feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' into ti

Browse Source
This commit is contained in:
toddouska
2014-07-03 11:34:15 -07:00
parent cc74206f9c 2d63c559cc
commit 61e989ed99
9 changed files with 144 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
configure.ac
View File

@@ -772,9 +772,9 @@ AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"])
# DH # DH
AC_ARG_ENABLE([dh], AC_ARG_ENABLE([dh],
[ --enable-dh Enable DH (default: enabled)], [ --enable-dh Enable DH (default: disabled)],
[ ENABLED_DH=$enableval ], [ ENABLED_DH=$enableval ],
[ ENABLED_DH=yes ] [ ENABLED_DH=no ]
) )
if test "$ENABLED_DH" = "no" if test "$ENABLED_DH" = "no"

3
ctaocrypt/src/asn.c
View File

@@ -1178,8 +1178,6 @@ int DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz)
} }
#ifdef OPENSSL_EXTRA
int DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz, int DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz,
byte* g, word32* gInOutSz) byte* g, word32* gInOutSz)
{ {
@@ -1228,7 +1226,6 @@ int DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz,
return 0; return 0;
} }
#endif /* OPENSSL_EXTRA */
#endif /* NO_DH */ #endif /* NO_DH */

7
cyassl/internal.h
View File

@@ -215,7 +215,7 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
#endif #endif
#if !defined(NO_DH) && defined(OPENSSL_EXTRA) #if !defined(NO_DH)
#if !defined(NO_SHA) #if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
@@ -292,7 +292,7 @@ void c32to24(word32 in, word24 out);
#endif #endif
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA) && defined(OPENSSL_EXTRA) !defined(NO_RSA)
#if !defined(NO_SHA) #if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
@@ -310,8 +310,7 @@ void c32to24(word32 in, word24 out);
#endif #endif
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \ #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
defined(OPENSSL_EXTRA)
#ifndef NO_SHA256 #ifndef NO_SHA256
#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
#ifdef HAVE_NULL_CIPHER #ifdef HAVE_NULL_CIPHER

3
cyassl/test.h
View File

@@ -964,6 +964,7 @@ static INLINE void CaCb(unsigned char* der, int sz, int type)
} }
#ifndef NO_DH
static INLINE void SetDH(CYASSL* ssl) static INLINE void SetDH(CYASSL* ssl)
{ {
/* dh1024 p */ /* dh1024 p */
@@ -1017,7 +1018,7 @@ static INLINE void SetDHCtx(CYASSL_CTX* ctx)
CyaSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g)); CyaSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
} }
#endif /* NO_DH */
#endif /* !NO_CERTS */ #endif /* !NO_CERTS */
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM

4
examples/echoserver/echoserver.c
View File

@@ -233,9 +233,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
ssl = CyaSSL_new(ctx); ssl = CyaSSL_new(ctx);
if (ssl == NULL) err_sys("SSL_new failed"); if (ssl == NULL) err_sys("SSL_new failed");
CyaSSL_set_fd(ssl, clientfd); CyaSSL_set_fd(ssl, clientfd);
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_CERTS) #elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher than PSK */ SetDH(ssl); /* will repick suites with DHE, higher than PSK */
#endif #endif
if (CyaSSL_accept(ssl) != SSL_SUCCESS) { if (CyaSSL_accept(ssl) != SSL_SUCCESS) {

4
examples/server/server.c
View File

@@ -485,9 +485,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SSL_set_fd(ssl, clientfd); SSL_set_fd(ssl, clientfd);
if (usePsk == 0 || cipherList != NULL) { if (usePsk == 0 || cipherList != NULL) {
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_CERTS) #elif !defined(NO_DH)
SetDH(ssl); /* repick suites with DHE, higher priority than PSK */ SetDH(ssl); /* repick suites with DHE, higher priority than PSK */
#endif #endif
} }

