feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

1. Added more options to the full commit test.

Browse Source 
2. Cleanups from static analysis.
This commit is contained in:
John Safranek
2014-04-30 15:01:10 -07:00
parent 85d453f2d1
commit fb5200aa95
5 changed files with 409 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
commit-tests.sh
View File

@ -23,7 +23,7 @@ RESULT=$?
# make sure full config is ok # make sure full config is ok
echo -e "\n\nTesting full config as well...\n\n" echo -e "\n\nTesting full config as well...\n\n"
./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia --enable-sha512; ./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia --enable-sha512 --enable-crl --enable-ocsp --enable-savesession --enable-savecert --enable-atomicuser --enable-pkcallbacks --enable-scep;
RESULT=$? RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1 [ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1

1
ctaocrypt/src/hc128.c
View File

@ -338,6 +338,7 @@ static INLINE int DoProcess(HC128* ctx, byte* output, const byte* input,
if (msglen > 0) if (msglen > 0)
{ {
XMEMSET(keystream, 0, sizeof(keystream)); /* hush the static analysis */
generate_keystream(ctx, keystream); generate_keystream(ctx, keystream);
#ifdef BIG_ENDIAN_ORDER #ifdef BIG_ENDIAN_ORDER

10
ctaocrypt/src/pkcs7.c
View File

@ -585,11 +585,7 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
byte* content = NULL; byte* content = NULL;
byte* sig = NULL; byte* sig = NULL;
byte* cert = NULL; byte* cert = NULL;
byte* signedAttr = NULL; int contentSz = 0, sigSz = 0, certSz = 0;
int contentSz = 0, sigSz = 0, certSz = 0, signedAttrSz = 0;
(void)signedAttr; /* not used yet, just set */
(void)signedAttrSz;
if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0) if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@ -750,10 +746,6 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
/* save pointer and length */
signedAttr = &pkiMsg[idx];
signedAttrSz = length;
idx += length; idx += length;
} }

492
ctaocrypt/test/test.c
View File

@ -2792,44 +2792,87 @@ int rsa_test(void)
FILE* pemFile; FILE* pemFile;
ret = InitRsaKey(&genKey, 0); ret = InitRsaKey(&genKey, 0);
if (ret != 0) return -300; if (ret != 0)
return -300;
ret = MakeRsaKey(&genKey, 1024, 65537, &rng); ret = MakeRsaKey(&genKey, 1024, 65537, &rng);
if (ret != 0) if (ret != 0)
return -301; return -301;
der = (byte*)malloc(FOURK_BUF); der = (byte*)malloc(FOURK_BUF);
if (der == NULL) if (der == NULL) {
FreeRsaKey(&genKey);
return -307; return -307;
}
pem = (byte*)malloc(FOURK_BUF); pem = (byte*)malloc(FOURK_BUF);
if (pem == NULL) if (pem == NULL) {
free(der);
FreeRsaKey(&genKey);
return -308; return -308;
}
derSz = RsaKeyToDer(&genKey, der, FOURK_BUF); derSz = RsaKeyToDer(&genKey, der, FOURK_BUF);
if (derSz < 0) if (derSz < 0) {
free(der);
free(pem);
return -302; return -302;
}
keyFile = fopen("./key.der", "wb"); keyFile = fopen("./key.der", "wb");
if (!keyFile) if (!keyFile) {
free(der);
free(pem);
FreeRsaKey(&genKey);
return -303; return -303;
ret = (int)fwrite(der, derSz, 1, keyFile); }
ret = (int)fwrite(der, 1, derSz, keyFile);
fclose(keyFile); fclose(keyFile);
if (ret != derSz) {
free(der);
free(pem);
FreeRsaKey(&genKey);
return -313;
}
pemSz = DerToPem(der, derSz, pem, FOURK_BUF, PRIVATEKEY_TYPE); pemSz = DerToPem(der, derSz, pem, FOURK_BUF, PRIVATEKEY_TYPE);
if (pemSz < 0) if (pemSz < 0) {
free(der);
free(pem);
FreeRsaKey(&genKey);
return -304; return -304;
}
pemFile = fopen("./key.pem", "wb"); pemFile = fopen("./key.pem", "wb");
if (!pemFile) if (!pemFile) {
free(der);
free(pem);
