md4.c \ ctaocrypt/src/random.c \
ctaocrypt/src/random.c \ ctaocrypt/src/sha.c \
ctaocrypt/src/sha.c \ ctaocrypt/src/sha256.c \
ctaocrypt/src/sha256.c \ ctaocrypt/src/arc4.c \
ctaocrypt/src/arc4.c \ ctaocrypt/src/pwdbased.c \
ctaocrypt/src/pwdbased.c \ ctaocrypt/src/logging.c \
ctaocrypt/src/logging.c \ ctaocrypt/src/error.c \
ctaocrypt/src/memory.c ctaocrypt/src/memory.c
src_libcyassl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${CYASSL_LIBRARY_VERSION} src_libcyassl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${CYASSL_LIBRARY_VERSION}
src_libcyassl_la_LIBADD = $(LIBM) src_libcyassl_la_LIBADD = $(LIBM)
src_libcyassl_la_CFLAGS = -DBUILDING_CYASSL $(AM_CFLAGS) src_libcyassl_la_CFLAGS = -DBUILDING_CYASSL $(AM_CFLAGS)
@ -29,9 +29,10 @@ src_libcyassl_la_CPPFLAGS = -DBUILDING_CYASSL $(AM_CPPFLAGS)
if !BUILD_LEANPSK if !BUILD_LEANPSK
src_libcyassl_la_SOURCES += ctaocrypt/src/rsa.c \ src_libcyassl_la_SOURCES += ctaocrypt/src/rsa.c \
ctaocrypt/src/dh.c \ ctaocrypt/src/asn.c \
ctaocrypt/src/dsa.c \ ctaocrypt/src/dh.c \
ctaocrypt/src/aes.c ctaocrypt/src/dsa.c \
ctaocrypt/src/aes.c
endif endif
if BUILD_AESNI if BUILD_AESNI

44
src/internal.c
View File

@ -64,8 +64,10 @@
#ifndef NO_CYASSL_CLIENT #ifndef NO_CYASSL_CLIENT
static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*); static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*);
static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32); static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32);
static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*);
static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*); static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*);
#ifndef NO_CERTS
static int DoCertificateRequest(CYASSL* ssl, const byte* input,word32*);
#endif
#endif #endif
@ -324,11 +326,13 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
{ {
ctx->method = method; ctx->method = method;
ctx->refCount = 1; /* so either CTX_free or SSL_free can release */ ctx->refCount = 1; /* so either CTX_free or SSL_free can release */
#ifndef NO_CERTS
ctx->certificate.buffer = 0; ctx->certificate.buffer = 0;
ctx->certChain.buffer = 0; ctx->certChain.buffer = 0;
ctx->privateKey.buffer = 0; ctx->privateKey.buffer = 0;
ctx->serverDH_P.buffer = 0; ctx->serverDH_P.buffer = 0;
ctx->serverDH_G.buffer = 0; ctx->serverDH_G.buffer = 0;
#endif
ctx->haveDH = 0; ctx->haveDH = 0;
ctx->haveNTRU = 0; /* start off */ ctx->haveNTRU = 0; /* start off */
ctx->haveECDSAsig = 0; /* start off */ ctx->haveECDSAsig = 0; /* start off */
@ -369,7 +373,9 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
ctx->partialWrite = 0; ctx->partialWrite = 0;
ctx->verifyCallback = 0; ctx->verifyCallback = 0;
#ifndef NO_CERTS
ctx->cm = CyaSSL_CertManagerNew(); ctx->cm = CyaSSL_CertManagerNew();
#endif
#ifdef HAVE_NTRU #ifdef HAVE_NTRU
if (method->side == CLIENT_END) if (method->side == CLIENT_END)
ctx->haveNTRU = 1; /* always on cliet side */ ctx->haveNTRU = 1; /* always on cliet side */
@ -401,10 +407,12 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
CYASSL_MSG("Mutex error on CTX init"); CYASSL_MSG("Mutex error on CTX init");
return BAD_MUTEX_ERROR; return BAD_MUTEX_ERROR;
} }
#ifndef NO_CERTS
if (ctx->cm == NULL) { if (ctx->cm == NULL) {
CYASSL_MSG("Bad Cert Manager New"); CYASSL_MSG("Bad Cert Manager New");
return BAD_CERT_MANAGER_ERROR; return BAD_CERT_MANAGER_ERROR;
} }
#endif
return 0; return 0;
} }
@ -412,15 +420,16 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
/* In case contexts are held in array and don't want to free actual ctx */ /* In case contexts are held in array and don't want to free actual ctx */