42
src/internal.c
View File

@@ -58,10 +58,6 @@
#endif #endif
#if defined(OPENSSL_EXTRA) && defined(NO_DH)
#error OPENSSL_EXTRA needs DH, please remove NO_DH
#endif
#if defined(CYASSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS) #if defined(CYASSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS)
#error \ #error \
CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
@@ -8587,7 +8583,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
return 0; return 0;
} }
#endif #endif
#ifdef OPENSSL_EXTRA #ifndef NO_DH
if (ssl->specs.kea == diffie_hellman_kea) if (ssl->specs.kea == diffie_hellman_kea)
{ {
/* p */ /* p */
@@ -8653,7 +8649,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length);
*inOutIdx += length; *inOutIdx += length;
} /* dh_kea */ } /* dh_kea */
#endif /* OPENSSL_EXTRA */ #endif /* NO_DH */
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (ssl->specs.kea == ecc_diffie_hellman_kea) if (ssl->specs.kea == ecc_diffie_hellman_kea)
@@ -8688,7 +8684,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#if defined(OPENSSL_EXTRA) && !defined(NO_PSK) #if !defined(NO_DH) && !defined(NO_PSK)
if (ssl->specs.kea == dhe_psk_kea) { if (ssl->specs.kea == dhe_psk_kea) {
if ((*inOutIdx - begin) + OPAQUE16_LEN > size) if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
return BUFFER_ERROR; return BUFFER_ERROR;
@@ -8768,9 +8764,9 @@ static void PickHashSigAlgo(CYASSL* ssl,
XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length);
*inOutIdx += length; *inOutIdx += length;
} }
#endif /* OPENSSL_EXTRA || !NO_PSK */ #endif /* !NO_DH || !NO_PSK */
#if defined(OPENSSL_EXTRA) || defined(HAVE_ECC) #if !defined(NO_DH) || defined(HAVE_ECC)
if (ssl->specs.kea == ecc_diffie_hellman_kea || if (ssl->specs.kea == ecc_diffie_hellman_kea ||
ssl->specs.kea == diffie_hellman_kea) ssl->specs.kea == diffie_hellman_kea)
{ {
@@ -9017,9 +9013,9 @@ static void PickHashSigAlgo(CYASSL* ssl,
ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
} }
return 0; return 0;
#else /* HAVE_OPENSSL or HAVE_ECC */ #else /* !NO_DH or HAVE_ECC */
return NOT_COMPILED_IN; /* not supported by build */ return NOT_COMPILED_IN; /* not supported by build */
#endif /* HAVE_OPENSSL or HAVE_ECC */ #endif /* !NO_DH or HAVE_ECC */
} }
@@ -9080,7 +9076,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
break; break;
#endif #endif
#ifdef OPENSSL_EXTRA #ifndef NO_DH
case diffie_hellman_kea: case diffie_hellman_kea:
{ {
buffer serverP = ssl->buffers.serverDH_P; buffer serverP = ssl->buffers.serverDH_P;
@@ -9108,7 +9104,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
FreeDhKey(&key); FreeDhKey(&key);
} }
break; break;
#endif /* OPENSSL_EXTRA */ #endif /* NO_DH */
#ifndef NO_PSK #ifndef NO_PSK
case psk_kea: case psk_kea:
{ {
@@ -9139,7 +9135,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
break; break;
