feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' of https://github.com/cyassl/cyassl into MDK5

Browse Source
This commit is contained in:
Takashi Kojo
2013-11-06 10:22:21 +09:00
parent 31891942b9 fb8c3e0c75
commit f26cf50ff2
25 changed files with 1309 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README
View File

@@ -683,8 +683,8 @@ Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream
ciphers along with their respective cipher suites. CyaSSL adds support for ciphers along with their respective cipher suites. CyaSSL adds support for
HC-128 and RABBIT stream ciphers. The new suites are: HC-128 and RABBIT stream ciphers. The new suites are:
TLS_RSA_WITH_HC_128_CBC_SHA TLS_RSA_WITH_HC_128_SHA
TLS_RSA_WITH_RABBIT_CBC_SHA TLS_RSA_WITH_RABBIT_SHA
And the corresponding cipher names are And the corresponding cipher names are

14
configure.ac
View File

@@ -6,7 +6,7 @@
# #
# #
AC_INIT([cyassl],[2.8.2],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com]) AC_INIT([cyassl],[2.8.3],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com])
AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_AUX_DIR([build-aux])
@@ -538,6 +538,18 @@ then
fi fi
# HKDF
AC_ARG_ENABLE([hkdf],
[ --enable-hkdf Enable HKDF (HMAC-KDF) support (default: disabled)],
[ ENABLED_HKDF=$enableval ],
[ ENABLED_HKDF=no ]
)
if test "$ENABLED_HKDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
fi
# DSA # DSA
AC_ARG_ENABLE([dsa], AC_ARG_ENABLE([dsa],
[ --enable-dsa Enable DSA (default: disabled)], [ --enable-dsa Enable DSA (default: disabled)],

38
ctaocrypt/benchmark/benchmark.c
View File

@@ -791,7 +791,7 @@ static const char *certDHname = "certs/dh2048.der" ;
void bench_dh(void) void bench_dh(void)
{ {
int i; int i, ret;
byte tmp[1024]; byte tmp[1024];
size_t bytes; size_t bytes;
word32 idx = 0, pubSz, privSz, pubSz2, privSz2, agreeSz; word32 idx = 0, pubSz, privSz, pubSz2, privSz2, agreeSz;
@@ -822,6 +822,11 @@ void bench_dh(void)
return; return;
} }
ret = InitRng(&rng);
if (ret < 0) {
printf("InitRNG failed\n");
return;
}
bytes = fread(tmp, 1, sizeof(tmp), file); bytes = fread(tmp, 1, sizeof(tmp), file);
#endif /* USE_CERT_BUFFERS */ #endif /* USE_CERT_BUFFERS */
@@ -914,9 +919,14 @@ void bench_eccKeyGen(void)
{ {
ecc_key genKey; ecc_key genKey;
double start, total, each, milliEach; double start, total, each, milliEach;
int i; int i, ret;
const int genTimes = 5; const int genTimes = 5;
ret = InitRng(&rng);
if (ret < 0) {
printf("InitRNG failed\n");
return;
}
/* 256 bit */ /* 256 bit */
start = current_time(1); start = current_time(1);
@@ -948,6 +958,12 @@ void bench_eccKeyAgree(void)
ecc_init(&genKey); ecc_init(&genKey);
ecc_init(&genKey2); ecc_init(&genKey2);
ret = InitRng(&rng);
if (ret < 0) {
printf("InitRNG failed\n");
return;
}
ret = ecc_make_key(&rng, 32, &genKey); ret = ecc_make_key(&rng, 32, &genKey);
if (ret != 0) { if (ret != 0) {
printf("ecc_make_key failed\n"); printf("ecc_make_key failed\n");
@@ -964,7 +980,11 @@ void bench_eccKeyAgree(void)
for(i = 0; i < agreeTimes; i++) { for(i = 0; i < agreeTimes; i++) {
x = sizeof(shared); x = sizeof(shared);
ecc_shared_secret(&genKey, &genKey2, shared, &x); ret = ecc_shared_secret(&genKey, &genKey2, shared, &x);
if (ret != 0) {
printf("ecc_shared_secret failed\n");
return;
}
} }
total = current_time(0) - start; total = current_time(0) - start;
@@ -982,7 +1002,11 @@ void bench_eccKeyAgree(void)
for(i = 0; i < agreeTimes; i++) { for(i = 0; i < agreeTimes; i++) {
x = sizeof(sig); x = sizeof(sig);
ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &genKey); ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &genKey);
if (ret != 0) {
printf("ecc_sign_hash failed\n");
return;
}
} }
total = current_time(0) - start; total = current_time(0) - start;
@@ -995,7 +1019,11 @@ void bench_eccKeyAgree(void)
for(i = 0; i < agreeTimes; i++) { for(i = 0; i < agreeTimes; i++) {
int verify = 0; int verify = 0;
ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &genKey); ret = ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &genKey);
if (ret != 0) {
printf("ecc_verify_hash failed\n");
return;
}
} }
total = current_time(0) - start; total = current_time(0) - start;