void SSL_CtxResourceFree(CYASSL_CTX* ctx) void SSL_CtxResourceFree(CYASSL_CTX* ctx)
{ {
XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
#ifndef NO_CERTS
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH); XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY); XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT); XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
XFREE(ctx->certChain.buffer, ctx->heap, DYNAMIC_TYPE_CERT); XFREE(ctx->certChain.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
CyaSSL_CertManagerFree(ctx->cm); CyaSSL_CertManagerFree(ctx->cm);
#endif
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
CyaSSL_OCSP_Cleanup(&ctx->ocsp); CyaSSL_OCSP_Cleanup(&ctx->ocsp);
#endif #endif
@ -940,9 +949,11 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
haveRSA = 1; haveRSA = 1;
#endif #endif
#ifndef NO_CERTS
ssl->buffers.certificate.buffer = 0; ssl->buffers.certificate.buffer = 0;
ssl->buffers.key.buffer = 0; ssl->buffers.key.buffer = 0;
ssl->buffers.certChain.buffer = 0; ssl->buffers.certChain.buffer = 0;
#endif
ssl->buffers.inputBuffer.length = 0; ssl->buffers.inputBuffer.length = 0;
ssl->buffers.inputBuffer.idx = 0; ssl->buffers.inputBuffer.idx = 0;
ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer; ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
@ -954,10 +965,12 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
ssl->buffers.outputBuffer.dynamicFlag = 0; ssl->buffers.outputBuffer.dynamicFlag = 0;
ssl->buffers.domainName.buffer = 0; ssl->buffers.domainName.buffer = 0;
#ifndef NO_CERTS
ssl->buffers.serverDH_P.buffer = 0; ssl->buffers.serverDH_P.buffer = 0;
ssl->buffers.serverDH_G.buffer = 0; ssl->buffers.serverDH_G.buffer = 0;
ssl->buffers.serverDH_Pub.buffer = 0; ssl->buffers.serverDH_Pub.buffer = 0;
ssl->buffers.serverDH_Priv.buffer = 0; ssl->buffers.serverDH_Priv.buffer = 0;
#endif
ssl->buffers.clearOutputBuffer.buffer = 0; ssl->buffers.clearOutputBuffer.buffer = 0;
ssl->buffers.clearOutputBuffer.length = 0; ssl->buffers.clearOutputBuffer.length = 0;
ssl->buffers.prevSent = 0; ssl->buffers.prevSent = 0;
@ -1076,6 +1089,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->options.usingNonblock = 0; ssl->options.usingNonblock = 0;
ssl->options.saveArrays = 0; ssl->options.saveArrays = 0;
#ifndef NO_CERTS
/* ctx still owns certificate, certChain, key, dh, and cm */ /* ctx still owns certificate, certChain, key, dh, and cm */
ssl->buffers.certificate = ctx->certificate; ssl->buffers.certificate = ctx->certificate;
ssl->buffers.certChain = ctx->certChain; ssl->buffers.certChain = ctx->certChain;
@ -1084,6 +1098,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->buffers.serverDH_P = ctx->serverDH_P; ssl->buffers.serverDH_P = ctx->serverDH_P;
ssl->buffers.serverDH_G = ctx->serverDH_G; ssl->buffers.serverDH_G = ctx->serverDH_G;
} }
#endif
ssl->buffers.weOwnCert = 0; ssl->buffers.weOwnCert = 0;
ssl->buffers.weOwnKey = 0; ssl->buffers.weOwnKey = 0;
ssl->buffers.weOwnDH = 0; ssl->buffers.weOwnDH = 0;
@ -1183,12 +1198,14 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
} }
InitRsaKey(ssl->peerRsaKey, ctx->heap); InitRsaKey(ssl->peerRsaKey, ctx->heap);
#endif #endif
#ifndef NO_CERTS
/* make sure server has cert and key unless using PSK */ /* make sure server has cert and key unless using PSK */
if (ssl->options.side == SERVER_END && !havePSK) if (ssl->options.side == SERVER_END && !havePSK)
if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) { if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) {