#endif /* NO_PSK */ #endif /* NO_PSK */
#if defined(OPENSSL_EXTRA) && !defined(NO_PSK) #if !defined(NO_DH) && !defined(NO_PSK)
case dhe_psk_kea: case dhe_psk_kea:
{ {
byte* pms = ssl->arrays->preMasterSecret; byte* pms = ssl->arrays->preMasterSecret;
@@ -9205,7 +9201,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
ssl->arrays->psk_keySz = 0; /* No further need */ ssl->arrays->psk_keySz = 0; /* No further need */
} }
break; break;
#endif /* OPENSSL_EXTRA && !NO_PSK */ #endif /* !NO_DH && !NO_PSK */
#ifdef HAVE_NTRU #ifdef HAVE_NTRU
case ntru_kea: case ntru_kea:
{ {
@@ -9851,7 +9847,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
#endif /*NO_PSK */ #endif /*NO_PSK */
#if defined(OPENSSL_EXTRA) && !defined(NO_PSK) #if !defined(NO_DH) && !defined(NO_PSK)
if (ssl->specs.kea == dhe_psk_kea) { if (ssl->specs.kea == dhe_psk_kea) {
byte *output; byte *output;
word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
@@ -9969,7 +9965,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
ret = SendBuffered(ssl); ret = SendBuffered(ssl);
ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
} }
#endif /* OPENSSL_EXTRA && !NO_PSK */ #endif /* !NO_DH && !NO_PSK */
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (ssl->specs.kea == ecc_diffie_hellman_kea) if (ssl->specs.kea == ecc_diffie_hellman_kea)
@@ -10313,7 +10309,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) #if !defined(NO_DH) && !defined(NO_RSA)
if (ssl->specs.kea == diffie_hellman_kea) { if (ssl->specs.kea == diffie_hellman_kea) {
byte *output; byte *output;
word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
@@ -10594,7 +10590,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
ret = SendBuffered(ssl); ret = SendBuffered(ssl);
ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
} }
#endif /* OPENSSL_EXTRA */ #endif /* NO_DH */
return ret; return ret;
} }
@@ -11709,7 +11705,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
break; break;
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifdef OPENSSL_EXTRA #ifndef NO_DH
case diffie_hellman_kea: case diffie_hellman_kea:
{ {
word16 clientPubSz; word16 clientPubSz;
@@ -11743,8 +11739,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
ret = MakeMasterSecret(ssl); ret = MakeMasterSecret(ssl);
} }
break; break;
#endif /* OPENSSL_EXTRA */ #endif /* NO_DH */
#if defined(OPENSSL_EXTRA) && !defined(NO_PSK) #if !defined(NO_DH) && !defined(NO_PSK)
case dhe_psk_kea: case dhe_psk_kea:
{ {
byte* pms = ssl->arrays->preMasterSecret; byte* pms = ssl->arrays->preMasterSecret;
@@ -11821,7 +11817,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
ssl->arrays->psk_keySz = 0; ssl->arrays->psk_keySz = 0;
} }
break; break;
#endif /* OPENSSL_EXTRA && !NO_PSK */ #endif /* !NO_DH && !NO_PSK */
default: default:
{ {
CYASSL_MSG("Bad kea type"); CYASSL_MSG("Bad kea type");

