len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-04-19 21:11:57 -04:00
Code Issues Packages Projects Releases Wiki Activity

Prepare for V7.2.0 release.

Browse source
This commit is contained in:
Richard Barry 2012-08-14 12:14:48 +00:00
parent 73ad4387e2
commit e0bab5981a
1071 changed files with 8726 additions and 2457 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
FreeRTOS-Plus/CyaSSL/Makefile.am
View file

@ -21,10 +21,6 @@ exampledir = $(docdir)/@PACKAGE@/example
example_DATA=
EXTRA_DIST+= $(example_DATA)
certsdir = $(sysconfdir)/ssl/certs
certs_DATA=
EXTRA_DIST+= $(certs_DATA)
EXTRA_DIST+= $(doc_DATA)
ACLOCAL_AMFLAGS= -I m4 --install

244
FreeRTOS-Plus/CyaSSL/Makefile.in
View file

@ -134,16 +134,19 @@ DIST_COMMON = README $(am__configure_deps) $(include_HEADERS) \
config/config.sub config/depcomp config/install-sh \
config/ltmain.sh config/missing
@BUILD_AESNI_TRUE@am__append_1 = ctaocrypt/src/aes_asm.s
@BUILD_RIPEMD_TRUE@am__append_2 = ctaocrypt/src/ripemd.c
@BUILD_SHA512_TRUE@am__append_3 = ctaocrypt/src/sha512.c
@BUILD_SNIFFER_TRUE@am__append_4 = src/sniffer.c
@BUILD_HC128_TRUE@am__append_5 = ctaocrypt/src/hc128.c
@BUILD_NOINLINE_TRUE@am__append_6 = ctaocrypt/src/misc.c
@BUILD_FASTMATH_TRUE@am__append_7 = ctaocrypt/src/tfm.c
@BUILD_FASTMATH_FALSE@am__append_8 = ctaocrypt/src/integer.c
@BUILD_ECC_TRUE@am__append_9 = ctaocrypt/src/ecc.c
@BUILD_OCSP_TRUE@am__append_10 = src/ocsp.c
@BUILD_CRL_TRUE@am__append_11 = src/crl.c
@BUILD_MD2_TRUE@am__append_2 = ctaocrypt/src/md2.c
@BUILD_RIPEMD_TRUE@am__append_3 = ctaocrypt/src/ripemd.c
@BUILD_SHA512_TRUE@am__append_4 = ctaocrypt/src/sha512.c
@BUILD_SNIFFER_TRUE@am__append_5 = src/sniffer.c
@BUILD_HC128_TRUE@am__append_6 = ctaocrypt/src/hc128.c
@BUILD_NOINLINE_TRUE@am__append_7 = ctaocrypt/src/misc.c
@BUILD_FASTMATH_TRUE@am__append_8 = ctaocrypt/src/tfm.c
@BUILD_FASTMATH_FALSE@am__append_9 = ctaocrypt/src/integer.c
@BUILD_ECC_TRUE@am__append_10 = ctaocrypt/src/ecc.c
@BUILD_OCSP_TRUE@am__append_11 = src/ocsp.c
@BUILD_CRL_TRUE@am__append_12 = src/crl.c
@BUILD_CRL_MONITOR_TRUE@am__append_13 = $(PTHREAD_CFLAGS)
@BUILD_CRL_MONITOR_TRUE@am__append_14 = $(PTHREAD_LIBS)
subdir = .