CYASSL_MSG("Server missing certificate and/or private key"); CYASSL_MSG("Server missing certificate and/or private key");
return NO_PRIVATE_KEY; return NO_PRIVATE_KEY;
} }
#endif
/* make sure server has DH parms, and add PSK if there, add NTRU too */ /* make sure server has DH parms, and add PSK if there, add NTRU too */
if (ssl->options.side == SERVER_END) if (ssl->options.side == SERVER_END)
@ -1224,6 +1241,9 @@ void SSL_ResourceFree(CYASSL* ssl)
FreeArrays(ssl, 0); FreeArrays(ssl, 0);
XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
#ifndef NO_CERTS
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH); XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH); XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
/* parameters (p,g) may be owned by ctx */ /* parameters (p,g) may be owned by ctx */
@ -1231,14 +1251,13 @@ void SSL_ResourceFree(CYASSL* ssl)
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH); XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH); XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
} }
XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
/* CYASSL_CTX always owns certChain */ /* CYASSL_CTX always owns certChain */
if (ssl->buffers.weOwnCert) if (ssl->buffers.weOwnCert)
XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT); XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
if (ssl->buffers.weOwnKey) if (ssl->buffers.weOwnKey)
XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
#endif
#ifndef NO_RSA #ifndef NO_RSA
if (ssl->peerRsaKey) { if (ssl->peerRsaKey) {
FreeRsaKey(ssl->peerRsaKey); FreeRsaKey(ssl->peerRsaKey);
@ -2093,6 +2112,8 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
} }
#ifndef NO_CERTS
static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx) static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
{ {
word32 listSz, i = *inOutIdx; word32 listSz, i = *inOutIdx;
@ -2427,6 +2448,8 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
return ret; return ret;
} }
#endif /* !NO_CERTS */
static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx) static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx)
{ {
@ -2583,10 +2606,12 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
ret = DoServerHello(ssl, input, inOutIdx, size); ret = DoServerHello(ssl, input, inOutIdx, size);
break; break;
#ifndef NO_CERTS
case certificate_request: case certificate_request:
CYASSL_MSG("processing certificate request"); CYASSL_MSG("processing certificate request");
ret = DoCertificateRequest(ssl, input, inOutIdx); ret = DoCertificateRequest(ssl, input, inOutIdx);
break; break;
#endif
case server_key_exchange: case server_key_exchange:
CYASSL_MSG("processing server key exchange"); CYASSL_MSG("processing server key exchange");
@ -2594,10 +2619,12 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
break; break;
#endif #endif
#ifndef NO_CERTS
case certificate: case certificate:
CYASSL_MSG("processing certificate"); CYASSL_MSG("processing certificate");
ret = DoCertificate(ssl, input, inOutIdx); ret = DoCertificate(ssl, input, inOutIdx);
break; break;
#endif
case server_hello_done: case server_hello_done:
CYASSL_MSG("processing server hello done"); CYASSL_MSG("processing server hello done");
@ -3777,7 +3804,7 @@ int SendFinished(CYASSL* ssl)
return SendBuffered(ssl); return SendBuffered(ssl);
} }
#ifndef NO_CERTS
int SendCertificate(CYASSL* ssl) int SendCertificate(CYASSL* ssl)
{ {
int sendSz, length, ret = 0; int sendSz, length, ret = 0;
@ -3938,6 +3965,7 @@ int SendCertificateRequest(CYASSL* ssl)
else else
return SendBuffered(ssl); return SendBuffered(ssl);
