WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

merge conflict

pull/1/head
toddouska 2012-04-26 15:01:00 -07:00
parent 0f5b0ff8c3 8fe36b417f
commit dd431dbeff
12 changed files with 160 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
configure.ac
View File

@ -6,7 +6,7 @@
#
#
AC_INIT([cyassl],[2.1.0],[http://www.yassl.com])
AC_INIT([cyassl],[2.1.1],[http://www.yassl.com])
AC_CONFIG_AUX_DIR(config)
@ -199,7 +199,7 @@ AC_ARG_ENABLE(bump,
if test "$ENABLED_BUMP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD"
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD -DCYASSL_ALT_NAMES"
fi
# fastmath
@ -470,6 +470,21 @@ then
fi
# OCSP
AC_ARG_ENABLE(ocsp,
[ --enable-ocsp Enable OCSP (default: disabled)],
[ ENABLED_OCSP=$enableval ],
[ ENABLED_OCSP=no ],
)
if test "$ENABLED_OCSP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
# NTRU
ntruHome=`pwd`/NTRU_algorithm
ntruInclude=$ntruHome/cryptolib

17
ctaocrypt/src/aes.c
View File

@ -724,10 +724,25 @@ static const word32 Td[5][256] = {
#ifdef CYASSL_AESNI
#define cpuid(func,ax,bx,cx,dx)\
#ifndef _MSC_VER
#define cpuid(func,ax,bx,cx,dx)\
__asm__ __volatile__ ("cpuid":\
"=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func));
#else
#define cpuid(func,ax,bx,cx,dx)\
__asm mov eax, func \
__asm cpuid \
__asm mov ax, eax \
__asm mov bx, ebx \
__asm mov cx, ecx \
__asm mov dx, edx
#endif /* _MSC_VER */
static int Check_CPU_support_AES()
{
unsigned int a,b,c,d;

23
ctaocrypt/src/asn.c
View File

@ -1016,6 +1016,8 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->signature = 0;
cert->subjectCN = 0;
cert->subjectCNLen = 0;
cert->issuer[0] = '\0';
cert->subject[0] = '\0';
cert->source = source; /* don't own */
cert->srcIdx = 0;
cert->maxIdx = inSz; /* can't go over this index */
@ -2412,6 +2414,10 @@ void CTaoCryptErrorString(int error, char* buffer)
XSTRNCPY(buffer, "No password provided by user", max);
break;
case ALT_NAME_E :
XSTRNCPY(buffer, "Alt Name problem, too big", max);
break;
default:
XSTRNCPY(buffer, "unknown error number", max);
@ -2601,7 +2607,9 @@ void InitCert(Cert* cert)
cert->selfSigned = 1;
cert->isCA = 0;
cert->bodySz = 0;
#ifdef CYASSL_ALT_NAMES
cert->altNamesSz = 0;
#endif
cert->keyType = RSA_KEY;
XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE);
@ -3149,12 +3157,14 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, RNG* rng,
else
der->extensionsSz = 0;
#ifdef CYASSL_ALT_NAMES
if (der->extensionsSz == 0 && cert->altNamesSz) {
der->extensionsSz = SetExtensions(der->extensions, cert->altNames,
cert->altNamesSz);
if (der->extensionsSz == 0)
return EXTENSIONS_E;
}
#endif
der->total = der->versionSz + der->serialSz + der->sigAlgoSz +
der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz +
@ -3340,6 +3350,8 @@ int MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng)
}
#ifdef CYASSL_ALT_NAMES
/* Set Alt Names from der cert, return 0 on success */
static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
{
@ -3410,6 +3422,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
else {
cert->altNamesSz = 0;
CYASSL_MSG("AltNames extensions too big");
FreeDecodedCert(&decoded);
return ALT_NAME_E;
}
}
decoded.srcIdx = tmpIdx + length;
@ -3420,6 +3434,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
return 0;
}
#endif /* CYASSL_ALT_NAMES */
/* Set cn name from der buffer, return 0 on success */
static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
@ -3518,6 +3534,8 @@ int SetSubject(Cert* cert, const char* subjectFile)
}
#ifdef CYASSL_ALT_NAMES
/* Set atl names from file in PEM */
int SetAltNames(Cert* cert, const char* file)
{
@ -3527,6 +3545,8 @@ int SetAltNames(Cert* cert, const char* file)
return SetAltNamesFromCert(cert, der, derSz);
}
#endif /* CYASSL_ALT_NAMES */
#endif /* NO_FILESYSTEM */
/* Set cert issuer from DER buffer */
@ -3544,12 +3564,15 @@ int SetSubjectBuffer(Cert* cert, const byte* der, int derSz)
}
#ifdef CYASSL_ALT_NAMES
/* Set cert alt names from DER buffer */
int SetAltNamesBuffer(Cert* cert, const byte* der, int derSz)
{
return SetAltNamesFromCert(cert, der, derSz);
}
#endif /* CYASSL_ALT_NAMES */
#endif /* CYASSL_CERT_GEN */

