wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge https://github.com/cyassl/cyassl

Browse Source 
Conflicts:
	configure.ac
	ctaocrypt/src/asn.c
	cyassl/ctaocrypt/asn.h
	cyassl/ctaocrypt/settings.h
	src/internal.c
	src/io.c
This commit is contained in:
Takashi Kojo
2014-02-03 09:01:50 +09:00
parent 07af9913c3 51b3b1cb6c
commit 80cf1b20b3
23 changed files with 542 additions and 1834 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1342
IDE/MDK5-ARM/Projects/CyaSSL-Full/CyaSSL-Full.uvguix.kojo
View File

File diff suppressed because one or more lines are too long

79
IDE/MDK5-ARM/Projects/CyaSSL-Full/CyaSSL-Full_CyaSSL-Full.dep
View File

@@ -1,79 +0,0 @@
Dependencies for Project 'CyaSSL-Full', Target 'CyaSSL-Full': (DO NOT MODIFY !)
F (.\main.c)(0x52675C4A)(-c --cpu Cortex-M3 -D__RTX -g -O3 --apcs=interwork
-I C:\ROOT\CyaSSL-Release\MDK5-Pack-2.8.0\wolfSSL.CyaSSL\cyassl\IDE\MDK5-ARM\Projects\CyaSSL-Full\RTE
-I C:\ROOT\CyaSSL-Release\MDK5-Pack-2.8.0\wolfSSL.CyaSSL\cyassl\IDE\MDK5-ARM\Projects\CyaSSL-Full\RTE\Device\STM32F207IG
-I C:\ROOT\CyaSSL-Release\MDK5-Pack-2.8.0\wolfSSL.CyaSSL\cyassl\IDE\MDK5-ARM\Projects\CyaSSL-Full\RTE\wolfSSL
-I C:\Keil5\ARM\PACK\ARM\CMSIS\3.20.3\CMSIS\Driver\Include
-I C:\Keil5\ARM\PACK\ARM\CMSIS\3.20.3\CMSIS\Include
-I C:\Keil5\ARM\PACK\ARM\CMSIS\3.20.3\CMSIS_RTX\INC
-I C:\Keil5\ARM\PACK\Keil\MDK-Middleware\5.1.2\FileSystem\Include
-I C:\Keil5\ARM\PACK\Keil\MDK-Middleware\5.1.2\Network\Include
-I C:\Keil5\ARM\PACK\Keil\STM32F2xx_DFP\1.0.4\Device\Include
-I C:\Keil5\ARM\PACK\Keil\STM32F2xx_DFP\1.0.4\RTE_Driver
-I C:\Keil5\ARM\PACK\wolfSSL\CyaSSL\2.8.0\cyassl
-I C:\Keil5\ARM\PACK\wolfSSL\CyaSSL\2.8.0\cyassl\IDE\MDK5-ARM\MDK-ARM\CyaSSL
-D_RTE_ -DSTM32F2XX -DHAVE_CONFIG_H -D__DBG_ITM -D__RTX -DMDK_CONF_CYASSL -DCYASSL_STM32F2xx -o .\object\main.o --omf_browse .\object\main.crf --depend .\object\main.d)
F (.\shell.c)(0x523B984C)(-c --cpu Cortex-M3 -D__RTX -g -O3 --apcs=interwork
-I C:\ROOT\CyaSSL-Release\MDK5-Pack-2.8.0\wolfSSL.CyaSSL\cyassl\IDE\MDK5-ARM\Projects\CyaSSL-Full\RTE
-I C:\ROOT\CyaSSL-Release\MDK5-Pack-2.8.0\wolfSSL.CyaSSL\cyassl\IDE\MDK5-ARM\Projects\CyaSSL-Full\RTE\Device\STM32F207IG
-I C:\ROOT\CyaSSL-Release\MDK5-Pack-2.8.0\wolfSSL.CyaSSL\cyassl\IDE\MDK5-ARM\Projects\CyaSSL-Full\RTE\wolfSSL
-I C:\Keil5\ARM\PACK\ARM\CMSIS\3.20.3\CMSIS\Driver\Include
-I C:\Keil5\ARM\PACK\ARM\CMSIS\3.20.3\CMSIS\Include
-I C:\Keil5\ARM\PACK\ARM\CMSIS\3.20.3\CMSIS_RTX\INC
-I C:\Keil5\ARM\PACK\Keil\MDK-Middleware\5.1.2\FileSystem\Include
-I C:\Keil5\ARM\PACK\Keil\MDK-Middleware\5.1.2\Network\Include
-I C:\Keil5\ARM\PACK\Keil\STM32F2xx_DFP\1.0.4\Device\Include
-I C:\Keil5\ARM\PACK\Keil\STM32F2xx_DFP\1.0.4\RTE_Driver
-I C:\Keil5\ARM\PACK\wolfSSL\CyaSSL\2.8.0\cyassl
-I C:\Keil5\ARM\PACK\wolfSSL\CyaSSL\2.8.0\cyassl\IDE\MDK5-ARM\MDK-ARM\CyaSSL
-D_RTE_ -DSTM32F2XX -DHAVE_CONFIG_H -D__DBG_ITM -D__RTX -DMDK_CONF_CYASSL -DCYASSL_STM32F2xx -o .\object\shell.o --omf_browse .\object\shell.crf --depend .\object\shell.d)
F (.\test.c)(0x524E6E34)(-c --cpu Cortex-M3 -D__RTX -g -O3 --apcs=interwork
-I C:\ROOT\CyaSSL-Release\MDK5-Pack-2.8.0\wolfSSL.CyaSSL\cyassl\IDE\MDK5-ARM\Projects\CyaSSL-Full\RTE
-I C:\ROOT\CyaSSL-Release\MDK5-Pack-2.8.0\wolfSSL.CyaSSL\cyassl\IDE\MDK5-ARM\Projects\CyaSSL-Full\RTE\Device\STM32F207IG
-I C:\ROOT\CyaSSL-Release\MDK5-Pack-2.8.0\wolfSSL.CyaSSL\cyassl\IDE\MDK5-ARM\Projects\CyaSSL-Full\RTE\wolfSSL
-I C:\Keil5\ARM\PACK\ARM\CMSIS\3.20.3\CMSIS\Driver\Include
-I C:\Keil5\ARM\PACK\ARM\CMSIS\3.20.3\CMSIS\Include
-I C:\Keil5\ARM\PACK\ARM\CMSIS\3.20.3\CMSIS_RTX\INC
-I C:\Keil5\ARM\PACK\Keil\MDK-Middleware\5.1.2\FileSystem\Include
-I C:\Keil5\ARM\PACK\Keil\MDK-Middleware\5.1.2\Network\Include
-I C:\Keil5\ARM\PACK\Keil\STM32F2xx_DFP\1.0.4\Device\Include
-I C:\Keil5\ARM\PACK\Keil\STM32F2xx_DFP\1.0.4\RTE_Driver
-I C:\Keil5\ARM\PACK\wolfSSL\CyaSSL\2.8.0\cyassl