FreeRsaKey(&genKey);
return -305; return -305;
ret = (int)fwrite(pem, pemSz, 1, pemFile); }
ret = (int)fwrite(pem, 1, pemSz, pemFile);
fclose(pemFile); fclose(pemFile);
if (ret != pemSz) {
free(der);
free(pem);
FreeRsaKey(&genKey);
return -314;
}
ret = InitRsaKey(&derIn, 0); ret = InitRsaKey(&derIn, 0);
if (ret != 0) return -3060; if (ret != 0) {
free(der);
free(pem);
FreeRsaKey(&genKey);
return -3060;
}
idx = 0; idx = 0;
ret = RsaPrivateKeyDecode(der, &idx, &derIn, derSz); ret = RsaPrivateKeyDecode(der, &idx, &derIn, derSz);
if (ret != 0) if (ret != 0) {
free(der);
free(pem);
FreeRsaKey(&derIn);
FreeRsaKey(&genKey);
return -306; return -306;
}
FreeRsaKey(&derIn); FreeRsaKey(&derIn);
FreeRsaKey(&genKey); FreeRsaKey(&genKey);
@ -2857,8 +2900,10 @@ int rsa_test(void)
if (derCert == NULL) if (derCert == NULL)
return -309; return -309;
pem = (byte*)malloc(FOURK_BUF); pem = (byte*)malloc(FOURK_BUF);
if (pem == NULL) if (pem == NULL) {
free(derCert);
return -310; return -310;
}
InitCert(&myCert); InitCert(&myCert);
@ -2873,31 +2918,56 @@ int rsa_test(void)
myCert.sigType = CTC_SHA256wRSA; myCert.sigType = CTC_SHA256wRSA;
certSz = MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, &rng); certSz = MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, &rng);
if (certSz < 0) if (certSz < 0) {
free(derCert);
free(pem);
return -401; return -401;
}
#ifdef CYASSL_TEST_CERT #ifdef CYASSL_TEST_CERT
InitDecodedCert(&decode, derCert, certSz, 0); InitDecodedCert(&decode, derCert, certSz, 0);
ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) if (ret != 0) {
free(derCert);
free(pem);
return -402; return -402;
}
FreeDecodedCert(&decode); FreeDecodedCert(&decode);
#endif #endif
derFile = fopen("./cert.der", "wb"); derFile = fopen("./cert.der", "wb");
if (!derFile) if (!derFile) {
free(derCert);
free(pem);
return -403; return -403;
ret = (int)fwrite(derCert, certSz, 1, derFile); }
ret = (int)fwrite(derCert, 1, certSz, derFile);
fclose(derFile); fclose(derFile);
if (ret != certSz) {
free(derCert);
free(pem);
return -414;
}
pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
if (pemSz < 0) if (pemSz < 0) {
free(derCert);
free(pem);
return -404; return -404;
}
pemFile = fopen("./cert.pem", "wb"); pemFile = fopen("./cert.pem", "wb");
if (!pemFile) if (!pemFile) {
free(derCert);
free(pem);
return -405; return -405;
ret = (int)fwrite(pem, pemSz, 1, pemFile); }
ret = (int)fwrite(pem, 1, pemSz, pemFile);
fclose(pemFile); fclose(pemFile);
if (ret != pemSz) {
free(derCert);
free(pem);
return -406;
}
free(pem); free(pem);
free(derCert); free(derCert);
} }
@ -2922,21 +2992,35 @@ int rsa_test(void)
if (derCert == NULL) if (derCert == NULL)
return -311; return -311;
pem = (byte*)malloc(FOURK_BUF); pem = (byte*)malloc(FOURK_BUF);
if (pem == NULL) if (pem == NULL) {
free(derCert);
return -312; return -312;
}
file3 = fopen(caKeyFile, "rb"); file3 = fopen(caKeyFile, "rb");
if (!file3) if (!file3) {
free(derCert);
free(pem);
return -412; return -412;
}
bytes3 = fread(tmp, 1, FOURK_BUF, file3); bytes3 = fread(tmp, 1, FOURK_BUF, file3);
fclose(file3); fclose(file3);
ret = InitRsaKey(&caKey, 0); ret = InitRsaKey(&caKey, 0);
if (ret != 0) return -411; if (ret != 0) {
free(derCert);
free(pem);
return -411;
}
ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
if (ret != 0) return -413; if (ret != 0) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -413;
}
InitCert(&myCert); InitCert(&myCert);
@ -2949,41 +3033,81 @@ int rsa_test(void)
strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE); strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
