wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

NO_RSA build, cipher suite tests need work for this build optoin, ssn2

Browse Source
This commit is contained in:
toddouska
2013-03-07 17:44:40 -08:00
parent 23d6c70d3e
commit 85b3346bbf
20 changed files with 522 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
ctaocrypt/src/asn.c
View File

@@ -92,12 +92,33 @@ enum {
#define NO_TIME_H
/* since Micrium not defining XTIME or XGMTIME, CERT_GEN not available */
#elif defined(USER_TIME)
/* no <time.h> structures used */
#define NO_TIME_H
/* user time, and gmtime compatible functions, there is a gmtime
implementation here that WINCE uses, so really just need some ticks
since the EPOCH
*/
struct tm {
int tm_sec; /* seconds after the minute [0-60] */
int tm_min; /* minutes after the hour [0-59] */
int tm_hour; /* hours since midnight [0-23] */
int tm_mday; /* day of the month [1-31] */
int tm_mon; /* months since January [0-11] */
int tm_year; /* years since 1900 */
int tm_wday; /* days since Sunday [0-6] */
int tm_yday; /* days since January 1 [0-365] */
int tm_isdst; /* Daylight Savings Time flag */
long tm_gmtoff; /* offset from CUT in seconds */
char *tm_zone; /* timezone abbreviation */
};
typedef long time_t;
/* forward declaration */
struct tm* gmtime(const time_t* timer);
extern time_t XTIME(time_t * timer);
#define XGMTIME(c) gmtime((c))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#else
/* default */
/* uses complete <time.h> facility */
@@ -137,7 +158,8 @@ time_t time(time_t* timer)
return *timer;
}
#endif /* _WIN32_WCE */
#if defined( _WIN32_WCE ) || defined( USER_TIME )
struct tm* gmtime(const time_t* timer)
{
@@ -155,12 +177,12 @@ struct tm* gmtime(const time_t* timer)
static struct tm st_time;
struct tm* ret = &st_time;
time_t time = *timer;
time_t secs = *timer;
unsigned long dayclock, dayno;
int year = EPOCH_YEAR;
dayclock = (unsigned long)time % SECS_DAY;
dayno = (unsigned long)time / SECS_DAY;
dayclock = (unsigned long)secs % SECS_DAY;
dayno = (unsigned long)secs / SECS_DAY;
ret->tm_sec = dayclock % 60;
ret->tm_min = (dayclock % 3600) / 60;
@@ -187,7 +209,7 @@ struct tm* gmtime(const time_t* timer)
return ret;
}
#endif /* _WIN32_WCE */
#endif /* _WIN32_WCE || USER_TIME */
#ifdef THREADX
@@ -386,6 +408,7 @@ static int GetMyVersion(const byte* input, word32* inOutIdx, int* version)
}
#ifndef NO_PWDBASED
/* Get small count integer, 32 bits or less */
static int GetShortInt(const byte* input, word32* inOutIdx, int* number)
{
@@ -409,7 +432,7 @@ static int GetShortInt(const byte* input, word32* inOutIdx, int* number)
return *number;
}
#endif
/* May not have one, not an error */
static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version)
@@ -1413,7 +1436,9 @@ static int GetKey(DecodedCert* cert)
/* process NAME, either issuer or subject */
static int GetName(DecodedCert* cert, int nameType)
{
#ifndef NO_SHA
Sha sha;
#endif
int length; /* length of all distinguished names */
int dummy;
char* full = (nameType == ISSUER) ? cert->issuer : cert->subject;
@@ -1438,12 +1463,14 @@ static int GetName(DecodedCert* cert, int nameType)
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
#ifndef NO_SHA
InitSha(&sha);
ShaUpdate(&sha, &cert->source[idx], length + cert->srcIdx - idx);
if (nameType == ISSUER)
ShaFinal(&sha, cert->issuerHash);
else
ShaFinal(&sha, cert->subjectHash);
#endif
length += cert->srcIdx;
idx = 0;
@@ -2101,8 +2128,10 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
(void)sig;
(void)sigSz;
(void)heap;
(void)ret;
switch (sigOID) {
#ifndef NO_MD5
case CTC_MD5wRSA:
{
Md5 md5;
@@ -2113,6 +2142,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
digestSz = MD5_DIGEST_SIZE;
}
break;
#endif
#if defined(CYASSL_MD2)
case CTC_MD2wRSA:
{
@@ -2125,6 +2155,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
}
break;
#endif
#ifndef NO_SHA
case CTC_SHAwRSA:
case CTC_SHAwDSA:
case CTC_SHAwECDSA:
@@ -2137,6 +2168,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
digestSz = SHA_DIGEST_SIZE;
}
break;
#endif
#ifndef NO_SHA256
case CTC_SHA256wRSA:
case CTC_SHA256wECDSA:

13
ctaocrypt/src/hmac.c
View File

@@ -52,9 +52,11 @@ static int InitHmac(Hmac* hmac, int type)
break;
#endif
#ifndef NO_SHA
case SHA:
InitSha(&hmac->hash.sha);
break;
#endif
#ifndef NO_SHA256
case SHA256:
@@ -80,7 +82,7 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
byte* ip = (byte*) hmac->ipad;
byte* op = (byte*) hmac->opad;
word32 i, hmac_block_size = SHA_BLOCK_SIZE;
word32 i, hmac_block_size = 0;
#ifdef HAVE_CAVIUM
if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC)
@@ -106,8 +108,10 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
break;
#endif
#ifndef NO_SHA
case SHA:
{
hmac_block_size = SHA_BLOCK_SIZE;
if (length <= SHA_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
@@ -118,6 +122,7 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
}
}
break;
#endif
#ifndef NO_SHA256
case SHA256:
@@ -173,9 +178,11 @@ static void HmacKeyInnerHash(Hmac* hmac)
break;
#endif
#ifndef NO_SHA
case SHA:
ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
break;
#endif
#ifndef NO_SHA256
case SHA256:
@@ -216,9 +223,11 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
break;
#endif
#ifndef NO_SHA
case SHA:
ShaUpdate(&hmac->hash.sha, msg, length);
break;
#endif
#ifndef NO_SHA256
case SHA256:
@@ -264,6 +273,7 @@ void HmacFinal(Hmac* hmac, byte* hash)
break;
#endif
#ifndef NO_SHA
case SHA:
{
ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
@@ -275,6 +285,7 @@ void HmacFinal(Hmac* hmac, byte* hash)
ShaFinal(&hmac->hash.sha, hash);
}
break;
#endif
#ifndef NO_SHA256
case SHA256:

5
ctaocrypt/src/integer.c
View File

@@ -33,6 +33,8 @@
/* in case user set USE_FAST_MATH there */
#include <cyassl/ctaocrypt/settings.h>
#ifndef NO_BIG_INT
#ifndef USE_FAST_MATH
#include <cyassl/ctaocrypt/integer.h>
@@ -43,6 +45,8 @@
#endif
#endif
static void bn_reverse (unsigned char *s, int len);
/* math settings check */
word32 CheckRunTimeSettings(void)
{
@@ -4452,3 +4456,4 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
#endif /* USE_FAST_MATH */
#endif /* NO_BIG_INT */