288
ctaocrypt/src/asn.c
View File

@@ -289,7 +289,11 @@ time_t pic32_time(time_t* timer)
if (timer == NULL) if (timer == NULL)
timer = &localTime; timer = &localTime;
#ifdef MICROCHIP_MPLAB_HARMONY
sec = TCPIP_SNTP_UTCSecondsGet();
#else
sec = SNTPGetUTCSeconds(); sec = SNTPGetUTCSeconds();
#endif
*timer = (time_t) sec; *timer = (time_t) sec;
return *timer; return *timer;
@@ -1250,6 +1254,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->publicKey = 0; cert->publicKey = 0;
cert->pubKeySize = 0; cert->pubKeySize = 0;
cert->pubKeyStored = 0; cert->pubKeyStored = 0;
cert->version = 0;
cert->signature = 0; cert->signature = 0;
cert->subjectCN = 0; cert->subjectCN = 0;
cert->subjectCNLen = 0; cert->subjectCNLen = 0;
@@ -1290,11 +1295,15 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->subjectOULen = 0; cert->subjectOULen = 0;
cert->subjectEmail = 0; cert->subjectEmail = 0;
cert->subjectEmailLen = 0; cert->subjectEmailLen = 0;
cert->beforeDate = 0;
cert->beforeDateLen = 0;
cert->afterDate = 0;
cert->afterDateLen = 0;
#endif /* CYASSL_CERT_GEN */ #endif /* CYASSL_CERT_GEN */
cert->beforeDate = NULL;
cert->beforeDateLen = 0;
cert->afterDate = NULL;
cert->afterDateLen = 0;
#ifdef OPENSSL_EXTRA
XMEMSET(&cert->issuerName, 0, sizeof(DecodedName));
XMEMSET(&cert->subjectName, 0, sizeof(DecodedName));
#endif /* OPENSSL_EXTRA */
#ifdef CYASSL_SEP #ifdef CYASSL_SEP
cert->deviceTypeSz = 0; cert->deviceTypeSz = 0;
cert->deviceType = NULL; cert->deviceType = NULL;
@@ -1333,12 +1342,18 @@ void FreeDecodedCert(DecodedCert* cert)
XFREE(cert->hwType, cert->heap, 0); XFREE(cert->hwType, cert->heap, 0);
XFREE(cert->hwSerialNum, cert->heap, 0); XFREE(cert->hwSerialNum, cert->heap, 0);
#endif /* CYASSL_SEP */ #endif /* CYASSL_SEP */
#ifdef OPENSSL_EXTRA
if (cert->issuerName.fullName != NULL)
XFREE(cert->issuerName.fullName, NULL, DYNAMIC_TYPE_X509);
if (cert->subjectName.fullName != NULL)
XFREE(cert->subjectName.fullName, NULL, DYNAMIC_TYPE_X509);
#endif /* OPENSSL_EXTRA */
} }
static int GetCertHeader(DecodedCert* cert) static int GetCertHeader(DecodedCert* cert)
{ {
int ret = 0, version, len; int ret = 0, len;
byte serialTmp[EXTERNAL_SERIAL_SIZE]; byte serialTmp[EXTERNAL_SERIAL_SIZE];
mp_int mpi; mp_int mpi;
@@ -1351,7 +1366,7 @@ static int GetCertHeader(DecodedCert* cert)
return ASN_PARSE_E; return ASN_PARSE_E;
cert->sigIndex = len + cert->srcIdx; cert->sigIndex = len + cert->srcIdx;
if (GetExplicitVersion(cert->source, &cert->srcIdx, &version) < 0) if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetInt(&mpi, cert->source, &cert->srcIdx, cert->maxIdx) < 0) if (GetInt(&mpi, cert->source, &cert->srcIdx, cert->maxIdx) < 0)
@@ -1359,7 +1374,7 @@ static int GetCertHeader(DecodedCert* cert)
len = mp_unsigned_bin_size(&mpi); len = mp_unsigned_bin_size(&mpi);
if (len < (int)sizeof(serialTmp)) { if (len < (int)sizeof(serialTmp)) {
if (mp_to_unsigned_bin(&mpi, serialTmp) == MP_OKAY) { if ( (ret = mp_to_unsigned_bin(&mpi, serialTmp)) == MP_OKAY) {
if (len > EXTERNAL_SERIAL_SIZE) if (len > EXTERNAL_SERIAL_SIZE)
len = EXTERNAL_SERIAL_SIZE; len = EXTERNAL_SERIAL_SIZE;
XMEMCPY(cert->serial, serialTmp, len); XMEMCPY(cert->serial, serialTmp, len);
@@ -1537,6 +1552,10 @@ static int GetName(DecodedCert* cert, int nameType)
int dummy; int dummy;
char* full = (nameType == ISSUER) ? cert->issuer : cert->subject; char* full = (nameType == ISSUER) ? cert->issuer : cert->subject;
word32 idx; word32 idx;
#ifdef OPENSSL_EXTRA
DecodedName* dName =
(nameType == ISSUER) ? &cert->issuerName : &cert->subjectName;
#endif /* OPENSSL_EXTRA */
CYASSL_MSG("Getting Cert Name"); CYASSL_MSG("Getting Cert Name");
@@ -1621,6 +1640,10 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 4; idx += 4;
copy = TRUE; copy = TRUE;
} }
#ifdef OPENSSL_EXTRA
dName->cnIdx = cert->srcIdx;
dName->cnLen = strLen;
#endif /* OPENSSL_EXTRA */
} }
else if (id == ASN_SUR_NAME) { else if (id == ASN_SUR_NAME) {
if (!tooBig) { if (!tooBig) {
@@ -1628,12 +1651,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 4; idx += 4;
copy = TRUE; copy = TRUE;
} }
#ifdef CYASSL_CERT_GEN #ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectSN = (char*)&cert->source[cert->srcIdx]; cert->subjectSN = (char*)&cert->source[cert->srcIdx];
cert->subjectSNLen = strLen; cert->subjectSNLen = strLen;
} }
#endif /* CYASSL_CERT_GEN */ #endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->snIdx = cert->srcIdx;
dName->snLen = strLen;
#endif /* OPENSSL_EXTRA */
} }
else if (id == ASN_COUNTRY_NAME) { else if (id == ASN_COUNTRY_NAME) {
if (!tooBig) { if (!tooBig) {
@@ -1641,12 +1668,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 3; idx += 3;
copy = TRUE; copy = TRUE;
} }
#ifdef CYASSL_CERT_GEN #ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectC = (char*)&cert->source[cert->srcIdx]; cert->subjectC = (char*)&cert->source[cert->srcIdx];
cert->subjectCLen = strLen; cert->subjectCLen = strLen;
} }
#endif /* CYASSL_CERT_GEN */ #endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->cIdx = cert->srcIdx;
dName->cLen = strLen;
#endif /* OPENSSL_EXTRA */
} }
else if (id == ASN_LOCALITY_NAME) { else if (id == ASN_LOCALITY_NAME) {
if (!tooBig) { if (!tooBig) {
@@ -1654,12 +1685,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 3; idx += 3;
copy = TRUE; copy = TRUE;
} }
#ifdef CYASSL_CERT_GEN #ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectL = (char*)&cert->source[cert->srcIdx]; cert->subjectL = (char*)&cert->source[cert->srcIdx];
cert->subjectLLen = strLen; cert->subjectLLen = strLen;
} }
#endif /* CYASSL_CERT_GEN */ #endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->lIdx = cert->srcIdx;
dName->lLen = strLen;
#endif /* OPENSSL_EXTRA */
} }
else if (id == ASN_STATE_NAME) { else if (id == ASN_STATE_NAME) {
if (!tooBig) { if (!tooBig) {
@@ -1667,12 +1702,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 4; idx += 4;
copy = TRUE; copy = TRUE;
} }
#ifdef CYASSL_CERT_GEN #ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectST = (char*)&cert->source[cert->srcIdx]; cert->subjectST = (char*)&cert->source[cert->srcIdx];
cert->subjectSTLen = strLen; cert->subjectSTLen = strLen;
} }
#endif /* CYASSL_CERT_GEN */ #endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->stIdx = cert->srcIdx;
dName->stLen = strLen;
#endif /* OPENSSL_EXTRA */
} }
else if (id == ASN_ORG_NAME) { else if (id == ASN_ORG_NAME) {
if (!tooBig) { if (!tooBig) {
@@ -1680,12 +1719,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 3; idx += 3;
copy = TRUE; copy = TRUE;
} }
#ifdef CYASSL_CERT_GEN #ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectO = (char*)&cert->source[cert->srcIdx]; cert->subjectO = (char*)&cert->source[cert->srcIdx];
cert->subjectOLen = strLen; cert->subjectOLen = strLen;
} }
#endif /* CYASSL_CERT_GEN */ #endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->oIdx = cert->srcIdx;
dName->oLen = strLen;
#endif /* OPENSSL_EXTRA */
} }
else if (id == ASN_ORGUNIT_NAME) { else if (id == ASN_ORGUNIT_NAME) {
if (!tooBig) { if (!tooBig) {
@@ -1693,12 +1736,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 4; idx += 4;
copy = TRUE; copy = TRUE;
} }
#ifdef CYASSL_CERT_GEN #ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectOU = (char*)&cert->source[cert->srcIdx]; cert->subjectOU = (char*)&cert->source[cert->srcIdx];
cert->subjectOULen = strLen; cert->subjectOULen = strLen;
} }
#endif /* CYASSL_CERT_GEN */ #endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->ouIdx = cert->srcIdx;
dName->ouLen = strLen;
#endif /* OPENSSL_EXTRA */
} }
else if (id == ASN_SERIAL_NUMBER) { else if (id == ASN_SERIAL_NUMBER) {
if (!tooBig) { if (!tooBig) {
@@ -1706,6 +1753,10 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 14; idx += 14;
copy = TRUE; copy = TRUE;
} }
#ifdef OPENSSL_EXTRA
dName->snIdx = cert->srcIdx;
dName->snLen = strLen;
#endif /* OPENSSL_EXTRA */
} }
if (copy && !tooBig) { if (copy && !tooBig) {
@@ -1747,12 +1798,16 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 14; idx += 14;
} }
#ifdef CYASSL_CERT_GEN #ifdef CYASSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectEmail = (char*)&cert->source[cert->srcIdx]; cert->subjectEmail = (char*)&cert->source[cert->srcIdx];
cert->subjectEmailLen = adv; cert->subjectEmailLen = adv;
} }
#endif /* CYASSL_CERT_GEN */ #endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
dName->emailIdx = cert->srcIdx;
dName->emailLen = adv;
#endif /* OPENSSL_EXTRA */
if (!tooBig) { if (!tooBig) {
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv); XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
@@ -1772,6 +1827,10 @@ static int GetName(DecodedCert* cert, int nameType)
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv); XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
idx += adv; idx += adv;
} }
#ifdef OPENSSL_EXTRA
dName->uidIdx = cert->srcIdx;
dName->uidLen = adv;
#endif /* OPENSSL_EXTRA */
} }
cert->srcIdx += adv; cert->srcIdx += adv;
@@ -1779,6 +1838,131 @@ static int GetName(DecodedCert* cert, int nameType)
} }
full[idx++] = 0; full[idx++] = 0;
#ifdef OPENSSL_EXTRA
{
int totalLen = 0;
if (dName->cnLen != 0)
totalLen += dName->cnLen + 4;
if (dName->snLen != 0)
totalLen += dName->snLen + 4;
if (dName->cLen != 0)
totalLen += dName->cLen + 3;
if (dName->lLen != 0)
totalLen += dName->lLen + 3;
if (dName->stLen != 0)
totalLen += dName->stLen + 4;
if (dName->oLen != 0)
totalLen += dName->oLen + 3;
if (dName->ouLen != 0)
totalLen += dName->ouLen + 4;
if (dName->emailLen != 0)
totalLen += dName->emailLen + 14;
if (dName->uidLen != 0)
totalLen += dName->uidLen + 5;
if (dName->serialLen != 0)
totalLen += dName->serialLen + 14;
dName->fullName = (char*)XMALLOC(totalLen + 1, NULL, DYNAMIC_TYPE_X509);
if (dName->fullName != NULL) {
idx = 0;
if (dName->cnLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/CN=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->cnIdx], dName->cnLen);
dName->cnIdx = idx;
idx += dName->cnLen;
}
if (dName->snLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/SN=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->snIdx], dName->snLen);
dName->snIdx = idx;
idx += dName->snLen;
}
if (dName->cLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/C=", 3);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->cIdx], dName->cLen);
dName->cIdx = idx;
idx += dName->cLen;
}
if (dName->lLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/L=", 3);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->lIdx], dName->lLen);
dName->lIdx = idx;
idx += dName->lLen;
}
if (dName->stLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/ST=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->stIdx], dName->stLen);
dName->stIdx = idx;
idx += dName->stLen;
}
if (dName->oLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/O=", 3);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->oIdx], dName->oLen);
dName->oIdx = idx;
idx += dName->oLen;
}
if (dName->ouLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/OU=", 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->ouIdx], dName->ouLen);
dName->ouIdx = idx;
idx += dName->ouLen;
}
if (dName->emailLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14);
idx += 14;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->emailIdx], dName->emailLen);
dName->emailIdx = idx;
idx += dName->emailLen;
}
if (dName->uidLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/UID=", 5);
idx += 5;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->uidIdx], dName->uidLen);
dName->uidIdx = idx;
idx += dName->uidLen;
}
if (dName->serialLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/serialNumber=", 14);
idx += 14;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->serialIdx], dName->serialLen);
dName->serialIdx = idx;
idx += dName->serialLen;
}
dName->fullName[idx] = '\0';
dName->fullNameLen = totalLen;
}
}
#endif /* OPENSSL_EXTRA */
return 0; return 0;
} }
@@ -1878,15 +2062,13 @@ static int GetDate(DecodedCert* cert, int dateType)
int length; int length;
byte date[MAX_DATE_SIZE]; byte date[MAX_DATE_SIZE];
byte b; byte b;
#ifdef CYASSL_CERT_GEN
word32 startIdx = 0; word32 startIdx = 0;
if (dateType == BEFORE) if (dateType == BEFORE)
cert->beforeDate = &cert->source[cert->srcIdx]; cert->beforeDate = &cert->source[cert->srcIdx];
else else
cert->afterDate = &cert->source[cert->srcIdx]; cert->afterDate = &cert->source[cert->srcIdx];
startIdx = cert->srcIdx; startIdx = cert->srcIdx;
#endif
b = cert->source[cert->srcIdx++]; b = cert->source[cert->srcIdx++];
if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME) if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME)
@@ -1901,12 +2083,10 @@ static int GetDate(DecodedCert* cert, int dateType)
XMEMCPY(date, &cert->source[cert->srcIdx], length); XMEMCPY(date, &cert->source[cert->srcIdx], length);
cert->srcIdx += length; cert->srcIdx += length;
#ifdef CYASSL_CERT_GEN
if (dateType == BEFORE) if (dateType == BEFORE)
cert->beforeDateLen = cert->srcIdx - startIdx; cert->beforeDateLen = cert->srcIdx - startIdx;
else else
cert->afterDateLen = cert->srcIdx - startIdx; cert->afterDateLen = cert->srcIdx - startIdx;
#endif
if (!XVALIDATE_DATE(date, b, dateType)) { if (!XVALIDATE_DATE(date, b, dateType)) {
if (dateType == BEFORE) if (dateType == BEFORE)