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \
@ -166,13 +169,14 @@ am__vpath_adj = case $$p in \
esac;
am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
"$(DESTDIR)$(certsdir)" "$(DESTDIR)$(docdir)" \
"$(DESTDIR)$(exampledir)" "$(DESTDIR)$(includedir)" \
"$(DESTDIR)$(includedir)"
"$(DESTDIR)$(docdir)" "$(DESTDIR)$(exampledir)" \
"$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"
libLTLIBRARIES_INSTALL = $(INSTALL)
LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
am__DEPENDENCIES_1 =
src_libcyassl_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
@BUILD_CRL_MONITOR_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
src_libcyassl_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_2)
am__src_libcyassl_la_SOURCES_DIST = src/internal.c src/io.c src/keys.c \
src/ssl.c src/tls.c ctaocrypt/src/asn.c ctaocrypt/src/coding.c \
ctaocrypt/src/des3.c ctaocrypt/src/hmac.c ctaocrypt/src/md5.c \
@ -181,28 +185,30 @@ am__src_libcyassl_la_SOURCES_DIST = src/internal.c src/io.c src/keys.c \
ctaocrypt/src/dh.c ctaocrypt/src/dsa.c ctaocrypt/src/arc4.c \
ctaocrypt/src/rabbit.c ctaocrypt/src/pwdbased.c \
ctaocrypt/src/logging.c ctaocrypt/src/memory.c \
ctaocrypt/src/aes_asm.s ctaocrypt/src/ripemd.c \
ctaocrypt/src/sha512.c src/sniffer.c ctaocrypt/src/hc128.c \
ctaocrypt/src/misc.c ctaocrypt/src/tfm.c \
ctaocrypt/src/aes_asm.s ctaocrypt/src/md2.c \
ctaocrypt/src/ripemd.c ctaocrypt/src/sha512.c src/sniffer.c \
ctaocrypt/src/hc128.c ctaocrypt/src/misc.c ctaocrypt/src/tfm.c \
ctaocrypt/src/integer.c ctaocrypt/src/ecc.c src/ocsp.c \
src/crl.c
am__dirstamp = $(am__leading_dot)dirstamp
@BUILD_AESNI_TRUE@am__objects_1 = ctaocrypt/src/aes_asm.lo
@BUILD_RIPEMD_TRUE@am__objects_2 = \
@BUILD_MD2_TRUE@am__objects_2 = ctaocrypt/src/src_libcyassl_la-md2.lo
@BUILD_RIPEMD_TRUE@am__objects_3 = \
@BUILD_RIPEMD_TRUE@ ctaocrypt/src/src_libcyassl_la-ripemd.lo
@BUILD_SHA512_TRUE@am__objects_3 = \
@BUILD_SHA512_TRUE@am__objects_4 = \
@BUILD_SHA512_TRUE@ ctaocrypt/src/src_libcyassl_la-sha512.lo
@BUILD_SNIFFER_TRUE@am__objects_4 = src/src_libcyassl_la-sniffer.lo
@BUILD_HC128_TRUE@am__objects_5 = \
@BUILD_SNIFFER_TRUE@am__objects_5 = src/src_libcyassl_la-sniffer.lo
@BUILD_HC128_TRUE@am__objects_6 = \
@BUILD_HC128_TRUE@ ctaocrypt/src/src_libcyassl_la-hc128.lo
@BUILD_NOINLINE_TRUE@am__objects_6 = \
@BUILD_NOINLINE_TRUE@am__objects_7 = \
@BUILD_NOINLINE_TRUE@ ctaocrypt/src/src_libcyassl_la-misc.lo
@BUILD_FASTMATH_TRUE@am__objects_7 = \
@BUILD_FASTMATH_TRUE@am__objects_8 = \
@BUILD_FASTMATH_TRUE@ ctaocrypt/src/src_libcyassl_la-tfm.lo
@BUILD_FASTMATH_FALSE@am__objects_8 = ctaocrypt/src/src_libcyassl_la-integer.lo
@BUILD_ECC_TRUE@am__objects_9 = ctaocrypt/src/src_libcyassl_la-ecc.lo
@BUILD_OCSP_TRUE@am__objects_10 = src/src_libcyassl_la-ocsp.lo
@BUILD_CRL_TRUE@am__objects_11 = src/src_libcyassl_la-crl.lo
@BUILD_FASTMATH_FALSE@am__objects_9 = ctaocrypt/src/src_libcyassl_la-integer.lo
@BUILD_ECC_TRUE@am__objects_10 = \
@BUILD_ECC_TRUE@ ctaocrypt/src/src_libcyassl_la-ecc.lo
@BUILD_OCSP_TRUE@am__objects_11 = src/src_libcyassl_la-ocsp.lo
@BUILD_CRL_TRUE@am__objects_12 = src/src_libcyassl_la-crl.lo
am_src_libcyassl_la_OBJECTS = src/src_libcyassl_la-internal.lo \
