forked from wolfSSL/wolfssl
Merge branch 'master' of github.com:cyassl/cyassl
This commit is contained in:
toddouska
@ -456,10 +456,18 @@ int FreeRng(RNG* rng)
|
||||
|
||||
int RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
|
||||
const byte* entropyB, word32 entropyBSz,
|
||||
const byte* output, word32 outputSz)
|
||||
byte* output, word32 outputSz)
|
||||
{
|
||||
DRBG drbg;
|
||||
byte check[SHA256_DIGEST_SIZE * 4];
|
||||
|
||||
if (entropyA == NULL || output == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (reseed != 0 && entropyB == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (outputSz != (SHA256_DIGEST_SIZE * 4))
|
||||
return -1;
|
||||
|
||||
if (Hash_DRBG_Instantiate(&drbg, entropyA, entropyASz, NULL, 0) != 0)
|
||||
return -1;
|
||||
@ -471,17 +479,12 @@ int RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
|
||||
}
|
||||
}
|
||||
|
||||
if (Hash_DRBG_Generate(&drbg, check, sizeof(check)) != 0) {
|
||||
if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) {
|
||||
Hash_DRBG_Uninstantiate(&drbg);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (Hash_DRBG_Generate(&drbg, check, sizeof(check)) != 0) {
|
||||
Hash_DRBG_Uninstantiate(&drbg);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (outputSz != sizeof(check) || XMEMCMP(output, check, sizeof(check))) {
|
||||
if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) {
|
||||
Hash_DRBG_Uninstantiate(&drbg);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -2884,16 +2884,26 @@ int random_test(void)
|
||||
0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
|
||||
0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
|
||||
};
|
||||
|
||||
byte output[SHA256_DIGEST_SIZE * 4];
|
||||
int ret;
|
||||
|
||||
ret = RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
|
||||
test1Output, sizeof(test1Output));
|
||||
if (ret != 0) return -39;
|
||||
output, sizeof(output));
|
||||
if (ret != 0)
|
||||
return -39;
|
||||
|
||||
if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
|
||||
return -40;
|
||||
|
||||
ret = RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
|
||||
test2EntropyB, sizeof(test2EntropyB),
|
||||
test2Output, sizeof(test2Output));
|
||||
if (ret != 0) return -40;
|
||||
output, sizeof(output));
|
||||
if (ret != 0)
|
||||
return -41;
|
||||
|
||||
if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
|
||||
return -42;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -122,7 +122,7 @@ CYASSL_API int RNG_GenerateByte(RNG*, byte*);
|
||||
CYASSL_API int RNG_HealthTest(int reseed,
|
||||
const byte* entropyA, word32 entropyASz,
|
||||
const byte* entropyB, word32 entropyBSz,
|
||||
const byte* output, word32 outputSz);
|
||||
byte* output, word32 outputSz);
|
||||
#endif /* HAVE_HASHDRBG || NO_RC4 */
|
||||
|
||||
|
||||
@ -134,7 +134,7 @@ CYASSL_API int RNG_GenerateByte(RNG*, byte*);
|
||||
CYASSL_API int RNG_HealthTest_fips(int reseed,
|
||||
const byte* entropyA, word32 entropyASz,
|
||||
const byte* entropyB, word32 entropyBSz,
|
||||
const byte* output, word32 outputSz);
|
||||