} }
#endif /* !NO_CERTS */
int SendData(CYASSL* ssl, const void* data, int sz) int SendData(CYASSL* ssl, const void* data, int sz)
@ -5380,6 +5408,7 @@ int SetCipherList(Suites* s, const char* list)
} }
#ifndef NO_CERTS
/* just read in and ignore for now TODO: */ /* just read in and ignore for now TODO: */
static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32* static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*
inOutIdx) inOutIdx)
@ -5424,6 +5453,7 @@ int SetCipherList(Suites* s, const char* list)
return 0; return 0;
} }
#endif /* !NO_CERTS */
static int DoServerKeyExchange(CYASSL* ssl, const byte* input, static int DoServerKeyExchange(CYASSL* ssl, const byte* input,

12
src/ocsp.c
View File

@ -278,8 +278,8 @@ static int decode_http_response(byte* httpBuf, int httpBufSz, byte** dst)
idx += 2; /* skip the crlf */ idx += 2; /* skip the crlf */
} else { } else {
/* Advance idx past the next \r\n */ /* Advance idx past the next \r\n */
char* end = strstr(&buf[idx], "\r\n"); char* end = XSTRSTR(&buf[idx], "\r\n");
idx = end - buf + 2; idx = (int)(end - buf + 2);
stop = 1; stop = 1;
} }
} }
@ -411,11 +411,11 @@ static int http_ocsp_transaction(CYASSL_OCSP* ocsp, DecodedCert* cert,
tcp_connect(&sfd, domainName, port); tcp_connect(&sfd, domainName, port);
if (sfd > 0) { if (sfd > 0) {
int written; int written;
written = write(sfd, httpBuf, httpBufSz); written = (int)write(sfd, httpBuf, httpBufSz);
if (written == httpBufSz) { if (written == httpBufSz) {
written = write(sfd, ocspReqBuf, ocspReqSz); written = (int)write(sfd, ocspReqBuf, ocspReqSz);
if (written == ocspReqSz) { if (written == ocspReqSz) {
httpBufSz = read(sfd, httpBuf, SCRATCH_BUFFER_SIZE); httpBufSz = (int)read(sfd, httpBuf, SCRATCH_BUFFER_SIZE);
if (httpBufSz > 0) { if (httpBufSz > 0) {
ocspRespSz = decode_http_response(httpBuf, httpBufSz, ocspRespSz = decode_http_response(httpBuf, httpBufSz,
ocspRespBuf); ocspRespBuf);
@ -457,7 +457,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
byte ocspReqBuf[SCRATCH_BUFFER_SIZE]; byte ocspReqBuf[SCRATCH_BUFFER_SIZE];
int ocspReqSz = SCRATCH_BUFFER_SIZE; int ocspReqSz = SCRATCH_BUFFER_SIZE;
byte* ocspRespBuf = NULL; byte* ocspRespBuf = NULL;
int ocspRespSz; int ocspRespSz = 0;
OcspRequest ocspRequest; OcspRequest ocspRequest;
OcspResponse ocspResponse; OcspResponse ocspResponse;
int result = 0; int result = 0;

80
src/ssl.c
View File

@ -303,7 +303,8 @@ int CyaSSL_GetObjectSize(void)
return sizeof(CYASSL); return sizeof(CYASSL);
} }
/* XXX should be NO_DH */
#ifndef NO_CERTS
/* server Diffie-Hellman parameters */ /* server Diffie-Hellman parameters */
int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz, int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
const unsigned char* g, int gSz) const unsigned char* g, int gSz)
@ -355,6 +356,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
CYASSL_LEAVE("CyaSSL_SetTmpDH", 0); CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
return 0; return 0;
} }
#endif /* !NO_CERTS */
int CyaSSL_write(CYASSL* ssl, const void* data, int sz) int CyaSSL_write(CYASSL* ssl, const void* data, int sz)
@ -537,6 +539,8 @@ void CyaSSL_FreeArrays(CYASSL* ssl)
} }
#ifndef NO_CERTS
CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void) CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void)
{ {
CYASSL_CERT_MANAGER* cm = NULL; CYASSL_CERT_MANAGER* cm = NULL;
@ -581,6 +585,7 @@ void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
} }
#endif /* !NO_CERTS */
@ -697,6 +702,7 @@ int CyaSSL_SetVersion(CYASSL* ssl, int version)
return SSL_SUCCESS; return SSL_SUCCESS;