ret = SetIssuer(&myCert, caCertFile); ret = SetIssuer(&myCert, caCertFile);
if (ret < 0) if (ret < 0) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -405; return -405;
}
certSz = MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng); certSz = MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng);
if (certSz < 0) if (certSz < 0) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -407; return -407;
}
certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
&caKey, NULL, &rng); &caKey, NULL, &rng);
if (certSz < 0) if (certSz < 0) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -408; return -408;
}
#ifdef CYASSL_TEST_CERT #ifdef CYASSL_TEST_CERT
InitDecodedCert(&decode, derCert, certSz, 0); InitDecodedCert(&decode, derCert, certSz, 0);
ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) if (ret != 0) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -409; return -409;
}
FreeDecodedCert(&decode); FreeDecodedCert(&decode);
#endif #endif
derFile = fopen("./othercert.der", "wb"); derFile = fopen("./othercert.der", "wb");
if (!derFile) if (!derFile) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -410; return -410;
ret = (int)fwrite(derCert, certSz, 1, derFile); }
ret = (int)fwrite(derCert, 1, certSz, derFile);
fclose(derFile); fclose(derFile);
if (ret != certSz) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -416;
}
pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
if (pemSz < 0) if (pemSz < 0) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -411; return -411;
}
pemFile = fopen("./othercert.pem", "wb"); pemFile = fopen("./othercert.pem", "wb");
if (!pemFile) if (!pemFile) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -412; return -412;
ret = (int)fwrite(pem, pemSz, 1, pemFile); }
ret = (int)fwrite(pem, 1, pemSz, pemFile);
if (ret != pemSz) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -415;
}
fclose(pemFile); fclose(pemFile);
free(pem); free(pem);
free(derCert); free(derCert);
@ -3002,7 +3126,7 @@ int rsa_test(void)
int pemSz; int pemSz;
size_t bytes3; size_t bytes3;
word32 idx3 = 0; word32 idx3 = 0;
FILE* file3 ; FILE* file3;
#ifdef CYASSL_TEST_CERT #ifdef CYASSL_TEST_CERT
DecodedCert decode; DecodedCert decode;
#endif #endif
@ -3011,20 +3135,29 @@ int rsa_test(void)
if (derCert == NULL) if (derCert == NULL)
return -5311; return -5311;
pem = (byte*)malloc(FOURK_BUF); pem = (byte*)malloc(FOURK_BUF);
if (pem == NULL) if (pem == NULL) {
free(derCert);
return -5312; return -5312;
}
file3 = fopen(eccCaKeyFile, "rb"); file3 = fopen(eccCaKeyFile, "rb");
if (!file3) if (!file3) {
free(derCert);
free(pem);
return -5412; return -5412;
}
bytes3 = fread(tmp, 1, FOURK_BUF, file3); bytes3 = fread(tmp, 1, FOURK_BUF, file3);
fclose(file3); fclose(file3);
ecc_init(&caKey); ecc_init(&caKey);
ret = EccPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); ret = EccPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
if (ret != 0) return -5413; if (ret != 0) {
free(derCert);
free(pem);
return -5413;
}
InitCert(&myCert); InitCert(&myCert);
myCert.sigType = CTC_SHA256wECDSA; myCert.sigType = CTC_SHA256wECDSA;
@ -3038,40 +3171,80 @@ int rsa_test(void)
strncpy(myCert.subject.email, "info@wolfssl.com", CTC_NAME_SIZE); strncpy(myCert.subject.email, "info@wolfssl.com", CTC_NAME_SIZE);
ret = SetIssuer(&myCert, eccCaCertFile); ret = SetIssuer(&myCert, eccCaCertFile);
if (ret < 0) if (ret < 0) {
free(pem);
free(derCert);
ecc_free(&caKey);
return -5405; return -5405;
}
certSz = MakeCert(&myCert, derCert, FOURK_BUF, NULL, &caKey, &rng); certSz = MakeCert(&myCert, derCert, FOURK_BUF, NULL, &caKey, &rng);
if (certSz < 0) if (certSz < 0) {