105
ctaocrypt/src/ecc.c
View File

@@ -159,8 +159,10 @@ int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* modulus,
mp_digit* mp); mp_digit* mp);
static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
int map); int map);
#ifdef ECC_SHAMIR
static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB, static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB,
ecc_point* C, mp_int* modulus); ecc_point* C, mp_int* modulus);
#endif
/* helper for either lib */ /* helper for either lib */
@@ -1514,14 +1516,14 @@ void ecc_free(ecc_key* key)
} }
#ifdef ECC_SHAMIR
#ifdef USE_FAST_MATH #ifdef USE_FAST_MATH
#define GEN_MEM_ERR FP_MEM #define GEN_MEM_ERR FP_MEM
#else #else
#define GEN_MEM_ERR MP_MEM #define GEN_MEM_ERR MP_MEM
#endif #endif
#ifdef ECC_SHAMIR
/** Computes kA*A + kB*B = C using Shamir's Trick /** Computes kA*A + kB*B = C using Shamir's Trick
A First point to multiply A First point to multiply
kA What to multiple A by kA What to multiple A by
@@ -1582,20 +1584,23 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
if (err == MP_OKAY) { if (err == MP_OKAY) {
/* extract and justify kA */ /* extract and justify kA */
mp_to_unsigned_bin(kA, (len - lenA) + tA); err = mp_to_unsigned_bin(kA, (len - lenA) + tA);
/* extract and justify kB */ /* extract and justify kB */
mp_to_unsigned_bin(kB, (len - lenB) + tB); if (err == MP_OKAY)
err = mp_to_unsigned_bin(kB, (len - lenB) + tB);
/* allocate the table */ /* allocate the table */
for (x = 0; x < 16; x++) { if (err == MP_OKAY) {
precomp[x] = ecc_new_point(); for (x = 0; x < 16; x++) {
if (precomp[x] == NULL) { precomp[x] = ecc_new_point();
for (y = 0; y < x; ++y) { if (precomp[x] == NULL) {
ecc_del_point(precomp[y]); for (y = 0; y < x; ++y) {
ecc_del_point(precomp[y]);
}
err = GEN_MEM_ERR;
break;
} }
err = GEN_MEM_ERR;
break;
} }
} }
} }
@@ -1943,6 +1948,7 @@ int ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
{ {
byte buf[ECC_BUFSIZE]; byte buf[ECC_BUFSIZE];
word32 numlen; word32 numlen;
int ret = MP_OKAY;
if (key == NULL || out == NULL || outLen == NULL) if (key == NULL || out == NULL || outLen == NULL)
return ECC_BAD_ARG_E; return ECC_BAD_ARG_E;
@@ -1962,14 +1968,18 @@ int ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
/* pad and store x */ /* pad and store x */
XMEMSET(buf, 0, sizeof(buf)); XMEMSET(buf, 0, sizeof(buf));
mp_to_unsigned_bin(&key->pubkey.x, ret = mp_to_unsigned_bin(&key->pubkey.x,
buf + (numlen - mp_unsigned_bin_size(&key->pubkey.x))); buf + (numlen - mp_unsigned_bin_size(&key->pubkey.x)));
if (ret != MP_OKAY)
return ret;
XMEMCPY(out+1, buf, numlen); XMEMCPY(out+1, buf, numlen);
/* pad and store y */ /* pad and store y */
XMEMSET(buf, 0, sizeof(buf)); XMEMSET(buf, 0, sizeof(buf));
mp_to_unsigned_bin(&key->pubkey.y, ret = mp_to_unsigned_bin(&key->pubkey.y,
buf + (numlen - mp_unsigned_bin_size(&key->pubkey.y))); buf + (numlen - mp_unsigned_bin_size(&key->pubkey.y)));
if (ret != MP_OKAY)
return ret;
XMEMCPY(out+1+numlen, buf, numlen); XMEMCPY(out+1+numlen, buf, numlen);
*outLen = 1 + 2*numlen; *outLen = 1 + 2*numlen;
@@ -2043,6 +2053,31 @@ int ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
} }
/* export ecc private key only raw, outLen is in/out size
return MP_OKAY on success */
int ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
{
word32 numlen;
if (key == NULL || out == NULL || outLen == NULL)
return ECC_BAD_ARG_E;
if (ecc_is_valid_idx(key->idx) == 0) {
return ECC_BAD_ARG_E;
}
numlen = key->dp->size;
if (*outLen < numlen) {
*outLen = numlen;
return BUFFER_E;
}
*outLen = numlen;
XMEMSET(out, 0, *outLen);
return mp_to_unsigned_bin(&key->k, out + (numlen -
mp_unsigned_bin_size(&key->k)));
}
/* ecc private key import, public key in ANSI X9.63 format, private raw */ /* ecc private key import, public key in ANSI X9.63 format, private raw */
int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
word32 pubSz, ecc_key* key) word32 pubSz, ecc_key* key)
@@ -2066,14 +2101,15 @@ int ecc_size(ecc_key* key)
} }
/* signature size in octets */ /* worst case estimate, check actual return from ecc_sign_hash for actual value
of signature size in octets */
int ecc_sig_size(ecc_key* key) int ecc_sig_size(ecc_key* key)
{ {
int sz = ecc_size(key); int sz = ecc_size(key);
if (sz < 0) if (sz < 0)
return sz; return sz;
return sz * 2 + SIG_HEADER_SZ; return sz * 2 + SIG_HEADER_SZ + 4; /* (4) worst case estimate */
} }
@@ -2090,10 +2126,18 @@ int ecc_sig_size(ecc_key* key)
#define FP_LUT 8U #define FP_LUT 8U
#endif #endif
#if (FP_LUT > 12) || (FP_LUT < 2) #ifdef ECC_SHAMIR
#error FP_LUT must be between 2 and 12 inclusively /* Sharmir requires a bigger LUT, TAO */
#if (FP_LUT > 12) || (FP_LUT < 4)
#error FP_LUT must be between 4 and 12 inclusively
#endif
#else
#if (FP_LUT > 12) || (FP_LUT < 2)
#error FP_LUT must be between 2 and 12 inclusively
#endif
#endif #endif
/** Our FP cache */ /** Our FP cache */
static struct { static struct {
ecc_point* g; /* cached COPY of base point */ ecc_point* g; /* cached COPY of base point */
@@ -3223,6 +3267,10 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
initMutex = 1; initMutex = 1;
} }
err = mp_init(&mu);
if (err != MP_OKAY)
return err;
if (LockMutex(&ecc_fp_lock) != 0) if (LockMutex(&ecc_fp_lock) != 0)
return BAD_MUTEX_E; return BAD_MUTEX_E;
@@ -3267,17 +3315,8 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
if (err == MP_OKAY) { if (err == MP_OKAY) {
mpInit = 1; mpInit = 1;
err = mp_init(&mu); err = mp_montgomery_calc_normalization(&mu, modulus);
} }
if (err == MP_OKAY)
err = mp_montgomery_calc_normalization(&mu, modulus);
if (err == MP_OKAY)
/* compute mu */
err = mp_init(&mu);
if (err == MP_OKAY)
err = mp_montgomery_calc_normalization(&mu, modulus);
if (err == MP_OKAY) if (err == MP_OKAY)
/* build the LUT */ /* build the LUT */
@@ -3289,17 +3328,13 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
/* if it's 2 build the LUT, if it's higher just use the LUT */ /* if it's 2 build the LUT, if it's higher just use the LUT */
if (idx2 >= 0 && fp_cache[idx2].lru_count == 2) { if (idx2 >= 0 && fp_cache[idx2].lru_count == 2) {
if (mpInit == 0) { if (mpInit == 0) {
/* compute mp */ /* compute mp */
err = mp_montgomery_setup(modulus, &mp); err = mp_montgomery_setup(modulus, &mp);
if (err == MP_OKAY) if (err == MP_OKAY) {
mpInit = 1; mpInit = 1;
err = mp_montgomery_calc_normalization(&mu, modulus);
}
} }
if (err == MP_OKAY)
/* compute mu */
err = mp_init(&mu);
if (err == MP_OKAY)
err = mp_montgomery_calc_normalization(&mu, modulus);
if (err == MP_OKAY) if (err == MP_OKAY)
/* build the LUT */ /* build the LUT */

127
ctaocrypt/src/hmac.c
View File

@@ -85,6 +85,7 @@ static int InitHmac(Hmac* hmac, int type)
#endif #endif
default: default:
return BAD_FUNC_ARG;
break; break;
} }
@@ -92,18 +93,21 @@ static int InitHmac(Hmac* hmac, int type)
} }
void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{ {
byte* ip = (byte*) hmac->ipad; byte* ip = (byte*) hmac->ipad;
byte* op = (byte*) hmac->opad; byte* op = (byte*) hmac->opad;
word32 i, hmac_block_size = 0; word32 i, hmac_block_size = 0;
int ret;
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumSetKey(hmac, type, key, length); return HmacCaviumSetKey(hmac, type, key, length);
#endif #endif
InitHmac(hmac, type); ret = InitHmac(hmac, type);
if (ret != 0)
return ret;
switch (hmac->macType) { switch (hmac->macType) {
#ifndef NO_MD5 #ifndef NO_MD5
@@ -203,7 +207,7 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
#endif #endif
default: default:
break; return BAD_FUNC_ARG;
} }
if (length < hmac_block_size) if (length < hmac_block_size)
XMEMSET(ip + length, 0, hmac_block_size - length); XMEMSET(ip + length, 0, hmac_block_size - length);
@@ -212,6 +216,7 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
op[i] = ip[i] ^ OPAD; op[i] = ip[i] ^ OPAD;
ip[i] ^= IPAD; ip[i] ^= IPAD;
} }
return 0;
} }
@@ -541,5 +546,121 @@ int CyaSSL_GetHmacMaxSize(void)
return MAX_DIGEST_SIZE; return MAX_DIGEST_SIZE;
} }
#ifdef HAVE_HKDF
#ifndef min
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* min */
static INLINE int GetHashSizeByType(int type)
{
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
|| type == SHA512 || type == BLAKE2B_ID))
return BAD_FUNC_ARG;
switch (type) {
#ifndef NO_MD5
case MD5:
return MD5_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA
case SHA:
return SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case SHA256:
return SHA256_DIGEST_SIZE;
break;
#endif
#ifdef CYASSL_SHA384
case SHA384:
return SHA384_DIGEST_SIZE;
break;
#endif
#ifdef CYASSL_SHA512
case SHA512:
return SHA512_DIGEST_SIZE;
break;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
return BLAKE2B_OUTBYTES;
break;
#endif
default:
return BAD_FUNC_ARG;
break;
}
}
/* HMAC-KDF with hash type, optional salt and info, return 0 on success */
int HKDF(int type, const byte* inKey, word32 inKeySz,
const byte* salt, word32 saltSz,
const byte* info, word32 infoSz,
byte* out, word32 outSz)
{
Hmac myHmac;
byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper and T */
byte prk[MAX_DIGEST_SIZE];
const byte* localSalt; /* either points to user input or tmp */
int hashSz = GetHashSizeByType(type);
word32 outIdx = 0;
byte n = 0x1;
if (hashSz < 0)
return BAD_FUNC_ARG;
localSalt = salt;
if (localSalt == NULL) {
XMEMSET(tmp, 0, hashSz);
localSalt = tmp;
saltSz = hashSz;
}
if (HmacSetKey(&myHmac, type, localSalt, saltSz) != 0)
return BAD_FUNC_ARG;
HmacUpdate(&myHmac, inKey, inKeySz);
HmacFinal(&myHmac, prk);
while (outIdx < outSz) {
int tmpSz = (n == 1) ? 0 : hashSz;
word32 left = outSz - outIdx;
if (HmacSetKey(&myHmac, type, prk, hashSz) != 0)
return BAD_FUNC_ARG;
HmacUpdate(&myHmac, tmp, tmpSz);
HmacUpdate(&myHmac, info, infoSz);
HmacUpdate(&myHmac, &n, 1);
HmacFinal(&myHmac, tmp);
left = min(left, (word32)hashSz);
XMEMCPY(out+outIdx, tmp, left);
outIdx += hashSz;
n++;
}
return 0;
}
#endif /* HAVE_HKDF */
#endif /* NO_HMAC */ #endif /* NO_HMAC */

