feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' into ti

Browse Source
This commit is contained in:
toddouska
2014-07-02 16:31:55 -07:00
parent 0950b19da8 b7baf024ab
commit 6817e3cd2e
7 changed files with 138 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
certs/test/expired-ca.pem Normal file
View File

@@ -0,0 +1,56 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8a:37:22:65:73:f5:aa:e8
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jun 30 18:47:10 2010 GMT
Not After : Mar 26 18:47:10 2013 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
aa:56:23:03:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
X509v3 Authority Key Identifier:
keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
serial:8A:37:22:65:73:F5:AA:E8
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
f4:b0:34:6d:d1:d5:a4:64:24:f8
-----BEGIN CERTIFICATE-----
MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
u07s6lX6pOMAYfSwNG3R1aRkJPg=
-----END CERTIFICATE-----

39
certs/test/expired-cert.pem Normal file
View File

@@ -0,0 +1,39 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jun 30 18:52:17 2010 GMT
Not After : Mar 26 18:52:17 2013 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
7e:16:77:e2:a7
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
9b:0b:e0:74:58:11:c5:01:7b:4d
-----BEGIN CERTIFICATE-----
MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
4HRYEcUBe00=
-----END CERTIFICATE-----

9
certs/test/expired-key.pem Normal file
View File

@@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
-----END RSA PRIVATE KEY-----

8
ctaocrypt/src/des3.c
View File

@@ -787,9 +787,9 @@ int Des3_SetIV(Des3* des, const byte* iv);
bd_p->BD_CTRL.LAST_BD = 1; bd_p->BD_CTRL.LAST_BD = 1;
bd_p->BD_CTRL.DESC_EN = 1; bd_p->BD_CTRL.DESC_EN = 1;
bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; // (unsigned int)sa_p ; bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; /* (unsigned int)sa_p; */
bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; // (unsigned int)in_p ; bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; /* (unsigned int)in_p; */
bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); // (unsigned int)out_p ; bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); /* (unsigned int)out_p; */
bd_p->NXTPTR = (unsigned int)KVA_TO_PA(&bd); bd_p->NXTPTR = (unsigned int)KVA_TO_PA(&bd);
bd_p->MSGLEN = sz ; bd_p->MSGLEN = sz ;
@@ -798,7 +798,7 @@ int Des3_SetIV(Des3* des, const byte* iv);
while (CECON); while (CECON);
/* Run the engine */ /* Run the engine */
CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; // (unsigned int)bd_p ; CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; /* (unsigned int)bd_p ; */
CEINTEN = 0x07; CEINTEN = 0x07;
CECON = 0x27; CECON = 0x27;

20
cyassl/test.h
View File

@@ -9,6 +9,7 @@
#include <ctype.h> #include <ctype.h>
#include <cyassl/ssl.h> #include <cyassl/ssl.h>
#include <cyassl/ctaocrypt/types.h> #include <cyassl/ctaocrypt/types.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#ifdef ATOMIC_USER #ifdef ATOMIC_USER
#include <cyassl/ctaocrypt/aes.h> #include <cyassl/ctaocrypt/aes.h>
@@ -926,6 +927,25 @@ static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
#endif /* VERIFY_CALLBACK */ #endif /* VERIFY_CALLBACK */
static INLINE int myDateCb(int preverify, CYASSL_X509_STORE_CTX* store)
{
(void)preverify;
char buffer[CYASSL_MAX_ERROR_SZ];
printf("In verification callback, error = %d, %s\n", store->error,
CyaSSL_ERR_error_string(store->error, buffer));
printf("Subject's domain name is %s\n", store->domain);
if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
printf("Overriding cert date error as example for bad clock testing\n");
return 1;
}
printf("Cert error is not date error, not overriding\n");
return 0;
}
#ifdef HAVE_CRL #ifdef HAVE_CRL
static INLINE void CRL_CallBack(const char* url) static INLINE void CRL_CallBack(const char* url)

10
examples/client/client.c
View File

@@ -128,6 +128,7 @@ static void Usage(void)
printf("-s Use pre Shared keys\n"); printf("-s Use pre Shared keys\n");
printf("-t Track CyaSSL memory use\n"); printf("-t Track CyaSSL memory use\n");
printf("-d Disable peer checks\n"); printf("-d Disable peer checks\n");
printf("-D Override Date Errors example\n");
printf("-g Send server HTTP GET\n"); printf("-g Send server HTTP GET\n");
printf("-u Use UDP DTLS," printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n"); " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
@@ -197,6 +198,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
int fewerPackets = 0; int fewerPackets = 0;
int atomicUser = 0; int atomicUser = 0;
int pkCallbacks = 0; int pkCallbacks = 0;
int overrideDateErrors = 0;
char* cipherList = NULL; char* cipherList = NULL;
const char* verifyCert = caCert; const char* verifyCert = caCert;
const char* ourCert = cliCert; const char* ourCert = cliCert;
@@ -238,7 +240,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
StackTrap(); StackTrap();
while ((ch = mygetopt(argc, argv, while ((ch = mygetopt(argc, argv,
"?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) { "?gdDusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
switch (ch) { switch (ch) {
case '?' : case '?' :
Usage(); Usage();
@@ -252,6 +254,10 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
doPeerCheck = 0; doPeerCheck = 0;
break; break;
case 'D' :
overrideDateErrors = 1;
break;
case 'u' : case 'u' :
doDTLS = 1; doDTLS = 1;
break; break;
@@ -545,6 +551,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
#if !defined(NO_CERTS) #if !defined(NO_CERTS)
if (!usePsk && doPeerCheck == 0) if (!usePsk && doPeerCheck == 0)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
if (!usePsk && overrideDateErrors == 1)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
#endif #endif
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM

2
src/ssl.c
View File

@@ -8962,7 +8962,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
NULL, DYNAMIC_TYPE_CERT); NULL, DYNAMIC_TYPE_CERT);
if (derCert.buffer != NULL) { if (derCert.buffer != NULL) {
derCert.length = x509->derCert.length; derCert.length = x509->derCert.length;
// AddCA() frees the buffer. /* AddCA() frees the buffer. */
XMEMCPY(derCert.buffer, XMEMCPY(derCert.buffer,
x509->derCert.buffer, x509->derCert.length); x509->derCert.buffer, x509->derCert.length);
result = AddCA(store->cm, derCert, CYASSL_USER_CA, 1); result = AddCA(store->cm, derCert, CYASSL_USER_CA, 1);