wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
toddouska
2014-10-31 13:24:29 -07:00
parent 0f641e07a2 2fe0d9b38d
commit 02f7c71222
5 changed files with 155 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
ctaocrypt/src/random.c
View File

@@ -456,10 +456,18 @@ int FreeRng(RNG* rng)
int RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, int RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz, const byte* entropyB, word32 entropyBSz,
const byte* output, word32 outputSz) byte* output, word32 outputSz)
{ {
DRBG drbg; DRBG drbg;
byte check[SHA256_DIGEST_SIZE * 4];
if (entropyA == NULL || output == NULL)
return BAD_FUNC_ARG;
if (reseed != 0 && entropyB == NULL)
return BAD_FUNC_ARG;
if (outputSz != (SHA256_DIGEST_SIZE * 4))
return -1;
if (Hash_DRBG_Instantiate(&drbg, entropyA, entropyASz, NULL, 0) != 0) if (Hash_DRBG_Instantiate(&drbg, entropyA, entropyASz, NULL, 0) != 0)
return -1; return -1;
@@ -471,17 +479,12 @@ int RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
} }
} }
if (Hash_DRBG_Generate(&drbg, check, sizeof(check)) != 0) { if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) {
Hash_DRBG_Uninstantiate(&drbg); Hash_DRBG_Uninstantiate(&drbg);
return -1; return -1;
} }
if (Hash_DRBG_Generate(&drbg, check, sizeof(check)) != 0) { if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) {
Hash_DRBG_Uninstantiate(&drbg);
return -1;
}
if (outputSz != sizeof(check) || XMEMCMP(output, check, sizeof(check))) {
Hash_DRBG_Uninstantiate(&drbg); Hash_DRBG_Uninstantiate(&drbg);
return -1; return -1;
} }

18
ctaocrypt/test/test.c
View File

@@ -2884,16 +2884,26 @@ int random_test(void)
0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07, 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
}; };
byte output[SHA256_DIGEST_SIZE * 4];
int ret; int ret;
ret = RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0, ret = RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
test1Output, sizeof(test1Output)); output, sizeof(output));
if (ret != 0) return -39; if (ret != 0)
return -39;
if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
return -40;
ret = RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA), ret = RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
test2EntropyB, sizeof(test2EntropyB), test2EntropyB, sizeof(test2EntropyB),
test2Output, sizeof(test2Output)); output, sizeof(output));
if (ret != 0) return -40; if (ret != 0)
return -41;
if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
return -42;
return 0; return 0;
} }

4
cyassl/ctaocrypt/random.h
View File

@@ -122,7 +122,7 @@ CYASSL_API int RNG_GenerateByte(RNG*, byte*);
CYASSL_API int RNG_HealthTest(int reseed, CYASSL_API int RNG_HealthTest(int reseed,
const byte* entropyA, word32 entropyASz, const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz, const byte* entropyB, word32 entropyBSz,
const byte* output, word32 outputSz); byte* output, word32 outputSz);
#endif /* HAVE_HASHDRBG || NO_RC4 */ #endif /* HAVE_HASHDRBG || NO_RC4 */
@@ -134,7 +134,7 @@ CYASSL_API int RNG_GenerateByte(RNG*, byte*);
CYASSL_API int RNG_HealthTest_fips(int reseed, CYASSL_API int RNG_HealthTest_fips(int reseed,
const byte* entropyA, word32 entropyASz, const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz, const byte* entropyB, word32 entropyBSz,
const byte* output, word32 outputSz); byte* output, word32 outputSz);
#ifndef FIPS_NO_WRAPPERS #ifndef FIPS_NO_WRAPPERS
/* if not impl or fips.c impl wrapper force fips calls if fips build */ /* if not impl or fips.c impl wrapper force fips calls if fips build */
#define InitRng InitRng_fips #define InitRng InitRng_fips

