ssh non ecc

certs/taoCert.txt

@@ -107,3 +107,51 @@ openssl dhparam -in dh2048.param -text > dh2048.pem
     make a new key
         openssl ecparam -genkey -text -name secp256r1 -out ecc-key.pem
 
+
+*** CRL ***
+
+1) create a crl
+
+a) openssl ca -gencrl -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Error No ./CA root/index.txt so:
+
+b) touch ./CA root/index.txt
+
+a) again
+
+Error No ./CA root/crlnumber so:
+
+c) touch ./CA root/crlnumber
+
+a) again
+
+Error unable to load CRL number
+
+d) add '01' to crlnumber file
+
+a) again
+
+2)  view crl file
+
+openssl crl -in crl.pem -text
+
+3) revoke
+
+openssl ca -revoke server-cert.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Then regenerate crl with a)
+
+4) verify
+
+openssl verify -CAfile ./ca-cert.pem  ./server-cert.pem
+
+OK
+
+Make file with both ca and crl
+
+cat ca-cert.pem crl.pem > ca-crl.pem
+
+openssl verify -CAfile ./ca-crl.pem -crl_check ./ca-cert.pem
+
+revoked

ctaocrypt/src/coding.c

@@ -202,6 +202,24 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
     word32 inIdx  = 0;
     word32 outIdx = 0;
 
+    if (inLen == 1 && *outLen && in) {
+        byte b = in[inIdx++] - 0x30;  /* 0 starts at 0x30 */
+
+        /* sanity check */
+        if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
+            return ASN_INPUT_E;
+
+        b  = hexDecode[b];
+
+        if (b == BAD)
+            return ASN_INPUT_E;
+        
+        out[outIdx++] = b;
+
+        *outLen = outIdx;
+        return 0;
+    }
+
     if (inLen % 2)
         return BAD_FUNC_ARG;
 

ctaocrypt/src/integer.c

@@ -3664,6 +3664,34 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
 }
 
 
+/* set a 32-bit const */
+int mp_set_int (mp_int * a, unsigned long b)
+{
+  int     x, res;
+
+  mp_zero (a);
+  
+  /* set four bits at a time */
+  for (x = 0; x < 8; x++) {
+    /* shift the number up four bits */
+    if ((res = mp_mul_2d (a, 4, a)) != MP_OKAY) {
+      return res;
+    }
+
+    /* OR in the top four bits of the source */
+    a->dp[0] |= (b >> 28) & 15;
+
+    /* shift the source up to the next four bits */
+    b <<= 4;
+
+    /* ensure that digits are not clamped off */
+    a->used += 1;
+  }
+  mp_clamp (a);
+  return MP_OKAY;
+}
+
+
 #if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC)
 
 /* c = a * a (mod b) */
@@ -4329,32 +4357,6 @@ LBL_U:mp_clear (&v);
 }
 
 
-/* set a 32-bit const */
-int mp_set_int (mp_int * a, unsigned long b)
-{
-  int     x, res;
-
-  mp_zero (a);
-  
-  /* set four bits at a time */
-  for (x = 0; x < 8; x++) {
-    /* shift the number up four bits */
-    if ((res = mp_mul_2d (a, 4, a)) != MP_OKAY) {
-      return res;
-    }
-
-    /* OR in the top four bits of the source */
-    a->dp[0] |= (b >> 28) & 15;
-
-    /* shift the source up to the next four bits */
-    b <<= 4;
-
-    /* ensure that digits are not clamped off */
-    a->used += 1;
-  }
-  mp_clamp (a);
-  return MP_OKAY;
-}
 
 #endif /* CYASSL_KEY_GEN */
 

ctaocrypt/src/tfm.c

@@ -1962,6 +1962,14 @@ int mp_count_bits (mp_int* a)
 }
 
 
+/* fast math wrappers */
+int mp_set_int(fp_int *a, fp_digit b)
+{
+    fp_set(a, b);
+    return MP_OKAY;
+}
+
+
 #if defined(CYASSL_KEY_GEN) || defined (HAVE_ECC)
 