byte* output, word32 outputSz);
|
||||
#ifndef FIPS_NO_WRAPPERS
|
||||
/* if not impl or fips.c impl wrapper force fips calls if fips build */
|
||||
#define InitRng InitRng_fips
|
||||
|
||||
231
src/sniffer.c
231
src/sniffer.c
@ -1002,8 +1002,6 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
|
||||
return -1;
|
||||
}
|
||||
|
||||
typeKey = (typeKey == FILETYPE_PEM) ? SSL_FILETYPE_PEM : SSL_FILETYPE_ASN1;
|
||||
|
||||
file = XFOPEN(keyFile, "rb");
|
||||
if (file == XBADFILE) return -1;
|
||||
XFSEEK(file, 0, XSEEK_END);
|
||||
@ -1042,6 +1040,113 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
static int SetNamedPrivateKey(const char* name, const char* address, int port,
|
||||
const char* keyFile, int typeKey, const char* password, char* error)
|
||||
{
|
||||
SnifferServer* sniffer;
|
||||
int ret;
|
||||
int type = (typeKey == FILETYPE_PEM) ? SSL_FILETYPE_PEM :
|
||||
SSL_FILETYPE_ASN1;
|
||||
int isNew = 0;
|
||||
word32 serverIp;
|
||||
|
||||
#ifdef HAVE_SNI
|
||||
NamedKey* namedKey = NULL;
|
||||
#endif
|
||||
|
||||
(void)name;
|
||||
#ifdef HAVE_SNI
|
||||
if (name != NULL) {
|
||||
namedKey = (NamedKey*)malloc(sizeof(NamedKey));
|
||||
if (namedKey == NULL) {
|
||||
SetError(MEMORY_STR, error, NULL, 0);
|
||||
return -1;
|
||||
}
|
||||
XMEMSET(namedKey, 0, sizeof(NamedKey));
|
||||
|
||||
namedKey->nameSz = (word32)strnlen(name, sizeof(namedKey->name));
|
||||
strncpy(namedKey->name, name, sizeof(namedKey->name));
|
||||
|
||||
ret = LoadKeyFile(&namedKey->key, &namedKey->keySz,
|
||||
keyFile, type, password);
|
||||
if (ret < 0) {
|
||||
SetError(KEY_FILE_STR, error, NULL, 0);
|
||||
FreeNamedKey(namedKey);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
serverIp = inet_addr(address);
|
||||
sniffer = ServerList;
|
||||
while (sniffer != NULL &&
|
||||
(sniffer->server != serverIp || sniffer->port != port)) {
|
||||
sniffer = sniffer->next;
|
||||
}
|
||||
|
||||
if (sniffer == NULL) {
|
||||
isNew = 1;
|
||||
sniffer = (SnifferServer*)malloc(sizeof(SnifferServer));
|
||||
if (sniffer == NULL) {
|
||||
SetError(MEMORY_STR, error, NULL, 0);
|
||||
#ifdef HAVE_SNI
|
||||
FreeNamedKey(namedKey);
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
InitSnifferServer(sniffer);
|
||||
|
||||
XSTRNCPY(sniffer->address, address, MAX_SERVER_ADDRESS);
|
||||
sniffer->server = serverIp;
|
||||
sniffer->port = port;
|
||||
|
||||
sniffer->ctx = SSL_CTX_new(SSLv3_client_method());
|
||||
if (!sniffer->ctx) {
|
||||
SetError(MEMORY_STR, error, NULL, 0);
|
||||
#ifdef HAVE_SNI
|
||||
FreeNamedKey(namedKey);
|
||||
#endif
|
||||
FreeSnifferServer(sniffer);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (name == NULL) {
|
||||
if (password) {
|
||||
SSL_CTX_set_default_passwd_cb(sniffer->ctx, SetPassword);
|
||||
SSL_CTX_set_default_passwd_cb_userdata(
|
||||
sniffer->ctx, (void*)password);
|
||||
}
|
||||
ret = SSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type);
|
||||
if (ret != SSL_SUCCESS) {
|
||||
SetError(KEY_FILE_STR, error, NULL, 0);
|
||||
if (isNew)
|
||||