12
IDE/MDK5-ARM/Projects/CyaSSL-Full/Object/CyaSSL-Full.build_log.htm
View File

@@ -1,12 +0,0 @@
<html>
<body>
<pre>
<h1><EFBFBD>Vision Build Log</h1>
<h2>Project:</h2>
C:\ROOT\CyaSSL-Release\MDK5-Pack-2.8.0\wolfSSL.CyaSSL\cyassl\IDE\MDK5-ARM\Projects\CyaSSL-Full\CyaSSL-Full.uvprojx
Project File Date: 10/23/2013
<h2>Output:</h2>
</pre>
</body>
</html>

3
IDE/MDK5-ARM/Projects/CyaSSL-Full/client.c
View File

@@ -469,7 +469,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
#ifdef HAVE_SNI
if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)))
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
err_sys("UseSNI failed");
#endif

2
IDE/MDK5-ARM/Projects/CyaSSL-Full/server.c
View File

@@ -419,7 +419,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_SNI
if (sniHostName) {
if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
XSTRLEN(sniHostName)))
XSTRLEN(sniHostName)) != SSL_SUCCESS)
err_sys("UseSNI failed");
else
CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME,

3
IDE/MDK5-ARM/Projects/SimpleClient/client.c
View File

@@ -471,7 +471,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
#ifdef HAVE_SNI
if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)))
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
err_sys("UseSNI failed");
#endif

2
IDE/MDK5-ARM/Projects/SimpleServer/server.c
View File

@@ -418,7 +418,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_SNI
if (sniHostName) {
if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
XSTRLEN(sniHostName)))
XSTRLEN(sniHostName)) != SSL_SUCCESS)
err_sys("UseSNI failed");
else
CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME,

30
configure.ac
View File

@@ -1105,6 +1105,20 @@ fi
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
if test "$ENABLED_OCSP" = "yes"
then
# check openssl command tool for testing ocsp
AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no])
if test "$HAVE_OPENSSL_CMD" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD"
else
AC_MSG_WARN([openssl command line tool not available for testing ocsp])
fi
fi
# CRL
AC_ARG_ENABLE([crl],
[ --enable-crl Enable CRL (default: disabled)],
@@ -1212,6 +1226,18 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_RENEGOTIATION_INDICATION"
fi
# Elliptic Curves Extensions
AC_ARG_ENABLE([ellipticcurves],
[ --enable-ellipticcurves Enable Elliptic Curves (default: disabled)],
[ ENABLED_ELLIPTIC_CURVES=$enableval ],
[ ENABLED_ELLIPTIC_CURVES=no ]
)
if test "x$ENABLED_ELLIPTIC_CURVES" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ELLIPTIC_CURVES"
fi
# TLS Extensions
AC_ARG_ENABLE([tlsx],
[ --enable-tlsx Enable all TLS Extensions (default: disabled)],
@@ -1225,7 +1251,8 @@ then
ENABLED_MAX_FRAGMENT=yes
ENABLED_TRUNCATED_HMAC=yes
ENABLED_RENEGOTIATION_INDICATION=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION"
ENABLED_ELLIPTIC_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION -DHAVE_ELLIPTIC_CURVES"
fi
# PKCS7
@@ -1662,6 +1689,7 @@ echo " * SNI: $ENABLED_SNI"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Elliptic Curves: $ENABLED_ELLIPTIC_CURVES"
echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7 $ENABLED_PKCS7"
echo " * wolfSCEP $ENABLED_WOLFSCEP"

9
ctaocrypt/src/asn.c
View File

@@ -1327,6 +1327,9 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->pkCurveOID = 0;
#endif /* HAVE_ECC */
#endif /* OPENSSL_EXTRA */
#ifdef HAVE_ECC
cert->pkCurveOID = 0;
#endif /* HAVE_ECC */
#ifdef CYASSL_SEP
cert->deviceTypeSz = 0;
cert->deviceType = NULL;
@@ -1522,7 +1525,6 @@ static int GetKey(DecodedCert* cert)
#ifdef HAVE_ECC
case ECDSAk:
{
word32 oid = 0;
int oidSz = 0;
byte b = cert->source[cert->srcIdx++];
@@ -1533,8 +1535,9 @@ static int GetKey(DecodedCert* cert)
return ASN_PARSE_E;
while(oidSz--)
oid += cert->source[cert->srcIdx++];
if (CheckCurve(oid) < 0)
cert->pkCurveOID += cert->source[cert->srcIdx++];
if (CheckCurve(cert->pkCurveOID) < 0)
return ECC_CURVE_OID_E;
#ifdef OPENSSL_EXTRA
cert->pkCurveOID = oid;