3
ctaocrypt/src/md5.c
View File

@@ -24,6 +24,8 @@
#include <config.h>
#endif
#ifndef NO_MD5
#include <cyassl/ctaocrypt/md5.h>
#ifdef NO_INLINE
@@ -340,3 +342,4 @@ void Md5Final(Md5* md5, byte* hash)
#endif /* STM32F2_CRYPTO */
#endif /* NO_MD5 */

4
ctaocrypt/src/random.c
View File

@@ -58,6 +58,7 @@
#endif
#endif /* USE_WINDOWS_API */
#if !defined( NO_CYASSL_RANDOM )
#ifdef NO_RC4
@@ -568,7 +569,7 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#elif defined(NO_DEV_RANDOM)
#error "you need to write an os specific GenerateSeed() here"
#warning "you need to write an os specific GenerateSeed() here"
#else /* !USE_WINDOWS_API && !THREADX && !MICRIUM && !NO_DEV_RANDOM */
@@ -613,3 +614,4 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#endif /* USE_WINDOWS_API */
#endif /* NO_CYASSL_RANDOM */

4
ctaocrypt/src/sha.c
View File

@@ -19,10 +19,13 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifndef NO_SHA
#include <cyassl/ctaocrypt/sha.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
@@ -345,3 +348,4 @@ void ShaFinal(Sha* sha, byte* hash)
#endif /* STM32F2_CRYPTO */
#endif /* NO_SHA */

7
cyassl/ctaocrypt/asn.h
View File

@@ -273,6 +273,11 @@ struct DecodedCert {
#endif /* CYASSL_CERT_GEN */
};
#ifdef SHA_DIGEST_SIZE
#define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
#else
#define SIGNER_DIGEST_SIZE 160
#endif
/* CA Signers */
struct Signer {
@@ -280,7 +285,7 @@ struct Signer {
word32 pubKeySize;
word32 keyOID; /* key type */
char* name; /* common name */
byte hash[SHA_DIGEST_SIZE]; /* sha hash of names in certificate */
byte hash[SIGNER_DIGEST_SIZE];/* sha hash of names in certificate */
Signer* next;
};

4
cyassl/ctaocrypt/hmac.h
View File

@@ -78,7 +78,9 @@ typedef union {
#ifndef NO_MD5
Md5 md5;
#endif
Sha sha;
#ifndef NO_SHA
Sha sha;
#endif
#ifndef NO_SHA256
Sha256 sha256;
#endif

1
cyassl/ctaocrypt/integer.h
View File

@@ -238,7 +238,6 @@ int mp_count_bits (mp_int * a);
int mp_init_copy (mp_int * a, mp_int * b);
int mp_copy (mp_int * a, mp_int * b);
int mp_grow (mp_int * a, int size);
void bn_reverse (unsigned char *s, int len);
int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d);
void mp_zero (mp_int * a);
void mp_clamp (mp_int * a);

11
cyassl/ctaocrypt/settings.h
View File

@@ -115,13 +115,22 @@
#endif
#ifdef CYASSL_LEANPSK
#if defined(CYASSL_LEANPSK) && !defined(XMALLOC_USER)
#include <stdlib.h>
#define XMALLOC(s, h, type) malloc((s))
#define XFREE(p, h, type) free((p))
#define XREALLOC(p, n, h, t) realloc((p), (n))
#endif
#if defined(XMALLOC_USER) && defined(SSN_BUILDING_LIBYASSL)
#undef XMALLOC
#define XMALLOC yaXMALLOC
#undef XFREE
#define XFREE yaXFREE
#undef XREALLOC
#define XREALLOC yaXREALLOC
#endif
#ifdef FREERTOS
#define NO_WRITEV

4
cyassl/ctaocrypt/types.h
View File

@@ -74,6 +74,10 @@
#define WORD64_AVAILABLE
#define W64LIT(x) x##LL
typedef unsigned long long word64;
#elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8
#define WORD64_AVAILABLE
#define W64LIT(x) x##LL
typedef unsigned long long word64;
#else
#define MP_16BIT /* for mp_int, mp_word needs to be twice as big as
mp_digit, no 64 bit type so make mp_digit 16 bit */