src/src_libcyassl_la-io.lo src/src_libcyassl_la-keys.lo \
src/src_libcyassl_la-ssl.lo src/src_libcyassl_la-tls.lo \
@ -227,7 +233,7 @@ am_src_libcyassl_la_OBJECTS = src/src_libcyassl_la-internal.lo \
$(am__objects_2) $(am__objects_3) $(am__objects_4) \
$(am__objects_5) $(am__objects_6) $(am__objects_7) \
$(am__objects_8) $(am__objects_9) $(am__objects_10) \
$(am__objects_11)
$(am__objects_11) $(am__objects_12)
src_libcyassl_la_OBJECTS = $(am_src_libcyassl_la_OBJECTS)
src_libcyassl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(src_libcyassl_la_CFLAGS) \
@ -261,7 +267,9 @@ sslSniffer_sslSnifferTest_snifftest_OBJECTS = \
am_tests_unit_OBJECTS = tests/tests_unit-unit.$(OBJEXT) \
tests/tests_unit-api.$(OBJEXT) \
tests/tests_unit-suites.$(OBJEXT) \
tests/tests_unit-hash.$(OBJEXT)
tests/tests_unit-hash.$(OBJEXT) \
examples/client/tests_unit-client.$(OBJEXT) \
examples/server/tests_unit-server.$(OBJEXT)
tests_unit_OBJECTS = $(am_tests_unit_OBJECTS)
tests_unit_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(tests_unit_CFLAGS) \
@ -311,10 +319,9 @@ DIST_SOURCES = $(am__src_libcyassl_la_SOURCES_DIST) \
$(examples_server_server_SOURCES) \
$(sslSniffer_sslSnifferTest_snifftest_SOURCES) \
$(tests_unit_SOURCES) $(testsuite_testsuite_SOURCES)
certsDATA_INSTALL = $(INSTALL_DATA)
docDATA_INSTALL = $(INSTALL_DATA)
exampleDATA_INSTALL = $(INSTALL_DATA)
DATA = $(certs_DATA) $(doc_DATA) $(example_DATA)
DATA = $(doc_DATA) $(example_DATA)
includeHEADERS_INSTALL = $(INSTALL_HEADER)
nobase_includeHEADERS_INSTALL = $(install_sh_DATA)
HEADERS = $(include_HEADERS) $(nobase_include_HEADERS) \
@ -483,19 +490,19 @@ nobase_include_HEADERS = cyassl/ctaocrypt/aes.h \
cyassl/ctaocrypt/dsa.h cyassl/ctaocrypt/ecc.h \
cyassl/ctaocrypt/error.h cyassl/ctaocrypt/hc128.h \
cyassl/ctaocrypt/hmac.h cyassl/ctaocrypt/integer.h \
cyassl/ctaocrypt/md4.h cyassl/ctaocrypt/md5.h \
cyassl/ctaocrypt/misc.h cyassl/ctaocrypt/pwdbased.h \
cyassl/ctaocrypt/rabbit.h cyassl/ctaocrypt/random.h \
cyassl/ctaocrypt/ripemd.h cyassl/ctaocrypt/rsa.h \
cyassl/ctaocrypt/settings.h cyassl/ctaocrypt/sha256.h \
cyassl/ctaocrypt/sha512.h cyassl/ctaocrypt/sha.h \
cyassl/ctaocrypt/tfm.h cyassl/ctaocrypt/types.h \
cyassl/ctaocrypt/visibility.h cyassl/ctaocrypt/logging.h \
cyassl/ctaocrypt/memory.h cyassl/ctaocrypt/mpi_class.h \
cyassl/ctaocrypt/mpi_superclass.h cyassl/openssl/asn1.h \
cyassl/openssl/bio.h cyassl/openssl/bn.h cyassl/openssl/conf.h \
cyassl/openssl/crypto.h cyassl/openssl/des.h \
cyassl/openssl/dh.h cyassl/openssl/dsa.h \
cyassl/ctaocrypt/md2.h cyassl/ctaocrypt/md4.h \
cyassl/ctaocrypt/md5.h cyassl/ctaocrypt/misc.h \
cyassl/ctaocrypt/pwdbased.h cyassl/ctaocrypt/rabbit.h \
cyassl/ctaocrypt/random.h cyassl/ctaocrypt/ripemd.h \
cyassl/ctaocrypt/rsa.h cyassl/ctaocrypt/settings.h \
cyassl/ctaocrypt/sha256.h cyassl/ctaocrypt/sha512.h \
cyassl/ctaocrypt/sha.h cyassl/ctaocrypt/tfm.h \
cyassl/ctaocrypt/types.h cyassl/ctaocrypt/visibility.h \
cyassl/ctaocrypt/logging.h cyassl/ctaocrypt/memory.h \
cyassl/ctaocrypt/mpi_class.h cyassl/ctaocrypt/mpi_superclass.h \
cyassl/openssl/asn1.h cyassl/openssl/bio.h cyassl/openssl/bn.h \
cyassl/openssl/conf.h cyassl/openssl/crypto.h \