6
ctaocrypt/src/pwdbased.c
View File

@@ -325,15 +325,15 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
if (outSz > (int)v) { if (outSz > (int)v) {
/* take off MSB */ /* take off MSB */
byte tmp[129]; byte tmp[129];
mp_to_unsigned_bin(&res, tmp); ret = mp_to_unsigned_bin(&res, tmp);
XMEMCPY(I + i, tmp + 1, v); XMEMCPY(I + i, tmp + 1, v);
} }
else if (outSz < (int)v) { else if (outSz < (int)v) {
XMEMSET(I + i, 0, v - outSz); XMEMSET(I + i, 0, v - outSz);
mp_to_unsigned_bin(&res, I + i + v - outSz); ret = mp_to_unsigned_bin(&res, I + i + v - outSz);
} }
else else
mp_to_unsigned_bin(&res, I + i); ret = mp_to_unsigned_bin(&res, I + i);
} }
mp_clear(&i1); mp_clear(&i1);

11
ctaocrypt/src/random.c
View File

@@ -458,18 +458,23 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#elif defined(MICROCHIP_PIC32) #elif defined(MICROCHIP_PIC32)
#include <peripheral/timer.h> #ifdef MICROCHIP_MPLAB_HARMONY
#define PIC32_SEED_COUNT _CP0_GET_COUNT
#else
#include <peripheral/timer.h>
#define PIC32_SEED_COUNT ReadCoreTimer
#endif
/* uses the core timer, in nanoseconds to seed srand */ /* uses the core timer, in nanoseconds to seed srand */
int GenerateSeed(OS_Seed* os, byte* output, word32 sz) int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{ {
int i; int i;
srand(ReadCoreTimer() * 25); srand(PIC32_SEED_COUNT() * 25);
for (i = 0; i < sz; i++ ) { for (i = 0; i < sz; i++ ) {
output[i] = rand() % 256; output[i] = rand() % 256;
if ( (i % 8) == 7) if ( (i % 8) == 7)
srand(ReadCoreTimer() * 25); srand(PIC32_SEED_COUNT() * 25);
} }
return 0; return 0;

94
ctaocrypt/test/test.c
View File

@@ -141,6 +141,7 @@ int hmac_sha256_test(void);
int hmac_sha384_test(void); int hmac_sha384_test(void);
int hmac_sha512_test(void); int hmac_sha512_test(void);
int hmac_blake2b_test(void); int hmac_blake2b_test(void);
int hkdf_test(void);
int arc4_test(void); int arc4_test(void);
int hc128_test(void); int hc128_test(void);
int rabbit_test(void); int rabbit_test(void);
@@ -315,6 +316,13 @@ void ctaocrypt_test(void* args)
printf( "HMAC-BLAKE2 test passed!\n"); printf( "HMAC-BLAKE2 test passed!\n");
#endif #endif
#ifdef HAVE_HKDF
if ( (ret = hkdf_test()) != 0)
err_sys("HMAC-KDF test failed!\n", ret);
else
printf( "HMAC-KDF test passed!\n");
#endif
#endif #endif
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
@@ -3409,6 +3417,87 @@ int pwdbased_test(void)
#endif /* NO_PWDBASED */ #endif /* NO_PWDBASED */
#if defined(HAVE_HKDF) && (!defined(NO_SHA) || !defined(NO_SHA256))
int hkdf_test(void)
{
int ret;
int L = 42;
byte okm1[42];
byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c };
byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9 };
byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
0x49, 0x18 };
byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
0xf8, 0x96 };
byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
0x96, 0xc8 };
byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
0x58, 0x65 };
(void)res1;
(void)res2;
(void)res3;
(void)res4;
#ifndef NO_SHA
ret = HKDF(SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
if (ret != 0)
return -2001;
if (memcmp(okm1, res1, L) != 0)
return -2002;
ret = HKDF(SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L);
if (ret != 0)
return -2003;
if (memcmp(okm1, res2, L) != 0)
return -2004;
#endif /* NO_SHA */
#ifndef NO_SHA256
ret = HKDF(SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
if (ret != 0)
return -2005;
if (memcmp(okm1, res3, L) != 0)
return -2006;
ret = HKDF(SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L);
if (ret != 0)
return -2007;
if (memcmp(okm1, res4, L) != 0)
return -2007;
#endif /* NO_SHA256 */
return 0;
}
#endif /* HAVE_HKDF */
#ifdef HAVE_ECC #ifdef HAVE_ECC
@@ -3488,6 +3577,11 @@ int ecc_test(void)
if (verify != 1) if (verify != 1)
return -1012; return -1012;
x = sizeof(exportBuf);
ret = ecc_export_private_only(&userA, exportBuf, &x);
if (ret != 0)
return -1013;
ecc_free(&pubKey); ecc_free(&pubKey);
ecc_free(&userB); ecc_free(&userB);
ecc_free(&userA); ecc_free(&userA);

45
cyassl/ctaocrypt/asn.h
View File

@@ -223,7 +223,36 @@ struct DNS_entry {
char* name; /* actual DNS name */ char* name; /* actual DNS name */
}; };
struct DecodedName {
char* fullName;
int fullNameLen;
int entryCount;
int cnIdx;
int cnLen;
int snIdx;
int snLen;
int cIdx;
int cLen;
int lIdx;
int lLen;
int stIdx;
int stLen;
int oIdx;
int oLen;
int ouIdx;
int ouLen;
int emailIdx;
int emailLen;
int uidIdx;
int uidLen;
int serialIdx;
int serialLen;
};
typedef struct DecodedCert DecodedCert; typedef struct DecodedCert DecodedCert;
typedef struct DecodedName DecodedName;
typedef struct Signer Signer; typedef struct Signer Signer;
@@ -236,6 +265,7 @@ struct DecodedCert {
word32 sigLength; /* length of signature */ word32 sigLength; /* length of signature */
word32 signatureOID; /* sum of algorithm object id */ word32 signatureOID; /* sum of algorithm object id */
word32 keyOID; /* sum of key algo object id */ word32 keyOID; /* sum of key algo object id */
int version; /* cert version, 1 or 3 */
DNS_entry* altNames; /* alt names list of dns entries */ DNS_entry* altNames; /* alt names list of dns entries */
byte subjectHash[SHA_SIZE]; /* hash of all Names */ byte subjectHash[SHA_SIZE]; /* hash of all Names */
byte issuerHash[SHA_SIZE]; /* hash of all Names */ byte issuerHash[SHA_SIZE]; /* hash of all Names */
@@ -267,7 +297,11 @@ struct DecodedCert {
byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */ byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */
byte extAuthKeyIdSet; /* Set when the AKID was read from cert */ byte extAuthKeyIdSet; /* Set when the AKID was read from cert */
byte isCA; /* CA basic constraint true */ byte isCA; /* CA basic constraint true */
#ifdef CYASSL_CERT_GEN byte* beforeDate;
int beforeDateLen;
byte* afterDate;
int afterDateLen;
#if defined(CYASSL_CERT_GEN)
/* easy access to subject info for other sign */ /* easy access to subject info for other sign */
char* subjectSN; char* subjectSN;
int subjectSNLen; int subjectSNLen;
@@ -283,11 +317,11 @@ struct DecodedCert {
int subjectOULen; int subjectOULen;
char* subjectEmail; char* subjectEmail;
int subjectEmailLen; int subjectEmailLen;
byte* beforeDate;
int beforeDateLen;
byte* afterDate;
int afterDateLen;
#endif /* CYASSL_CERT_GEN */ #endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
DecodedName issuerName;
DecodedName subjectName;
#endif /* OPENSSL_EXTRA */
#ifdef CYASSL_SEP #ifdef CYASSL_SEP
int deviceTypeSz; int deviceTypeSz;
byte* deviceType; byte* deviceType;
@@ -298,6 +332,7 @@ struct DecodedCert {
#endif /* CYASSL_SEP */ #endif /* CYASSL_SEP */
}; };
#ifdef SHA_DIGEST_SIZE #ifdef SHA_DIGEST_SIZE
#define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
#else #else

2
cyassl/ctaocrypt/ecc.h
View File

@@ -109,6 +109,8 @@ int ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
CYASSL_API CYASSL_API
int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
word32 pubSz, ecc_key* key); word32 pubSz, ecc_key* key);
CYASSL_API
int ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
/* size helper */ /* size helper */
CYASSL_API CYASSL_API