6
cyassl/ctaocrypt/asn.h
View File

@@ -343,10 +343,10 @@ struct DecodedCert {
word32 extAuthKeyIdSz;
byte* extSubjKeyIdSrc;
word32 extSubjKeyIdSz;
#ifdef HAVE_ECC
word32 pkCurveOID; /* Public Key's curve OID */
#endif /* HAVE_ECC */
#endif
#ifdef HAVE_ECC
word32 pkCurveOID; /* Public Key's curve OID */
#endif /* HAVE_ECC */
byte* beforeDate;
int beforeDateLen;
byte* afterDate;

24
cyassl/internal.h
View File

@@ -1112,11 +1112,8 @@ typedef struct CYASSL_DTLS_CTX {
typedef enum {
SERVER_NAME_INDICATION = 0,
MAX_FRAGMENT_LENGTH = 1,
/*CLIENT_CERTIFICATE_URL = 2,
TRUSTED_CA_KEYS = 3,*/
TRUNCATED_HMAC = 4,
/*STATUS_REQUEST = 5,
SIGNATURE_ALGORITHMS = 13,*/
ELLIPTIC_CURVES = 10
} TLSX_Type;
typedef struct TLSX {
@@ -1183,6 +1180,23 @@ CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
#endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES
typedef struct EllipticCurve {
word16 name; /* CurveNames */
struct EllipticCurve* next; /* List Behavior */
} EllipticCurve;
CYASSL_LOCAL int TLSX_UseEllipticCurve(TLSX** extensions, word16 name);
#ifndef NO_CYASSL_SERVER
CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first,
byte second);
#endif
#endif /* HAVE_ELLIPTIC_CURVES */
#endif /* HAVE_TLS_EXTENSIONS */
/* CyaSSL context type */
@@ -1224,6 +1238,7 @@ struct CYASSL_CTX {
word32 timeout; /* session timeout */
#ifdef HAVE_ECC
word16 eccTempKeySz; /* in octets 20 - 66 */
word32 pkCurveOID; /* curve Ecc_Sum */
#endif
#ifndef NO_PSK
byte havePSK; /* psk key set by user */
@@ -1844,6 +1859,7 @@ struct CYASSL {
ecc_key* eccTempKey; /* private ECDHE key */
ecc_key* eccDsaKey; /* private ECDSA key */
word16 eccTempKeySz; /* in octets 20 - 66 */
word32 pkCurveOID; /* curve Ecc_Sum */
byte peerEccKeyPresent;
byte peerEccDsaKeyPresent;
byte eccTempKeyPresent;

22
cyassl/ssl.h
View File

@@ -1234,6 +1234,7 @@ CYASSL_API int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, unsigned char mfl);
#endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_MAX_FRAGMENT */
/* Truncated HMAC */
#ifdef HAVE_TRUNCATED_HMAC
#ifndef NO_CYASSL_CLIENT
@@ -1243,6 +1244,27 @@ CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx);
#endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_TRUNCATED_HMAC */
/* Elliptic Curves */
#ifdef HAVE_ELLIPTIC_CURVES
enum {
CYASSL_ECC_SECP160R1 = 0x10,
CYASSL_ECC_SECP192R1 = 0x13,
CYASSL_ECC_SECP224R1 = 0x15,
CYASSL_ECC_SECP256R1 = 0x17,
CYASSL_ECC_SECP384R1 = 0x18,
CYASSL_ECC_SECP521R1 = 0x19
};
#ifndef NO_CYASSL_CLIENT
CYASSL_API int CyaSSL_UseEllipticCurve(CYASSL* ssl, unsigned short name);
CYASSL_API int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx,
unsigned short name);
#endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_ELLIPTIC_CURVES */
#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */
#define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */

7
examples/client/client.c
View File

@@ -550,17 +550,18 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
#ifdef HAVE_SNI
if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)))
if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
err_sys("UseSNI failed");
#endif
#ifdef HAVE_MAX_FRAGMENT
if (maxFragment)
if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment))
if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
err_sys("UseMaxFragment failed");
#endif
#ifdef HAVE_TRUNCATED_HMAC
if (truncatedHMAC)
if (CyaSSL_CTX_UseTruncatedHMAC(ctx))
if (CyaSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
err_sys("UseTruncatedHMAC failed");
#endif

2
examples/server/server.c
View File

@@ -443,7 +443,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_SNI
if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
XSTRLEN(sniHostName)))
XSTRLEN(sniHostName)) != SSL_SUCCESS)
err_sys("UseSNI failed");
#endif

51
mcapi/ctaocrypt_test.X/main.c
View File

@@ -1,51 +0,0 @@
/* main.c
*
* Copyright (C) 2006-2013 wolfSSL Inc. All rights reserved.
*
* This file is part of CyaSSL.
*
* Contact licensing@yassl.com with any questions or comments.
*
* http://www.yassl.com
*/
#define PIC32_STARTER_KIT
#include <stdio.h>
#include <stdlib.h>
#include <p32xxxx.h>
#include <plib.h>
#include <sys/appio.h>
/* func_args from test.h, so don't have to pull in other junk */
typedef struct func_args {
int argc;
char** argv;
int return_code;
} func_args;
/*
* Main driver for CTaoCrypt tests.
*/
int main(int argc, char** argv) {
SYSTEMConfigPerformance(80000000);
DBINIT();
printf("CTaoCrypt Test:\n");
func_args args;
args.argc = argc;
args.argv = argv;
ctaocrypt_test(&args);
if (args.return_code == 0) {
printf("All tests passed!\n");
}
return 0;
}