231
src/sniffer.c
View File

@@ -1002,8 +1002,6 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
return -1; return -1;
} }
typeKey = (typeKey == FILETYPE_PEM) ? SSL_FILETYPE_PEM : SSL_FILETYPE_ASN1;
file = XFOPEN(keyFile, "rb"); file = XFOPEN(keyFile, "rb");
if (file == XBADFILE) return -1; if (file == XBADFILE) return -1;
XFSEEK(file, 0, XSEEK_END); XFSEEK(file, 0, XSEEK_END);
@@ -1042,6 +1040,113 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
return ret; return ret;
} }
#endif
static int SetNamedPrivateKey(const char* name, const char* address, int port,
const char* keyFile, int typeKey, const char* password, char* error)
{
SnifferServer* sniffer;
int ret;
int type = (typeKey == FILETYPE_PEM) ? SSL_FILETYPE_PEM :
SSL_FILETYPE_ASN1;
int isNew = 0;
word32 serverIp;
#ifdef HAVE_SNI
NamedKey* namedKey = NULL;
#endif
(void)name;
#ifdef HAVE_SNI
if (name != NULL) {
namedKey = (NamedKey*)malloc(sizeof(NamedKey));
if (namedKey == NULL) {
SetError(MEMORY_STR, error, NULL, 0);
return -1;
}
XMEMSET(namedKey, 0, sizeof(NamedKey));
namedKey->nameSz = (word32)strnlen(name, sizeof(namedKey->name));
strncpy(namedKey->name, name, sizeof(namedKey->name));
ret = LoadKeyFile(&namedKey->key, &namedKey->keySz,
keyFile, type, password);
if (ret < 0) {
SetError(KEY_FILE_STR, error, NULL, 0);
FreeNamedKey(namedKey);
return -1;
}
}
#endif
serverIp = inet_addr(address);
sniffer = ServerList;
while (sniffer != NULL &&
(sniffer->server != serverIp || sniffer->port != port)) {
sniffer = sniffer->next;
}
if (sniffer == NULL) {
isNew = 1;
sniffer = (SnifferServer*)malloc(sizeof(SnifferServer));
if (sniffer == NULL) {
SetError(MEMORY_STR, error, NULL, 0);
#ifdef HAVE_SNI
FreeNamedKey(namedKey);
#endif
return -1;
}
InitSnifferServer(sniffer);
XSTRNCPY(sniffer->address, address, MAX_SERVER_ADDRESS);
sniffer->server = serverIp;
sniffer->port = port;
sniffer->ctx = SSL_CTX_new(SSLv3_client_method());
if (!sniffer->ctx) {
SetError(MEMORY_STR, error, NULL, 0);
#ifdef HAVE_SNI
FreeNamedKey(namedKey);
#endif
FreeSnifferServer(sniffer);
return -1;
}
}
if (name == NULL) {
if (password) {
SSL_CTX_set_default_passwd_cb(sniffer->ctx, SetPassword);
SSL_CTX_set_default_passwd_cb_userdata(
sniffer->ctx, (void*)password);
}
ret = SSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type);
if (ret != SSL_SUCCESS) {
SetError(KEY_FILE_STR, error, NULL, 0);
if (isNew)
FreeSnifferServer(sniffer);
return -1;
}
}
#ifdef HAVE_SNI
else {
LockMutex(&sniffer->namedKeysMutex);
namedKey->next = sniffer->namedKeys;
sniffer->namedKeys = namedKey;
UnLockMutex(&sniffer->namedKeysMutex);
}
#endif
if (isNew) {
sniffer->next = ServerList;
ServerList = sniffer;
}
return 0;
}
#ifdef HAVE_SNI
/* Sets the private key for a specific name, server and port */ /* Sets the private key for a specific name, server and port */
/* returns 0 on success, -1 on error */ /* returns 0 on success, -1 on error */
@@ -1050,73 +1155,20 @@ int ssl_SetNamedPrivateKey(const char* name,
const char* keyFile, int typeKey, const char* keyFile, int typeKey,
const char* password, char* error) const char* password, char* error)
{ {
int ret; int ret;
SnifferServer* sniffer;
NamedKey* namedKey;
word32 serverIp;
TraceHeader(); TraceHeader();
TraceSetNamedServer(name, address, port, keyFile); TraceSetNamedServer(name, address, port, keyFile);
/* Create the new Name-Key map item. */
namedKey = (NamedKey*)malloc(sizeof(NamedKey));
if (namedKey == NULL) {
SetError(MEMORY_STR, error, NULL, 0);
return -1;
}
XMEMSET(namedKey, 0, sizeof(NamedKey));
namedKey->nameSz = (word32)strnlen(name, sizeof(namedKey->name));
strncpy(namedKey->name, name, sizeof(namedKey->name));
ret = LoadKeyFile(&namedKey->key, &namedKey->keySz,
keyFile, typeKey, password);
/* Find the server in the list. */
serverIp = inet_addr(address);
LockMutex(&ServerListMutex); LockMutex(&ServerListMutex);
sniffer = ServerList; ret = SetNamedPrivateKey(name, address, port, keyFile,
while (sniffer != NULL && typeKey, password, error);
(sniffer->server != serverIp || sniffer->port != port)) {
sniffer = sniffer->next;
}
UnLockMutex(&ServerListMutex); UnLockMutex(&ServerListMutex);