FreeSnifferServer(sniffer);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
#ifdef HAVE_SNI
|
||||
else {
|
||||
LockMutex(&sniffer->namedKeysMutex);
|
||||
namedKey->next = sniffer->namedKeys;
|
||||
sniffer->namedKeys = namedKey;
|
||||
UnLockMutex(&sniffer->namedKeysMutex);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (isNew) {
|
||||
sniffer->next = ServerList;
|
||||
ServerList = sniffer;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_SNI
|
||||
|
||||
/* Sets the private key for a specific name, server and port */
|
||||
/* returns 0 on success, -1 on error */
|
||||
@ -1050,73 +1155,20 @@ int ssl_SetNamedPrivateKey(const char* name,
|
||||
const char* keyFile, int typeKey,
|
||||
const char* password, char* error)
|
||||
{
|
||||
int ret;
|
||||
SnifferServer* sniffer;
|
||||
NamedKey* namedKey;
|
||||
word32 serverIp;
|
||||
int ret;
|
||||
|
||||
TraceHeader();
|
||||
TraceSetNamedServer(name, address, port, keyFile);
|
||||
|
||||
/* Create the new Name-Key map item. */
|
||||
namedKey = (NamedKey*)malloc(sizeof(NamedKey));
|
||||
if (namedKey == NULL) {
|
||||
SetError(MEMORY_STR, error, NULL, 0);
|
||||
return -1;
|
||||
}
|
||||
XMEMSET(namedKey, 0, sizeof(NamedKey));
|
||||
|
||||
namedKey->nameSz = (word32)strnlen(name, sizeof(namedKey->name));
|
||||
strncpy(namedKey->name, name, sizeof(namedKey->name));
|
||||
|
||||
ret = LoadKeyFile(&namedKey->key, &namedKey->keySz,
|
||||
keyFile, typeKey, password);
|
||||
|
||||
/* Find the server in the list. */
|
||||
serverIp = inet_addr(address);
|
||||
|
||||
LockMutex(&ServerListMutex);
|
||||
sniffer = ServerList;
|
||||
while (sniffer != NULL &&
|
||||
(sniffer->server != serverIp || sniffer->port != port)) {
|
||||
sniffer = sniffer->next;
|
||||
}
|
||||
ret = SetNamedPrivateKey(name, address, port, keyFile,
|
||||
typeKey, password, error);
|
||||
UnLockMutex(&ServerListMutex);
|
||||
|
||||
/* if sniffer doesn't exist, create it. */
|
||||
if (sniffer == NULL) {
|
||||
sniffer = (SnifferServer*)malloc(sizeof(SnifferServer));
|
||||
if (sniffer == NULL) {
|
||||
SetError(MEMORY_STR, error, NULL, 0);
|
||||
return -1;
|
||||
}
|
||||
InitSnifferServer(sniffer);
|
||||
if (ret == 0)
|
||||
Trace(NEW_SERVER_STR);
|
||||
|
||||
XSTRNCPY(sniffer->address, address, MAX_SERVER_ADDRESS);
|
||||
sniffer->server = inet_addr(sniffer->address);
|
||||
sniffer->port = port;
|
||||
|
||||
sniffer->ctx = SSL_CTX_new(SSLv3_client_method());
|
||||
if (!sniffer->ctx) {
|
||||
SetError(MEMORY_STR, error, NULL, 0);
|
||||
FreeSnifferServer(sniffer);
|
||||
return -1;
|
||||
}
|
||||
|
||||
LockMutex(&ServerListMutex);
|
||||
sniffer->next = ServerList;
|
||||
ServerList = sniffer;
|
||||
UnLockMutex(&ServerListMutex);
|
||||
}
|
||||
|
||||
LockMutex(&sniffer->namedKeysMutex);
|
||||
namedKey->next = sniffer->namedKeys;
|
||||
sniffer->namedKeys = namedKey;
|
||||
UnLockMutex(&sniffer->namedKeysMutex);
|
||||
|
||||
Trace(NEW_SERVER_STR);
|
||||
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif
|
||||
@ -1124,56 +1176,23 @@ int ssl_SetNamedPrivateKey(const char* name,
|
||||
|
||||