73
mplabx/ctaocrypt_benchmark.X/nbproject/Package-default.bash
View File

@@ -1,73 +0,0 @@
#!/bin/bash -x
#
# Generated - do not edit!
#
# Macros
TOP=`pwd`
CND_CONF=default
CND_DISTDIR=dist
TMPDIR=build/${CND_CONF}/${IMAGE_TYPE}/tmp-packaging
TMPDIRNAME=tmp-packaging
OUTPUT_PATH=dist/${CND_CONF}/${IMAGE_TYPE}/ctaocrypt_benchmark.X.${IMAGE_TYPE}.${OUTPUT_SUFFIX}
OUTPUT_BASENAME=ctaocrypt_benchmark.X.${IMAGE_TYPE}.${OUTPUT_SUFFIX}
PACKAGE_TOP_DIR=ctaocryptbenchmark.x/
# Functions
function checkReturnCode
{
rc=$?
if [ $rc != 0 ]
then
exit $rc
fi
}
function makeDirectory
# $1 directory path
# $2 permission (optional)
{
mkdir -p "$1"
checkReturnCode
if [ "$2" != "" ]
then
chmod $2 "$1"
checkReturnCode
fi
}
function copyFileToTmpDir
# $1 from-file path
# $2 to-file path
# $3 permission
{
cp "$1" "$2"
checkReturnCode
if [ "$3" != "" ]
then
chmod $3 "$2"
checkReturnCode
fi
}
# Setup
cd "${TOP}"
mkdir -p ${CND_DISTDIR}/${CND_CONF}/package
rm -rf ${TMPDIR}
mkdir -p ${TMPDIR}
# Copy files and create directories and links
cd "${TOP}"
makeDirectory ${TMPDIR}/ctaocryptbenchmark.x/bin
copyFileToTmpDir "${OUTPUT_PATH}" "${TMPDIR}/${PACKAGE_TOP_DIR}bin/${OUTPUT_BASENAME}" 0755
# Generate tar file
cd "${TOP}"
rm -f ${CND_DISTDIR}/${CND_CONF}/package/ctaocryptbenchmark.x.tar
cd ${TMPDIR}
tar -vcf ../../../../${CND_DISTDIR}/${CND_CONF}/package/ctaocryptbenchmark.x.tar *
checkReturnCode
# Cleanup
cd "${TOP}"
rm -rf ${TMPDIR}

60
mplabx/ctaocrypt_test.X/main.c
View File

@@ -1,60 +0,0 @@
/* main.c
*
* Copyright (C) 2006-2013 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#define PIC32_STARTER_KIT
#include <stdio.h>
#include <stdlib.h>
#include <p32xxxx.h>
#include <plib.h>
#include <sys/appio.h>
/* func_args from test.h, so don't have to pull in other junk */
typedef struct func_args {
int argc;
char** argv;
int return_code;
} func_args;
/*
* Main driver for CTaoCrypt tests.
*/
int main(int argc, char** argv) {
SYSTEMConfigPerformance(80000000);
DBINIT();
printf("CTaoCrypt Test:\n");
func_args args;
args.argc = argc;
args.argv = argv;
ctaocrypt_test(&args);
if (args.return_code == 0) {
printf("All tests passed!\n");
}
return 0;
}

73
mplabx/ctaocrypt_test.X/nbproject/Package-default.bash
View File

@@ -1,73 +0,0 @@
#!/bin/bash -x
#
# Generated - do not edit!
#
# Macros
TOP=`pwd`
CND_CONF=default
CND_DISTDIR=dist
TMPDIR=build/${CND_CONF}/${IMAGE_TYPE}/tmp-packaging
TMPDIRNAME=tmp-packaging
OUTPUT_PATH=dist/${CND_CONF}/${IMAGE_TYPE}/ctaocrypt_test.X.${IMAGE_TYPE}.${OUTPUT_SUFFIX}
OUTPUT_BASENAME=ctaocrypt_test.X.${IMAGE_TYPE}.${OUTPUT_SUFFIX}
PACKAGE_TOP_DIR=ctaocrypttest.x/
# Functions
function checkReturnCode
{
rc=$?
if [ $rc != 0 ]
then
exit $rc
fi
}
function makeDirectory
# $1 directory path
# $2 permission (optional)
{
mkdir -p "$1"
checkReturnCode
if [ "$2" != "" ]
then
chmod $2 "$1"
checkReturnCode
fi
}
function copyFileToTmpDir
# $1 from-file path
# $2 to-file path
# $3 permission
{
cp "$1" "$2"
checkReturnCode
if [ "$3" != "" ]
then
chmod $3 "$2"
checkReturnCode
fi
}
# Setup
cd "${TOP}"
mkdir -p ${CND_DISTDIR}/${CND_CONF}/package
rm -rf ${TMPDIR}
mkdir -p ${TMPDIR}
# Copy files and create directories and links
cd "${TOP}"
makeDirectory ${TMPDIR}/ctaocrypttest.x/bin
copyFileToTmpDir "${OUTPUT_PATH}" "${TMPDIR}/${PACKAGE_TOP_DIR}bin/${OUTPUT_BASENAME}" 0755
# Generate tar file
cd "${TOP}"
rm -f ${CND_DISTDIR}/${CND_CONF}/package/ctaocrypttest.x.tar
cd ${TMPDIR}
tar -vcf ../../../../${CND_DISTDIR}/${CND_CONF}/package/ctaocrypttest.x.tar *
checkReturnCode
# Cleanup
cd "${TOP}"
rm -rf ${TMPDIR}