/* if sniffer doesn't exist, create it. */ if (ret == 0)
if (sniffer == NULL) { Trace(NEW_SERVER_STR);
sniffer = (SnifferServer*)malloc(sizeof(SnifferServer));
if (sniffer == NULL) {
SetError(MEMORY_STR, error, NULL, 0);
return -1;
}
InitSnifferServer(sniffer);
XSTRNCPY(sniffer->address, address, MAX_SERVER_ADDRESS); return ret;
sniffer->server = inet_addr(sniffer->address);
sniffer->port = port;
sniffer->ctx = SSL_CTX_new(SSLv3_client_method());
if (!sniffer->ctx) {
SetError(MEMORY_STR, error, NULL, 0);
FreeSnifferServer(sniffer);
return -1;
}
LockMutex(&ServerListMutex);
sniffer->next = ServerList;
ServerList = sniffer;
UnLockMutex(&ServerListMutex);
}
LockMutex(&sniffer->namedKeysMutex);
namedKey->next = sniffer->namedKeys;
sniffer->namedKeys = namedKey;
UnLockMutex(&sniffer->namedKeysMutex);
Trace(NEW_SERVER_STR);
return 0;
} }
#endif #endif
@@ -1124,56 +1176,23 @@ int ssl_SetNamedPrivateKey(const char* name,
/* Sets the private key for a specific server and port */ /* Sets the private key for a specific server and port */
/* returns 0 on success, -1 on error */ /* returns 0 on success, -1 on error */
int ssl_SetPrivateKey(const char* serverAddress, int port, const char* keyFile, int ssl_SetPrivateKey(const char* address, int port, const char* keyFile,
int typeKey, const char* password, char* error) int typeKey, const char* password, char* error)
{ {
int ret; int ret;
int type = (typeKey == FILETYPE_PEM) ? SSL_FILETYPE_PEM :
SSL_FILETYPE_ASN1;
SnifferServer* sniffer;
TraceHeader(); TraceHeader();
TraceSetServer(serverAddress, port, keyFile); TraceSetServer(address, port, keyFile);
sniffer = (SnifferServer*)malloc(sizeof(SnifferServer));
if (sniffer == NULL) {
SetError(MEMORY_STR, error, NULL, 0);
return -1;
}
InitSnifferServer(sniffer);
XSTRNCPY(sniffer->address, serverAddress, MAX_SERVER_ADDRESS);
sniffer->server = inet_addr(sniffer->address);
sniffer->port = port;
/* start in client mode since SSL_new needs a cert for server */
sniffer->ctx = SSL_CTX_new(SSLv3_client_method());
if (!sniffer->ctx) {
SetError(MEMORY_STR, error, NULL, 0);
FreeSnifferServer(sniffer);
return -1;
}
if (password){
SSL_CTX_set_default_passwd_cb(sniffer->ctx, SetPassword);
SSL_CTX_set_default_passwd_cb_userdata(sniffer->ctx, (void*)password);
}
ret = SSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type);
if (ret != SSL_SUCCESS) {
SetError(KEY_FILE_STR, error, NULL, 0);
FreeSnifferServer(sniffer);
return -1;
}
Trace(NEW_SERVER_STR);
LockMutex(&ServerListMutex); LockMutex(&ServerListMutex);
ret = SetNamedPrivateKey(NULL, address, port, keyFile,
sniffer->next = ServerList; typeKey, password, error);
ServerList = sniffer;
UnLockMutex(&ServerListMutex); UnLockMutex(&ServerListMutex);
return 0; if (ret == 0)
Trace(NEW_SERVER_STR);
return ret;
} }
@@ -1540,11 +1559,11 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
input - HANDSHAKE_HEADER_SZ - RECORD_HEADER_SZ, input - HANDSHAKE_HEADER_SZ - RECORD_HEADER_SZ,
*sslBytes + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ, *sslBytes + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ,
CYASSL_SNI_HOST_NAME, name, &nameSz); CYASSL_SNI_HOST_NAME, name, &nameSz);
name[nameSz] = 0;
if (ret == SSL_SUCCESS) { if (ret == SSL_SUCCESS) {
NamedKey* namedKey; NamedKey* namedKey;
name[nameSz] = 0;
LockMutex(&session->context->namedKeysMutex); LockMutex(&session->context->namedKeysMutex);
namedKey = session->context->namedKeys; namedKey = session->context->namedKeys;
while (namedKey != NULL) { while (namedKey != NULL) {

2
src/ssl.c
View File

@@ -293,6 +293,8 @@ int CyaSSL_dtls_set_peer(CYASSL* ssl, void* peer, unsigned int peerSz)
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR); void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
if (sa != NULL) { if (sa != NULL) {
if (ssl->buffers.dtlsCtx.peer.sa != NULL)
XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
XMEMCPY(sa, peer, peerSz); XMEMCPY(sa, peer, peerSz);
ssl->buffers.dtlsCtx.peer.sa = sa; ssl->buffers.dtlsCtx.peer.sa = sa;
ssl->buffers.dtlsCtx.peer.sz = peerSz; ssl->buffers.dtlsCtx.peer.sz = peerSz;