} }
#ifndef NO_CERTS
/* does CA already exist on signer list */ /* does CA already exist on signer list */
int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash) int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash)
@ -811,6 +817,8 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
return ret; return ret;
} }
#endif /* !NO_CERTS */
#ifndef NO_SESSION_CACHE #ifndef NO_SESSION_CACHE
@ -859,6 +867,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
#endif /* NO_SESSION_CACHE */ #endif /* NO_SESSION_CACHE */
#ifndef NO_CERTS
/* Remove PEM header/footer, convert to ASN1, store any encrypted data /* Remove PEM header/footer, convert to ASN1, store any encrypted data
info->consumed tracks of PEM bytes consumed in case multiple parts */ info->consumed tracks of PEM bytes consumed in case multiple parts */
@ -2190,7 +2199,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA)
int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file, int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file,
int format) int format)
@ -2217,6 +2226,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
#endif /* NO_FILESYSTEM */ #endif /* NO_FILESYSTEM */
#endif /* !NO_CERTS */
void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc) void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
{ {
@ -2258,6 +2268,8 @@ void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc)
} }
#ifndef NO_CERTS
/* store context CA Cache addition callback */ /* store context CA Cache addition callback */
void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb) void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb)
{ {
@ -2265,6 +2277,8 @@ void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb)
ctx->cm->caCacheCallback = cb; ctx->cm->caCacheCallback = cb;
} }
#endif /* !NO_CERTS */
#ifndef NO_SESSION_CACHE #ifndef NO_SESSION_CACHE
@ -2542,12 +2556,13 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_MSG("connect state: FIRST_REPLY_DONE"); CYASSL_MSG("connect state: FIRST_REPLY_DONE");
case FIRST_REPLY_DONE : case FIRST_REPLY_DONE :
if (ssl->options.sendVerify) #ifndef NO_CERTS
if ( (ssl->error = SendCertificate(ssl)) != 0) { if (ssl->options.sendVerify)
CYASSL_ERROR(ssl->error); if ( (ssl->error = SendCertificate(ssl)) != 0) {
return SSL_FATAL_ERROR; CYASSL_ERROR(ssl->error);
} return SSL_FATAL_ERROR;
}
#endif
ssl->options.connectState = FIRST_REPLY_FIRST; ssl->options.connectState = FIRST_REPLY_FIRST;
CYASSL_MSG("connect state: FIRST_REPLY_FIRST"); CYASSL_MSG("connect state: FIRST_REPLY_FIRST");
@ -2665,14 +2680,16 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
return SSL_FATAL_ERROR; return SSL_FATAL_ERROR;
} }
/* in case used set_accept_state after init */ #ifndef NO_CERTS
if (!havePSK && (ssl->buffers.certificate.buffer == NULL || /* in case used set_accept_state after init */
ssl->buffers.key.buffer == NULL)) { if (!havePSK && (ssl->buffers.certificate.buffer == NULL ||
CYASSL_MSG("accept error: don't have server cert and key"); ssl->buffers.key.buffer == NULL)) {
ssl->error = NO_PRIVATE_KEY; CYASSL_MSG("accept error: don't have server cert and key");
CYASSL_ERROR(ssl->error); ssl->error = NO_PRIVATE_KEY;
return SSL_FATAL_ERROR; CYASSL_ERROR(ssl->error);
} return SSL_FATAL_ERROR;
}
#endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
/* in case used set_accept_state after init */ /* in case used set_accept_state after init */
@ -2767,11 +2784,13 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_MSG("accept state SERVER_HELLO_SENT"); CYASSL_MSG("accept state SERVER_HELLO_SENT");