6
cyassl/ctaocrypt/asn.h
View File

@ -127,7 +127,11 @@ enum Misc_ASN {
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
#ifdef CYASSL_CERT_GEN
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
#ifdef CYASSL_ALT_NAMES
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
#else
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
#endif
/* Max total extensions, id + len + others */
#endif
MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2

12
cyassl/ctaocrypt/asn_public.h
View File

@ -58,9 +58,9 @@ enum Ctc_SigType {
#ifdef CYASSL_CERT_GEN
enum Ctc_Misc {
CTC_NAME_SIZE = 64,
CTC_MAX_ALT_SIZE = 512,
CTC_SERIAL_SIZE = 8
CTC_NAME_SIZE = 64,
CTC_MAX_ALT_SIZE = 8192, /* may be huge */
CTC_SERIAL_SIZE = 8
};
typedef struct CertName {
@ -88,8 +88,10 @@ typedef struct Cert {
/* internal use only */
int bodySz; /* pre sign total size */
int keyType; /* public key type of subject */
#ifdef CYASSL_ALT_NAMES
byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
int altNamesSz; /* altNames size in bytes */
#endif
} Cert;
@ -113,7 +115,9 @@ CYASSL_API int MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
RNG*);
CYASSL_API int SetIssuer(Cert*, const char*);
CYASSL_API int SetSubject(Cert*, const char*);
CYASSL_API int SetAltNames(Cert*, const char*);
#ifdef CYASSL_ALT_NAMES
CYASSL_API int SetAltNames(Cert*, const char*);
#endif
CYASSL_API int SetIssuerBuffer(Cert*, const byte*, int);
CYASSL_API int SetSubjectBuffer(Cert*, const byte*, int);
CYASSL_API int SetAltNamesBuffer(Cert*, const byte*, int);

1
cyassl/ctaocrypt/error.h
View File

@ -96,6 +96,7 @@ enum {
NOT_COMPILED_IN = -174, /* Feature not compiled in */
UNICODE_SIZE_E = -175, /* Unicode password too big */
NO_PASSWORD = -176, /* no password provided by user */
ALT_NAME_E = -177, /* alt name size problem, too big */
MIN_CODE_E = -200 /* errors -101 - -199 */
};

4
src/include.am
View File

@ -66,3 +66,7 @@ if BUILD_ECC
src_libcyassl_la_SOURCES += ctaocrypt/src/ecc.c
endif
if BUILD_OCSP
src_libcyassl_la_SOURCES += src/ocsp.c
endif

19
src/internal.c
View File

@ -1624,21 +1624,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
}
}
if (fatal) {
FreeDecodedCert(&dCert);
ssl->error = ret;
return ret;
}
ssl->options.havePeerCert = 1;
/* set X509 format */
#ifdef OPENSSL_EXTRA
/* set X509 format for peer cert even if fatal */
XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0';
ssl->peerCert.issuer.sz = (int)XSTRLEN(dCert.issuer) + 1;
ssl->peerCert.issuer.sz = (int)XSTRLEN(ssl->peerCert.issuer.name) + 1;
XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0';
ssl->peerCert.subject.sz = (int)XSTRLEN(dCert.subject) + 1;
ssl->peerCert.subject.sz = (int)XSTRLEN(ssl->peerCert.subject.name) + 1;
XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE);
ssl->peerCert.serialSz = dCert.serialSz;
@ -1658,6 +1652,13 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
ssl->peerCert.derCert.length = myCert.length;
#endif
if (fatal) {
FreeDecodedCert(&dCert);
ssl->error = ret;
return ret;
}
ssl->options.havePeerCert = 1;
/* store for callback use */
if (dCert.subjectCNLen < ASN_NAME_MAX) {
XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);