12
cyassl/ctaocrypt/hmac.h
View File

@@ -151,7 +151,7 @@ typedef struct Hmac {
/* does init */ /* does init */
CYASSL_API void HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); CYASSL_API int HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
CYASSL_API void HmacUpdate(Hmac*, const byte*, word32); CYASSL_API void HmacUpdate(Hmac*, const byte*, word32);
CYASSL_API void HmacFinal(Hmac*, byte*); CYASSL_API void HmacFinal(Hmac*, byte*);
@@ -162,6 +162,16 @@ CYASSL_API void HmacFinal(Hmac*, byte*);
CYASSL_API int CyaSSL_GetHmacMaxSize(void); CYASSL_API int CyaSSL_GetHmacMaxSize(void);
#ifdef HAVE_HKDF
CYASSL_API int HKDF(int type, const byte* inKey, word32 inKeySz,
const byte* salt, word32 saltSz,
const byte* info, word32 infoSz,
byte* out, word32 outSz);
#endif /* HAVE_HKDF */
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

6
cyassl/ctaocrypt/settings.h
View File

@@ -130,7 +130,11 @@
#ifdef MICROCHIP_TCPIP #ifdef MICROCHIP_TCPIP
/* include timer, NTP functions */ /* include timer, NTP functions */
#include "system/system_services.h" #include "system/system_services.h"
#include "tcpip/sntp.h" #ifdef MICROCHIP_MPLAB_HARMONY
#include "tcpip/tcpip.h"
#else
#include "tcpip/sntp.h"
#endif
#endif #endif
#ifdef MBED #ifdef MBED

52
cyassl/internal.h
View File

@@ -196,6 +196,10 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_RSA_WITH_AES_128_CCM_8 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
#define BUILD_TLS_RSA_WITH_AES_256_CCM_8 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
#endif #endif
#if defined(HAVE_BLAKE2)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
#endif
#endif #endif
#if defined(HAVE_CAMELLIA) && !defined(NO_TLS) #if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
@@ -255,18 +259,18 @@ void c32to24(word32 in, word24 out);
#endif #endif
#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
#define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5 #define BUILD_TLS_RSA_WITH_HC_128_MD5
#if !defined(NO_SHA) #if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA #define BUILD_TLS_RSA_WITH_HC_128_SHA
#endif #endif
#if defined(HAVE_BLAKE2) #if defined(HAVE_BLAKE2)
#define BUILD_TLS_RSA_WITH_HC_128_CBC_B2B256 #define BUILD_TLS_RSA_WITH_HC_128_B2B256
#endif #endif
#endif #endif
#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
#if !defined(NO_SHA) #if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA #define BUILD_TLS_RSA_WITH_RABBIT_SHA
#endif #endif
#endif #endif
@@ -389,13 +393,13 @@ void c32to24(word32 in, word24 out);
#define BUILD_AESGCM #define BUILD_AESGCM
#endif #endif
#if defined(BUILD_TLS_RSA_WITH_HC_128_CBC_SHA) || \ #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
defined(BUILD_TLS_RSA_WITH_HC_128_CBC_MD5) || \ defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \
defined(BUILD_TLS_RSA_WITH_HC_128_CBC_B2B256) defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
#define BUILD_HC128 #define BUILD_HC128
#endif #endif
#if defined(BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA) #if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
#define BUILD_RABBIT #define BUILD_RABBIT
#endif #endif
@@ -470,10 +474,15 @@ enum {
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
/* CyaSSL extension - eSTREAM */ /* CyaSSL extension - eSTREAM */
TLS_RSA_WITH_HC_128_CBC_B2B256 = 0xFA, TLS_RSA_WITH_HC_128_MD5 = 0xFB,
TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB, TLS_RSA_WITH_HC_128_SHA = 0xFC,
TLS_RSA_WITH_HC_128_CBC_SHA = 0xFC, TLS_RSA_WITH_RABBIT_SHA = 0xFD,
TLS_RSA_WITH_RABBIT_CBC_SHA = 0xFD,
/* CyaSSL extension - Blake2b 256 */
TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
/* CyaSSL extension - NTRU */ /* CyaSSL extension - NTRU */
TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
@@ -1616,9 +1625,18 @@ typedef struct Arrays {
#define ASN_NAME_MAX 256 #define ASN_NAME_MAX 256
#endif #endif
#ifndef MAX_DATE_SZ
#define MAX_DATE_SZ 32
#endif
struct CYASSL_X509_NAME { struct CYASSL_X509_NAME {
char name[ASN_NAME_MAX]; char *name;
char staticName[ASN_NAME_MAX];
int dynamicName;
int sz; int sz;
#ifdef OPENSSL_EXTRA
DecodedName fullName;
#endif /* OPENSSL_EXTRA */
}; };
#ifndef EXTERNAL_SERIAL_SIZE #ifndef EXTERNAL_SERIAL_SIZE
@@ -1630,6 +1648,7 @@ struct CYASSL_X509_NAME {
#endif #endif
struct CYASSL_X509 { struct CYASSL_X509 {
int version;
CYASSL_X509_NAME issuer; CYASSL_X509_NAME issuer;
CYASSL_X509_NAME subject; CYASSL_X509_NAME subject;
int serialSz; int serialSz;
@@ -1643,6 +1662,11 @@ struct CYASSL_X509 {
int hwSerialNumSz; int hwSerialNumSz;
byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
#endif #endif
int notBeforeSz;
byte notBefore[MAX_DATE_SZ];
int notAfterSz;
byte notAfter[MAX_DATE_SZ];
buffer pubKey;
buffer derCert; /* may need */ buffer derCert; /* may need */
DNS_entry* altNames; /* alt names list */ DNS_entry* altNames; /* alt names list */
DNS_entry* altNamesNext; /* hint for retrieval */ DNS_entry* altNamesNext; /* hint for retrieval */
@@ -2020,6 +2044,8 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
CYASSL_LOCAL word32 LowResTimer(void); CYASSL_LOCAL word32 LowResTimer(void);
CYASSL_LOCAL void InitX509Name(CYASSL_X509_NAME*, int);
CYASSL_LOCAL void FreeX509Name(CYASSL_X509_NAME* name);
CYASSL_LOCAL void InitX509(CYASSL_X509*, int); CYASSL_LOCAL void InitX509(CYASSL_X509*, int);
CYASSL_LOCAL void FreeX509(CYASSL_X509*); CYASSL_LOCAL void FreeX509(CYASSL_X509*);
#ifndef NO_CERTS #ifndef NO_CERTS

30
cyassl/ssl.h
View File

@@ -95,6 +95,10 @@ typedef struct CYASSL_dynlock_value CYASSL_dynlock_value;
typedef struct CYASSL_EVP_PKEY { typedef struct CYASSL_EVP_PKEY {
int type; /* openssh dereference */ int type; /* openssh dereference */
int save_type; /* openssh dereference */ int save_type; /* openssh dereference */
int pkey_sz;
union {
char* ptr;
} pkey;
} CYASSL_EVP_PKEY; } CYASSL_EVP_PKEY;
typedef struct CYASSL_MD4_CTX { typedef struct CYASSL_MD4_CTX {
@@ -108,7 +112,8 @@ typedef struct CYASSL_COMP_METHOD {
typedef struct CYASSL_X509_STORE { typedef struct CYASSL_X509_STORE {
int cache; /* stunnel dereference */ int cache; /* stunnel dereference */
CYASSL_CERT_MANAGER* cm;
} CYASSL_X509_STORE; } CYASSL_X509_STORE;
typedef struct CYASSL_ALERT { typedef struct CYASSL_ALERT {
@@ -135,6 +140,7 @@ typedef struct CYASSL_X509_OBJECT {
typedef struct CYASSL_X509_STORE_CTX { typedef struct CYASSL_X509_STORE_CTX {
CYASSL_X509_STORE* store; /* Store full of a CA cert chain */
CYASSL_X509* current_cert; /* stunnel dereference */ CYASSL_X509* current_cert; /* stunnel dereference */
char* domain; /* subject CN domain name */ char* domain; /* subject CN domain name */
void* ex_data; /* external data, for fortress build */ void* ex_data; /* external data, for fortress build */
@@ -407,6 +413,10 @@ CYASSL_API int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX*);
CYASSL_API char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME*, char*, int); CYASSL_API char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME*, char*, int);
CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509*); CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509*);
CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509*); CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509*);
CYASSL_API int CyaSSL_X509_NAME_entry_count(CYASSL_X509_NAME*);
CYASSL_API int CyaSSL_X509_NAME_get_text_by_NID(
CYASSL_X509_NAME*, int, char*, int);
CYASSL_API int CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX*);
CYASSL_API const char* CyaSSL_X509_verify_cert_error_string(long); CYASSL_API const char* CyaSSL_X509_verify_cert_error_string(long);
CYASSL_API int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP*,const char*,long); CYASSL_API int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP*,const char*,long);
@@ -418,10 +428,16 @@ CYASSL_API CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void);
CYASSL_API CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE*, CYASSL_API CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE*,
CYASSL_X509_LOOKUP_METHOD*); CYASSL_X509_LOOKUP_METHOD*);
CYASSL_API CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void); CYASSL_API CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void);
CYASSL_API void CyaSSL_X509_STORE_free(CYASSL_X509_STORE*);
CYASSL_API int CyaSSL_X509_STORE_add_cert(
CYASSL_X509_STORE*, CYASSL_X509*);
CYASSL_API int CyaSSL_X509_STORE_set_default_paths(CYASSL_X509_STORE*);
CYASSL_API int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX*, CYASSL_API int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX*,
int, CYASSL_X509_NAME*, CYASSL_X509_OBJECT*); int, CYASSL_X509_NAME*, CYASSL_X509_OBJECT*);
CYASSL_API CYASSL_X509_STORE_CTX* CyaSSL_X509_STORE_CTX_new(void);
CYASSL_API int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX*, CYASSL_API int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX*,
CYASSL_X509_STORE*, CYASSL_X509*, STACK_OF(CYASSL_X509)*); CYASSL_X509_STORE*, CYASSL_X509*, STACK_OF(CYASSL_X509)*);
CYASSL_API void CyaSSL_X509_STORE_CTX_free(CYASSL_X509_STORE_CTX*);
CYASSL_API void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX*); CYASSL_API void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX*);
CYASSL_API CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL*); CYASSL_API CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL*);
@@ -778,13 +794,21 @@ CYASSL_API const unsigned char* CyaSSL_get_sessionID(const CYASSL_SESSION* s);
CYASSL_API int CyaSSL_X509_get_serial_number(CYASSL_X509*,unsigned char*,int*); CYASSL_API int CyaSSL_X509_get_serial_number(CYASSL_X509*,unsigned char*,int*);
CYASSL_API char* CyaSSL_X509_get_subjectCN(CYASSL_X509*); CYASSL_API char* CyaSSL_X509_get_subjectCN(CYASSL_X509*);
CYASSL_API const unsigned char* CyaSSL_X509_get_der(CYASSL_X509*, int*); CYASSL_API const unsigned char* CyaSSL_X509_get_der(CYASSL_X509*, int*);
CYASSL_API const unsigned char* CyaSSL_X509_notBefore(CYASSL_X509*);
CYASSL_API const unsigned char* CyaSSL_X509_notAfter(CYASSL_X509*);
CYASSL_API int CyaSSL_X509_version(CYASSL_X509*);
CYASSL_API
CYASSL_API int CyaSSL_cmp_peer_cert_to_file(CYASSL*, const char*); CYASSL_API int CyaSSL_cmp_peer_cert_to_file(CYASSL*, const char*);
CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*); CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*);
CYASSL_API CYASSL_API CYASSL_X509*
CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format); CyaSSL_X509_d2i(CYASSL_X509** x509, const unsigned char* in, int len);
CYASSL_API CYASSL_X509*
CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file);
CYASSL_API CYASSL_X509*
CyaSSL_X509_load_certificate_file(const char* fname, int format);
#ifdef CYASSL_SEP #ifdef CYASSL_SEP
CYASSL_API unsigned char* CYASSL_API unsigned char*