73
mplabx/cyassl.X/nbproject/Package-default.bash
View File

@@ -1,73 +0,0 @@
#!/bin/bash -x
#
# Generated - do not edit!
#
# Macros
TOP=`pwd`
CND_CONF=default
CND_DISTDIR=dist
TMPDIR=build/${CND_CONF}/${IMAGE_TYPE}/tmp-packaging
TMPDIRNAME=tmp-packaging
OUTPUT_PATH=dist/${CND_CONF}/${IMAGE_TYPE}/cyassl.X.${OUTPUT_SUFFIX}
OUTPUT_BASENAME=cyassl.X.${OUTPUT_SUFFIX}
PACKAGE_TOP_DIR=cyassl.X/
# Functions
function checkReturnCode
{
rc=$?
if [ $rc != 0 ]
then
exit $rc
fi
}
function makeDirectory
# $1 directory path
# $2 permission (optional)
{
mkdir -p "$1"
checkReturnCode
if [ "$2" != "" ]
then
chmod $2 "$1"
checkReturnCode
fi
}
function copyFileToTmpDir
# $1 from-file path
# $2 to-file path
# $3 permission
{
cp "$1" "$2"
checkReturnCode
if [ "$3" != "" ]
then
chmod $3 "$2"
checkReturnCode
fi
}
# Setup
cd "${TOP}"
mkdir -p ${CND_DISTDIR}/${CND_CONF}/package
rm -rf ${TMPDIR}
mkdir -p ${TMPDIR}
# Copy files and create directories and links
cd "${TOP}"
makeDirectory ${TMPDIR}/cyassl.X/lib
copyFileToTmpDir "${OUTPUT_PATH}" "${TMPDIR}/${PACKAGE_TOP_DIR}lib/${OUTPUT_BASENAME}" 0644
# Generate tar file
cd "${TOP}"
rm -f ${CND_DISTDIR}/${CND_CONF}/package/cyassl.X.tar
cd ${TMPDIR}
tar -vcf ../../../../${CND_DISTDIR}/${CND_CONF}/package/cyassl.X.tar *
checkReturnCode
# Cleanup
cd "${TOP}"
rm -rf ${TMPDIR}

20
src/internal.c
View File

@@ -1287,6 +1287,9 @@ void InitX509(CYASSL_X509* x509, int dynamicFlag)
x509->altNamesNext = NULL;
x509->dynamicMemory = (byte)dynamicFlag;
x509->isCa = 0;
#ifdef HAVE_ECC
x509->pkCurveOID = 0;
#endif /* HAVE_ECC */
#ifdef OPENSSL_EXTRA
x509->pathLength = 0;
x509->basicConstSet = 0;
@@ -1305,9 +1308,6 @@ void InitX509(CYASSL_X509* x509, int dynamicFlag)
x509->keyUsageSet = 0;
x509->keyUsageCrit = 0;
x509->keyUsage = 0;
#ifdef HAVE_ECC
x509->pkCurveOID = 0;
#endif /* HAVE_ECC */
#ifdef CYASSL_SEP
x509->certPolicySet = 0;
x509->certPolicyCrit = 0;
@@ -1405,6 +1405,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
#ifdef HAVE_ECC
ssl->eccTempKeySz = ctx->eccTempKeySz;
ssl->pkCurveOID = ctx->pkCurveOID;
ssl->peerEccKeyPresent = 0;
ssl->peerEccDsaKeyPresent = 0;
ssl->eccDsaKeyPresent = 0;
@@ -3229,14 +3230,14 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
}
x509->keyUsageSet = dCert->extKeyUsageSet;
x509->keyUsageCrit = dCert->extKeyUsageCrit;
#ifdef HAVE_ECC
x509->pkCurveOID = dCert->pkCurveOID;
#endif /* HAVE_ECC */
#ifdef CYASSL_SEP
x509->certPolicySet = dCert->extCertPolicySet;
x509->certPolicyCrit = dCert->extCertPolicyCrit;
#endif /* CYASSL_SEP */
#endif /* OPENSSL_EXTRA */
#ifdef HAVE_ECC
x509->pkCurveOID = dCert->pkCurveOID;
#endif /* HAVE_ECC */
return ret;
}
@@ -9769,6 +9770,13 @@ static void PickHashSigAlgo(CYASSL* ssl,
}
}
#ifdef HAVE_ELLIPTIC_CURVES
if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
CYASSL_MSG("Don't have matching curves");
return 0;
}
#endif
/* ECCDHE is always supported if ECC on */
return 1;

31
src/ssl.c
View File

@@ -622,6 +622,30 @@ int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx)
#endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_TRUNCATED_HMAC */
/* Elliptic Curves */
#ifdef HAVE_ELLIPTIC_CURVES
#ifndef NO_CYASSL_CLIENT
int CyaSSL_UseEllipticCurve(CYASSL* ssl, word16 name)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
return TLSX_UseEllipticCurve(&ssl->extensions, name);
}
int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx, word16 name)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
return TLSX_UseEllipticCurve(&ctx->extensions, name);
}
#endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_ELLIPTIC_CURVES */
#ifndef CYASSL_LEANPSK
int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags)
{
@@ -2113,6 +2137,13 @@ int CyaSSL_Init(void)
break;
}
#ifdef HAVE_ECC
if (ctx)
ctx->pkCurveOID = cert.pkCurveOID;
if (ssl)
ssl->pkCurveOID = cert.pkCurveOID;
#endif
FreeDecodedCert(&cert);
}