135
cyassl/internal.h
View File

@@ -33,6 +33,7 @@
#include <cyassl/ctaocrypt/rabbit.h>
#include <cyassl/ctaocrypt/asn.h>
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/sha.h>
#include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/camellia.h>
#include <cyassl/ctaocrypt/logging.h>
@@ -134,7 +135,9 @@ void c32to24(word32 in, word24 out);
When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
*/
#if !defined(NO_RSA) && !defined(NO_RC4)
#if !defined(NO_SHA)
#define BUILD_SSL_RSA_WITH_RC4_128_SHA
#endif
#define BUILD_SSL_RSA_WITH_RC4_128_MD5
#if !defined(NO_TLS) && defined(HAVE_NTRU)
#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
@@ -142,19 +145,23 @@ void c32to24(word32 in, word24 out);
#endif
#if !defined(NO_RSA) && !defined(NO_DES3)
#if !defined(NO_SHA)
#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
#if !defined(NO_TLS) && defined(HAVE_NTRU)
#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#endif
#endif
#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
#if defined(HAVE_NTRU)
#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
#endif
#endif
#if !defined (NO_SHA256)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
@@ -171,15 +178,19 @@ void c32to24(word32 in, word24 out);
#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
#ifndef NO_RSA
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
#endif
#if !defined(NO_DH) && defined(OPENSSL_EXTRA)
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
@@ -189,8 +200,10 @@ void c32to24(word32 in, word24 out);
#endif
#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
#if !defined(NO_SHA)
#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
#endif
@@ -198,11 +211,17 @@ void c32to24(word32 in, word24 out);
#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
#if !defined(NO_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_NULL_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_RSA_WITH_NULL_SHA256
#endif
#endif
#if !defined(NO_PSK)
#if !defined(NO_SHA)
#define BUILD_TLS_PSK_WITH_NULL_SHA
#endif
#ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_NULL_SHA256
#endif
@@ -211,17 +230,23 @@ void c32to24(word32 in, word24 out);
#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
#define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
#endif
#endif
#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
#endif
#endif
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA) && defined(OPENSSL_EXTRA)
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
#endif
#if !defined (NO_SHA256)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
@@ -234,39 +259,50 @@ void c32to24(word32 in, word24 out);
#if defined(HAVE_ECC) && !defined(NO_TLS)
#if !defined(NO_AES)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#if !defined(NO_SHA)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
#ifndef NO_SHA256
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
#endif
#ifdef CYASSL_SHA384
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
#endif
#if defined (HAVE_AESGCM)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
#endif
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
#endif
#if defined (HAVE_AESCCM)
@@ -275,19 +311,26 @@ void c32to24(word32 in, word24 out);
#endif
#endif
#if !defined(NO_RC4)
#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#if !defined(NO_SHA)
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
#endif
#define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
#endif
#endif
#if !defined(NO_DES3)
#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
#if !defined(NO_RSA)
#define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
#endif
#endif
#endif
@@ -301,11 +344,14 @@ void c32to24(word32 in, word24 out);
#endif
#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA)
defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
#undef BUILD_AES
#define BUILD_AES
#endif
#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256)
#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
#define BUILD_AESGCM
#endif
@@ -640,12 +686,17 @@ enum states {
};
#if defined(__GNUC__)
#define CYASSL_PACK __attribute__ ((packed))
#else
#define CYASSL_PACK
#endif
/* SSL Version */
typedef struct ProtocolVersion {
byte major;
byte minor;
} ProtocolVersion;
} CYASSL_PACK ProtocolVersion;
CYASSL_LOCAL ProtocolVersion MakeSSLv3(void);
@@ -869,14 +920,18 @@ CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
typedef struct OCSP_Entry OCSP_Entry;
#ifdef SHA_DIGEST_SIZE
#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
#else
#define OCSP_DIGEST_SIZE 160
#endif
struct OCSP_Entry {
OCSP_Entry* next; /* next entry */
byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
byte issuerKeyHash[SHA_DIGEST_SIZE]; /* issuer public key hash */
byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
CertStatus* status; /* OCSP response list */
int totalStatus; /* number on list */
};
@@ -894,14 +949,23 @@ struct CYASSL_OCSP {
CallbackIOOcspRespFree CBIOOcspRespFree;
};
#ifndef MAX_DATE_SIZE
#define MAX_DATE_SIZE 32
#endif
typedef struct CRL_Entry CRL_Entry;
#ifdef SHA_DIGEST_SIZE
#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
#else
#define CRL_DIGEST_SIZE 160
#endif
/* Complete CRL */
struct CRL_Entry {
CRL_Entry* next; /* next entry */
byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
/* byte crlHash[SHA_DIGEST_SIZE]; raw crl data hash */
byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
/* restore the hash here if needed for optimized comparisons */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */
@@ -1203,7 +1267,7 @@ CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
/* hashes type */
typedef struct Hashes {
#ifndef NO_MD5
#ifndef NO_OLD_TLS
byte md5[MD5_DIGEST_SIZE];
#endif
byte sha[SHA_DIGEST_SIZE];
@@ -1314,7 +1378,6 @@ typedef struct Buffers {
#endif
} Buffers;
typedef struct Options {
byte sessionCacheOff;
byte sessionCacheFlushOff;
@@ -1365,7 +1428,6 @@ typedef struct Options {
#endif /* NO_PSK */
} Options;
typedef struct Arrays {
byte clientRandom[RAN_LEN];
byte serverRandom[RAN_LEN];
@@ -1385,12 +1447,18 @@ typedef struct Arrays {
word32 preMasterSz; /* differs for DH, actual size */
} Arrays;
#ifndef ASN_NAME_MAX
#define ASN_NAME_MAX 256
#endif
struct CYASSL_X509_NAME {
char name[ASN_NAME_MAX];
int sz;
};
#ifndef EXTERNAL_SERIAL_SIZE
#define EXTERNAL_SERIAL_SIZE 32
#endif
struct CYASSL_X509 {
CYASSL_X509_NAME issuer;
@@ -1460,10 +1528,14 @@ struct CYASSL {
void* IOCB_ReadCtx;
void* IOCB_WriteCtx;
RNG* rng;
#ifndef NO_OLD_TLS
#ifndef NO_SHA
Sha hashSha; /* sha hash of handshake msgs */
#endif
#ifndef NO_MD5
Md5 hashMd5; /* md5 hash of handshake msgs */
#endif
#endif
#ifndef NO_SHA256
Sha256 hashSha256; /* sha256 hash of handshake msgs */
#endif
@@ -1528,6 +1600,7 @@ struct CYASSL {
#ifdef HAVE_CAVIUM
int devId; /* cavium device id to use */
#endif
CYASSL_ALERT_HISTORY alert_history;
};

13
cyassl/ssl.h
View File

@@ -59,7 +59,6 @@
extern "C" {
#endif
typedef struct CYASSL CYASSL;
typedef struct CYASSL_SESSION CYASSL_SESSION;
typedef struct CYASSL_METHOD CYASSL_METHOD;
@@ -112,6 +111,15 @@ typedef struct CYASSL_X509_STORE {
int cache; /* stunnel dereference */
} CYASSL_X509_STORE;
typedef struct CYASSL_ALERT {
int code;
int level;
} CYASSL_ALERT;
typedef struct CYASSL_ALERT_HISTORY {
CYASSL_ALERT last_rx;
CYASSL_ALERT last_tx;
} CYASSL_ALERT_HISTORY;
typedef struct CYASSL_X509_REVOKED {
CYASSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */
@@ -202,6 +210,7 @@ CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int);
CYASSL_API void CyaSSL_set_quiet_shutdown(CYASSL*, int);
CYASSL_API int CyaSSL_get_error(CYASSL*, int);
CYASSL_API int CyaSSL_get_alert_history(CYASSL*, CYASSL_ALERT_HISTORY *);
CYASSL_API int CyaSSL_set_session(CYASSL* ssl,CYASSL_SESSION* session);
CYASSL_API CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl);
@@ -256,6 +265,7 @@ CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session);
CYASSL_API int CyaSSL_is_init_finished(CYASSL*);
CYASSL_API const char* CyaSSL_get_version(CYASSL*);
CYASSL_API int CyaSSL_get_current_cipher_suite(CYASSL* ssl);
CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*);
CYASSL_API char* CyaSSL_CIPHER_description(CYASSL_CIPHER*, char*, int);
CYASSL_API const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher);
@@ -423,7 +433,6 @@ CYASSL_API long CyaSSL_CTX_sess_timeouts(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_number(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX*);
#define CYASSL_DEFAULT_CIPHER_LIST "" /* default all */
#define CYASSL_RSA_F4 0x10001L

4
cyassl/test.h
View File

@@ -20,6 +20,8 @@
#define SOCKET_T unsigned int
#else
#include <string.h>
#include <sys/types.h>
#ifndef CYASSL_LEANPSK
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
@@ -27,13 +29,13 @@
#include <arpa/inet.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <pthread.h>
#include <fcntl.h>
#ifdef TEST_IPV6
#include <netdb.h>
#endif
#endif
#define SOCKET_T int
#ifndef SO_NOSIGPIPE
#include <signal.h> /* ignore SIGPIPE */

12
examples/client/client.c
View File

@@ -284,9 +284,9 @@ void client_test(void* args)
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA";
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES256-CBC-SHA";
defaultCipherList = "PSK-AES256-CBC-SHA256";
#endif
if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS)
err_sys("client can't set cipher list 2");
@@ -301,7 +301,7 @@ void client_test(void* args)
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
if (cipherList == NULL) {
/* don't use EDH, can't sniff tmp keys */
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) {
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
err_sys("client can't set cipher list 3");
}
}
@@ -323,7 +323,7 @@ void client_test(void* args)
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
err_sys("can't load client private key file, check file and run from"
" CyaSSL home dir");
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
@@ -492,13 +492,11 @@ void client_test(void* args)
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
#ifdef OPENSSL_EXTRA
if (CyaSSL_session_reused(sslResume))
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
#endif
if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
err_sys("SSL_write failed");

6
examples/server/server.c
View File

@@ -280,9 +280,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA";
defaultCipherList = "PSK-NULL-SHA256";
#else
defaultCipherList = "PSK-AES256-CBC-SHA";
defaultCipherList = "PSK-AES256-CBC-SHA256";
#endif
if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 2");
@@ -307,7 +307,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
if (cipherList == NULL) {
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS)
err_sys("server can't set cipher list 3");
}
#endif