 /* c = a * a (mod b) */
@@ -1996,14 +2004,6 @@ void fp_lcm(fp_int *a, fp_int *b, fp_int *c);
 int  fp_isprime(fp_int *a);
 int  fp_cnt_lsb(fp_int *a);
 
-/* fast math wrappers */
-int mp_set_int(fp_int *a, fp_digit b)
-{
-    fp_set(a, b);
-    return MP_OKAY;
-}
-
-
 int mp_gcd(fp_int *a, fp_int *b, fp_int *c)
 {
     fp_gcd(a, b, c);

cyassl/ctaocrypt/integer.h

@@ -294,6 +294,7 @@ int  mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
 int  mp_2expt (mp_int * a, int b);
 int  mp_reduce_2k_setup(mp_int *a, mp_digit *d);
 int  mp_add_d (mp_int* a, mp_digit b, mp_int* c);
+int mp_set_int (mp_int * a, unsigned long b);
 /* end support added functions */
 
 /* added */
@@ -309,7 +310,6 @@ int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
 
 #ifdef CYASSL_KEY_GEN
     int mp_prime_is_prime (mp_int * a, int t, int *result);
-    int mp_set_int (mp_int * a, unsigned long b);
     int mp_gcd (mp_int * a, mp_int * b, mp_int * c);
     int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
 #endif

cyassl/ctaocrypt/tfm.h

@@ -650,6 +650,7 @@ int  mp_copy(fp_int* a, fp_int* b);
 int  mp_isodd(mp_int* a);
 int  mp_iszero(mp_int* a);
 int  mp_count_bits(mp_int *a);
+int  mp_set_int(fp_int *a, fp_digit b);
 
 #ifdef HAVE_ECC
     int mp_read_radix(mp_int* a, const char* str, int radix);
@@ -667,7 +668,6 @@ int  mp_count_bits(mp_int *a);
 #endif
 
 #ifdef CYASSL_KEY_GEN
-int  mp_set_int(fp_int *a, fp_digit b);
 int  mp_gcd(fp_int *a, fp_int *b, fp_int *c);
 int  mp_lcm(fp_int *a, fp_int *b, fp_int *c);
 int  mp_prime_is_prime(mp_int* a, int t, int* result);

cyassl/ctaocrypt/types.h

@@ -201,7 +201,8 @@ enum {
     DYNAMIC_TYPE_CTX        = 18,
     DYNAMIC_TYPE_WRITEV     = 19,
     DYNAMIC_TYPE_OPENSSL    = 20,
-    DYNAMIC_TYPE_CERT_MANAGER = 21 
+    DYNAMIC_TYPE_DSA        = 21,
+    DYNAMIC_TYPE_CERT_MANAGER = 22
 };
 
 /* stack protection */

cyassl/openssl/dh.h

@@ -21,6 +21,9 @@ typedef struct CYASSL_DH {
 	CYASSL_BIGNUM* g;
     CYASSL_BIGNUM* pub_key;      /* openssh deference g^x */
     CYASSL_BIGNUM* priv_key;     /* openssh deference x   */
+    void*          internal;     /* our DH */
+    char           inSet;        /* internal set from external ? */
+    char           exSet;        /* external set from internal ? */
 } CYASSL_DH;
 
 

cyassl/openssl/dsa.h

@@ -19,8 +19,11 @@ struct CYASSL_DSA {
 	CYASSL_BIGNUM* p;
 	CYASSL_BIGNUM* q;
 	CYASSL_BIGNUM* g;
-	CYASSL_BIGNUM* pub_key;
+	CYASSL_BIGNUM* pub_key;      /* our y */
-	CYASSL_BIGNUM* priv_key;
+	CYASSL_BIGNUM* priv_key;     /* our x */
+    void*          internal;     /* our Dsa Key */
+    char           inSet;        /* internal set from external ? */
+    char           exSet;        /* external set from internal ? */
 };
 
