feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
toddouska
2013-04-01 15:52:23 -07:00
parent 0005b4cbe4 13fb56d88e
commit 1224d3d907
6 changed files with 58 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
commit-tests.sh
View File

@ -23,7 +23,7 @@ RESULT=$?
# make sure full config is ok # make sure full config is ok
echo -e "\n\nTesting full config as well...\n\n" echo -e "\n\nTesting full config as well...\n\n"
./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia; ./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia --enable-sha512;
RESULT=$? RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1 [ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1

14
configure.ac
View File

@ -289,7 +289,7 @@ fi
if test "$ENABLED_AESGCM" = "yes" if test "$ENABLED_AESGCM" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM -DCYASSL_SHA384 -DCYASSL_SHA512" AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
fi fi
AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"]) AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])
@ -304,7 +304,7 @@ AC_ARG_ENABLE([aesccm],
if test "$ENABLED_AESCCM" = "yes" if test "$ENABLED_AESCCM" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM -DCYASSL_SHA384 -DCYASSL_SHA512" AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
fi fi
AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"]) AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"])
@ -424,16 +424,6 @@ then
ENABLED_SHA512="yes" ENABLED_SHA512="yes"
fi fi
if test "$ENABLED_AESGCM" = "yes"
then
ENABLED_SHA512="yes"
fi
if test "$ENABLED_AESCCM" = "yes"
then
ENABLED_SHA512="yes"
fi
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"]) AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])

5
ctaocrypt/src/arc4.c
View File

@ -23,6 +23,8 @@
#include <config.h> #include <config.h>
#endif #endif
#ifndef NO_RC4
#include <cyassl/ctaocrypt/arc4.h> #include <cyassl/ctaocrypt/arc4.h>
@ -170,3 +172,6 @@ static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in,
} }
#endif /* HAVE_CAVIUM */ #endif /* HAVE_CAVIUM */
#endif /* NO_ARC4 */

6
ctaocrypt/src/asn.c
View File

@ -1436,9 +1436,7 @@ static int GetKey(DecodedCert* cert)
/* process NAME, either issuer or subject */ /* process NAME, either issuer or subject */
static int GetName(DecodedCert* cert, int nameType) static int GetName(DecodedCert* cert, int nameType)
{ {
#ifndef NO_SHA Sha sha; /* MUST have SHA-1 hash for cert names */
Sha sha;
#endif
int length; /* length of all distinguished names */ int length; /* length of all distinguished names */
int dummy; int dummy;
char* full = (nameType == ISSUER) ? cert->issuer : cert->subject; char* full = (nameType == ISSUER) ? cert->issuer : cert->subject;
@ -1463,14 +1461,12 @@ static int GetName(DecodedCert* cert, int nameType)
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
#ifndef NO_SHA
InitSha(&sha); InitSha(&sha);
ShaUpdate(&sha, &cert->source[idx], length + cert->srcIdx - idx); ShaUpdate(&sha, &cert->source[idx], length + cert->srcIdx - idx);
if (nameType == ISSUER) if (nameType == ISSUER)
ShaFinal(&sha, cert->issuerHash); ShaFinal(&sha, cert->issuerHash);
else else
ShaFinal(&sha, cert->subjectHash); ShaFinal(&sha, cert->subjectHash);
#endif
length += cert->srcIdx; length += cert->srcIdx;
idx = 0; idx = 0;