free(pem);
free(derCert);
ecc_free(&caKey);
return -5407; return -5407;
}
certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
NULL, &caKey, &rng); NULL, &caKey, &rng);
if (certSz < 0) if (certSz < 0) {
free(pem);
free(derCert);
ecc_free(&caKey);
return -5408; return -5408;
}
#ifdef CYASSL_TEST_CERT #ifdef CYASSL_TEST_CERT
InitDecodedCert(&decode, derCert, certSz, 0); InitDecodedCert(&decode, derCert, certSz, 0);
ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) if (ret != 0) {
free(pem);
free(derCert);
ecc_free(&caKey);
return -5409; return -5409;
}
FreeDecodedCert(&decode); FreeDecodedCert(&decode);
#endif #endif
derFile = fopen("./certecc.der", "wb"); derFile = fopen("./certecc.der", "wb");
if (!derFile) if (!derFile) {
free(pem);
free(derCert);
ecc_free(&caKey);
return -5410; return -5410;
ret = (int)fwrite(derCert, certSz, 1, derFile); }
ret = (int)fwrite(derCert, 1, certSz, derFile);
fclose(derFile); fclose(derFile);
if (ret != certSz) {
free(pem);
free(derCert);
ecc_free(&caKey);
return -5414;
}
pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
if (pemSz < 0) if (pemSz < 0) {
free(pem);
free(derCert);
ecc_free(&caKey);
return -5411; return -5411;
}
pemFile = fopen("./certecc.pem", "wb"); pemFile = fopen("./certecc.pem", "wb");
if (!pemFile) if (!pemFile) {
free(pem);
free(derCert);
ecc_free(&caKey);
return -5412; return -5412;
ret = (int)fwrite(pem, pemSz, 1, pemFile); }
ret = (int)fwrite(pem, 1, pemSz, pemFile);
if (ret != pemSz) {
free(pem);
free(derCert);
ecc_free(&caKey);
return -5415;
}
fclose(pemFile); fclose(pemFile);
free(pem); free(pem);
free(derCert); free(derCert);
@ -3090,8 +3263,7 @@ int rsa_test(void)
FILE* ntruPrivFile; FILE* ntruPrivFile;
int certSz; int certSz;
int pemSz; int pemSz;
size_t bytes; word32 idx3;
word32 idx = 0;
#ifdef CYASSL_TEST_CERT #ifdef CYASSL_TEST_CERT
DecodedCert decode; DecodedCert decode;
#endif #endif
@ -3099,8 +3271,10 @@ int rsa_test(void)
if (derCert == NULL) if (derCert == NULL)
return -311; return -311;
pem = (byte*)malloc(FOURK_BUF); pem = (byte*)malloc(FOURK_BUF);
if (pem == NULL) if (pem == NULL) {
free(derCert);
return -312; return -312;
}
byte public_key[557]; /* sized for EES401EP2 */ byte public_key[557]; /* sized for EES401EP2 */
word16 public_key_len; /* no. of octets in public key */ word16 public_key_len; /* no. of octets in public key */
@ -3112,33 +3286,53 @@ int rsa_test(void)
}; };
word32 rc = crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), word32 rc = crypto_drbg_instantiate(112, pers_str, sizeof(pers_str),
GetEntropy, &drbg); GetEntropy, &drbg);
if (rc != DRBG_OK) if (rc != DRBG_OK) {
free(derCert);
free(pem);
return -450; return -450;
}
rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
NULL, &private_key_len, NULL); NULL, &private_key_len, NULL);
if (rc != NTRU_OK) if (rc != NTRU_OK) {
free(derCert);
free(pem);
return -451; return -451;
}
rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
public_key, &private_key_len, private_key); public_key, &private_key_len, private_key);
crypto_drbg_uninstantiate(drbg); crypto_drbg_uninstantiate(drbg);
if (rc != NTRU_OK) if (rc != NTRU_OK) {
free(derCert);
free(pem);
return -452; return -452;
}
caFile = fopen(caKeyFile, "rb"); caFile = fopen(caKeyFile, "rb");
if (!caFile) if (!caFile) {
free(derCert);
free(pem);
return -453; return -453;
}
bytes = fread(tmp, 1, FOURK_BUF, caFile); bytes = fread(tmp, 1, FOURK_BUF, caFile);
fclose(caFile); fclose(caFile);
ret = InitRsaKey(&caKey, 0); ret = InitRsaKey(&caKey, 0);
if (ret != 0) return -459; if (ret != 0) {
ret = RsaPrivateKeyDecode(tmp, &idx, &caKey, (word32)bytes); free(derCert);
