feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
John Safranek
2012-07-31 10:11:21 -07:00
parent e716380bad 45dde2da89
commit 368afbb815
15 changed files with 493 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
configure.ac
View File

@ -341,6 +341,26 @@ fi
AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
# MD2
AC_ARG_ENABLE(md2,
[ --enable-md2 Enable CyaSSL MD2 support (default: disabled)],
[ ENABLED_MD2=$enableval ],
[ ENABLED_MD2=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_MD2="yes"
fi
if test "$ENABLED_MD2" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCYASSL_MD2"
fi
AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
# RIPEMD
AC_ARG_ENABLE(ripemd,
[ --enable-ripemd Enable CyaSSL RIPEMD-160 support (default: disabled)],

20
ctaocrypt/src/asn.c
View File

@ -32,6 +32,7 @@
#include <cyassl/ctaocrypt/coding.h>
#include <cyassl/ctaocrypt/sha.h>
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/md2.h>
#include <cyassl/ctaocrypt/error.h>
#include <cyassl/ctaocrypt/pwdbased.h>
#include <cyassl/ctaocrypt/des3.h>
@ -1058,6 +1059,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->signature = 0;
cert->subjectCN = 0;
cert->subjectCNLen = 0;
cert->subjectCNStored = 0;
cert->issuer[0] = '\0';
cert->subject[0] = '\0';
cert->source = source; /* don't own */
@ -1099,7 +1101,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
void FreeDecodedCert(DecodedCert* cert)
{
if (cert->subjectCNLen == 0) /* 0 means no longer pointer to raw, we own */
if (cert->subjectCNStored == 1)
XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
if (cert->pubKeyStored == 1)
XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@ -1362,10 +1364,6 @@ static int GetName(DecodedCert* cert, int nameType)
cert->maxIdx) < 0)
return ASN_PARSE_E;
if (strLen == 0) {
CYASSL_MSG("Zero length name");
return ASN_PARSE_E;
}
if (strLen > (int)(ASN_NAME_MAX - idx))
return ASN_PARSE_E;
@ -1950,6 +1948,16 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
typeH = MD5h;
digestSz = MD5_DIGEST_SIZE;
}
#ifdef CYASSL_MD2
else if (sigOID == CTC_MD2wRSA) {
Md2 md2;
InitMd2(&md2);
Md2Update(&md2, buf, bufSz);
Md2Final(&md2, digest);
typeH = MD2h;
digestSz = MD2_DIGEST_SIZE;
}
#endif
else if (sigOID == CTC_SHAwRSA ||
sigOID == CTC_SHAwDSA ||
sigOID == CTC_SHAwECDSA) {
@ -2331,7 +2339,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
XMEMCPY(ptr, cert->subjectCN, cert->subjectCNLen);
ptr[cert->subjectCNLen] = '\0';
cert->subjectCN = ptr;
cert->subjectCNLen = 0;
cert->subjectCNStored = 1;
}
if (cert->keyOID == RSAk && cert->pubKeySize > 0) {