/* Sets the private key for a specific server and port */
|
||||
/* returns 0 on success, -1 on error */
|
||||
int ssl_SetPrivateKey(const char* serverAddress, int port, const char* keyFile,
|
||||
int ssl_SetPrivateKey(const char* address, int port, const char* keyFile,
|
||||
int typeKey, const char* password, char* error)
|
||||
{
|
||||
int ret;
|
||||
int type = (typeKey == FILETYPE_PEM) ? SSL_FILETYPE_PEM :
|
||||
SSL_FILETYPE_ASN1;
|
||||
SnifferServer* sniffer;
|
||||
|
||||
int ret;
|
||||
|
||||
TraceHeader();
|
||||
TraceSetServer(serverAddress, port, keyFile);
|
||||
TraceSetServer(address, port, keyFile);
|
||||
|
||||
sniffer = (SnifferServer*)malloc(sizeof(SnifferServer));
|
||||
if (sniffer == NULL) {
|
||||
SetError(MEMORY_STR, error, NULL, 0);
|
||||
return -1;
|
||||
}
|
||||
InitSnifferServer(sniffer);
|
||||
|
||||
XSTRNCPY(sniffer->address, serverAddress, MAX_SERVER_ADDRESS);
|
||||
sniffer->server = inet_addr(sniffer->address);
|
||||
sniffer->port = port;
|
||||
|
||||
/* start in client mode since SSL_new needs a cert for server */
|
||||
sniffer->ctx = SSL_CTX_new(SSLv3_client_method());
|
||||
if (!sniffer->ctx) {
|
||||
SetError(MEMORY_STR, error, NULL, 0);
|
||||
FreeSnifferServer(sniffer);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (password){
|
||||
SSL_CTX_set_default_passwd_cb(sniffer->ctx, SetPassword);
|
||||
SSL_CTX_set_default_passwd_cb_userdata(sniffer->ctx, (void*)password);
|
||||
}
|
||||
ret = SSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type);
|
||||
if (ret != SSL_SUCCESS) {
|
||||
SetError(KEY_FILE_STR, error, NULL, 0);
|
||||
FreeSnifferServer(sniffer);
|
||||
return -1;
|
||||
}
|
||||
Trace(NEW_SERVER_STR);
|
||||
|
||||
LockMutex(&ServerListMutex);
|
||||
|
||||
sniffer->next = ServerList;
|
||||
ServerList = sniffer;
|
||||
|
||||
ret = SetNamedPrivateKey(NULL, address, port, keyFile,
|
||||
typeKey, password, error);
|
||||
UnLockMutex(&ServerListMutex);
|
||||
|
||||
return 0;
|
||||
|
||||
if (ret == 0)
|
||||
Trace(NEW_SERVER_STR);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@ -1540,11 +1559,11 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
|
||||
input - HANDSHAKE_HEADER_SZ - RECORD_HEADER_SZ,
|
||||
*sslBytes + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ,
|
||||
CYASSL_SNI_HOST_NAME, name, &nameSz);
|
||||
name[nameSz] = 0;
|
||||
|
||||
if (ret == SSL_SUCCESS) {
|
||||
NamedKey* namedKey;
|
||||
|
||||
name[nameSz] = 0;
|
||||
LockMutex(&session->context->namedKeysMutex);
|
||||
namedKey = session->context->namedKeys;
|
||||
while (namedKey != NULL) {
|
||||
|
||||
@ -293,6 +293,8 @@ int CyaSSL_dtls_set_peer(CYASSL* ssl, void* peer, unsigned int peerSz)
|
||||
#ifdef CYASSL_DTLS
|
||||
void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
|
||||
if (sa != NULL) {
|
||||
if (ssl->buffers.dtlsCtx.peer.sa != NULL)
|
||||
XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
|
||||
XMEMCPY(sa, peer, peerSz);
|
||||
ssl->buffers.dtlsCtx.peer.sa = sa;
|
||||
ssl->buffers.dtlsCtx.peer.sz = peerSz;
|
||||
|
||||
Reference in New Issue
Block a user