cyassl/openssl/des.h cyassl/openssl/dh.h cyassl/openssl/dsa.h \
cyassl/openssl/ecdsa.h cyassl/openssl/ec.h \
cyassl/openssl/engine.h cyassl/openssl/err.h \
cyassl/openssl/evp.h cyassl/openssl/hmac.h \
@ -513,13 +520,25 @@ nobase_include_HEADERS = cyassl/ctaocrypt/aes.h \
cyassl/version.h cyassl/ocsp.h cyassl/crl.h
EXTRA_HEADERS =
BUILT_SOURCES =
EXTRA_DIST = $(example_DATA) $(certs_DATA) $(doc_DATA) lib/dummy \
cyassl-ntru.vcproj cyassl.vcproj \
cyassl-iphone.xcodeproj/project.pbxproj cyassl-ntru.sln \
cyassl.sln cyassl/sniffer_error.rc ${certs_DATA} \
certs/ntru-key.raw ${certs_DATA} swig/PythonBuild.sh \
swig/README swig/cyassl.i swig/cyassl_adds.c \
swig/python_cyassl.vcproj swig/rsasign.py swig/runme.py \
EXTRA_DIST = $(example_DATA) $(doc_DATA) lib/dummy cyassl-ntru.vcproj \
cyassl.vcproj cyassl-iphone.xcodeproj/project.pbxproj \
cyassl-ntru.sln cyassl.sln cyassl/sniffer_error.rc \
certs/ca-cert.pem certs/ca-key.pem certs/client-cert.pem \
certs/client-keyEnc.pem certs/client-key.pem certs/ecc-key.pem \
certs/ecc-keyPkcs8.pem certs/ecc-client-key.pem \
certs/client-ecc-cert.pem certs/ntru-cert.pem certs/dh2048.pem \
certs/server-cert.pem certs/server-ecc.pem \
certs/server-ecc-rsa.pem certs/server-keyEnc.pem \
certs/server-key.pem certs/server-keyPkcs8Enc12.pem \
certs/server-keyPkcs8Enc2.pem certs/server-keyPkcs8Enc.pem \
certs/server-keyPkcs8.pem certs/ca-key.der \
certs/client-cert.der certs/client-key.der certs/dh2048.der \
certs/rsa2048.der certs/dsa2048.der certs/ecc-key.der \
certs/ntru-key.raw certs/crl/crl.pem certs/crl/cliCrl.pem \
certs/crl/eccSrvCRL.pem certs/crl/eccCliCRL.pem \
certs/crl/crl.revoked swig/PythonBuild.sh swig/README \
swig/cyassl.i swig/cyassl_adds.c swig/python_cyassl.vcproj \
swig/rsasign.py swig/runme.py \
ctaocrypt/benchmark/benchmark.sln \
ctaocrypt/benchmark/benchmark.vcproj ctaocrypt/src/misc.c \
ctaocrypt/src/asm.c ctaocrypt/src/ecc_fp.c \
@ -557,25 +576,18 @@ EXTRA_DIST = $(example_DATA) $(certs_DATA) $(doc_DATA) lib/dummy \
examples/echoserver/echoserver-ntru.vcproj \
examples/echoserver/echoserver.vcproj testsuite/testsuite.sln \
testsuite/testsuite-ntru.vcproj testsuite/testsuite.vcproj \
input quit tests/unit.h sslSniffer/sslSniffer.vcproj \
input quit tests/unit.h tests/test.conf \
tests/test-openssl.conf tests/test-hc128.conf \
tests/test-psk.conf tests/test-ntru.conf tests/test-ecc.conf \
tests/test-aesgcm.conf tests/test-aesgcm-ecc.conf \
tests/test-aesgcm-openssl.conf tests/test-dtls.conf \
sslSniffer/sslSniffer.vcproj \
sslSniffer/sslSnifferTest/sslSniffTest.vcproj
doc_DATA = certs/taoCert.txt doc/README.txt
exampledir = $(docdir)/@PACKAGE@/example
example_DATA = examples/client/client.c examples/server/server.c \
examples/echoclient/echoclient.c \
examples/echoserver/echoserver.c
certsdir = $(sysconfdir)/ssl/certs
certs_DATA = certs/ca-cert.pem certs/ca-key.pem certs/client-cert.pem \
certs/client-keyEnc.pem certs/client-key.pem certs/ecc-key.pem \
certs/ecc-keyPkcs8.pem certs/ecc-client-key.pem \
certs/client-ecc-cert.pem certs/ntru-cert.pem certs/dh2048.pem \
certs/server-cert.pem certs/server-ecc.pem \
certs/server-keyEnc.pem certs/server-key.pem \
certs/server-keyPkcs8Enc12.pem certs/server-keyPkcs8Enc2.pem \
certs/server-keyPkcs8Enc.pem certs/server-keyPkcs8.pem \
certs/ca-key.der certs/client-cert.der certs/client-key.der \
certs/dh2048.der certs/rsa2048.der certs/dsa2048.der \
certs/ecc-key.der certs/crl/crl.pem
ACLOCAL_AMFLAGS = -I m4 --install
src_libcyassl_la_SOURCES = src/internal.c src/io.c src/keys.c \
src/ssl.c src/tls.c ctaocrypt/src/asn.c ctaocrypt/src/coding.c \
@ -588,10 +600,11 @@ src_libcyassl_la_SOURCES = src/internal.c src/io.c src/keys.c \
$(am__append_2) $(am__append_3) $(am__append_4) \
$(am__append_5) $(am__append_6) $(am__append_7) \
$(am__append_8) $(am__append_9) $(am__append_10) \
$(am__append_11)
$(am__append_11) $(am__append_12)
src_libcyassl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${CYASSL_LIBRARY_VERSION}
src_libcyassl_la_LIBADD = $(LIBM)
src_libcyassl_la_CFLAGS = -DBUILDING_CYASSL $(AM_CFLAGS)
src_libcyassl_la_LIBADD = $(LIBM) $(am__append_14)
src_libcyassl_la_CFLAGS = -DBUILDING_CYASSL $(AM_CFLAGS) \
$(am__append_13)
src_libcyassl_la_CPPFLAGS = -DBUILDING_CYASSL $(AM_CPPFLAGS)
ctaocrypt_benchmark_benchmark_SOURCES = ctaocrypt/benchmark/benchmark.c
ctaocrypt_benchmark_benchmark_LDADD = src/libcyassl.la
@ -626,9 +639,11 @@ tests_unit_SOURCES = \
tests/unit.c \
tests/api.c \
tests/suites.c \
tests/hash.c
tests/hash.c \
examples/client/client.c \
examples/server/server.c
tests_unit_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
tests_unit_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(PTHREAD_CFLAGS)
tests_unit_LDADD = src/libcyassl.la $(PTHREAD_LIBS)
tests_unit_DEPENDENCIES = src/libcyassl.la
sslSniffer_sslSnifferTest_snifftest_SOURCES = sslSniffer/sslSnifferTest/snifftest.c
@ -798,6 +813,8 @@ ctaocrypt/src/src_libcyassl_la-memory.lo: \
ctaocrypt/src/$(DEPDIR)/$(am__dirstamp)
ctaocrypt/src/aes_asm.lo: ctaocrypt/src/$(am__dirstamp) \
ctaocrypt/src/$(DEPDIR)/$(am__dirstamp)
ctaocrypt/src/src_libcyassl_la-md2.lo: ctaocrypt/src/$(am__dirstamp) \
ctaocrypt/src/$(DEPDIR)/$(am__dirstamp)
ctaocrypt/src/src_libcyassl_la-ripemd.lo: \
ctaocrypt/src/$(am__dirstamp) \
ctaocrypt/src/$(DEPDIR)/$(am__dirstamp)
@ -961,6 +978,12 @@ tests/tests_unit-suites.$(OBJEXT): tests/$(am__dirstamp) \
tests/$(DEPDIR)/$(am__dirstamp)
tests/tests_unit-hash.$(OBJEXT): tests/$(am__dirstamp) \
tests/$(DEPDIR)/$(am__dirstamp)
examples/client/tests_unit-client.$(OBJEXT): \
examples/client/$(am__dirstamp) \
examples/client/$(DEPDIR)/$(am__dirstamp)
examples/server/tests_unit-server.$(OBJEXT): \
examples/server/$(am__dirstamp) \
examples/server/$(DEPDIR)/$(am__dirstamp)
tests/unit$(EXEEXT): $(tests_unit_OBJECTS) $(tests_unit_DEPENDENCIES) tests/$(am__dirstamp)
@rm -f tests/unit$(EXEEXT)
$(tests_unit_LINK) $(tests_unit_OBJECTS) $(tests_unit_LDADD) $(LIBS)
@ -1020,6 +1043,8 @@ mostlyclean-compile:
-rm -f ctaocrypt/src/src_libcyassl_la-integer.lo
-rm -f ctaocrypt/src/src_libcyassl_la-logging.$(OBJEXT)
-rm -f ctaocrypt/src/src_libcyassl_la-logging.lo
-rm -f ctaocrypt/src/src_libcyassl_la-md2.$(OBJEXT)
-rm -f ctaocrypt/src/src_libcyassl_la-md2.lo
-rm -f ctaocrypt/src/src_libcyassl_la-md4.$(OBJEXT)
-rm -f ctaocrypt/src/src_libcyassl_la-md4.lo
-rm -f ctaocrypt/src/src_libcyassl_la-md5.$(OBJEXT)