211
src/ssl.c
View File

@@ -362,8 +362,8 @@ int CyaSSL_GetObjectSize(void)
} }
#endif #endif
/* XXX should be NO_DH */
#ifndef NO_CERTS #ifndef NO_DH
/* server Diffie-Hellman parameters, SSL_SUCCESS on ok */ /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz, int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
const unsigned char* g, int gSz) const unsigned char* g, int gSz)
@@ -415,7 +415,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
CYASSL_LEAVE("CyaSSL_SetTmpDH", 0); CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
return SSL_SUCCESS; return SSL_SUCCESS;
} }
#endif /* !NO_CERTS */ #endif /* !NO_DH */
int CyaSSL_write(CYASSL* ssl, const void* data, int sz) int CyaSSL_write(CYASSL* ssl, const void* data, int sz)
@@ -3105,42 +3105,7 @@ int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file)
} }
#ifdef OPENSSL_EXTRA #ifndef NO_DH
/* put SSL type in extra for now, not very common */
int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format)
{
CYASSL_ENTER("CyaSSL_use_certificate_file");
if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format)
{
CYASSL_ENTER("CyaSSL_use_PrivateKey_file");
if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file)
{
/* procces up to MAX_CHAIN_DEPTH plus subject cert */
CYASSL_ENTER("CyaSSL_use_certificate_chain_file");
if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
/* server wrapper for ctx or ssl Diffie-Hellman parameters */ /* server wrapper for ctx or ssl Diffie-Hellman parameters */
static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl, static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
@@ -3185,6 +3150,7 @@ static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
return ret; return ret;
} }
/* server Diffie-Hellman parameters, SSL_SUCCESS on ok */ /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
int CyaSSL_SetTmpDH_buffer(CYASSL* ssl, const unsigned char* buf, long sz, int CyaSSL_SetTmpDH_buffer(CYASSL* ssl, const unsigned char* buf, long sz,
int format) int format)
@@ -3201,34 +3167,6 @@ int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX* ctx, const unsigned char* buf,
} }
#ifdef HAVE_ECC
/* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz)
{
if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
return BAD_FUNC_ARG;
ctx->eccTempKeySz = sz;
return SSL_SUCCESS;
}
/* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz)
{
if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
return BAD_FUNC_ARG;
ssl->eccTempKeySz = sz;
return SSL_SUCCESS;
}
#endif /* HAVE_ECC */
/* server Diffie-Hellman parameters */ /* server Diffie-Hellman parameters */
static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl, static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
const char* fname, int format) const char* fname, int format)
@@ -3288,6 +3226,108 @@ int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format)
} }
/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz,
const unsigned char* g, int gSz)
{
CYASSL_ENTER("CyaSSL_CTX_SetTmpDH");
if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_P.buffer == NULL)
return MEMORY_E;
ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_G.buffer == NULL) {
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
return MEMORY_E;
}
ctx->serverDH_P.length = pSz;
ctx->serverDH_G.length = gSz;
XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
ctx->haveDH = 1;
CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0);
return SSL_SUCCESS;
}
#endif /* NO_DH */
#ifdef OPENSSL_EXTRA
/* put SSL type in extra for now, not very common */
int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format)
{
CYASSL_ENTER("CyaSSL_use_certificate_file");
if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format)
{
CYASSL_ENTER("CyaSSL_use_PrivateKey_file");
if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file)
{
/* procces up to MAX_CHAIN_DEPTH plus subject cert */
CYASSL_ENTER("CyaSSL_use_certificate_chain_file");
if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
#ifdef HAVE_ECC
/* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz)
{
if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
return BAD_FUNC_ARG;
ctx->eccTempKeySz = sz;
return SSL_SUCCESS;
}
/* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz)
{
if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
return BAD_FUNC_ARG;
ssl->eccTempKeySz = sz;
return SSL_SUCCESS;
}
#endif /* HAVE_ECC */
int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file, int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file,
int format) int format)
{ {
@@ -8645,40 +8685,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
/* XXX shuld be NO_DH */
#ifndef NO_CERTS
/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz,
const unsigned char* g, int gSz)
{
CYASSL_ENTER("CyaSSL_CTX_SetTmpDH");
if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_P.buffer == NULL)
return MEMORY_E;
ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_G.buffer == NULL) {
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
return MEMORY_E;
}
ctx->serverDH_P.length = pSz;
ctx->serverDH_G.length = gSz;
XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
ctx->haveDH = 1;
CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0);
return SSL_SUCCESS;
}
#endif /* !NO_CERTS */
char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len) char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len)
@@ -10074,6 +10080,8 @@ static int initGlobalRNG = 0;
} }
#ifndef NO_DH
static void InitCyaSSL_DH(CYASSL_DH* dh) static void InitCyaSSL_DH(CYASSL_DH* dh)
{ {
if (dh) { if (dh) {
@@ -10312,6 +10320,7 @@ static int initGlobalRNG = 0;
CYASSL_MSG("CyaSSL_compute_key success"); CYASSL_MSG("CyaSSL_compute_key success");
return (int)keySz; return (int)keySz;
} }
#endif /* NO_DH */
#ifndef NO_DSA #ifndef NO_DSA

8
tests/api.c
View File

@@ -1059,9 +1059,9 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
CyaSSL_set_fd(ssl, clientfd); CyaSSL_set_fd(ssl, clientfd);
#ifdef NO_PSK #ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#else #elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif #endif
#endif #endif
@@ -1316,9 +1316,9 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
CyaSSL_set_fd(ssl, cfd); CyaSSL_set_fd(ssl, cfd);
#ifdef NO_PSK #ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#else #elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif #endif
#endif #endif