129
ctaocrypt/src/md2.c Normal file
View File

@ -0,0 +1,129 @@
/* md2.c
*
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef CYASSL_MD2
#include <cyassl/ctaocrypt/md2.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
#else
#include <ctaocrypt/src/misc.c>
#endif
void InitMd2(Md2* md2)
{
XMEMSET(md2->X, 0, MD2_X_SIZE);
XMEMSET(md2->C, 0, MD2_BLOCK_SIZE);
XMEMSET(md2->buffer, 0, MD2_BLOCK_SIZE);
md2->count = 0;
}
void Md2Update(Md2* md2, const byte* data, word32 len)
{
static const byte S[256] =
{
41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
31, 26, 219, 153, 141, 51, 159, 17, 131, 20
};
while (len) {
word32 L = (MD2_PAD_SIZE - md2->count) < len ?
(MD2_PAD_SIZE - md2->count) : len;
XMEMCPY(md2->buffer + md2->count, data, L);
md2->count += L;
data += L;
len -= L;
if (md2->count == MD2_PAD_SIZE) {
int i;
byte t;
md2->count = 0;
XMEMCPY(md2->X + MD2_PAD_SIZE, md2->buffer, MD2_PAD_SIZE);
t = md2->C[15];
for(i = 0; i < MD2_PAD_SIZE; i++) {
md2->X[32 + i] = md2->X[MD2_PAD_SIZE + i] ^ md2->X[i];
t = md2->C[i] ^= S[md2->buffer[i] ^ t];
}
t=0;
for(i = 0; i < 18; i++) {
int j;
for(j = 0; j < MD2_X_SIZE; j += 8) {
t = md2->X[j+0] ^= S[t];
t = md2->X[j+1] ^= S[t];
t = md2->X[j+2] ^= S[t];
t = md2->X[j+3] ^= S[t];
t = md2->X[j+4] ^= S[t];
t = md2->X[j+5] ^= S[t];
t = md2->X[j+6] ^= S[t];
t = md2->X[j+7] ^= S[t];
}
t = (t + i) & 0xFF;
}
}
}
}
void Md2Final(Md2* md2, byte* hash)
{
byte padding[MD2_BLOCK_SIZE];
word32 padLen = MD2_PAD_SIZE - md2->count;
word32 i;
for (i = 0; i < padLen; i++)
padding[i] = (byte)padLen;
Md2Update(md2, padding, padLen);
Md2Update(md2, md2->C, MD2_BLOCK_SIZE);
XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE);
InitMd2(md2);
}
#endif /* CYASSL_MD2 */

86
ctaocrypt/test/test.c
View File

@ -32,6 +32,7 @@
#else
#include <cyassl/ctaocrypt/asn_public.h>
#endif
#include <cyassl/ctaocrypt/md2.h>
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/md4.h>
#include <cyassl/ctaocrypt/sha.h>
@ -86,6 +87,7 @@ typedef struct testVector {
size_t outLen;
} testVector;
int md2_test();
int md5_test();
int md4_test();
int sha_test();
@ -149,6 +151,13 @@ void ctaocrypt_test(void* args)
else
printf( "MD5 test passed!\n");
#ifdef CYASSL_MD2
if ( (ret = md2_test()) )
err_sys("MD2 test failed!\n", ret);
else
printf( "MD2 test passed!\n");
#endif
#ifndef NO_MD4
if ( (ret = md4_test()) )
err_sys("MD4 test failed!\n", ret);
@ -309,6 +318,83 @@ void ctaocrypt_test(void* args)
#endif /* NO_MAIN_DRIVER */
#ifdef CYASSL_MD2
int md2_test()
{
Md2 md2;
byte hash[MD2_DIGEST_SIZE];
testVector a, b, c, d, e, f, g;
testVector test_md2[7];
int times = sizeof(test_md2) / sizeof(testVector), i;
a.input = "";
a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
"\x27\x73";
a.inLen = strlen(a.input);
a.outLen = strlen(a.output);
b.input = "a";
b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
"\xb5\xd1";
b.inLen = strlen(b.input);
b.outLen = strlen(b.output);
c.input = "abc";
c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
"\xd6\xbb";
c.inLen = strlen(c.input);
c.outLen = strlen(c.output);
d.input = "message digest";
d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
"\x06\xb0";
d.inLen = strlen(d.input);
d.outLen = strlen(d.output);
e.input = "abcdefghijklmnopqrstuvwxyz";
e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
"\x94\x0b";
e.inLen = strlen(e.input);
e.outLen = strlen(e.output);
f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
"6789";
f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
"\x38\xcd";
f.inLen = strlen(f.input);
f.outLen = strlen(f.output);
g.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890";
g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
"\xef\xd8";
g.inLen = strlen(g.input);
g.outLen = strlen(g.output);
test_md2[0] = a;
test_md2[1] = b;
test_md2[2] = c;
test_md2[3] = d;
test_md2[4] = e;
test_md2[5] = f;
test_md2[6] = g;
InitMd2(&md2);
for (i = 0; i < times; ++i) {
Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
Md2Final(&md2, hash);
if (memcmp(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
return -155 - i;
}
return 0;
}
#endif
int md5_test()
{
Md5 md5;