356
src/tls.c
View File

@@ -515,6 +515,12 @@ void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
#ifdef HAVE_TLS_EXTENSIONS
#define IS_OFF(semaphore, light) \
((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
#define TURN_ON(semaphore, light) \
((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
static int TLSX_Append(TLSX** list, TLSX_Type type)
{
TLSX* extension;
@@ -536,7 +542,9 @@ static int TLSX_Append(TLSX** list, TLSX_Type type)
#ifndef NO_CYASSL_SERVER
static void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type)
void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type);
void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type)
{
TLSX *ext = TLSX_Find(ssl->extensions, type);
@@ -768,7 +776,7 @@ static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
int r = TLSX_UseSNI(&ssl->extensions,
type, input + offset, size);
if (r) return r; /* throw error */
if (r != SSL_SUCCESS) return r; /* throw error */
TLSX_SNI_SetStatus(ssl->extensions, type,
matched ? CYASSL_SNI_REAL_MATCH : CYASSL_SNI_FAKE_MATCH);
@@ -834,7 +842,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
}
} while ((sni = sni->next));
return 0;
return SSL_SUCCESS;
}
#ifndef NO_CYASSL_SERVER
@@ -1039,7 +1047,7 @@ static int TLSX_MFL_Parse(CYASSL* ssl, byte* input, word16 length,
if (isRequest) {
int r = TLSX_UseMaxFragment(&ssl->extensions, *input);
if (r) return r; /* throw error */
if (r != SSL_SUCCESS) return r; /* throw error */
TLSX_SetResponse(ssl, MAX_FRAGMENT_LENGTH);
}
@@ -1089,7 +1097,7 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
}
} while ((extension = extension->next));
return 0;
return SSL_SUCCESS;
}
@@ -1120,7 +1128,7 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions)
if ((ret = TLSX_Append(extensions, TRUNCATED_HMAC)) != 0)
return ret;
return 0;
return SSL_SUCCESS;
}
static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
@@ -1133,7 +1141,7 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
if (isRequest) {
int r = TLSX_UseTruncatedHMAC(&ssl->extensions);
if (r) return r; /* throw error */
if (r != SSL_SUCCESS) return r; /* throw error */
TLSX_SetResponse(ssl, TRUNCATED_HMAC);
}
@@ -1152,6 +1160,304 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
#endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES
#ifndef HAVE_ECC
#error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \
Use --enable-ecc in the configure script or define HAVE_ECC."
#endif
static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list)
{
EllipticCurve* curve;
while ((curve = list)) {
list = curve->next;
XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
}
}
static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name)
{
EllipticCurve* curve;
if (list == NULL)
return BAD_FUNC_ARG;
if ((curve = XMALLOC(sizeof(EllipticCurve), 0, DYNAMIC_TYPE_TLSX)) == NULL)
return MEMORY_E;
curve->name = name;
curve->next = *list;
*list = curve;
return 0;
}
#ifndef NO_CYASSL_CLIENT
static void TLSX_EllipticCurve_ValidateRequest(CYASSL* ssl, byte* semaphore)
{
int i;
for (i = 0; i < ssl->suites->suiteSz; i+= 2)
if (ssl->suites->suites[i] == ECC_BYTE)
return;
/* No elliptic curve suite found */
TURN_ON(semaphore, ELLIPTIC_CURVES);
}
static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
{
EllipticCurve* curve;
word16 length = OPAQUE16_LEN; /* list length */
while ((curve = list)) {
list = curve->next;
length += OPAQUE16_LEN; /* curve length */
}
return length;
}
static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output);
static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output)
{
word16 offset = 0;
if (!curve)
return offset;
offset = TLSX_EllipticCurve_WriteR(curve->next, output);
c16toa(curve->name, output + offset);
return OPAQUE16_LEN + offset;
}
static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output)
{
word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN);
c16toa(length, output); /* writing list length */
return OPAQUE16_LEN + length;
}
#endif /* NO_CYASSL_CLIENT */
#ifndef NO_CYASSL_SERVER
static int TLSX_EllipticCurve_Parse(CYASSL* ssl, byte* input, word16 length,
byte isRequest)
{
word16 offset;
word16 name;
int r;
(void) isRequest; /* shut up compiler! */
if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
return INCOMPLETE_DATA;
ato16(input, &offset);
/* validating curve list length */
if (length != OPAQUE16_LEN + offset)
return INCOMPLETE_DATA;
while (offset) {
ato16(input + offset, &name);
offset -= OPAQUE16_LEN;
r = TLSX_UseEllipticCurve(&ssl->extensions, name);
if (r) return r; /* throw error */
}
return 0;
}
int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) {
TLSX* extension = (first == ECC_BYTE)
? TLSX_Find(ssl->extensions, ELLIPTIC_CURVES)
: NULL;
EllipticCurve* curve = NULL;
word32 oid = 0;
word16 octets = 0; /* acording to 'ecc_set_type ecc_sets[];' */
int sig = 0; /* valitade signature */
int key = 0; /* validate key */
if (!extension)
return 1; /* no suite restriction */
for (curve = extension->data; curve && !(sig && key); curve = curve->next) {
switch (curve->name) {
case CYASSL_ECC_SECP160R1: oid = ECC_160R1; octets = 20; break;