242
src/internal.c
View File

@@ -90,7 +90,7 @@ typedef enum {
runProcessingOneMessage
} processReply;
#ifndef NO_MD5
#ifndef NO_OLD_TLS
static void Hmac(CYASSL* ssl, byte* digest, const byte* buffer, word32 sz,
int content, int verify);
@@ -1217,10 +1217,14 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
#ifndef NO_OLD_TLS
#ifndef NO_MD5
InitMd5(&ssl->hashMd5);
#endif
#ifndef NO_SHA
InitSha(&ssl->hashSha);
#endif
#endif
#ifndef NO_SHA256
InitSha256(&ssl->hashSha256);
#endif
@@ -2004,7 +2008,7 @@ ProtocolVersion MakeDTLSv1(void)
}
#elif defined(USER_TICKS)
#if 0
word32 LowResTimer(void)
{
/*
@@ -2012,7 +2016,7 @@ ProtocolVersion MakeDTLSv1(void)
needs second accuracy but doesn't have to correlated to EPOCH
*/
}
#endif
#else /* !USE_WINDOWS_API && !THREADX && !MICRIUM && !USER_TICKS */
#include <time.h>
@@ -2038,10 +2042,13 @@ static void HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz)
sz -= DTLS_RECORD_EXTRA;
}
#endif
#ifndef NO_OLD_TLS
#ifndef NO_SHA
ShaUpdate(&ssl->hashSha, adj, sz);
#endif
#ifndef NO_MD5
Md5Update(&ssl->hashMd5, adj, sz);
#endif
#endif
if (IsAtLeastTLSv1_2(ssl)) {
@@ -2068,9 +2075,13 @@ static void HashInput(CYASSL* ssl, const byte* input, int sz)
}
#endif
#ifndef NO_OLD_TLS
#ifndef NO_SHA
ShaUpdate(&ssl->hashSha, adj, sz);
#endif
#ifndef NO_MD5
Md5Update(&ssl->hashMd5, adj, sz);
#endif
#endif
if (IsAtLeastTLSv1_2(ssl)) {
@@ -2197,13 +2208,13 @@ retry:
ssl->options.isClosed = 1;
return -1;
#ifdef CYASSL_DTLS
case IO_ERR_TIMEOUT:
#ifdef CYASSL_DTLS
if (DtlsPoolTimeout(ssl) == 0 && DtlsPoolSend(ssl) == 0)
goto retry;
else
return -1;
#endif
return -1;
default:
return recvd;
@@ -2491,7 +2502,7 @@ static int GetDtlsHandShakeHeader(CYASSL* ssl, const byte* input,
#endif
#ifndef NO_MD5
#ifndef NO_OLD_TLS
/* fill with MD5 pad size since biggest required */
static const byte PAD1[PAD_MD5] =
{ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
@@ -2554,10 +2565,14 @@ static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender)
static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
{
/* store current states, building requires get_digest which resets state */
#ifndef NO_OLD_TLS
#ifndef NO_MD5
Md5 md5 = ssl->hashMd5;
#endif
#ifndef NO_SHA
Sha sha = ssl->hashSha;
#endif
#endif
#ifndef NO_SHA256
Sha256 sha256 = ssl->hashSha256;
#endif
@@ -2567,7 +2582,7 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
if (ssl->options.tls)
BuildTlsFinished(ssl, hashes, sender);
#ifndef NO_MD5
#ifndef NO_OLD_TLS
else {
BuildMD5(ssl, hashes, sender);
BuildSHA(ssl, hashes, sender);
@@ -2575,10 +2590,14 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
#endif
/* restore */
#ifndef NO_OLD_TLS
#ifndef NO_MD5
ssl->hashMd5 = md5;
#endif
#ifndef NO_SHA
ssl->hashSha = sha;
#endif
#endif
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
ssl->hashSha256 = sha256;
@@ -3681,7 +3700,7 @@ static int DecryptMessage(CYASSL* ssl, byte* input, word32 sz, word32* idx)
}
#ifndef NO_MD5
#ifndef NO_OLD_TLS
static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
{
@@ -3694,7 +3713,6 @@ static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
Md5Update(&md5, data, sz);
}
#endif
static INLINE void ShaRounds(int rounds, const byte* data, int sz)
@@ -3707,6 +3725,7 @@ static INLINE void ShaRounds(int rounds, const byte* data, int sz)
for (i = 0; i < rounds; i++)
ShaUpdate(&sha, data, sz);
}
#endif
#ifndef NO_SHA256
@@ -3780,15 +3799,19 @@ static INLINE void DoRounds(int type, int rounds, const byte* data, int sz)
case no_mac :
break;
#ifndef NO_OLD_TLS
#ifndef NO_MD5
case md5_mac :
Md5Rounds(rounds, data, sz);
break;
#endif
#ifndef NO_SHA
case sha_mac :
ShaRounds(rounds, data, sz);
break;
#endif
#endif
#ifndef NO_SHA256
case sha256_mac :
@@ -4033,6 +4056,7 @@ int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx)
static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
{
byte level;
byte code;
#ifdef CYASSL_CALLBACKS
if (ssl->hsInfoOn)
@@ -4043,7 +4067,10 @@ static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap);
#endif
level = input[(*inOutIdx)++];
*type = (int)input[(*inOutIdx)++];
code = (int)input[(*inOutIdx)++];
ssl->alert_history.last_rx.code = code;
ssl->alert_history.last_rx.level = level;
*type = code;
CYASSL_MSG("Got alert");
if (*type == close_notify) {
@@ -4576,13 +4603,18 @@ static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest)
ShaFinal(&ssl->hashSha, digest);
}
#endif
#ifndef CYASSL_LEANPSK
static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
{
/* store current states, building requires get_digest which resets state */
#ifndef NO_OLD_TLS
Md5 md5 = ssl->hashMd5;
Sha sha = ssl->hashSha;
#endif
#ifndef NO_SHA256
Sha256 sha256 = ssl->hashSha256;
#endif
@@ -4591,8 +4623,10 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
#endif
if (ssl->options.tls) {
#if ! defined( NO_OLD_TLS )
Md5Final(&ssl->hashMd5, hashes->md5);
ShaFinal(&ssl->hashSha, hashes->sha);
#endif
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
Sha256Final(&ssl->hashSha256, hashes->sha256);
@@ -4602,6 +4636,7 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
#endif
}
}
#if ! defined( NO_OLD_TLS )
else {
BuildMD5_CertVerify(ssl, hashes->md5);
BuildSHA_CertVerify(ssl, hashes->sha);
@@ -4610,6 +4645,7 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
/* restore */
ssl->hashMd5 = md5;
ssl->hashSha = sha;
#endif
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
ssl->hashSha256 = sha256;
@@ -4619,7 +4655,8 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
#endif
}
}
#endif
#endif /* CYASSL_LEANPSK */
/* Build SSL Message, encrypted */
static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
@@ -5114,6 +5151,8 @@ int SendAlert(CYASSL* ssl, int severity, int type)
input[0] = (byte)severity;
input[1] = (byte)type;
ssl->alert_history.last_tx.code = type;
ssl->alert_history.last_tx.level = severity;
/* only send encrypted alert if handshake actually complete, otherwise
other side may not be able to handle it */
@@ -6782,8 +6821,10 @@ int SetCipherList(Suites* s, const char* list)
#if defined(OPENSSL_EXTRA) || defined(HAVE_ECC)
{
#ifndef NO_OLD_TLS
Md5 md5;
Sha sha;
#endif
byte hash[FINISHED_SZ];
#ifndef NO_SHA256
Sha256 sha256;
@@ -6821,7 +6862,7 @@ int SetCipherList(Suites* s, const char* list)
sigLen = length;
/* verify signature */
#ifndef NO_OLD_TLS
/* md5 */
InitMd5(&md5);
Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN);
@@ -6835,7 +6876,7 @@ int SetCipherList(Suites* s, const char* list)
ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN);
ShaUpdate(&sha, messageVerify, verifySz);
ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]);
#endif
#ifndef NO_SHA256
InitSha256(&sha256);
Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN);
@@ -6851,7 +6892,7 @@ int SetCipherList(Suites* s, const char* list)
Sha384Update(&sha384, messageVerify, verifySz);
Sha384Final(&sha384, hash384);
#endif
#ifndef NO_RSA
/* rsa */
if (sigAlgo == rsa_sa_algo)
{
@@ -6866,11 +6907,24 @@ int SetCipherList(Suites* s, const char* list)
if (IsAtLeastTLSv1_2(ssl)) {
byte encodedSig[MAX_ENCODED_SIG_SZ];
word32 encSigSz;
#ifndef NO_OLD_TLS
byte* digest = &hash[MD5_DIGEST_SIZE];
int typeH = SHAh;
int digestSz = SHA_DIGEST_SIZE;
#else
byte* digest = hash256;
int typeH = SHA256h;
int digestSz = SHA256_DIGEST_SIZE;
#endif
if (hashAlgo == sha256_mac) {
if (hashAlgo == sha_mac) {
#ifndef NO_SHA
digest = &hash[MD5_DIGEST_SIZE];
typeH = SHAh;
digestSz = SHA_DIGEST_SIZE;
#endif
}
else if (hashAlgo == sha256_mac) {
#ifndef NO_SHA256
digest = hash256;
typeH = SHA256h;
@@ -6895,18 +6949,30 @@ int SetCipherList(Suites* s, const char* list)
if (ret != sizeof(hash) || XMEMCMP(out, hash,sizeof(hash)) != 0)
return VERIFY_SIGN_ERROR;
}
}
} else
#endif
#ifdef HAVE_ECC
/* ecdsa */
else if (sigAlgo == ecc_dsa_sa_algo) {
if (sigAlgo == ecc_dsa_sa_algo) {
int verify = 0, ret;
#ifndef NO_OLD_TLS
byte* digest = &hash[MD5_DIGEST_SIZE];
word32 digestSz = SHA_DIGEST_SIZE;
#else
byte* digest = hash256;
word32 digestSz = SHA256_DIGEST_SIZE;
#endif
if (!ssl->peerEccDsaKeyPresent)
return NO_PEER_KEY;
if (IsAtLeastTLSv1_2(ssl)) {
if (hashAlgo == sha256_mac) {
if (hashAlgo == sha_mac) {
#ifndef NO_SHA
digest = &hash[MD5_DIGEST_SIZE];
digestSz = SHA_DIGEST_SIZE;
#endif
}
else if (hashAlgo == sha256_mac) {
#ifndef NO_SHA256
digest = hash256;
digestSz = SHA256_DIGEST_SIZE;
@@ -6925,8 +6991,8 @@ int SetCipherList(Suites* s, const char* list)
if (ret != 0 || verify == 0)
return VERIFY_SIGN_ERROR;
}
#endif /* HAVE_ECC */
else
#endif /* HAVE_ECC */
return ALGO_ID_E;
ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
@@ -7182,19 +7248,23 @@ int SetCipherList(Suites* s, const char* list)
return ret;
}
#ifndef NO_RSA
#ifndef NO_CERTS
int SendCertificateVerify(CYASSL* ssl)
{
byte *output;
int sendSz = 0, length, ret;
word32 idx = 0;
word32 sigOutSz = 0;
#ifndef NO_RSA
RsaKey key;
#endif
int usingEcc = 0;
#ifdef HAVE_ECC
ecc_key eccKey;
#endif
(void)idx;
if (ssl->options.sendVerify == SEND_BLANK_CERT)
return 0; /* sent blank cert, can't verify */
@@ -7211,12 +7281,15 @@ int SetCipherList(Suites* s, const char* list)
#ifdef HAVE_ECC
ecc_init(&eccKey);
#endif
#ifndef NO_RSA
InitRsaKey(&key, ssl->heap);
ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &key,
ssl->buffers.key.length);
if (ret == 0)
sigOutSz = RsaEncryptSize(&key);
else {
else
#endif
{
#ifdef HAVE_ECC
CYASSL_MSG("Trying ECC client cert, RSA didn't work");
@@ -7236,11 +7309,19 @@ int SetCipherList(Suites* s, const char* list)
if (ret == 0) {
byte* verify = (byte*)&output[RECORD_HEADER_SZ +
HANDSHAKE_HEADER_SZ];
#ifndef NO_OLD_TLS
byte* signBuffer = ssl->certHashes.md5;
#else
byte* signBuffer = NULL;
#endif
word32 signSz = FINISHED_SZ;
byte encodedSig[MAX_ENCODED_SIG_SZ];
word32 extraSz = 0; /* tls 1.2 hash/sig */
(void)encodedSig;
(void)signSz;
(void)signBuffer;
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
verify += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
@@ -7255,11 +7336,26 @@ int SetCipherList(Suites* s, const char* list)
if (usingEcc) {
#ifdef HAVE_ECC
word32 localSz = MAX_ENCODED_SIG_SZ;
word32 digestSz = SHA_DIGEST_SIZE;
byte* digest = ssl->certHashes.sha;
word32 digestSz;
byte* digest;
#ifndef NO_OLD_TLS
/* old tls default */
digestSz = SHA_DIGEST_SIZE;
digest = ssl->certHashes.sha;
#else
/* new tls default */
digestSz = SHA256_DIGEST_SIZE;
digest = ssl->certHashes.sha256;
#endif
if (IsAtLeastTLSv1_2(ssl)) {
if (ssl->suites->hashAlgo == sha256_mac) {
if (ssl->suites->hashAlgo == sha_mac) {
#ifndef NO_SHA
digest = ssl->certHashes.sha;
digestSz = SHA_DIGEST_SIZE;
#endif
}
else if (ssl->suites->hashAlgo == sha256_mac) {
#ifndef NO_SHA256
digest = ssl->certHashes.sha256;
digestSz = SHA256_DIGEST_SIZE;
@@ -7282,13 +7378,27 @@ int SetCipherList(Suites* s, const char* list)
}
#endif
}
#ifndef NO_RSA
else {
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_OLD_TLS
byte* digest = ssl->certHashes.sha;
int digestSz = SHA_DIGEST_SIZE;
int typeH = SHAh;
#else
byte* digest = ssl->certHashes.sha256;
int digestSz = SHA256_DIGEST_SIZE;
int typeH = SHA256h;
#endif
if (ssl->suites->hashAlgo == sha256_mac) {
if (ssl->suites->hashAlgo == sha_mac) {
#ifndef NO_SHA
digest = ssl->certHashes.sha;
typeH = SHAh;
digestSz = SHA_DIGEST_SIZE;
#endif
}
else if (ssl->suites->hashAlgo == sha256_mac) {
#ifndef NO_SHA256
digest = ssl->certHashes.sha256;
typeH = SHA256h;
@@ -7314,7 +7424,7 @@ int SetCipherList(Suites* s, const char* list)
if (ret > 0)
ret = 0; /* RSA reset */
}
#endif
if (ret == 0) {
AddHeaders(output, length + extraSz + VERIFY_HEADER,
certificate_verify, ssl);
@@ -7331,8 +7441,9 @@ int SetCipherList(Suites* s, const char* list)
HashOutput(ssl, output, sendSz, 0);
}
}
#ifndef NO_RSA
FreeRsaKey(&key);
#endif
#ifdef HAVE_ECC
ecc_free(&eccKey);
#endif
@@ -7354,7 +7465,7 @@ int SetCipherList(Suites* s, const char* list)
else
return ret;
}
#endif /* NO_RSA */
#endif /* NO_CERTS */
#endif /* NO_CYASSL_CLIENT */
@@ -7554,7 +7665,9 @@ int SetCipherList(Suites* s, const char* list)
word32 expSz = sizeof(exportBuf);
word32 sigSz;
word32 preSigSz, preSigIdx;
#ifndef NO_RSA
RsaKey rsaKey;
#endif
ecc_key dsaKey;
if (ssl->specs.static_ecdh) {
@@ -7573,18 +7686,23 @@ int SetCipherList(Suites* s, const char* list)
preSigSz = length;
preSigIdx = idx;
#ifndef NO_RSA
InitRsaKey(&rsaKey, ssl->heap);
#endif
ecc_init(&dsaKey);
/* sig length */
length += LENGTH_SZ;
if (!ssl->buffers.key.buffer) {
#ifndef NO_RSA
FreeRsaKey(&rsaKey);
#endif
ecc_free(&dsaKey);
return NO_PRIVATE_KEY;
}
#ifndef NO_RSA
if (ssl->specs.sig_algo == rsa_sa_algo) {
/* rsa sig size */
word32 i = 0;
@@ -7592,8 +7710,9 @@ int SetCipherList(Suites* s, const char* list)
&rsaKey, ssl->buffers.key.length);
if (ret != 0) return ret;
sigSz = RsaEncryptSize(&rsaKey);
}
else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) {
} else
#endif
if (ssl->specs.sig_algo == ecc_dsa_sa_algo) {
/* ecdsa sig size */
word32 i = 0;
ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
@@ -7602,7 +7721,9 @@ int SetCipherList(Suites* s, const char* list)
sigSz = ecc_sig_size(&dsaKey) + 2; /* worst case estimate */
}
else {
#ifndef NO_RSA