1
cyassl/ctaocrypt/asn.h
View File

@ -221,6 +221,7 @@ struct DecodedCert {
byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */
int subjectCNLen;
int subjectCNStored; /* have we saved a copy we own */
char issuer[ASN_NAME_MAX]; /* full name including common name */
char subject[ASN_NAME_MAX]; /* full name including common name */
int verify; /* Default to yes, but could be off */

1
cyassl/ctaocrypt/include.am
View File

@ -15,6 +15,7 @@ nobase_include_HEADERS+= \
cyassl/ctaocrypt/hc128.h \
cyassl/ctaocrypt/hmac.h \
cyassl/ctaocrypt/integer.h \
cyassl/ctaocrypt/md2.h \
cyassl/ctaocrypt/md4.h \
cyassl/ctaocrypt/md5.h \
cyassl/ctaocrypt/misc.h \

64
cyassl/ctaocrypt/md2.h Normal file
View File

@ -0,0 +1,64 @@
/* md2.h
*
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef CYASSL_MD2
#ifndef CTAO_CRYPT_MD2_H
#define CTAO_CRYPT_MD2_H
#include <cyassl/ctaocrypt/types.h>
#ifdef __cplusplus
extern "C" {
#endif
/* in bytes */
enum {
MD2 = 6, /* hash type unique */
MD2_BLOCK_SIZE = 16,
MD2_DIGEST_SIZE = 16,
MD2_PAD_SIZE = 16,
MD2_X_SIZE = 48
};
/* Md2 digest */
typedef struct Md2 {
word32 count; /* bytes % PAD_SIZE */
byte X[MD2_X_SIZE];
byte C[MD2_BLOCK_SIZE];
byte buffer[MD2_BLOCK_SIZE];
} Md2;
CYASSL_API void InitMd2(Md2*);
CYASSL_API void Md2Update(Md2*, const byte*, word32);
CYASSL_API void Md2Final(Md2*, byte*);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* CTAO_CRYPT_MD2_H */
#endif /* CYASSL_MD2 */

1
cyassl/error.h
View File

@ -100,6 +100,7 @@ enum CyaSSL_ErrorCodes {
OCSP_NEED_URL = -265, /* OCSP need an URL for lookup */
OCSP_CERT_UNKNOWN = -266, /* OCSP responder doesn't know */
OCSP_LOOKUP_FAIL = -267, /* OCSP lookup not successful */
MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */
/* add strings to SetErrorString !!!!! */
/* begin negotiation parameter errors */

2
cyassl/internal.h
View File

@ -446,7 +446,7 @@ enum Misc {
MAX_EX_DATA = 3, /* allow for three items of ex_data */
MAX_CHAIN_DEPTH = 9, /* max cert chain peer depth, FORTRESS option */
#else
MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */
MAX_CHAIN_DEPTH = 6, /* max cert chain peer depth */
#endif
MAX_X509_SIZE = 2048, /* max static x509 buffer size */
CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */

18
cyassl/test.h
View File

@ -96,6 +96,8 @@
#endif
#define SERVER_DEFAULT_VERSION 3
/* all certs relative to CyaSSL home directory now */
static const char* caCert = "./certs/ca-cert.pem";
static const char* eccCert = "./certs/server-ecc.pem";
@ -298,17 +300,16 @@ static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
}
static INLINE void tcp_listen(SOCKET_T* sockfd)
static INLINE void tcp_listen(SOCKET_T* sockfd, int port, int useAnyAddr)
{
SOCKADDR_IN_T addr;
/* don't use INADDR_ANY by default, firewall may block, make user switch
on */
#ifdef USE_ANY_ADDR
tcp_socket(sockfd, &addr, INADDR_ANY, yasslPort);
#else
tcp_socket(sockfd, &addr, yasslIP, yasslPort);
#endif
if (useAnyAddr)
tcp_socket(sockfd, &addr, INADDR_ANY, port);
else
tcp_socket(sockfd, &addr, yasslIP, port);
#ifndef USE_WINDOWS_API
{
@ -379,7 +380,8 @@ static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
*clientfd = udp_read_connect(*sockfd);
}
static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args,
int port, int useAnyAddr)
{
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
@ -389,7 +391,7 @@ static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
return;
#endif
tcp_listen(sockfd);
tcp_listen(sockfd, port, useAnyAddr);
#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER)
/* signal ready to tcp_accept */

5
examples/echoserver/echoserver.c
View File

@ -58,6 +58,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
int outCreated = 0;
int shutdown = 0;
int useAnyAddr = 0;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
@ -72,7 +73,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
((func_args*)args)->return_code = -1; /* error state */
tcp_listen(&sockfd);
tcp_listen(&sockfd, yasslPort, useAnyAddr);
#if defined(CYASSL_DTLS)
method = CyaDTLSv1_server_method();
@ -236,7 +237,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_free(ssl);
CloseSocket(clientfd);
#ifdef CYASSL_DTLS
tcp_listen(&sockfd);
tcp_listen(&sockfd, yasslPort, useAnyAddr);
SignalReady(args);
#endif
}