53
cyassl/internal.h
View File

@ -171,7 +171,9 @@ void c32to24(word32 in, word24 out);
#endif #endif
#if defined (HAVE_AESGCM) #if defined (HAVE_AESGCM)
#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 #if defined (CYASSL_SHA384)
#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
#endif
#endif #endif
#if defined (HAVE_AESCCM) #if defined (HAVE_AESCCM)
#define BUILD_TLS_RSA_WITH_AES_128_CCM_8 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
@ -259,27 +261,29 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
#if defined (HAVE_AESGCM) #if defined (HAVE_AESGCM)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 #if defined (CYASSL_SHA384)
#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
#endif
#endif #endif
#endif #endif
#endif #endif
#if defined(HAVE_ECC) && !defined(NO_TLS) #if defined(HAVE_ECC) && !defined(NO_TLS)
#if !defined(NO_AES) #if !defined(NO_AES)
#if !defined(NO_SHA) #if !defined(NO_SHA)
#if !defined(NO_RSA) #if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
#endif #endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
#endif /* NO_SHA */
#ifndef NO_SHA256 #ifndef NO_SHA256
#if !defined(NO_RSA) #if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
@ -302,21 +306,25 @@ void c32to24(word32 in, word24 out);
#if !defined(NO_RSA) #if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 #if defined(CYASSL_SHA384)
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
#endif
#endif #endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 #if defined(CYASS_SHA384)
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
#endif
#endif #endif
#if defined (HAVE_AESCCM) #if defined (HAVE_AESCCM)
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
#endif #endif
#endif #endif /* NO_AES */
#if !defined(NO_RC4) #if !defined(NO_RC4)
#if !defined(NO_SHA) #if !defined(NO_SHA)
#if !defined(NO_RSA) #if !defined(NO_RSA)
@ -337,7 +345,6 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
#endif #endif
#endif
#endif #endif

33
src/internal.c
View File

@ -4154,6 +4154,9 @@ static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
ssl->alert_history.last_rx.code = code; ssl->alert_history.last_rx.code = code;
ssl->alert_history.last_rx.level = level; ssl->alert_history.last_rx.level = level;
*type = code; *type = code;
if (level == alert_fatal) {
ssl->options.isClosed = 1; /* Don't send close_notify */
}
CYASSL_MSG("Got alert"); CYASSL_MSG("Got alert");
if (*type == close_notify) { if (*type == close_notify) {
@ -5180,7 +5183,6 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
CYASSL_ERROR(ssl->error); CYASSL_ERROR(ssl->error);
if (ssl->error == ZERO_RETURN) { if (ssl->error == ZERO_RETURN) {
CYASSL_MSG("Zero return, no more data coming"); CYASSL_MSG("Zero return, no more data coming");
ssl->options.isClosed = 1; /* Don't send close_notify */
return 0; /* no more data coming */ return 0; /* no more data coming */
} }
if (ssl->error == SOCKET_ERROR_E) { if (ssl->error == SOCKET_ERROR_E) {
@ -5248,6 +5250,9 @@ int SendAlert(CYASSL* ssl, int severity, int type)
input[1] = (byte)type; input[1] = (byte)type;
ssl->alert_history.last_tx.code = type; ssl->alert_history.last_tx.code = type;
ssl->alert_history.last_tx.level = severity; ssl->alert_history.last_tx.level = severity;
if (severity == alert_fatal) {
ssl->options.isClosed = 1; /* Don't send close_notify */
}
/* only send encrypted alert if handshake actually complete, otherwise /* only send encrypted alert if handshake actually complete, otherwise
other side may not be able to handle it */ other side may not be able to handle it */
@ -8459,12 +8464,6 @@ int SetCipherList(Suites* s, const char* list)
return 1; return 1;
break; break;
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
if (requirement == REQUIRES_ECC_DSA)
return 1;
break;
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
@ -8473,12 +8472,6 @@ int SetCipherList(Suites* s, const char* list)
return 1; return 1;
break; break;
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
if (requirement == REQUIRES_ECC_DSA)
return 1;
break;
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
if (requirement == REQUIRES_RSA_SIG) if (requirement == REQUIRES_RSA_SIG)
@ -8486,6 +8479,19 @@ int SetCipherList(Suites* s, const char* list)
if (requirement == REQUIRES_ECC_STATIC) if (requirement == REQUIRES_ECC_STATIC)
return 1; return 1;
break; break;
#endif
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
if (requirement == REQUIRES_ECC_DSA)
return 1;
break;
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
if (requirement == REQUIRES_ECC_DSA)
return 1;
break;
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
@ -8494,7 +8500,6 @@ int SetCipherList(Suites* s, const char* list)
if (requirement == REQUIRES_ECC_STATIC) if (requirement == REQUIRES_ECC_STATIC)
return 1; return 1;
break; break;
#endif
default: default:
CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC");