merge conflict

configure.ac

@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([cyassl],[2.1.0],[http://www.yassl.com])
+AC_INIT([cyassl],[2.1.1],[http://www.yassl.com])
 
 AC_CONFIG_AUX_DIR(config)
 
@@ -199,7 +199,7 @@ AC_ARG_ENABLE(bump,
 
 if test "$ENABLED_BUMP" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD"
+    AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD -DCYASSL_ALT_NAMES"
 fi
 
 # fastmath
@@ -470,6 +470,21 @@ then
 fi
 
 
+# OCSP
+AC_ARG_ENABLE(ocsp,
+    [  --enable-ocsp           Enable OCSP (default: disabled)],
+    [ ENABLED_OCSP=$enableval ],
+    [ ENABLED_OCSP=no ],
+    )
+
+if test "$ENABLED_OCSP" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
+fi
+
+AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
+
+
 # NTRU
 ntruHome=`pwd`/NTRU_algorithm
 ntruInclude=$ntruHome/cryptolib

ctaocrypt/src/aes.c

@@ -724,10 +724,25 @@ static const word32 Td[5][256] = {
 
 #ifdef CYASSL_AESNI
 
-#define cpuid(func,ax,bx,cx,dx)\
+#ifndef _MSC_VER
+
+    #define cpuid(func,ax,bx,cx,dx)\
         __asm__ __volatile__ ("cpuid":\
                        "=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func));
 
+#else
+
+    #define cpuid(func,ax,bx,cx,dx)\
+        __asm mov eax, func \
+        __asm cpuid \
+        __asm mov ax, eax \
+        __asm mov bx, ebx \
+        __asm mov cx, ecx \
+        __asm mov dx, edx
+
+#endif /* _MSC_VER */
+
+            
 static int Check_CPU_support_AES()
 {
     unsigned int a,b,c,d;

ctaocrypt/src/asn.c

@@ -1016,6 +1016,8 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
     cert->signature       = 0;
     cert->subjectCN       = 0;
     cert->subjectCNLen    = 0;
+    cert->issuer[0]       = '\0';
+    cert->subject[0]      = '\0';
     cert->source          = source;  /* don't own */
     cert->srcIdx          = 0;
     cert->maxIdx          = inSz;    /* can't go over this index */
@@ -2412,6 +2414,10 @@ void CTaoCryptErrorString(int error, char* buffer)
         XSTRNCPY(buffer, "No password provided by user", max);
         break;
 
+    case ALT_NAME_E :
+        XSTRNCPY(buffer, "Alt Name problem, too big", max);
+        break;
+
     default:
         XSTRNCPY(buffer, "unknown error number", max);
 
@@ -2601,7 +2607,9 @@ void InitCert(Cert* cert)
     cert->selfSigned = 1;
     cert->isCA       = 0;
     cert->bodySz     = 0;
+#ifdef CYASSL_ALT_NAMES
     cert->altNamesSz = 0;
+#endif
     cert->keyType    = RSA_KEY;
     XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE);
 
@@ -3149,12 +3157,14 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, RNG* rng,
     else
         der->extensionsSz = 0;
 
+#ifdef CYASSL_ALT_NAMES
     if (der->extensionsSz == 0 && cert->altNamesSz) {
         der->extensionsSz = SetExtensions(der->extensions, cert->altNames,
                                           cert->altNamesSz);
         if (der->extensionsSz == 0)
             return EXTENSIONS_E;
     }
+#endif
 
     der->total = der->versionSz + der->serialSz + der->sigAlgoSz +
         der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz +
@@ -3340,6 +3350,8 @@ int MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng)
 }
 
 
+#ifdef CYASSL_ALT_NAMES 
+
 /* Set Alt Names from der cert, return 0 on success */
 static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
 {
@@ -3410,6 +3422,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
                 else {
                     cert->altNamesSz = 0;
                     CYASSL_MSG("AltNames extensions too big");
+                    FreeDecodedCert(&decoded);
+                    return ALT_NAME_E;
                 }
             }
             decoded.srcIdx = tmpIdx + length;
@@ -3420,6 +3434,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
     return 0;
 }
 
+#endif /* CYASSL_ALT_NAMES */
+
 
 /* Set cn name from der buffer, return 0 on success */
 static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
@@ -3518,6 +3534,8 @@ int SetSubject(Cert* cert, const char* subjectFile)
 }
 
 
+#ifdef CYASSL_ALT_NAMES
+
 /* Set atl names from file in PEM */
 int SetAltNames(Cert* cert, const char* file)
 {
@@ -3527,6 +3545,8 @@ int SetAltNames(Cert* cert, const char* file)
     return SetAltNamesFromCert(cert, der, derSz);
 }
 
+#endif /* CYASSL_ALT_NAMES */
+
 #endif /* NO_FILESYSTEM */
 
 /* Set cert issuer from DER buffer */
@@ -3544,12 +3564,15 @@ int SetSubjectBuffer(Cert* cert, const byte* der, int derSz)
 }
 
 
+#ifdef CYASSL_ALT_NAMES
+
 /* Set cert alt names from DER buffer */
 int SetAltNamesBuffer(Cert* cert, const byte* der, int derSz)
 {
     return SetAltNamesFromCert(cert, der, derSz);
 }
 
+#endif /* CYASSL_ALT_NAMES */
 
 #endif /* CYASSL_CERT_GEN */
 

cyassl/ctaocrypt/asn.h

@@ -127,7 +127,11 @@ enum Misc_ASN {
     MAX_RSA_E_SZ        =  16,     /* Max RSA public e size */
     MAX_CA_SZ           =  32,     /* Max encoded CA basic constraint length */
 #ifdef CYASSL_CERT_GEN
+    #ifdef CYASSL_ALT_NAMES
         MAX_EXTENSIONS_SZ   = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
+    #else
+        MAX_EXTENSIONS_SZ   = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
+    #endif
                                    /* Max total extensions, id + len + others */
 #endif
     MAX_PUBLIC_KEY_SZ   = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2

cyassl/ctaocrypt/asn_public.h

@@ -59,7 +59,7 @@ enum Ctc_SigType {
 
 enum Ctc_Misc {
     CTC_NAME_SIZE    =   64,
-    CTC_MAX_ALT_SIZE = 512,
+    CTC_MAX_ALT_SIZE = 8192,    /* may be huge */
     CTC_SERIAL_SIZE  =    8
 };
 
@@ -88,8 +88,10 @@ typedef struct Cert {
     /* internal use only */
     int      bodySz;                    /* pre sign total size */
     int      keyType;                   /* public key type of subject */
+#ifdef CYASSL_ALT_NAMES
     byte     altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
     int      altNamesSz;                 /* altNames size in bytes */
+#endif
 } Cert;
 
 
@@ -113,7 +115,9 @@ CYASSL_API int  MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
                              RNG*);
 CYASSL_API int  SetIssuer(Cert*, const char*);
 CYASSL_API int  SetSubject(Cert*, const char*);
-CYASSL_API int  SetAltNames(Cert*, const char*);
+#ifdef CYASSL_ALT_NAMES
+    CYASSL_API int  SetAltNames(Cert*, const char*);
+#endif
 CYASSL_API int  SetIssuerBuffer(Cert*, const byte*, int);
 CYASSL_API int  SetSubjectBuffer(Cert*, const byte*, int);
 CYASSL_API int  SetAltNamesBuffer(Cert*, const byte*, int);

cyassl/ctaocrypt/error.h

@@ -96,6 +96,7 @@ enum {
     NOT_COMPILED_IN    = -174,  /* Feature not compiled in */
     UNICODE_SIZE_E     = -175,  /* Unicode password too big */
     NO_PASSWORD        = -176,  /* no password provided by user */
+    ALT_NAME_E         = -177,  /* alt name size problem, too big */
 
     MIN_CODE_E         = -200   /* errors -101 - -199 */
 };

src/include.am

@@ -66,3 +66,7 @@ if BUILD_ECC
 src_libcyassl_la_SOURCES += ctaocrypt/src/ecc.c
 endif
 
+if BUILD_OCSP
+src_libcyassl_la_SOURCES += src/ocsp.c
+endif
+

src/internal.c

@@ -1624,21 +1624,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
             }
         }
 
-        if (fatal) {
-            FreeDecodedCert(&dCert);
-            ssl->error = ret;
-            return ret;
-        }
-        ssl->options.havePeerCert = 1;
-        /* set X509 format */
 #ifdef OPENSSL_EXTRA
+        /* set X509 format for peer cert even if fatal */
         XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
         ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0';
-        ssl->peerCert.issuer.sz = (int)XSTRLEN(dCert.issuer) + 1;
+        ssl->peerCert.issuer.sz = (int)XSTRLEN(ssl->peerCert.issuer.name) + 1;
 
         XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
         ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0';
-        ssl->peerCert.subject.sz   = (int)XSTRLEN(dCert.subject) + 1;
+        ssl->peerCert.subject.sz = (int)XSTRLEN(ssl->peerCert.subject.name) + 1;
 
         XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE);
         ssl->peerCert.serialSz = dCert.serialSz;
@@ -1658,6 +1652,13 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
         ssl->peerCert.derCert.length = myCert.length;
 #endif    
 