4
cyassl/version.h
View File

@@ -26,8 +26,8 @@
extern "C" { extern "C" {
#endif #endif
#define LIBCYASSL_VERSION_STRING "2.8.2" #define LIBCYASSL_VERSION_STRING "2.8.3"
#define LIBCYASSL_VERSION_HEX 0x02008002 #define LIBCYASSL_VERSION_HEX 0x02008003
#ifdef __cplusplus #ifdef __cplusplus
} }

9
m4/ax_pthread.m4
View File

@@ -160,11 +160,10 @@ case ${host_os} in
;; ;;
darwin*) darwin*)
if test "$CC" = "clang"; then AC_REQUIRE([WOLFSSL_DARWIN_USING_CLANG])
ax_pthread_flags="$ax_pthread_flags" AS_IF([test x"$wolfssl_darwin_clang" = x"yes"],
else [ax_pthread_flags="$ax_pthread_flags"],
ax_pthread_flags="-pthread $ax_pthread_flags" [ax_pthread_flags="-pthread $ax_pthread_flags"])
fi
;; ;;
esac esac

37
m4/wolfssl_darwin_clang.m4 Normal file
View File

@@ -0,0 +1,37 @@
# ===========================================================================
#
# SYNOPSIS
#
# WOLFSSL_DARWIN_USING_CLANG
#
# DESCRIPTION
#
# With the advent of Apple Xcode v5.0, the old tool sets are missing from
# the distribution. The provided "gcc" executable wrapper accepts the
# "-pthread" flag, and passes it to the underlying "clang" which chokes
# on it. This script checks the version of the gcc executable to see if
# it reports it is really "clang".
#
# The value is placed in the wolfssl_darwin_clang variable.
#
# LICENSE
#
# Copyright (c) 2013 John Safranek <john@wolfssl.com>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 1
AC_DEFUN([WOLFSSL_DARWIN_USING_CLANG],
[
if test x"$CC" = xclang; then
wolfssl_darwin_clang=yes
elif test x"$CC" = x || test x"$CC" = xgcc; then
if /usr/bin/gcc -v 2>&1 | grep 'clang' >/dev/null 2>&1; then
wolfssl_darwin_clang=yes
fi
fi
])

175
src/internal.c
View File

@@ -1091,31 +1091,45 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
} }
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
if (tls && haveRSA) { if (tls && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_HC_128_CBC_MD5; suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5;
} }
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
if (tls && haveRSA) { if (tls && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_HC_128_CBC_SHA; suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA;
} }
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_B2B256 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
if (tls && haveRSA) { if (tls && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_HC_128_CBC_B2B256; suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256;
} }
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
if (tls && haveRSA) { if (tls && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_RABBIT_CBC_SHA; suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
if (tls && haveRSA) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
if (tls && haveRSA) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA;
} }
#endif #endif
@@ -1217,9 +1231,41 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
#ifndef NO_CERTS #ifndef NO_CERTS
void InitX509Name(CYASSL_X509_NAME* name, int dynamicFlag)
{
(void)dynamicFlag;
if (name != NULL) {
name->name = name->staticName;
name->dynamicName = 0;
#ifdef OPENSSL_EXTRA
XMEMSET(&name->fullName, 0, sizeof(DecodedName));
#endif /* OPENSSL_EXTRA */
}
}
void FreeX509Name(CYASSL_X509_NAME* name)
{
if (name != NULL) {
if (name->dynamicName)
XFREE(name->name, NULL, DYNAMIC_TYPE_SUBJECT_CN);
#ifdef OPENSSL_EXTRA
if (name->fullName.fullName != NULL)
XFREE(name->fullName.fullName, NULL, DYNAMIC_TYPE_X509);
#endif /* OPENSSL_EXTRA */
}
}
/* Initialize CyaSSL X509 type */ /* Initialize CyaSSL X509 type */
void InitX509(CYASSL_X509* x509, int dynamicFlag) void InitX509(CYASSL_X509* x509, int dynamicFlag)
{ {
InitX509Name(&x509->issuer, 0);
InitX509Name(&x509->subject, 0);
x509->version = 0;
x509->pubKey.buffer = NULL;
x509->derCert.buffer = NULL; x509->derCert.buffer = NULL;
x509->altNames = NULL; x509->altNames = NULL;
x509->altNamesNext = NULL; x509->altNamesNext = NULL;
@@ -1233,7 +1279,11 @@ void FreeX509(CYASSL_X509* x509)
if (x509 == NULL) if (x509 == NULL)
return; return;
XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_CERT); FreeX509Name(&x509->issuer);
FreeX509Name(&x509->subject);
if (x509->pubKey.buffer)
XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN);
if (x509->altNames) if (x509->altNames)
FreeAltNames(x509->altNames, NULL); FreeAltNames(x509->altNames, NULL);
if (x509->dynamicMemory) if (x509->dynamicMemory)
@@ -2984,13 +3034,37 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
if (x509 == NULL || dCert == NULL) if (x509 == NULL || dCert == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
x509->version = dCert->version + 1;
XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX); XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
x509->issuer.name[ASN_NAME_MAX - 1] = '\0'; x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1; x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
#ifdef OPENSSL_EXTRA
if (dCert->issuerName.fullName != NULL) {
XMEMCPY(&x509->issuer.fullName,
&dCert->issuerName, sizeof(DecodedName));
x509->issuer.fullName.fullName = (char*)XMALLOC(
dCert->issuerName.fullNameLen, NULL, DYNAMIC_TYPE_X509);
if (x509->issuer.fullName.fullName != NULL)
XMEMCPY(x509->issuer.fullName.fullName,
dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
}
#endif /* OPENSSL_EXTRA */
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX); XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
x509->subject.name[ASN_NAME_MAX - 1] = '\0'; x509->subject.name[ASN_NAME_MAX - 1] = '\0';
x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1; x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
#ifdef OPENSSL_EXTRA
if (dCert->subjectName.fullName != NULL) {
XMEMCPY(&x509->subject.fullName,
&dCert->subjectName, sizeof(DecodedName));
x509->subject.fullName.fullName = (char*)XMALLOC(
dCert->subjectName.fullNameLen, NULL, DYNAMIC_TYPE_X509);
if (x509->subject.fullName.fullName != NULL)
XMEMCPY(x509->subject.fullName.fullName,
dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
}
#endif /* OPENSSL_EXTRA */
XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE); XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
x509->serialSz = dCert->serialSz; x509->serialSz = dCert->serialSz;
@@ -3026,6 +3100,33 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
x509->hwSerialNumSz = 0; x509->hwSerialNumSz = 0;
} }
#endif /* CYASSL_SEP */ #endif /* CYASSL_SEP */
{
int minSz = min(dCert->beforeDateLen, MAX_DATE_SZ);
if (minSz != 0) {
x509->notBeforeSz = minSz;
XMEMCPY(x509->notBefore, dCert->beforeDate, minSz);
}
else
x509->notBeforeSz = 0;
minSz = min(dCert->afterDateLen, MAX_DATE_SZ);
if (minSz != 0) {
x509->notAfterSz = minSz;
XMEMCPY(x509->notAfter, dCert->afterDate, minSz);
}
else
x509->notAfterSz = 0;
}
if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
x509->pubKey.buffer = (byte*)XMALLOC(
dCert->pubKeySize, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
if (x509->pubKey.buffer != NULL) {
x509->pubKey.length = dCert->pubKeySize;
XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize);
}
else
ret = MEMORY_E;
}
/* store cert for potential retrieval */ /* store cert for potential retrieval */
x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL, x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL,
@@ -6137,19 +6238,27 @@ const char* const cipher_names[] =
"PSK-NULL-SHA", "PSK-NULL-SHA",
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
"HC128-MD5", "HC128-MD5",
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
"HC128-SHA", "HC128-SHA",
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_B2B256 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
"HC128-B2B256", "HC128-B2B256",
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
"AES128-B2B256",
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
"AES256-B2B256",
#endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
"RABBIT-SHA", "RABBIT-SHA",
#endif #endif
@@ -6449,20 +6558,28 @@ int cipher_name_idx[] =
TLS_PSK_WITH_NULL_SHA, TLS_PSK_WITH_NULL_SHA,
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
TLS_RSA_WITH_HC_128_CBC_MD5, TLS_RSA_WITH_HC_128_MD5,
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
TLS_RSA_WITH_HC_128_CBC_SHA, TLS_RSA_WITH_HC_128_SHA,
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_B2B256 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
TLS_RSA_WITH_HC_128_CBC_B2B256, TLS_RSA_WITH_HC_128_B2B256,
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
TLS_RSA_WITH_RABBIT_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_B2B256,
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
TLS_RSA_WITH_AES_256_CBC_B2B256,
#endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
TLS_RSA_WITH_RABBIT_SHA,
#endif #endif
#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
@@ -8452,7 +8569,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i, ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
&dsaKey, ssl->buffers.key.length); &dsaKey, ssl->buffers.key.length);
if (ret != 0) return ret; if (ret != 0) return ret;
sigSz = ecc_sig_size(&dsaKey) + 4; /* worst case estimate */ sigSz = ecc_sig_size(&dsaKey); /* worst case estimate */
} }
else { else {
#ifndef NO_RSA #ifndef NO_RSA
@@ -9300,22 +9417,28 @@ static void PickHashSigAlgo(CYASSL* ssl,
return 1; return 1;
break; break;
case TLS_RSA_WITH_HC_128_CBC_MD5 : case TLS_RSA_WITH_HC_128_MD5 :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
break; break;
case TLS_RSA_WITH_HC_128_CBC_SHA : case TLS_RSA_WITH_HC_128_SHA :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
break; break;
case TLS_RSA_WITH_HC_128_CBC_B2B256: case TLS_RSA_WITH_HC_128_B2B256:
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
break; break;
case TLS_RSA_WITH_RABBIT_CBC_SHA : case TLS_RSA_WITH_AES_128_CBC_B2B256:
case TLS_RSA_WITH_AES_256_CBC_B2B256:
if (requirement == REQUIRES_RSA)
return 1;
break;
case TLS_RSA_WITH_RABBIT_SHA :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
break; break;