if (ret != 0) return -454; free(pem);
return -459;
}
ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes);
if (ret != 0) {
free(derCert);
free(pem);
return -454;
}
InitCert(&myCert); InitCert(&myCert);
@ -3151,51 +3345,92 @@ int rsa_test(void)
strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE); strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
ret = SetIssuer(&myCert, caCertFile); ret = SetIssuer(&myCert, caCertFile);
if (ret < 0) if (ret < 0) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -455; return -455;
}
certSz = MakeNtruCert(&myCert, derCert, FOURK_BUF, public_key, certSz = MakeNtruCert(&myCert, derCert, FOURK_BUF, public_key,
public_key_len, &rng); public_key_len, &rng);
if (certSz < 0) if (certSz < 0) {
free(derCert);
free(pem);
FreeRsaKey(&caKey);
return -456; return -456;
}
certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
&caKey, NULL, &rng); &caKey, NULL, &rng);
if (certSz < 0) FreeRsaKey(&caKey);
if (certSz < 0) {
free(derCert);
free(pem);
return -457; return -457;
}
#ifdef CYASSL_TEST_CERT #ifdef CYASSL_TEST_CERT
InitDecodedCert(&decode, derCert, certSz, 0); InitDecodedCert(&decode, derCert, certSz, 0);
ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) if (ret != 0) {
free(derCert);
free(pem);
return -458; return -458;
}
FreeDecodedCert(&decode); FreeDecodedCert(&decode);
#endif #endif
derFile = fopen("./ntru-cert.der", "wb"); derFile = fopen("./ntru-cert.der", "wb");
if (!derFile) if (!derFile) {
free(derCert);
free(pem);
return -459; return -459;
ret = fwrite(derCert, certSz, 1, derFile); }
ret = (int)fwrite(derCert, 1, certSz, derFile);
fclose(derFile); fclose(derFile);
if (ret != certSz) {
free(derCert);
free(pem);
return -473;
}
pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
if (pemSz < 0) if (pemSz < 0) {
free(derCert);
free(pem);
return -460; return -460;
}
pemFile = fopen("./ntru-cert.pem", "wb"); pemFile = fopen("./ntru-cert.pem", "wb");
if (!pemFile) if (!pemFile) {
free(derCert);
free(pem);
return -461; return -461;
ret = fwrite(pem, pemSz, 1, pemFile); }
ret = (int)fwrite(pem, 1, pemSz, pemFile);
fclose(pemFile); fclose(pemFile);
if (ret != pemSz) {
free(derCert);
free(pem);
return -474;
}
ntruPrivFile = fopen("./ntru-key.raw", "wb"); ntruPrivFile = fopen("./ntru-key.raw", "wb");
if (!ntruPrivFile) if (!ntruPrivFile) {
free(derCert);
free(pem);
return -462; return -462;
ret = fwrite(private_key, private_key_len, 1, ntruPrivFile); }
ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile);
fclose(ntruPrivFile); fclose(ntruPrivFile);
if (ret != private_key_len) {
free(pem);
free(derCert);
return -475;
}
free(pem); free(pem);
free(derCert); free(derCert);
FreeRsaKey(&caKey);
} }
#endif /* HAVE_NTRU */ #endif /* HAVE_NTRU */
#ifdef CYASSL_CERT_REQ #ifdef CYASSL_CERT_REQ
@ -3211,8 +3446,10 @@ int rsa_test(void)
if (der == NULL) if (der == NULL)
return -463; return -463;
pem = (byte*)malloc(FOURK_BUF); pem = (byte*)malloc(FOURK_BUF);
if (pem == NULL) if (pem == NULL) {
free(der);
return -464; return -464;
}
InitCert(&req); InitCert(&req);
@ -3229,30 +3466,55 @@ int rsa_test(void)
req.sigType = CTC_SHA256wRSA; req.sigType = CTC_SHA256wRSA;
derSz = MakeCertReq(&req, der, FOURK_BUF, &key, NULL); derSz = MakeCertReq(&req, der, FOURK_BUF, &key, NULL);
if (derSz < 0) if (derSz < 0) {
free(pem);
free(der);
return -465; return -465;
}
derSz = SignCert(req.bodySz, req.sigType, der, FOURK_BUF, derSz = SignCert(req.bodySz, req.sigType, der, FOURK_BUF,
&key, NULL, &rng); &key, NULL, &rng);
if (derSz < 0) if (derSz < 0) {
free(pem);
free(der);