+        if (fatal) {
+            FreeDecodedCert(&dCert);
+            ssl->error = ret;
+            return ret;
+        }
+        ssl->options.havePeerCert = 1;
+
         /* store for callback use */
         if (dCert.subjectCNLen < ASN_NAME_MAX) {
             XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);

src/ocsp.c

@@ -0,0 +1,35 @@
+/* ocsp.c
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <cyassl/error.h>
+#include <cyassl/ctaocrypt/asn.h>
+
+
+#ifdef HAVE_OCSP
+
+void ocsp_stub(void) {}
+
+#endif /* HAVE_OCSP */
+

src/ssl.c

@@ -2095,17 +2095,28 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
 
 #endif /* NO_CYASSL_SERVER */
 
+/* prevent multiple mutex initializations */
+static volatile int initRefCount = 0;
 
 int CyaSSL_Init(void)
 {
     int ret = 0;
+
     CYASSL_ENTER("CyaSSL_Init");
+
+    if (initRefCount == 0) {
 #ifndef NO_SESSION_CACHE
         if (InitMutex(&session_mutex) != 0)
             ret = BAD_MUTEX_ERROR;
 #endif
         if (InitMutex(&ca_mutex) != 0)
             ret = BAD_MUTEX_ERROR;
+    }
+    if (ret == 0) {
+        LockMutex(&ca_mutex);
+        initRefCount++;
+        UnLockMutex(&ca_mutex);
+    }
 
     return ret;
 }
@@ -2114,7 +2125,21 @@ int CyaSSL_Init(void)
 int CyaSSL_Cleanup(void)
 {
     int ret = 0;
+    int release = 0;
+
     CYASSL_ENTER("CyaSSL_Cleanup");
+
+    LockMutex(&ca_mutex);
+
+    release = initRefCount-- == 1;
+    if (initRefCount < 0)
+        initRefCount = 0;
+
+    UnLockMutex(&ca_mutex);
+
+    if (!release)
+        return ret;
+
 #ifndef NO_SESSION_CACHE
     if (FreeMutex(&session_mutex) != 0)
         ret = BAD_MUTEX_ERROR;

tests/api.c

@@ -32,16 +32,19 @@ static int test_CyaSSL_Init(void);
 static int test_CyaSSL_Cleanup(void);
 static int test_CyaSSL_Method_Allocators(void);
 static int test_CyaSSL_CTX_new(CYASSL_METHOD *method);
+#ifndef NO_FILESYSTEM
 static int test_CyaSSL_CTX_use_certificate_file(void);
 static int test_CyaSSL_CTX_use_PrivateKey_file(void);
 static int test_CyaSSL_CTX_load_verify_locations(void);
 static int test_server_CyaSSL_new(void);
 static int test_client_CyaSSL_new(void);
 static int test_CyaSSL_read_write(void);
+#endif
 
 /* test function helpers */
 static int test_method(CYASSL_METHOD *method, const char *name);
 static int test_method2(CYASSL_METHOD *method, const char *name);
+#ifndef NO_FILESYSTEM
 static int test_ucf(CYASSL_CTX *ctx, const char* file, int type,
     int cond, const char* name);
 static int test_upkf(CYASSL_CTX *ctx, const char* file, int type,
@@ -52,6 +55,7 @@ static int test_lvl(CYASSL_CTX *ctx, const char* file, const char* path,
 THREAD_RETURN CYASSL_THREAD test_server_nofail(void*);
 void test_client_nofail(void*);
 void wait_tcp_ready(func_args*);
+#endif
 
 static const char* bogusFile  = "/dev/null";
 static const char* testingFmt = "   %s:";
@@ -69,12 +73,14 @@ int ApiTest(void)
     test_CyaSSL_Init();
     test_CyaSSL_Method_Allocators();
     test_CyaSSL_CTX_new(CyaSSLv23_server_method());
+#ifndef NO_FILESYSTEM
     test_CyaSSL_CTX_use_certificate_file();
     test_CyaSSL_CTX_use_PrivateKey_file();
     test_CyaSSL_CTX_load_verify_locations();
     test_server_CyaSSL_new();
     test_client_CyaSSL_new();
     test_CyaSSL_read_write();
+#endif
     test_CyaSSL_Cleanup();
     printf(" End API Tests\n");
 
@@ -191,6 +197,7 @@ int test_CyaSSL_CTX_new(CYASSL_METHOD *method)
     return TEST_SUCCESS;
 }
 
+#ifndef NO_FILESYSTEM
 /* Helper for testing CyaSSL_CTX_use_certificate_file() */
 int test_ucf(CYASSL_CTX *ctx, const char* file, int type, int cond,
     const char* name)
@@ -771,6 +778,6 @@ void FreeTcpReady(tcp_ready* ready)
     pthread_cond_destroy(&ready->cond);
 #endif
 }
-
+#endif /* NO_FILESYSTEM */
 
 

tests/hash.c

@@ -19,6 +19,10 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <stdio.h>
 
 #include <cyassl/ctaocrypt/md4.h>