FreeRsaKey(&rsaKey);
#endif
ecc_free(&dsaKey);
return ALGO_ID_E; /* unsupported type */
}
@@ -7622,7 +7743,9 @@ int SetCipherList(Suites* s, const char* list)
#endif
/* check for avalaible size */
if ((ret = CheckAvalaibleSize(ssl, sendSz)) != 0) {
#ifndef NO_RSA
FreeRsaKey(&rsaKey);
#endif
ecc_free(&dsaKey);
return ret;
}
@@ -7651,8 +7774,10 @@ int SetCipherList(Suites* s, const char* list)
/* do signature */
{
#ifndef NO_OLD_TLS
Md5 md5;
Sha sha;
#endif
byte hash[FINISHED_SZ];
#ifndef NO_SHA256
Sha256 sha256;
@@ -7663,6 +7788,7 @@ int SetCipherList(Suites* s, const char* list)
byte hash384[SHA384_DIGEST_SIZE];
#endif
#ifndef NO_OLD_TLS
/* md5 */
InitMd5(&md5);
Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN);
@@ -7676,6 +7802,7 @@ int SetCipherList(Suites* s, const char* list)
ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN);
ShaUpdate(&sha, output + preSigIdx, preSigSz);
ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]);
#endif
#ifndef NO_SHA256
InitSha256(&sha256);
@@ -7692,7 +7819,7 @@ int SetCipherList(Suites* s, const char* list)
Sha384Update(&sha384, output + preSigIdx, preSigSz);
Sha384Final(&sha384, hash384);
#endif
#ifndef NO_RSA
if (ssl->suites->sigAlgo == rsa_sa_algo) {
byte* signBuffer = hash;
word32 signSz = sizeof(hash);
@@ -7733,14 +7860,26 @@ int SetCipherList(Suites* s, const char* list)
ret = 0; /* reset on success */
else
return ret;
}
else if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
} else
#endif
if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
#ifndef NO_OLD_TLS
byte* digest = &hash[MD5_DIGEST_SIZE];
word32 digestSz = SHA_DIGEST_SIZE;
#else
byte* digest = hash256;
word32 digestSz = SHA256_DIGEST_SIZE;
#endif
word32 sz = sigSz;
if (IsAtLeastTLSv1_2(ssl)) {
if (ssl->suites->hashAlgo == sha256_mac) {
if (ssl->suites->hashAlgo == sha_mac) {
#ifndef NO_SHA
digest = &hash[MD5_DIGEST_SIZE];
digestSz = SHA_DIGEST_SIZE;
#endif
}
else if (ssl->suites->hashAlgo == sha256_mac) {
#ifndef NO_SHA256
digest = hash256;
digestSz = SHA256_DIGEST_SIZE;
@@ -7756,7 +7895,9 @@ int SetCipherList(Suites* s, const char* list)
ret = ecc_sign_hash(digest, digestSz,
output + LENGTH_SZ + idx, &sz, ssl->rng, &dsaKey);
#ifndef NO_RSA
FreeRsaKey(&rsaKey);
#endif
ecc_free(&dsaKey);
if (ret < 0) return ret;
@@ -7916,8 +8057,10 @@ int SetCipherList(Suites* s, const char* list)
/* do signature */
{
#ifndef NO_OLD_TLS
Md5 md5;
Sha sha;
#endif
byte hash[FINISHED_SZ];
#ifndef NO_SHA256
Sha256 sha256;
@@ -7928,6 +8071,7 @@ int SetCipherList(Suites* s, const char* list)
byte hash384[SHA384_DIGEST_SIZE];
#endif
#ifndef NO_OLD_TLS
/* md5 */
InitMd5(&md5);
Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN);
@@ -7941,6 +8085,7 @@ int SetCipherList(Suites* s, const char* list)
ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN);
ShaUpdate(&sha, output + preSigIdx, preSigSz);
ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]);
#endif
#ifndef NO_SHA256
InitSha256(&sha256);
@@ -7957,7 +8102,7 @@ int SetCipherList(Suites* s, const char* list)
Sha384Update(&sha384, output + preSigIdx, preSigSz);
Sha384Final(&sha384, hash384);
#endif
#ifndef NO_RSA
if (ssl->suites->sigAlgo == rsa_sa_algo) {
byte* signBuffer = hash;
word32 signSz = sizeof(hash);
@@ -7992,6 +8137,7 @@ int SetCipherList(Suites* s, const char* list)
if (ret <= 0)
return ret;
}
#endif
}
#ifdef CYASSL_DTLS
@@ -8046,6 +8192,7 @@ int SetCipherList(Suites* s, const char* list)
switch (second) {
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
if (requirement == REQUIRES_RSA)
return 1;
@@ -8058,6 +8205,7 @@ int SetCipherList(Suites* s, const char* list)
return 1;
break;
#ifndef NO_3DES
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
if (requirement == REQUIRES_RSA)
return 1;
@@ -8069,7 +8217,9 @@ int SetCipherList(Suites* s, const char* list)
if (requirement == REQUIRES_RSA_SIG)
return 1;
break;
#endif
#ifndef NO_RC4
case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
if (requirement == REQUIRES_RSA)
return 1;
@@ -8081,7 +8231,10 @@ int SetCipherList(Suites* s, const char* list)
if (requirement == REQUIRES_RSA_SIG)
return 1;
break;
#endif
#endif /* NO_RSA */
#ifndef NO_3DES
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
if (requirement == REQUIRES_ECC_DSA)
return 1;
@@ -8091,7 +8244,8 @@ int SetCipherList(Suites* s, const char* list)
if (requirement == REQUIRES_ECC_STATIC)
return 1;
break;
#endif
#ifndef NO_RC4
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
if (requirement == REQUIRES_ECC_DSA)
return 1;
@@ -8101,7 +8255,8 @@ int SetCipherList(Suites* s, const char* list)
if (requirement == REQUIRES_ECC_STATIC)
return 1;
break;
#endif
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
if (requirement == REQUIRES_RSA)
return 1;
@@ -8113,6 +8268,7 @@ int SetCipherList(Suites* s, const char* list)
if (requirement == REQUIRES_RSA_SIG)
return 1;
break;
#endif
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
if (requirement == REQUIRES_ECC_DSA)
@@ -8154,6 +8310,7 @@ int SetCipherList(Suites* s, const char* list)
return 1;
break;
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
if (requirement == REQUIRES_RSA)
return 1;
@@ -8221,6 +8378,7 @@ int SetCipherList(Suites* s, const char* list)
if (requirement == REQUIRES_ECC_STATIC)
return 1;
break;
#endif
default:
CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC");
@@ -8230,6 +8388,7 @@ int SetCipherList(Suites* s, const char* list)
if (first != ECC_BYTE) { /* normal suites */
switch (second) {
#ifndef NO_RSA
case SSL_RSA_WITH_RC4_128_SHA :
if (requirement == REQUIRES_RSA)
return 1;
@@ -8290,6 +8449,7 @@ int SetCipherList(Suites* s, const char* list)
if (requirement == REQUIRES_NTRU)
return 1;
break;
#endif
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
if (requirement == REQUIRES_PSK)
@@ -8316,6 +8476,7 @@ int SetCipherList(Suites* s, const char* list)
return 1;
break;
#ifndef NO_RSA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
if (requirement == REQUIRES_RSA)
return 1;
@@ -8392,6 +8553,7 @@ int SetCipherList(Suites* s, const char* list)
if (requirement == REQUIRES_DHE)
return 1;
break;
#endif
default:
CYASSL_MSG("Unsupported cipher suite, CipherRequires");
@@ -8582,10 +8744,14 @@ int SetCipherList(Suites* s, const char* list)
#endif
/* manually hash input since different format */
#ifndef NO_OLD_TLS
#ifndef NO_MD5
Md5Update(&ssl->hashMd5, input + idx, sz);
#endif
#ifndef NO_SHA
ShaUpdate(&ssl->hashSha, input + idx, sz);
#endif
#endif
#ifndef NO_SHA256
if (IsAtLeastTLSv1_2(ssl))
Sha256Update(&ssl->hashSha256, input + idx, sz);