return -466; return -466;
}
pemSz = DerToPem(der, derSz, pem, FOURK_BUF, CERTREQ_TYPE); pemSz = DerToPem(der, derSz, pem, FOURK_BUF, CERTREQ_TYPE);
if (pemSz < 0) if (pemSz < 0) {
free(pem);
free(der);
return -467; return -467;
}
reqFile = fopen("./certreq.der", "wb"); reqFile = fopen("./certreq.der", "wb");
if (!reqFile) if (!reqFile) {
free(pem);
free(der);
return -468; return -468;
}
ret = (int)fwrite(der, derSz, 1, reqFile); ret = (int)fwrite(der, 1, derSz, reqFile);
fclose(reqFile); fclose(reqFile);
if (ret != derSz) {
free(pem);
free(der);
return -471;
}
reqFile = fopen("./certreq.pem", "wb"); reqFile = fopen("./certreq.pem", "wb");
if (!reqFile) if (!reqFile) {
free(pem);
free(der);
return -469; return -469;
ret = (int)fwrite(pem, pemSz, 1, reqFile); }
ret = (int)fwrite(pem, 1, pemSz, reqFile);
fclose(reqFile); fclose(reqFile);
if (ret != pemSz) {
free(pem);
free(der);
return -470;
}
free(pem); free(pem);
free(der); free(der);
@ -3855,6 +4117,10 @@ int ecc_test(void)
ecc_init(&pubKey); ecc_init(&pubKey);
ret = ecc_make_key(&rng, 32, &userA); ret = ecc_make_key(&rng, 32, &userA);
if (ret != 0)
return -1014;
ret = ecc_make_key(&rng, 32, &userB); ret = ecc_make_key(&rng, 32, &userB);
if (ret != 0) if (ret != 0)
@ -3863,6 +4129,9 @@ int ecc_test(void)
x = sizeof(sharedA); x = sizeof(sharedA);
ret = ecc_shared_secret(&userA, &userB, sharedA, &x); ret = ecc_shared_secret(&userA, &userB, sharedA, &x);
if (ret != 0)
return -1015;
y = sizeof(sharedB); y = sizeof(sharedB);
ret = ecc_shared_secret(&userB, &userA, sharedB, &y); ret = ecc_shared_secret(&userB, &userA, sharedB, &y);
@ -3901,6 +4170,9 @@ int ecc_test(void)
x = sizeof(sig); x = sizeof(sig);
ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA); ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA);
if (ret != 0)
return -1016;
verify = 0; verify = 0;
ret = ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &userA); ret = ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &userA);
@ -4200,21 +4472,29 @@ int pkcs7enveloped_test(void)
return -201; return -201;
privKey = (byte*)malloc(FOURK_BUF); privKey = (byte*)malloc(FOURK_BUF);
if (privKey == NULL) if (privKey == NULL) {
free(cert);
return -202; return -202;
}
certFile = fopen(clientCert, "rb"); certFile = fopen(clientCert, "rb");
if (!certFile) if (!certFile) {
free(cert);
free(privKey);
err_sys("can't open ./certs/client-cert.der, " err_sys("can't open ./certs/client-cert.der, "
"Please run from CyaSSL home dir", -42); "Please run from CyaSSL home dir", -42);
}
certSz = fread(cert, 1, FOURK_BUF, certFile); certSz = fread(cert, 1, FOURK_BUF, certFile);
fclose(certFile); fclose(certFile);
keyFile = fopen(clientKey, "rb"); keyFile = fopen(clientKey, "rb");
if (!keyFile) if (!keyFile) {
free(cert);
free(privKey);
err_sys("can't open ./certs/client-key.der, " err_sys("can't open ./certs/client-key.der, "
"Please run from CyaSSL home dir", -43); "Please run from CyaSSL home dir", -43);
}
privKeySz = fread(privKey, 1, FOURK_BUF, keyFile); privKeySz = fread(privKey, 1, FOURK_BUF, keyFile);
fclose(keyFile); fclose(keyFile);
@ -4230,24 +4510,35 @@ int pkcs7enveloped_test(void)
/* encode envelopedData */ /* encode envelopedData */
envelopedSz = PKCS7_EncodeEnvelopedData(&pkcs7, enveloped, envelopedSz = PKCS7_EncodeEnvelopedData(&pkcs7, enveloped,
sizeof(enveloped)); sizeof(enveloped));
if (envelopedSz <= 0) if (envelopedSz <= 0) {
free(cert);
free(privKey);
return -203; return -203;
}
/* decode envelopedData */ /* decode envelopedData */
decodedSz = PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz, decodedSz = PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz,