2
src/io.c
View File

@@ -774,7 +774,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
{ {
char domainName[80], path[80]; char domainName[80], path[80];
int httpBufSz; int httpBufSz;
SOCKET_T sfd; SOCKET_T sfd = 0;
word16 port; word16 port;
int ocspRespSz = 0; int ocspRespSz = 0;
byte* httpBuf = NULL; byte* httpBuf = NULL;

50
src/keys.c
View File

@@ -1088,8 +1088,8 @@ int SetCipherSpecs(CYASSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
case TLS_RSA_WITH_HC_128_CBC_MD5 : case TLS_RSA_WITH_HC_128_MD5 :
ssl->specs.bulk_cipher_algorithm = cyassl_hc128; ssl->specs.bulk_cipher_algorithm = cyassl_hc128;
ssl->specs.cipher_type = stream; ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = md5_mac; ssl->specs.mac_algorithm = md5_mac;
@@ -1105,8 +1105,8 @@ int SetCipherSpecs(CYASSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
case TLS_RSA_WITH_HC_128_CBC_SHA : case TLS_RSA_WITH_HC_128_SHA :
ssl->specs.bulk_cipher_algorithm = cyassl_hc128; ssl->specs.bulk_cipher_algorithm = cyassl_hc128;
ssl->specs.cipher_type = stream; ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac; ssl->specs.mac_algorithm = sha_mac;
@@ -1122,8 +1122,8 @@ int SetCipherSpecs(CYASSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_B2B256 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
case TLS_RSA_WITH_HC_128_CBC_B2B256: case TLS_RSA_WITH_HC_128_B2B256:
ssl->specs.bulk_cipher_algorithm = cyassl_hc128; ssl->specs.bulk_cipher_algorithm = cyassl_hc128;
ssl->specs.cipher_type = stream; ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = blake2b_mac; ssl->specs.mac_algorithm = blake2b_mac;
@@ -1139,8 +1139,42 @@ int SetCipherSpecs(CYASSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
case TLS_RSA_WITH_RABBIT_CBC_SHA : case TLS_RSA_WITH_AES_128_CBC_B2B256:
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = blake2b_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = BLAKE2B_256;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
case TLS_RSA_WITH_AES_256_CBC_B2B256:
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = blake2b_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = BLAKE2B_256;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
case TLS_RSA_WITH_RABBIT_SHA :
ssl->specs.bulk_cipher_algorithm = cyassl_rabbit; ssl->specs.bulk_cipher_algorithm = cyassl_rabbit;
ssl->specs.cipher_type = stream; ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac; ssl->specs.mac_algorithm = sha_mac;

13
src/sniffer.c
View File

@@ -1593,10 +1593,19 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz, static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz,
byte* output) byte* output)
{ {
int ivExtra = 0;
Decrypt(ssl, output, input, sz); Decrypt(ssl, output, input, sz);
ssl->keys.encryptSz = sz; ssl->keys.encryptSz = sz;
if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) {
return output + ssl->specs.block_size; /* go past TLSv1.1 IV */ output += ssl->specs.block_size; /* go past TLSv1.1 IV */
ivExtra = ssl->specs.block_size;
}
ssl->keys.padSz = ssl->specs.hash_size;
if (ssl->specs.cipher_type == block)
ssl->keys.padSz += *(output + sz - ivExtra - 1) + 1;
return output; return output;
} }

