wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
John Safranek
2012-05-18 15:33:54 -07:00
parent a3e94f335b 88b46d58d7
commit 8bf2d13f89
11 changed files with 111 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
README
View File

@@ -34,7 +34,26 @@ before calling SSL_new(); Though it's not recommended.
*** end Note *** *** end Note ***
CyaSSL Release 2.0.8 (2/24/2012) CyaSSL Release 2.2.0 (5/18/2012)
Release 2.2.0 CyaSSL has bug fixes and a few new features including:
- Initial CRL support (--enable-crl)
- Initial OCSP support (--enable-ocsp)
- Add static ECDH suites
- SHA-384 support
- ECC client certificate support
- Add medium session cache size (1055 sessions)
- Updated unit tests
- Protection against mutex reinitialization
The CyaSSL manual is available at:
http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
and comments about the new features please check the manual.
***************CyaSSL Release 2.0.8 (2/24/2012)
Release 2.0.8 CyaSSL has bug fixes and a few new features including: Release 2.0.8 CyaSSL has bug fixes and a few new features including:
- A fix for malicious certificates pointed out by Remi Gacogne (thanks) - A fix for malicious certificates pointed out by Remi Gacogne (thanks)

4
configure.ac
View File

@@ -6,7 +6,7 @@
# #
# #
AC_INIT([cyassl],[2.1.7],[http://www.yassl.com]) AC_INIT([cyassl],[2.2.0],[http://www.yassl.com])
AC_CONFIG_AUX_DIR(config) AC_CONFIG_AUX_DIR(config)
@@ -25,7 +25,7 @@ AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
#shared library versioning #shared library versioning
CYASSL_LIBRARY_VERSION=3:0:0 CYASSL_LIBRARY_VERSION=3:1:0
# | | | # | | |
# +------+ | +---+ # +------+ | +---+
# | | | # | | |

3
ctaocrypt/src/asn.c
View File

@@ -4821,8 +4821,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, long sz)
if (GetBasicDate(buff, &idx, dcrl->nextDate, sz) < 0) if (GetBasicDate(buff, &idx, dcrl->nextDate, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (idx != dcrl->sigIndex && buff[idx] != CRL_EXTENSIONS) {
if (idx != dcrl->sigIndex) {
if (GetSequence(buff, &idx, &len, sz) < 0) if (GetSequence(buff, &idx, &len, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;

7
ctaocrypt/test/test.c
View File

@@ -1685,6 +1685,9 @@ int openssl_test()
testVector a, b, c, d, e, f; testVector a, b, c, d, e, f;
byte hash[SHA_DIGEST_SIZE*4]; /* max size */ byte hash[SHA_DIGEST_SIZE*4]; /* max size */
(void)e;
(void)f;
a.input = "1234567890123456789012345678901234567890123456789012345678" a.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890"; "9012345678901234567890";
a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
@@ -1758,7 +1761,7 @@ int openssl_test()
#endif /* CYASSL_SHA384 */ #endif /* CYASSL_SHA384 */
#ifdef CYASSL_SHA384 #ifdef CYASSL_SHA512
f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
@@ -1779,7 +1782,7 @@ int openssl_test()
if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0) if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0)
return -80; return -80;
#endif /* CYASSL_SHA384 */ #endif /* CYASSL_SHA512 */
if (RAND_bytes(hash, sizeof(hash)) != 1) if (RAND_bytes(hash, sizeof(hash)) != 1)

2
cyassl/crl.h
View File

@@ -35,7 +35,7 @@ typedef struct CYASSL_CRL CYASSL_CRL;
CYASSL_LOCAL int InitCRL(CYASSL_CRL*, CYASSL_CERT_MANAGER*); CYASSL_LOCAL int InitCRL(CYASSL_CRL*, CYASSL_CERT_MANAGER*);
CYASSL_LOCAL void FreeCRL(CYASSL_CRL*); CYASSL_LOCAL void FreeCRL(CYASSL_CRL*);
CYASSL_LOCAL int LoadCRL(CYASSL_CRL* crl, const char* path, int type); CYASSL_LOCAL int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int mon);
CYASSL_LOCAL int BufferLoadCRL(CYASSL_CRL*, const byte*, long, int); CYASSL_LOCAL int BufferLoadCRL(CYASSL_CRL*, const byte*, long, int);
CYASSL_LOCAL int CheckCertCRL(CYASSL_CRL*, DecodedCert*); CYASSL_LOCAL int CheckCertCRL(CYASSL_CRL*, DecodedCert*);