decoded, sizeof(decoded)); decoded, sizeof(decoded));
if (decodedSz <= 0) if (decodedSz <= 0) {
free(cert);
free(privKey);
return -204; return -204;
}
/* test decode result */ /* test decode result */
if (memcmp(decoded, data, sizeof(data)) != 0) { if (memcmp(decoded, data, sizeof(data)) != 0) {
free(cert);
free(privKey);
return -205; return -205;
} }
/* output pkcs7 envelopedData for external testing */ /* output pkcs7 envelopedData for external testing */
pkcs7File = fopen(pkcs7OutFile, "wb"); pkcs7File = fopen(pkcs7OutFile, "wb");
if (!pkcs7File) if (!pkcs7File) {
free(cert);
free(privKey);
return -206; return -206;
}
ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File); ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File);
fclose(pkcs7File); fclose(pkcs7File);
@ -4302,15 +4593,19 @@ int pkcs7signed_test(void)
outSz = FOURK_BUF; outSz = FOURK_BUF;
certDer = (byte*)malloc(FOURK_BUF); certDer = (byte*)malloc(FOURK_BUF);
keyDer = (byte*)malloc(FOURK_BUF);
out = (byte*)malloc(FOURK_BUF);
if (certDer == NULL) if (certDer == NULL)
return -207; return -207;
if (keyDer == NULL) keyDer = (byte*)malloc(FOURK_BUF);
if (keyDer == NULL) {
free(certDer);
return -208; return -208;
if (out == NULL) }
out = (byte*)malloc(FOURK_BUF);
if (out == NULL) {
free(certDer);
free(keyDer);
return -209; return -209;
}
/* read in DER cert of recipient, into cert of size certSz */ /* read in DER cert of recipient, into cert of size certSz */
file = fopen(clientCert, "rb"); file = fopen(clientCert, "rb");
@ -4336,15 +4631,23 @@ int pkcs7signed_test(void)
fclose(file); fclose(file);
ret = InitRng(&rng); ret = InitRng(&rng);
if (ret != 0) if (ret != 0) {
free(certDer);
free(keyDer);
free(out);
return -210; return -210;
}
senderNonce[0] = 0x04; senderNonce[0] = 0x04;
senderNonce[1] = PKCS7_NONCE_SZ; senderNonce[1] = PKCS7_NONCE_SZ;
ret = RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); ret = RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
if (ret != 0) if (ret != 0) {
free(certDer);
free(keyDer);
free(out);
return -211; return -211;
}
PKCS7_InitWithCert(&msg, certDer, certDerSz); PKCS7_InitWithCert(&msg, certDer, certDerSz);
msg.privateKey = keyDer; msg.privateKey = keyDer;
@ -4365,8 +4668,12 @@ int pkcs7signed_test(void)
transId[1] = SHA_DIGEST_SIZE * 2; transId[1] = SHA_DIGEST_SIZE * 2;
ret = InitSha(&sha); ret = InitSha(&sha);
if (ret != 0) if (ret != 0) {
free(certDer);
free(keyDer);
free(out);
return -4003; return -4003;
}
ShaUpdate(&sha, msg.publicKey, msg.publicKeySz); ShaUpdate(&sha, msg.publicKey, msg.publicKeySz);
ShaFinal(&sha, digest); ShaFinal(&sha, digest);
@ -4396,6 +4703,13 @@ int pkcs7signed_test(void)
} }
ret = (int)fwrite(out, 1, outSz, file); ret = (int)fwrite(out, 1, outSz, file);
fclose(file); fclose(file);
if (ret != (int)outSz) {
free(certDer);
free(keyDer);
free(out);
PKCS7_Free(&msg);
return -218;
}
PKCS7_Free(&msg); PKCS7_Free(&msg);
PKCS7_InitWithCert(&msg, NULL, 0); PKCS7_InitWithCert(&msg, NULL, 0);

3
src/ssl.c
View File

@ -3280,6 +3280,9 @@ int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format)
int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file) int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
{ {
CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file"); CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file");
if (ctx == NULL)
return SSL_FAILURE;
if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL) if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL)
== SSL_SUCCESS) { == SSL_SUCCESS) {
ctx->haveNTRU = 1; ctx->haveNTRU = 1;