case SERVER_HELLO_SENT : case SERVER_HELLO_SENT :
if (!ssl->options.resuming) #ifndef NO_CERTS
if ( (ssl->error = SendCertificate(ssl)) != 0) { if (!ssl->options.resuming)
CYASSL_ERROR(ssl->error); if ( (ssl->error = SendCertificate(ssl)) != 0) {
return SSL_FATAL_ERROR; CYASSL_ERROR(ssl->error);
} return SSL_FATAL_ERROR;
}
#endif
ssl->options.acceptState = CERT_SENT; ssl->options.acceptState = CERT_SENT;
CYASSL_MSG("accept state CERT_SENT"); CYASSL_MSG("accept state CERT_SENT");
@ -2785,12 +2804,14 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_MSG("accept state KEY_EXCHANGE_SENT"); CYASSL_MSG("accept state KEY_EXCHANGE_SENT");
case KEY_EXCHANGE_SENT : case KEY_EXCHANGE_SENT :
if (!ssl->options.resuming) #ifndef NO_CERTS
if (ssl->options.verifyPeer) if (!ssl->options.resuming)
if ( (ssl->error = SendCertificateRequest(ssl)) != 0) { if (ssl->options.verifyPeer)
CYASSL_ERROR(ssl->error); if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
return SSL_FATAL_ERROR; CYASSL_ERROR(ssl->error);
} return SSL_FATAL_ERROR;
}
#endif
ssl->options.acceptState = CERT_REQ_SENT; ssl->options.acceptState = CERT_REQ_SENT;
CYASSL_MSG("accept state CERT_REQ_SENT"); CYASSL_MSG("accept state CERT_REQ_SENT");
@ -3511,6 +3532,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
#endif /* NO_PSK */ #endif /* NO_PSK */
#ifndef NO_CERTS
/* used to be defined on NO_FILESYSTEM only, but are generally useful */ /* used to be defined on NO_FILESYSTEM only, but are generally useful */
/* CyaSSL extension allows DER files to be loaded from buffers as well */ /* CyaSSL extension allows DER files to be loaded from buffers as well */
@ -3575,6 +3597,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
} }
/* old NO_FILESYSTEM end */ /* old NO_FILESYSTEM end */
#endif /* !NO_CERTS */
#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
@ -5423,6 +5446,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
} }
/* XXX shuld be NO_DH */
#ifndef NO_CERTS
/* server ctx Diffie-Hellman parameters */ /* server ctx Diffie-Hellman parameters */
int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz, int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz,
const unsigned char* g, int gSz) const unsigned char* g, int gSz)
@ -5454,6 +5479,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0); CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0);
return 0; return 0;
} }
#endif /* !NO_CERTS */
char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len) char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len)

12
tests/include.am
View File

@ -6,12 +6,12 @@
check_PROGRAMS += tests/unit check_PROGRAMS += tests/unit
noinst_PROGRAMS += tests/unit noinst_PROGRAMS += tests/unit
tests_unit_SOURCES = \ tests_unit_SOURCES = \
tests/unit.c \ tests/unit.c \
tests/api.c \ tests/api.c \
tests/suites.c \ tests/suites.c \
tests/hash.c \ tests/hash.c \
examples/client/client.c \ examples/client/client.c \
examples/server/server.c examples/server/server.c
tests_unit_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(PTHREAD_CFLAGS) tests_unit_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(PTHREAD_CFLAGS)
tests_unit_LDADD = src/libcyassl.la $(PTHREAD_LIBS) tests_unit_LDADD = src/libcyassl.la $(PTHREAD_LIBS)
tests_unit_DEPENDENCIES = src/libcyassl.la tests_unit_DEPENDENCIES = src/libcyassl.la
@ -26,4 +26,4 @@ EXTRA_DIST += tests/test.conf \
tests/test-aesgcm-ecc.conf \ tests/test-aesgcm-ecc.conf \
tests/test-aesgcm-openssl.conf \ tests/test-aesgcm-openssl.conf \
tests/test-dtls.conf \ tests/test-dtls.conf \
tests/test-psk-null.conf tests/test-psk-null.conf