104
src/ssl.c
View File

@@ -175,7 +175,6 @@ void CyaSSL_free(CYASSL* ssl)
}
#ifndef CYASSL_LEANPSK
int CyaSSL_set_fd(CYASSL* ssl, int fd)
{
CYASSL_ENTER("SSL_set_fd");
@@ -204,7 +203,6 @@ int CyaSSL_get_fd(const CYASSL* ssl)
CYASSL_LEAVE("SSL_get_fd", ssl->rfd);
return ssl->rfd;
}
#endif
#ifndef CYASSL_LEANPSK
@@ -545,6 +543,13 @@ int CyaSSL_get_error(CYASSL* ssl, int ret)
return ssl->error;
}
int CyaSSL_get_alert_history(CYASSL* ssl, CYASSL_ALERT_HISTORY *h)
{
if (ssl && h) {
*h = ssl->alert_history;
}
return 0;
}
int CyaSSL_want_read(CYASSL* ssl)
{
@@ -910,6 +915,8 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
or systems where the default of nearly 3kB is too much RAM, this define
uses less than 500 bytes RAM
default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
*/
#ifdef HUGE_SESSION_CACHE
#define SESSIONS_PER_ROW 11
@@ -1786,7 +1793,13 @@ int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
CYASSL_MSG("No CertManager error");
return ret;
}
tmp = CyaSSL_CTX_new(CyaSSLv3_client_method());
tmp = CyaSSL_CTX_new(
#ifdef NO_OLD_TLS
CyaTLSv1_2_client_method()
#else
CyaSSLv3_client_method()
#endif
);
if (tmp == NULL) {
CYASSL_MSG("CTX new failed");
@@ -2654,8 +2667,10 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
#ifdef CYASSL_DTLS
if (ssl->options.dtls) {
/* re-init hashes, exclude first hello and verify request */
#ifndef NO_OLD_TLS
InitMd5(&ssl->hashMd5);
InitSha(&ssl->hashSha);
#endif
#ifndef NO_SHA256
if (IsAtLeastTLSv1_2(ssl))
InitSha256(&ssl->hashSha256);
@@ -2695,31 +2710,38 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
case FIRST_REPLY_DONE :
#ifndef NO_CERTS
if (ssl->options.sendVerify)
if (ssl->options.sendVerify) {
if ( (ssl->error = SendCertificate(ssl)) != 0) {
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
CYASSL_MSG("sent: certificate");
}
#endif
ssl->options.connectState = FIRST_REPLY_FIRST;
CYASSL_MSG("connect state: FIRST_REPLY_FIRST");
case FIRST_REPLY_FIRST :
if (!ssl->options.resuming)
if (!ssl->options.resuming) {
if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
CYASSL_MSG("sent: client key exchange");
}
ssl->options.connectState = FIRST_REPLY_SECOND;
CYASSL_MSG("connect state: FIRST_REPLY_SECOND");
case FIRST_REPLY_SECOND :
#ifndef NO_CERTS
if (ssl->options.sendVerify)
if (ssl->options.sendVerify) {
if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
CYASSL_MSG("sent: certificate verify");
}
#endif
ssl->options.connectState = FIRST_REPLY_THIRD;
@@ -2730,6 +2752,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
CYASSL_MSG("sent: change cipher spec");
ssl->options.connectState = FIRST_REPLY_FOURTH;
CYASSL_MSG("connect state: FIRST_REPLY_FOURTH");
@@ -2738,7 +2761,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
CYASSL_MSG("sent: finished");
ssl->options.connectState = FINISHED_DONE;
CYASSL_MSG("connect state: FINISHED_DONE");
@@ -2898,8 +2921,10 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
if (ssl->options.dtls) {
ssl->options.clientState = NULL_STATE; /* get again */
/* re-init hashes, exclude first hello and verify request */
#ifndef NO_OLD_TLS
InitMd5(&ssl->hashMd5);
InitSha(&ssl->hashSha);
#endif
#ifndef NO_SHA256
if (IsAtLeastTLSv1_2(ssl))
InitSha256(&ssl->hashSha256);
@@ -5384,19 +5409,19 @@ int CyaSSL_set_compression(CYASSL* ssl)
(void)ssl;
/* client by default */
}
#endif
int CyaSSL_session_reused(CYASSL* ssl)
{
return ssl->options.resuming;
}
#ifdef OPENSSL_EXTRA
void CyaSSL_SESSION_free(CYASSL_SESSION* session)
{
(void)session;
}
#endif
const char* CyaSSL_get_version(CYASSL* ssl)
{
@@ -5420,6 +5445,13 @@ int CyaSSL_set_compression(CYASSL* ssl)
return "unknown";
}
int CyaSSL_get_current_cipher_suite(CYASSL* ssl)
{
CYASSL_ENTER("SSL_get_current_cipher_suite");
if (ssl)
return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite;
return 0;
}
CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL* ssl)
{
@@ -5433,7 +5465,10 @@ int CyaSSL_set_compression(CYASSL* ssl)
const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher)
{
(void)cipher;
CYASSL_ENTER("SSL_CIPHER_get_name");
#ifndef NO_ERROR_STRINGS
if (cipher) {
#ifdef HAVE_ECC
if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
@@ -5519,60 +5554,99 @@ int CyaSSL_set_compression(CYASSL* ssl)
return "NONE";
}
}
#endif
#endif /* ECC */
if (cipher->ssl->options.cipherSuite0 != ECC_BYTE) {
/* normal suites */
switch (cipher->ssl->options.cipherSuite) {
#ifndef NO_RSA
#ifndef NO_RC4
#ifndef NO_SHA
case SSL_RSA_WITH_RC4_128_SHA :