220
examples/server/server.c
View File

@ -25,6 +25,7 @@
#include <cyassl/openssl/ssl.h>
#include <cyassl/test.h>
#include <sysexits.h>
#ifdef CYASSL_CALLBACKS
@ -63,6 +64,24 @@
#endif
static void Usage(void)
{
printf("server " VERSION " NOTE: All files relative to CyaSSL home dir"
"\n");
printf("-? Help, print this usage\n");
printf("-p <num> Port to listen on, default %d\n", yasslPort);
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
SERVER_DEFAULT_VERSION);
printf("-l <str> Cipher list\n");
printf("-c <file> Certificate file, default %s\n", svrCert);
printf("-k <file> Key file, default %s\n", svrKey);
printf("-A <file> Certificate Authority file, default %s\n", cliCert);
printf("-d Disable client cert check\n");
printf("-b Bind to any interface instead of localhost only\n");
printf("-s Use pre Shared keys\n");
}
THREAD_RETURN CYASSL_THREAD server_test(void* args)
{
SOCKET_T sockfd = 0;
@ -72,93 +91,160 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SSL_CTX* ctx = 0;
SSL* ssl = 0;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
int ch;
int version = SERVER_DEFAULT_VERSION;
int doCliCertCheck = 1;
int useAnyAddr = 0;
int port = yasslPort;
int usePsk = 0;
char* cipherList = NULL;
char* verifyCert = (char*)cliCert;
char* ourCert = (char*)svrCert;
char* ourKey = (char*)svrKey;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
#if defined(CYASSL_DTLS)
method = DTLSv1_server_method();
#elif !defined(NO_TLS)
method = SSLv23_server_method();
#else
method = SSLv3_server_method();
#endif
ctx = SSL_CTX_new(method);
while ((ch = getopt(argc, argv, "?dbsp:v:l:A:c:k:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'd' :
doCliCertCheck = 0;
break;
case 'b' :
useAnyAddr = 1;
break;
case 's' :
usePsk = 1;
break;
case 'p' :
port = atoi(optarg);
break;
case 'v' :
version = atoi(optarg);
if (version < 0 || version > 3) {
Usage();
exit(EX_USAGE);
}
break;
case 'l' :
cipherList = optarg;
break;
case 'A' :
verifyCert = optarg;
break;
case 'c' :
ourCert = optarg;
break;
case 'k' :
ourKey = optarg;
break;
default:
Usage();
exit(EX_USAGE);
}
}
argc -= optind;
argv += optind;
switch (version) {
case 0:
method = SSLv3_server_method();
break;
case 1:
method = TLSv1_server_method();
break;
case 2:
method = TLSv1_1_server_method();
break;
case 3:
method = TLSv1_2_server_method();
break;
default:
err_sys("Bad SSL version");
}
if (method == NULL)
err_sys("unable to get method");
ctx = SSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("can't set cipher list");
if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
" CyaSSL home dir");
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
" CyaSSL home dir");
#ifndef NO_PSK
/* do PSK */
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
SSL_CTX_set_cipher_list(ctx, "PSK-AES256-CBC-SHA");
#else
/* not using PSK, verify peer with certs */
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
if (usePsk) {
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
if (cipherList == NULL)
if (SSL_CTX_set_cipher_list(ctx,"PSK-AES256-CBC-SHA") !=SSL_SUCCESS)
err_sys("can't set cipher list");
}
#endif
/* if not using PSK, verify peer with certs */
if (doCliCertCheck && usePsk == 0) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#ifdef OPENSSL_EXTRA
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#ifndef NO_FILESYSTEM
/* for client auth */
if (SSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#ifdef HAVE_ECC
if (SSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server ecc cert file, "
"Please run from CyaSSL home dir");
if (SSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server ecc key file, "
"Please run from CyaSSL home dir");
/* for client auth */
if (SSL_CTX_load_verify_locations(ctx, cliEccCert, 0) != SSL_SUCCESS)
err_sys("can't load ecc ca file, Please run from CyaSSL home dir");
#elif HAVE_NTRU
if (SSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load ntru cert file, "
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from CyaSSL home dir");
#else /* normal */
if (SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert chain file, "
"Please run from CyaSSL home dir");
if (SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from CyaSSL home dir");
#endif /* NTRU */
#else
load_buffer(ctx, cliCert, CYASSL_CA);
load_buffer(ctx, svrCert, CYASSL_CERT);
load_buffer(ctx, svrKey, CYASSL_KEY);
#endif /* NO_FILESYSTEM */
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
SSL_CTX_set_cipher_list(ctx, "AES256-SHA");
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
err_sys("can't set cipher list");
#endif
ssl = SSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL");
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
CYASSL_CRL_START_MON);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
#endif
tcp_accept(&sockfd, &clientfd, (func_args*)args);
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr);
#ifndef CYASSL_DTLS
CloseSocket(sockfd);
#endif

4
src/include.am
View File

@ -36,6 +36,10 @@ if BUILD_AESNI
src_libcyassl_la_SOURCES += ctaocrypt/src/aes_asm.s
endif
if BUILD_MD2
src_libcyassl_la_SOURCES += ctaocrypt/src/md2.c
endif
if BUILD_RIPEMD
src_libcyassl_la_SOURCES += ctaocrypt/src/ripemd.c
endif

6
src/internal.c
View File

@ -1686,7 +1686,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
word32 certSz;
if (totalCerts >= MAX_CHAIN_DEPTH)
return BUFFER_E;
return MAX_CHAIN_ERROR;
c24to32(&input[i], &certSz);
i += CERT_HEADER_SZ;
@ -3747,6 +3747,10 @@ void SetErrorString(int error, char* str)
XSTRNCPY(str, "OCSP Responder lookup fail", max);
break;
case MAX_CHAIN_ERROR:
XSTRNCPY(str, "Maximum Chain Depth Exceeded", max);
break;
default :
XSTRNCPY(str, "unknown error number", max);
}

2
tests/api.c
View File

@ -603,7 +603,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
return 0;
}
ssl = CyaSSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args);
tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0);
#ifndef CYASSL_DTLS
CloseSocket(sockfd);
#endif