case CYASSL_ECC_SECP192R1: oid = ECC_192R1; octets = 24; break;
case CYASSL_ECC_SECP224R1: oid = ECC_224R1; octets = 28; break;
case CYASSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
case CYASSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
case CYASSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
}
switch (second) {
#ifndef NO_DSA
/* ECDHE_ECDSA */
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
sig |= ssl->pkCurveOID == oid;
key |= ssl->eccTempKeySz == octets;
break;
/* ECDH_ECDSA */
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
sig |= ssl->pkCurveOID == oid;
key |= ssl->pkCurveOID == oid;
break;
#endif
#ifndef NO_RSA
/* ECDHE_RSA */
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
sig = 1;
key |= ssl->eccTempKeySz == octets;
break;
/* ECDH_RSA */
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
case TLS_ECDH_RSA_WITH_RC4_128_SHA:
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
sig = 1;
key |= ssl->pkCurveOID == oid;
break;
#endif
default:
sig = 1;
key = 1;
break;
}
}
return sig && key;
}
#endif /* NO_CYASSL_SERVER */
int TLSX_UseEllipticCurve(TLSX** extensions, word16 name)
{
TLSX* extension = NULL;
EllipticCurve* curve = NULL;
int ret = 0;
if (extensions == NULL)
return BAD_FUNC_ARG;
switch (name) {
case CYASSL_ECC_SECP160R1:
case CYASSL_ECC_SECP192R1:
case CYASSL_ECC_SECP224R1:
case CYASSL_ECC_SECP256R1:
case CYASSL_ECC_SECP384R1:
case CYASSL_ECC_SECP521R1:
break;
default:
return BAD_FUNC_ARG;
}
if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
return ret;
extension = *extensions;
/* find EllipticCurve extension if it already exists. */
while (extension && extension->type != ELLIPTIC_CURVES)
extension = extension->next;
/* push new EllipticCurve extension if it doesn't exists. */
if (!extension) {
if ((ret = TLSX_Append(extensions, ELLIPTIC_CURVES)) != 0) {
XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
return ret;
}
extension = *extensions;
}
/* push new EllipticCurve object to extension data. */
curve->next = (EllipticCurve*) extension->data;
extension->data = (void*) curve;
/* look for another curve of the same name to remove (replacement) */
do {
if (curve->next && curve->next->name == name) {
EllipticCurve *next = curve->next;
curve->next = next->next;
XFREE(next, 0, DYNAMIC_TYPE_TLSX);
break;
}
} while ((curve = curve->next));
return SSL_SUCCESS;
}
#define EC_FREE_ALL TLSX_EllipticCurve_FreeAll
#define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest
#ifndef NO_CYASSL_CLIENT
#define EC_GET_SIZE TLSX_EllipticCurve_GetSize
#define EC_WRITE TLSX_EllipticCurve_Write
#else
#define EC_GET_SIZE(list) 0
#define EC_WRITE(a, b) 0
#endif
#ifndef NO_CYASSL_SERVER
#define EC_PARSE TLSX_EllipticCurve_Parse
#else
#define EC_PARSE(a, b, c, d) 0
#endif
#else
#define EC_FREE_ALL(list)
#define EC_GET_SIZE(list) 0
#define EC_WRITE(a, b) 0
#define EC_PARSE(a, b, c, d) 0
#define EC_VALIDATE_REQUEST(a, b)
#endif /* HAVE_ELLIPTIC_CURVES */
TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
{
TLSX* extension = list;
@@ -1181,18 +1487,16 @@ void TLSX_FreeAll(TLSX* list)
case TRUNCATED_HMAC:
/* Nothing to do. */
break;
case ELLIPTIC_CURVES:
EC_FREE_ALL(extension->data);
break;
}
XFREE(extension, 0, DYNAMIC_TYPE_TLSX);
}
}
#define IS_OFF(semaphore, light) \
((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
#define TURN_ON(semaphore, light) \
((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
{
TLSX* extension;
@@ -1220,6 +1524,10 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
case TRUNCATED_HMAC:
/* empty extension. */
break;
case ELLIPTIC_CURVES:
length += EC_GET_SIZE((EllipticCurve *) extension->data);
break;
}
TURN_ON(semaphore, extension->type);
@@ -1264,6 +1572,11 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
case TRUNCATED_HMAC:
/* empty extension. */
break;
case ELLIPTIC_CURVES:
offset += EC_WRITE((EllipticCurve *) extension->data,
output + offset);
break;
}
/* writing extension data length */
@@ -1286,6 +1599,8 @@ word16 TLSX_GetRequestSize(CYASSL* ssl)
if (ssl && IsTLS(ssl)) {
byte semaphore[16] = {0};
EC_VALIDATE_REQUEST(ssl, semaphore);
if (ssl->extensions)
length += TLSX_GetSize(ssl->extensions, semaphore, 1);
@@ -1311,6 +1626,8 @@ word16 TLSX_WriteRequest(CYASSL* ssl, byte* output)
offset += OPAQUE16_LEN; /* extensions length */
EC_VALIDATE_REQUEST(ssl, semaphore);
if (ssl->extensions)
offset += TLSX_Write(ssl->extensions, output + offset,
semaphore, 1);
@@ -1430,6 +1747,12 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
ret = THM_PARSE(ssl, input + offset, size, isRequest);
break;
case ELLIPTIC_CURVES:
CYASSL_MSG("Elliptic Curves extension received");
ret = EC_PARSE(ssl, input + offset, size, isRequest);
break;
case HELLO_EXT_SIG_ALGO:
if (isRequest) {
/* do not mess with offset inside the switch! */
@@ -1462,6 +1785,13 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
#undef IS_OFF
#undef TURN_ON
#elif defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_ELLIPTIC_CURVES)
#error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined."
#endif /* HAVE_TLS_EXTENSIONS */