35
src/ocsp.c 100644
View File

@ -0,0 +1,35 @@
/* ocsp.c
*
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/error.h>
#include <cyassl/ctaocrypt/asn.h>
#ifdef HAVE_OCSP
void ocsp_stub(void) {}
#endif /* HAVE_OCSP */

33
src/ssl.c
View File

@ -2095,17 +2095,28 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
#endif /* NO_CYASSL_SERVER */
/* prevent multiple mutex initializations */
static volatile int initRefCount = 0;
int CyaSSL_Init(void)
{
int ret = 0;
CYASSL_ENTER("CyaSSL_Init");
if (initRefCount == 0) {
#ifndef NO_SESSION_CACHE
if (InitMutex(&session_mutex) != 0)
ret = BAD_MUTEX_ERROR;
if (InitMutex(&session_mutex) != 0)
ret = BAD_MUTEX_ERROR;
#endif
if (InitMutex(&ca_mutex) != 0)
ret = BAD_MUTEX_ERROR;
if (InitMutex(&ca_mutex) != 0)
ret = BAD_MUTEX_ERROR;
}
if (ret == 0) {
LockMutex(&ca_mutex);
initRefCount++;
UnLockMutex(&ca_mutex);
}
return ret;
}
@ -2114,7 +2125,21 @@ int CyaSSL_Init(void)
int CyaSSL_Cleanup(void)
{
int ret = 0;
int release = 0;
CYASSL_ENTER("CyaSSL_Cleanup");
LockMutex(&ca_mutex);
release = initRefCount-- == 1;
if (initRefCount < 0)
initRefCount = 0;
UnLockMutex(&ca_mutex);
if (!release)
return ret;
#ifndef NO_SESSION_CACHE
if (FreeMutex(&session_mutex) != 0)
ret = BAD_MUTEX_ERROR;

9
tests/api.c
View File

@ -32,16 +32,19 @@ static int test_CyaSSL_Init(void);
static int test_CyaSSL_Cleanup(void);
static int test_CyaSSL_Method_Allocators(void);
static int test_CyaSSL_CTX_new(CYASSL_METHOD *method);
#ifndef NO_FILESYSTEM
static int test_CyaSSL_CTX_use_certificate_file(void);
static int test_CyaSSL_CTX_use_PrivateKey_file(void);
static int test_CyaSSL_CTX_load_verify_locations(void);
static int test_server_CyaSSL_new(void);
static int test_client_CyaSSL_new(void);
static int test_CyaSSL_read_write(void);
#endif
/* test function helpers */
static int test_method(CYASSL_METHOD *method, const char *name);
static int test_method2(CYASSL_METHOD *method, const char *name);
#ifndef NO_FILESYSTEM
static int test_ucf(CYASSL_CTX *ctx, const char* file, int type,
int cond, const char* name);
static int test_upkf(CYASSL_CTX *ctx, const char* file, int type,
@ -52,6 +55,7 @@ static int test_lvl(CYASSL_CTX *ctx, const char* file, const char* path,
THREAD_RETURN CYASSL_THREAD test_server_nofail(void*);
void test_client_nofail(void*);
void wait_tcp_ready(func_args*);
#endif
static const char* bogusFile = "/dev/null";
static const char* testingFmt = " %s:";
@ -69,12 +73,14 @@ int ApiTest(void)
test_CyaSSL_Init();
test_CyaSSL_Method_Allocators();
test_CyaSSL_CTX_new(CyaSSLv23_server_method());
#ifndef NO_FILESYSTEM
test_CyaSSL_CTX_use_certificate_file();
test_CyaSSL_CTX_use_PrivateKey_file();
test_CyaSSL_CTX_load_verify_locations();
test_server_CyaSSL_new();
test_client_CyaSSL_new();
test_CyaSSL_read_write();
#endif
test_CyaSSL_Cleanup();
printf(" End API Tests\n");
@ -191,6 +197,7 @@ int test_CyaSSL_CTX_new(CYASSL_METHOD *method)
return TEST_SUCCESS;
}
#ifndef NO_FILESYSTEM
/* Helper for testing CyaSSL_CTX_use_certificate_file() */
int test_ucf(CYASSL_CTX *ctx, const char* file, int type, int cond,
const char* name)
@ -771,6 +778,6 @@ void FreeTcpReady(tcp_ready* ready)
pthread_cond_destroy(&ready->cond);
#endif
}
#endif /* NO_FILESYSTEM */

4
tests/hash.c
View File

@ -19,6 +19,10 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <cyassl/ctaocrypt/md4.h>