1
cyassl/ctaocrypt/asn.h
View File

@@ -62,6 +62,7 @@ enum ASN_Tags {
ASN_SET = 0x11, ASN_SET = 0x11,
ASN_UTC_TIME = 0x17, ASN_UTC_TIME = 0x17,
ASN_GENERALIZED_TIME = 0x18, ASN_GENERALIZED_TIME = 0x18,
CRL_EXTENSIONS = 0xa0,
ASN_EXTENSIONS = 0xa3, ASN_EXTENSIONS = 0xa3,
ASN_LONG_LENGTH = 0x80 ASN_LONG_LENGTH = 0x80
}; };

7
cyassl/openssl/ssl.h
View File

@@ -34,6 +34,13 @@
extern "C" { extern "C" {
#endif #endif
#ifdef _WIN32
/* wincrypt.h clashes */
#undef X509_NAME
#undef OCSP_REQUEST
#undef OCSP_RESPONSE
#endif
typedef CYASSL SSL; typedef CYASSL SSL;
typedef CYASSL_SESSION SSL_SESSION; typedef CYASSL_SESSION SSL_SESSION;

15
cyassl/ssl.h
View File

@@ -43,12 +43,6 @@
#define CYASSL_VERSION LIBCYASSL_VERSION_STRING #define CYASSL_VERSION LIBCYASSL_VERSION_STRING
#endif #endif
#ifdef _WIN32
/* wincrypt.h clashes */
#undef X509_NAME
#undef OCSP_REQUEST
#undef OCSP_RESPONSE
#endif
#ifdef __cplusplus #ifdef __cplusplus
@@ -789,19 +783,22 @@ CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
const char* d); const char* d);
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f, CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
int format); int format);
CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
int sz);
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options); CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*); CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*,int); CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*, int,
int);
CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL); CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL);
CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options); CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl); CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int); CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int);
CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL); CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);
CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options); CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx); CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int); CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL); CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);

2
examples/client/client.c
View File

@@ -209,7 +209,7 @@ void client_test(void* args)
CyaSSL_set_fd(ssl, sockfd); CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL #ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0); CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM); CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack); CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
#endif #endif
if (argc != 3) if (argc != 3)

6
src/crl.c
View File

@@ -250,7 +250,7 @@ int BufferLoadCRL(CYASSL_CRL* crl, const byte* buff, long sz, int type)
/* Load CRL path files of type, SSL_SUCCESS on ok */ /* Load CRL path files of type, SSL_SUCCESS on ok */
int LoadCRL(CYASSL_CRL* crl, const char* path, int type) int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
{ {
struct dirent* entry; struct dirent* entry;
DIR* dir; DIR* dir;
@@ -293,6 +293,10 @@ int LoadCRL(CYASSL_CRL* crl, const char* path, int type)
} }
} }
if (monitor) {
CYASSL_MSG("monitor path requested");
}
return SSL_SUCCESS; return SSL_SUCCESS;
} }