96
tests/api.c
View File

@@ -56,6 +56,9 @@ static void test_CyaSSL_UseMaxFragment(void);
#ifdef HAVE_TRUNCATED_HMAC
static void test_CyaSSL_UseTruncatedHMAC(void);
#endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES
static void test_CyaSSL_UseEllipticCurve(void);
#endif /* HAVE_ELLIPTIC_CURVES */
/* test function helpers */
static int test_method(CYASSL_METHOD *method, const char *name);
@@ -116,6 +119,9 @@ int ApiTest(void)
#ifdef HAVE_TRUNCATED_HMAC
test_CyaSSL_UseTruncatedHMAC();
#endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES
test_CyaSSL_UseEllipticCurve();
#endif /* HAVE_ELLIPTIC_CURVES */
test_CyaSSL_Cleanup();
printf(" End API Tests\n");
@@ -236,14 +242,13 @@ int test_CyaSSL_CTX_new(CYASSL_METHOD *method)
return TEST_SUCCESS;
}
#ifdef HAVE_TLS_EXTENSIONS
#ifdef HAVE_SNI
static void use_SNI_at_ctx(CYASSL_CTX* ctx)
{
byte type = CYASSL_SNI_HOST_NAME;
char name[] = "www.yassl.com";
AssertIntEQ(0, CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name)));
AssertIntEQ(1, CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name)));
}
static void use_SNI_at_ssl(CYASSL* ssl)
@@ -251,7 +256,7 @@ static void use_SNI_at_ssl(CYASSL* ssl)
byte type = CYASSL_SNI_HOST_NAME;
char name[] = "www.yassl.com";
AssertIntEQ(0, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
AssertIntEQ(1, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
}
static void different_SNI_at_ssl(CYASSL* ssl)
@@ -259,7 +264,7 @@ static void different_SNI_at_ssl(CYASSL* ssl)
byte type = CYASSL_SNI_HOST_NAME;
char name[] = "ww2.yassl.com";
AssertIntEQ(0, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
AssertIntEQ(1, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
}
static void use_SNI_WITH_CONTINUE_at_ssl(CYASSL* ssl)
@@ -426,16 +431,16 @@ void test_CyaSSL_UseSNI(void)
AssertNotNull(ssl);
/* error cases */
AssertIntNE(0, CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(0, CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(0, CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(0, CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(0, CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx")));
AssertIntNE(0, CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl")));
AssertIntNE(1, CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(1, CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(1, CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(1, CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(1, CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx")));
AssertIntNE(1, CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl")));
/* success case */
AssertIntEQ(0, CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntEQ(0, CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl")));
AssertIntEQ(1, CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntEQ(1, CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl")));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
@@ -491,24 +496,24 @@ static void test_CyaSSL_UseMaxFragment(void)
AssertNotNull(ssl);
/* error cases */
AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9));
AssertIntNE(0, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9));
AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(ctx, 0));
AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(ctx, 6));
AssertIntNE(0, CyaSSL_UseMaxFragment(ssl, 0));
AssertIntNE(0, CyaSSL_UseMaxFragment(ssl, 6));
AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9));
AssertIntNE(1, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9));
AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(ctx, 0));
AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(ctx, 6));
AssertIntNE(1, CyaSSL_UseMaxFragment(ssl, 0));
AssertIntNE(1, CyaSSL_UseMaxFragment(ssl, 6));
/* success case */
AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9));
AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10));
AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11));
AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12));
AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13));
AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9));
AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10));
AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11));
AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12));
AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13));
AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9));
AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10));
AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11));
AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12));
AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13));
AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9));
AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10));
AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11));
AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12));
AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
@@ -525,19 +530,44 @@ static void test_CyaSSL_UseTruncatedHMAC(void)
AssertNotNull(ssl);
/* error cases */
AssertIntNE(0, CyaSSL_CTX_UseTruncatedHMAC(NULL));
AssertIntNE(0, CyaSSL_UseTruncatedHMAC(NULL));
AssertIntNE(1, CyaSSL_CTX_UseTruncatedHMAC(NULL));
AssertIntNE(1, CyaSSL_UseTruncatedHMAC(NULL));
/* success case */
AssertIntEQ(0, CyaSSL_CTX_UseTruncatedHMAC(ctx));
AssertIntEQ(0, CyaSSL_UseTruncatedHMAC(ssl));
AssertIntEQ(1, CyaSSL_CTX_UseTruncatedHMAC(ctx));
AssertIntEQ(1, CyaSSL_UseTruncatedHMAC(ssl));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
}
#endif /* HAVE_TRUNCATED_HMAC */
#endif /* HAVE_TLS_EXTENSIONS */
#ifdef HAVE_ELLIPTIC_CURVES
static void test_CyaSSL_UseEllipticCurve(void)
{
CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
CYASSL *ssl = CyaSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
#ifndef NO_CYASSL_CLIENT
/* error cases */
AssertIntNE(1, CyaSSL_CTX_UseEllipticCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_CTX_UseEllipticCurve(ctx, 0));
AssertIntNE(1, CyaSSL_UseEllipticCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_UseEllipticCurve(ssl, 0));
/* success case */
AssertIntEQ(1, CyaSSL_CTX_UseEllipticCurve(ctx, CYASSL_ECC_SECP160R1));
AssertIntEQ(1, CyaSSL_UseEllipticCurve(ssl, CYASSL_ECC_SECP160R1));
#endif
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
}
#endif /* HAVE_ELLIPTIC_CURVES */
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
/* Helper for testing CyaSSL_CTX_use_certificate_file() */