 
@@ -32,6 +35,8 @@ CYASSL_API int CyaSSL_DSA_generate_parameters_ex(CYASSL_DSA*, int bits,
                    unsigned char* seed, int seedLen, int* counterRet,
                    unsigned long* hRet, void* cb);
 
+CYASSL_API int CyaSSL_DSA_LoadDer(CYASSL_DSA*, const unsigned char*, int sz);
+
 #define DSA_new CyaSSL_DSA_new
 #define DSA_free CyaSSL_DSA_free
 

cyassl/openssl/evp.h

@@ -88,8 +88,8 @@ typedef union {
 
 
 typedef struct CYASSL_EVP_MD_CTX {
-    CYASSL_Hasher hash;
     unsigned char macType;
+    CYASSL_Hasher hash;
 } CYASSL_EVP_MD_CTX;
 
 
@@ -120,11 +120,11 @@ enum {
 
 
 typedef struct CYASSL_EVP_CIPHER_CTX {
-    CYASSL_Cipher  cipher;
     int            keyLen;         /* user may set for variable */
-    unsigned char* iv;             /* working iv pointer into cipher */
     unsigned char  enc;            /* if encrypt side, then true */
     unsigned char  cipherType;
+    unsigned char  iv[64];         /* working iv pointer into cipher */
+    CYASSL_Cipher  cipher;
 } CYASSL_EVP_CIPHER_CTX;
 
 
@@ -171,11 +171,15 @@ CYASSL_API CYASSL_DSA* CyaSSL_EVP_PKEY_get1_DSA(CYASSL_EVP_PKEY*);
 CYASSL_API void* CyaSSL_EVP_X_STATE(const CYASSL_EVP_CIPHER_CTX* ctx);
 CYASSL_API int   CyaSSL_EVP_X_STATE_LEN(const CYASSL_EVP_CIPHER_CTX* ctx);
 
-CYASSL_API int   CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
+CYASSL_API void  CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
                                 unsigned char* iv, int len);
-CYASSL_API int   CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
+CYASSL_API void  CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
                                 unsigned char* iv, int len);
 
+CYASSL_API int  CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx);
+CYASSL_API int  CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx);
+
+
 /* end OpenSSH compat */
 
 typedef CYASSL_EVP_MD         EVP_MD;

cyassl/openssl/hmac.h

@@ -35,6 +35,7 @@
 #endif
 
 #include <cyassl/openssl/evp.h>
+#include <cyassl/ctaocrypt/hmac.h>
 
 #ifdef __cplusplus
     extern "C" {
@@ -48,7 +49,8 @@ CYASSL_API unsigned char* CyaSSL_HMAC(const CYASSL_EVP_MD* evp_md,
 
 
 typedef struct CYASSL_HMAC_CTX {
-    int stuff;    
+    Hmac hmac;
+    int  type;
 } CYASSL_HMAC_CTX;
 
 

cyassl/openssl/rsa.h

@@ -51,6 +51,7 @@ CYASSL_API int CyaSSL_RSA_sign(int type, const unsigned char* m,
 CYASSL_API int CyaSSL_RSA_public_decrypt(int flen, unsigned char* from,
                                   unsigned char* to, CYASSL_RSA*, int padding);
 CYASSL_API int CyaSSL_RSA_GenAdd(CYASSL_RSA*);
+CYASSL_API int CyaSSL_RSA_LoadDer(CYASSL_RSA*, const unsigned char*, int sz);
 
 
 #define RSA_new  CyaSSL_RSA_new

cyassl/ssl.h

@@ -772,6 +772,9 @@ enum {
     CYASSL_CHAIN_CA = 2           /* added to cache from trusted chain */
 };
 
+CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
+                                  int, const char*);
+
 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
 
 CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);