322
src/ssl.c
View File

@@ -5618,7 +5618,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX* ctx) int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX* ctx)
{ {
(void)ctx; if (ctx != NULL)
return ctx->error;
return 0; return 0;
} }
@@ -7072,6 +7073,76 @@ int CyaSSL_set_compression(CYASSL* ssl)
} }
int CyaSSL_X509_NAME_entry_count(CYASSL_X509_NAME* name)
{
int count = 0;
CYASSL_ENTER("CyaSSL_X509_NAME_entry_count");
if (name != NULL)
count = name->fullName.entryCount;
CYASSL_LEAVE("CyaSSL_X509_NAME_entry_count", count);
return count;
}
int CyaSSL_X509_NAME_get_text_by_NID(CYASSL_X509_NAME* name,
int nid, char* buf, int len)
{
char *text = NULL;
int textSz = 0;
CYASSL_ENTER("CyaSSL_X509_NAME_get_text_by_NID");
switch (nid) {
case ASN_COMMON_NAME:
text = name->fullName.fullName + name->fullName.cnIdx;
textSz = name->fullName.cnLen;
break;
case ASN_SUR_NAME:
text = name->fullName.fullName + name->fullName.snIdx;
textSz = name->fullName.snLen;
break;
case ASN_SERIAL_NUMBER:
text = name->fullName.fullName + name->fullName.serialIdx;
textSz = name->fullName.serialLen;
break;
case ASN_COUNTRY_NAME:
text = name->fullName.fullName + name->fullName.cIdx;
textSz = name->fullName.cLen;
break;
case ASN_LOCALITY_NAME:
text = name->fullName.fullName + name->fullName.lIdx;
textSz = name->fullName.lLen;
break;
case ASN_STATE_NAME:
text = name->fullName.fullName + name->fullName.stIdx;
textSz = name->fullName.stLen;
break;
case ASN_ORG_NAME:
text = name->fullName.fullName + name->fullName.oIdx;
textSz = name->fullName.oLen;
break;
case ASN_ORGUNIT_NAME:
text = name->fullName.fullName + name->fullName.ouIdx;
textSz = name->fullName.ouLen;
break;
default:
break;
}
if (buf != NULL) {
textSz = min(textSz, len);
XMEMCPY(buf, text, textSz);
buf[textSz] = '\0';
}
CYASSL_LEAVE("CyaSSL_X509_NAME_get_text_by_NID", textSz);
return textSz;
}
/* write X509 serial number in unsigned binary to buffer /* write X509 serial number in unsigned binary to buffer
buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
return SSL_SUCCESS on success */ return SSL_SUCCESS on success */
@@ -7099,6 +7170,40 @@ int CyaSSL_set_compression(CYASSL* ssl)
return x509->derCert.buffer; return x509->derCert.buffer;
} }
int CyaSSL_X509_version(CYASSL_X509* x509)
{
CYASSL_ENTER("CyaSSL_X509_version");
if (x509 == NULL)
return 0;
return x509->version;
}
const byte* CyaSSL_X509_notBefore(CYASSL_X509* x509)
{
CYASSL_ENTER("CyaSSL_X509_notBefore");
if (x509 == NULL)
return NULL;
return x509->notBefore;
}
const byte* CyaSSL_X509_notAfter(CYASSL_X509* x509)
{
CYASSL_ENTER("CyaSSL_X509_notAfter");
if (x509 == NULL)
return NULL;
return x509->notAfter;
}
#ifdef CYASSL_SEP #ifdef CYASSL_SEP
/* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will /* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
@@ -7175,6 +7280,66 @@ byte* CyaSSL_X509_get_hw_serial_number(CYASSL_X509* x509,byte* in,int* inOutSz)
#endif /* CYASSL_SEP */ #endif /* CYASSL_SEP */
CYASSL_X509* CyaSSL_X509_d2i(CYASSL_X509** x509, const byte* in, int len)
{
CYASSL_X509 *newX509 = NULL;
CYASSL_ENTER("CyaSSL_X509_d2i");
if (in != NULL && len != 0) {
DecodedCert cert;
InitDecodedCert(&cert, (byte*)in, len, NULL);
if (ParseCertRelative(&cert, CERT_TYPE, 0, NULL) == 0) {
newX509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509),
NULL, DYNAMIC_TYPE_X509);
if (newX509 != NULL) {
InitX509(newX509, 1);
if (CopyDecodedToX509(newX509, &cert) != 0) {
XFREE(newX509, NULL, DYNAMIC_TYPE_X509);
newX509 = NULL;
}
}
}
FreeDecodedCert(&cert);
}
if (x509 != NULL)
*x509 = newX509;
return newX509;
}
CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
{
CYASSL_X509* newX509 = NULL;
CYASSL_ENTER("CyaSSL_X509_d2i_fp");
if (file != XBADFILE) {
byte* fileBuffer = NULL;
long sz = 0;
XFSEEK(file, 0, XSEEK_END);
sz = XFTELL(file);
XREWIND(file);
fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
if (fileBuffer != NULL) {
if ((int)XFREAD(fileBuffer, sz, 1, file) > 0) {
newX509 = CyaSSL_X509_d2i(NULL, fileBuffer, (int)sz);
}
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
}
}
if (x509 != NULL)
*x509 = newX509;
return newX509;
}
CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
{ {
byte staticBuffer[FILE_BUFFER_SIZE]; byte staticBuffer[FILE_BUFFER_SIZE];
@@ -7536,6 +7701,12 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
return "TLS_RSA_WITH_AES_128_CBC_SHA256"; return "TLS_RSA_WITH_AES_128_CBC_SHA256";
case TLS_RSA_WITH_AES_256_CBC_SHA256 : case TLS_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_RSA_WITH_AES_256_CBC_SHA256"; return "TLS_RSA_WITH_AES_256_CBC_SHA256";
#ifdef HAVE_BLAKE2
case TLS_RSA_WITH_AES_128_CBC_B2B256:
return "TLS_RSA_WITH_AES_128_CBC_B2B256";
case TLS_RSA_WITH_AES_256_CBC_B2B256:
return "TLS_RSA_WITH_AES_256_CBC_B2B256";
#endif
#ifndef NO_SHA #ifndef NO_SHA
case TLS_RSA_WITH_NULL_SHA : case TLS_RSA_WITH_NULL_SHA :
return "TLS_RSA_WITH_NULL_SHA"; return "TLS_RSA_WITH_NULL_SHA";
@@ -7580,22 +7751,22 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
#endif #endif
#ifndef NO_HC128 #ifndef NO_HC128
#ifndef NO_MD5 #ifndef NO_MD5
case TLS_RSA_WITH_HC_128_CBC_MD5 : case TLS_RSA_WITH_HC_128_MD5 :
return "TLS_RSA_WITH_HC_128_CBC_MD5"; return "TLS_RSA_WITH_HC_128_MD5";
#endif #endif
#ifndef NO_SHA #ifndef NO_SHA
case TLS_RSA_WITH_HC_128_CBC_SHA : case TLS_RSA_WITH_HC_128_SHA :
return "TLS_RSA_WITH_HC_128_CBC_SHA"; return "TLS_RSA_WITH_HC_128_SHA";
#endif #endif
#ifdef HAVE_BLAKE2 #ifdef HAVE_BLAKE2
case TLS_RSA_WITH_HC_128_CBC_B2B256: case TLS_RSA_WITH_HC_128_B2B256:
return "TLS_RSA_WITH_HC_128_CBC_B2B256"; return "TLS_RSA_WITH_HC_128_B2B256";
#endif #endif
#endif /* NO_HC128 */ #endif /* NO_HC128 */
#ifndef NO_SHA #ifndef NO_SHA
#ifndef NO_RABBIT #ifndef NO_RABBIT
case TLS_RSA_WITH_RABBIT_CBC_SHA : case TLS_RSA_WITH_RABBIT_SHA :
return "TLS_RSA_WITH_RABBIT_CBC_SHA"; return "TLS_RSA_WITH_RABBIT_SHA";
#endif #endif
#ifdef HAVE_NTRU #ifdef HAVE_NTRU
#ifndef NO_RC4 #ifndef NO_RC4
@@ -7965,9 +8136,61 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
} }
int CyaSSL_X509_STORE_add_cert(CYASSL_X509_STORE* store, CYASSL_X509* x509)
{
int result = SSL_FATAL_ERROR;
CYASSL_ENTER("CyaSSL_X509_STORE_add_cert");
if (store != NULL && store->cm != NULL && x509 != NULL) {
buffer derCert;
derCert.buffer = (byte*)XMALLOC(x509->derCert.length,
NULL, DYNAMIC_TYPE_CERT);
if (derCert.buffer != NULL) {
derCert.length = x509->derCert.length;
// AddCA() frees the buffer.
XMEMCPY(derCert.buffer,
x509->derCert.buffer, x509->derCert.length);
result = AddCA(store->cm, derCert, CYASSL_USER_CA, 1);
if (result != SSL_SUCCESS) result = SSL_FATAL_ERROR;
}
}
CYASSL_LEAVE("CyaSSL_X509_STORE_add_cert", result);
return result;
}
CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void) CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void)
{ {
return 0; CYASSL_X509_STORE* store = NULL;
store = (CYASSL_X509_STORE*)XMALLOC(sizeof(CYASSL_X509_STORE), NULL, 0);
if (store != NULL) {
store->cm = CyaSSL_CertManagerNew();
if (store->cm == NULL) {
XFREE(store, NULL, 0);
store = NULL;
}
}
return store;
}
void CyaSSL_X509_STORE_free(CYASSL_X509_STORE* store)
{
if (store != NULL) {
if (store->cm != NULL)
CyaSSL_CertManagerFree(store->cm);
XFREE(store, NULL, 0);
}
}
int CyaSSL_X509_STORE_set_default_paths(CYASSL_X509_STORE* store)
{
(void)store;
return SSL_SUCCESS;
} }
@@ -7982,14 +8205,46 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
} }
CYASSL_X509_STORE_CTX* CyaSSL_X509_STORE_CTX_new(void)
{
CYASSL_X509_STORE_CTX* ctx = (CYASSL_X509_STORE_CTX*)XMALLOC(
sizeof(CYASSL_X509_STORE_CTX), NULL, 0);
if (ctx != NULL)
CyaSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
return ctx;
}
int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX* ctx, int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX* ctx,
CYASSL_X509_STORE* store, CYASSL_X509* x509, STACK_OF(CYASSL_X509)* sk) CYASSL_X509_STORE* store, CYASSL_X509* x509, STACK_OF(CYASSL_X509)* sk)
{ {
(void)ctx;
(void)store;
(void)x509;
(void)sk; (void)sk;
return 0; if (ctx != NULL) {
ctx->store = store;
ctx->current_cert = x509;
ctx->domain = NULL;
ctx->ex_data = NULL;
ctx->userCtx = NULL;
ctx->error = 0;
ctx->error_depth = 0;
ctx->discardSessionCerts = 0;
return SSL_SUCCESS;
}
return SSL_FATAL_ERROR;
}
void CyaSSL_X509_STORE_CTX_free(CYASSL_X509_STORE_CTX* ctx)
{
if (ctx != NULL) {
if (ctx->store != NULL)
CyaSSL_X509_STORE_free(ctx->store);
if (ctx->current_cert != NULL)
CyaSSL_FreeX509(ctx->current_cert);
XFREE(ctx, NULL, 0);
}
} }
@@ -7999,6 +8254,18 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
} }
int CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX* ctx)
{
if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
&& ctx->current_cert != NULL) {
return CyaSSL_CertManagerVerifyBuffer(ctx->store->cm,
ctx->current_cert->derCert.buffer,
ctx->current_cert->derCert.length,
SSL_FILETYPE_ASN1);
}
return SSL_FATAL_ERROR;
}
CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL* crl) CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL* crl)
{ {
@@ -8017,8 +8284,25 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509* x509) CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509* x509)
{ {
(void)x509; CYASSL_EVP_PKEY* key = NULL;
return 0; if (x509 != NULL) {
key = (CYASSL_EVP_PKEY*)XMALLOC(
sizeof(CYASSL_EVP_PKEY), NULL, DYNAMIC_TYPE_PUBLIC_KEY);
if (key != NULL) {
key->type = 0;
key->save_type = 0;
key->pkey.ptr = (char*)XMALLOC(
x509->pubKey.length, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
if (key->pkey.ptr == NULL) {
XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
return NULL;
}
XMEMCPY(key->pkey.ptr,
x509->pubKey.buffer, x509->pubKey.length);
key->pkey_sz = x509->pubKey.length;
}
}
return key;
} }
@@ -8045,7 +8329,11 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY* key) void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY* key)
{ {
(void)key; if (key != NULL) {
if (key->pkey.ptr != NULL)
XFREE(key->pkey.ptr, NULL, 0);
XFREE(key, NULL, 0);
}
} }

6
sslSniffer/sslSnifferTest/snifftest.c
View File

@@ -114,7 +114,7 @@ static char* iptos(unsigned int addr)
int main(int argc, char** argv) int main(int argc, char** argv)
{ {
int ret; int ret = 0;
int inum; int inum;
int port; int port;
int saveFile = 0; int saveFile = 0;
@@ -260,8 +260,10 @@ int main(int argc, char** argv)
frame = NULL_IF_FRAME_LEN; frame = NULL_IF_FRAME_LEN;
while (1) { while (1) {
static int packetNumber = 0;
struct pcap_pkthdr header; struct pcap_pkthdr header;
const unsigned char* packet = pcap_next(pcap, &header); const unsigned char* packet = pcap_next(pcap, &header);
packetNumber++;
if (packet) { if (packet) {
byte data[65535]; byte data[65535];
@@ -278,7 +280,7 @@ int main(int argc, char** argv)
printf("ssl_Decode ret = %d, %s\n", ret, err); printf("ssl_Decode ret = %d, %s\n", ret, err);
if (ret > 0) { if (ret > 0) {
data[ret] = 0; data[ret] = 0;
printf("SSL App Data:%s\n", data); printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data);
} }
} }
else if (saveFile) else if (saveFile)

48
tests/test.conf
View File

@@ -774,6 +774,22 @@
-v 1 -v 1
-l HC128-B2B256 -l HC128-B2B256
# server TLSv1 AES128-B2B256
-v 1
-l AES128-B2B256
# client TLSv1 AES128-B2B256
-v 1
-l AES128-B2B256
# server TLSv1 AES256-B2B256
-v 1
-l AES256-B2B256
# client TLSv1 AES256-B2B256
-v 1
-l AES256-B2B256
# server TLSv1.1 HC128-SHA # server TLSv1.1 HC128-SHA
-v 2 -v 2
-l HC128-SHA -l HC128-SHA
@@ -798,6 +814,22 @@
-v 2 -v 2
-l HC128-B2B256 -l HC128-B2B256
# server TLSv1.1 AES128-B2B256
-v 2
-l AES128-B2B256
# client TLSv1.1 AES128-B2B256
-v 2
-l AES128-B2B256
# server TLSv1.1 AES256-B2B256
-v 2
-l AES256-B2B256
# client TLSv1.1 AES256-B2B256
-v 2
-l AES256-B2B256
# server TLSv1.2 HC128-SHA # server TLSv1.2 HC128-SHA
-v 3 -v 3
-l HC128-SHA -l HC128-SHA
@@ -822,6 +854,22 @@
-v 3 -v 3
-l HC128-B2B256 -l HC128-B2B256
# server TLSv1.2 AES128-B2B256
-v 3
-l AES128-B2B256
# client TLSv1.2 AES128-B2B256
-v 3
-l AES128-B2B256
# server TLSv1.2 AES256-B2B256
-v 3
-l AES256-B2B256
# client TLSv1.2 AES256-B2B256
-v 3
-l AES256-B2B256
# server TLSv1 RABBIT-SHA # server TLSv1 RABBIT-SHA
-v 1 -v 1
-l RABBIT-SHA -l RABBIT-SHA