79
src/ssl.c
View File

@@ -1332,6 +1332,10 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
if (ret == 0) if (ret == 0)
ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm); ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
#ifdef HAVE_CRL
if (ret == 0 && cm->crlEnabled)
ret = CheckCertCRL(cm->crl, &cert);
#endif
} }
FreeDecodedCert(&cert); FreeDecodedCert(&cert);
@@ -1379,18 +1383,19 @@ int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
} }
/* turn on CRL if off and compiled in, set options */ /* turn on CRL if off and compiled in, set options */
int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options) int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options)
{ {
int ret = SSL_SUCCESS;
(void)options; (void)options;
CYASSL_ENTER("CyaSSL_CertManagerEnableCRL"); CYASSL_ENTER("CyaSSL_CertManagerEnableCRL");
if (cm == NULL) if (cm == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#ifndef HAVE_CRL #ifdef HAVE_CRL
return NOT_COMPILED_IN;
#else
if (cm->crl == NULL) { if (cm->crl == NULL) {
cm->crl = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), cm->heap, cm->crl = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), cm->heap,
DYNAMIC_TYPE_CRL); DYNAMIC_TYPE_CRL);
@@ -1407,9 +1412,11 @@ int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options)
cm->crlEnabled = 1; cm->crlEnabled = 1;
if (options & CYASSL_CRL_CHECKALL) if (options & CYASSL_CRL_CHECKALL)
cm->crlCheckAll = 1; cm->crlCheckAll = 1;
#else
ret = NOT_COMPILED_IN;
#endif #endif
return SSL_SUCCESS; return ret;
} }
@@ -1428,6 +1435,43 @@ int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm)
#ifdef HAVE_CRL #ifdef HAVE_CRL
/* check CRL if enabled, SSL_SUCCESS */
int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
{
int ret;
DecodedCert cert;
CYASSL_ENTER("CyaSSL_CertManagerCheckCRL");
if (cm == NULL)
return BAD_FUNC_ARG;
if (cm->crlEnabled == 0)
return SSL_SUCCESS;
InitDecodedCert(&cert, der, sz, NULL);
ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm);
if (ret != 0) {
CYASSL_MSG("ParseCert failed");
return ret;
}
else {
ret = CheckCertCRL(cm->crl, &cert);
if (ret != 0) {
CYASSL_MSG("CheckCertCRL failed");
}
}
FreeDecodedCert(&cert);
if (ret == 0)
return SSL_SUCCESS; /* convert */
return ret;
}
int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb) int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
{ {
CYASSL_ENTER("CyaSSL_CertManagerLoadCRL"); CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
@@ -1441,7 +1485,7 @@ int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path, int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
int type) int type, int monitor)
{ {
CYASSL_ENTER("CyaSSL_CertManagerLoadCRL"); CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
if (cm == NULL) if (cm == NULL)
@@ -1454,7 +1498,7 @@ int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
} }
} }
return LoadCRL(cm->crl, path, type); return LoadCRL(cm->crl, path, type, monitor);
} }
@@ -1478,11 +1522,11 @@ int CyaSSL_DisableCRL(CYASSL* ssl)
} }
int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type) int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type, int monitor)
{ {
CYASSL_ENTER("CyaSSL_LoadCRL"); CYASSL_ENTER("CyaSSL_LoadCRL");
if (ssl) if (ssl)
return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type); return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
else else
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -1518,11 +1562,11 @@ int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx)
} }
int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type) int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type, int monitor)
{ {
CYASSL_ENTER("CyaSSL_CTX_LoadCRL"); CYASSL_ENTER("CyaSSL_CTX_LoadCRL");
if (ctx) if (ctx)
return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type); return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
else else
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -5947,7 +5991,7 @@ static int initGlobalRNG = 0;
{ {
CYASSL_MSG("CyaSSL_BN_clear_free"); CYASSL_MSG("CyaSSL_BN_clear_free");
return CyaSSL_BN_free(bn); CyaSSL_BN_free(bn);
} }
@@ -6822,6 +6866,8 @@ static int initGlobalRNG = 0;
CYASSL_MSG("CyaSSL_RSA_generate_key_ex"); CYASSL_MSG("CyaSSL_RSA_generate_key_ex");
(void)rsa;
(void)bits;
(void)cb; (void)cb;
(void)bn; (void)bn;
@@ -6835,10 +6881,6 @@ static int initGlobalRNG = 0;
CYASSL_MSG("MakeRsaKey failed"); CYASSL_MSG("MakeRsaKey failed");
return -1; return -1;
} }
#else
CYASSL_MSG("No Key Gen built in");
return -1;
#endif
if (SetRsaExternal(rsa) < 0) { if (SetRsaExternal(rsa) < 0) {
CYASSL_MSG("SetRsaExternal failed"); CYASSL_MSG("SetRsaExternal failed");
@@ -6848,6 +6890,11 @@ static int initGlobalRNG = 0;
rsa->inSet = 1; rsa->inSet = 1;
return 1; /* success */ return 1; /* success */
#else
CYASSL_MSG("No Key Gen built in");
return -1;
#endif
} }
@@ -7176,7 +7223,6 @@ static int initGlobalRNG = 0;
default: default:
CYASSL_MSG("Bad digest id value"); CYASSL_MSG("Bad digest id value");
return NULL;
} }
return NULL; return NULL;
@@ -7367,7 +7413,6 @@ static int initGlobalRNG = 0;
default: { default: {
CYASSL_MSG("bad type"); CYASSL_MSG("bad type");
return 0;
} }
} }
return 0; return 0;