return "SSL_RSA_WITH_RC4_128_SHA";
#endif
#ifndef NO_MD5
case SSL_RSA_WITH_RC4_128_MD5 :
return "SSL_RSA_WITH_RC4_128_MD5";
#endif
#endif
#ifndef NO_SHA
#ifndef NO_DES3
case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
#endif
case TLS_RSA_WITH_AES_128_CBC_SHA :
return "TLS_RSA_WITH_AES_128_CBC_SHA";
case TLS_RSA_WITH_AES_256_CBC_SHA :
return "TLS_RSA_WITH_AES_256_CBC_SHA";
#endif
case TLS_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_RSA_WITH_AES_128_CBC_SHA256";
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_RSA_WITH_AES_256_CBC_SHA256";
#ifndef NO_SHA
case TLS_RSA_WITH_NULL_SHA :
return "TLS_RSA_WITH_NULL_SHA";
#endif
case TLS_RSA_WITH_NULL_SHA256 :
return "TLS_RSA_WITH_NULL_SHA256";
#endif /* NO_RSA */
#ifndef NO_PSK
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_PSK_WITH_AES_128_CBC_SHA256";
#ifndef NO_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA :
return "TLS_PSK_WITH_AES_128_CBC_SHA";
case TLS_PSK_WITH_AES_256_CBC_SHA :
return "TLS_PSK_WITH_AES_256_CBC_SHA";
#endif
case TLS_PSK_WITH_NULL_SHA256 :
return "TLS_PSK_WITH_NULL_SHA256";
#ifndef NO_SHA
case TLS_PSK_WITH_NULL_SHA :
return "TLS_PSK_WITH_NULL_SHA";
#endif
#endif /* NO_PSK */
#ifndef NO_RSA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
#ifndef NO_SHA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
#endif
#ifndef NO_HC128
#ifndef NO_MD5
case TLS_RSA_WITH_HC_128_CBC_MD5 :
return "TLS_RSA_WITH_HC_128_CBC_MD5";
#endif
#ifndef NO_SHA
case TLS_RSA_WITH_HC_128_CBC_SHA :
return "TLS_RSA_WITH_HC_128_CBC_SHA";
#endif
#endif /* NO_HC128 */
#ifndef NO_SHA
#ifndef NO_RABBIT
case TLS_RSA_WITH_RABBIT_CBC_SHA :
return "TLS_RSA_WITH_RABBIT_CBC_SHA";
#endif
#ifdef HAVE_NTRU
#ifndef NO_RC4
case TLS_NTRU_RSA_WITH_RC4_128_SHA :
return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
#endif
#ifndef NO_DES3
case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
#endif
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
#endif /* HAVE_NTRU */
#endif /* NO_SHA */
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_RSA_WITH_AES_128_GCM_SHA256";
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
@@ -5581,28 +5655,33 @@ int CyaSSL_set_compression(CYASSL* ssl)
return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
#ifndef NO_SHA
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
#endif
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
#ifndef NO_SHA
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
#endif
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
#endif /* NO_RSA */
default:
return "NONE";
} /* switch */
} /* normal / ECC */
}
#endif /* NO_ERROR_STRINGS */
return "NONE";
}
@@ -5613,6 +5692,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
return CyaSSL_CIPHER_get_name(CyaSSL_get_current_cipher(ssl));
}
#ifdef OPENSSL_EXTRA
/* XXX shuld be NO_DH */
#ifndef NO_CERTS

12
src/tls.c
View File

@@ -53,7 +53,7 @@
static void p_hash(byte* result, word32 resLen, const byte* secret,
word32 secLen, const byte* seed, word32 seedLen, int hash)
{
word32 len = SHA_DIGEST_SIZE;
word32 len = PHASH_MAX_DIGEST_SIZE;
word32 times;
word32 lastLen;
word32 lastTime;
@@ -89,6 +89,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
}
break;
#endif
#ifndef NO_SHA
case sha_mac:
default:
{
@@ -96,6 +97,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
hash = SHA;
}
break;
#endif
}
times = resLen / len;
@@ -125,7 +127,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
#ifndef NO_MD5
#ifndef NO_OLD_TLS
/* calculate XOR for TLSv1 PRF */
static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
@@ -194,7 +196,7 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen,
hash_type);
}
#ifndef NO_MD5
#ifndef NO_OLD_TLS
else
doPRF(digest, digLen, secret, secLen, label, labLen, seed, seedLen);
#endif
@@ -214,7 +216,7 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
byte handshake_hash[HSHASH_SZ];
word32 hashSz = FINISHED_SZ;
#ifndef NO_MD5
#ifndef NO_OLD_TLS
Md5Final(&ssl->hashMd5, handshake_hash);
ShaFinal(&ssl->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
#endif
@@ -430,12 +432,14 @@ void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
}
break;
#endif
#ifndef NO_SHA
case sha_mac:
default:
{
type = SHA;
}
break;
#endif
}
HmacSetKey(&hmac, type, GetMacSecret(ssl, verify), ssl->specs.hash_size);

2
tests/suites.c
View File

@@ -248,6 +248,8 @@ int SuiteTest(void)
args.argv = myArgv;
strcpy(argv0[0], "SuiteTest");
(void)test_harness;
#if !defined(NO_RSA)
/* default case */
args.argc = 1;