@ -1049,12 +1074,14 @@ mostlyclean-compile:
-rm -f ctaocrypt/test/test.$(OBJEXT)
-rm -f ctaocrypt/test/testsuite_testsuite-test.$(OBJEXT)
-rm -f examples/client/client.$(OBJEXT)
-rm -f examples/client/tests_unit-client.$(OBJEXT)
-rm -f examples/client/testsuite_testsuite-client.$(OBJEXT)
-rm -f examples/echoclient/echoclient.$(OBJEXT)
-rm -f examples/echoclient/testsuite_testsuite-echoclient.$(OBJEXT)
-rm -f examples/echoserver/echoserver.$(OBJEXT)
-rm -f examples/echoserver/testsuite_testsuite-echoserver.$(OBJEXT)
-rm -f examples/server/server.$(OBJEXT)
-rm -f examples/server/tests_unit-server.$(OBJEXT)
-rm -f examples/server/testsuite_testsuite-server.$(OBJEXT)
-rm -f src/src_libcyassl_la-crl.$(OBJEXT)
-rm -f src/src_libcyassl_la-crl.lo
@ -1095,6 +1122,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-hmac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-integer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-logging.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md2.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md4.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md5.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-memory.Plo@am__quote@
@ -1111,12 +1139,14 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/test/$(DEPDIR)/test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/test/$(DEPDIR)/testsuite_testsuite-test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/client/$(DEPDIR)/client.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/client/$(DEPDIR)/tests_unit-client.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/client/$(DEPDIR)/testsuite_testsuite-client.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/echoclient/$(DEPDIR)/echoclient.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/echoclient/$(DEPDIR)/testsuite_testsuite-echoclient.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/echoserver/$(DEPDIR)/echoserver.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/echoserver/$(DEPDIR)/testsuite_testsuite-echoserver.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/server/$(DEPDIR)/server.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/server/$(DEPDIR)/tests_unit-server.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/server/$(DEPDIR)/testsuite_testsuite-server.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/src_libcyassl_la-crl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/src_libcyassl_la-internal.Plo@am__quote@
@ -1318,6 +1348,13 @@ ctaocrypt/src/src_libcyassl_la-memory.lo: ctaocrypt/src/memory.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(src_libcyassl_la_CPPFLAGS) $(CPPFLAGS) $(src_libcyassl_la_CFLAGS) $(CFLAGS) -c -o ctaocrypt/src/src_libcyassl_la-memory.lo `test -f 'ctaocrypt/src/memory.c' || echo '$(srcdir)/'`ctaocrypt/src/memory.c
ctaocrypt/src/src_libcyassl_la-md2.lo: ctaocrypt/src/md2.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(src_libcyassl_la_CPPFLAGS) $(CPPFLAGS) $(src_libcyassl_la_CFLAGS) $(CFLAGS) -MT ctaocrypt/src/src_libcyassl_la-md2.lo -MD -MP -MF ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md2.Tpo -c -o ctaocrypt/src/src_libcyassl_la-md2.lo `test -f 'ctaocrypt/src/md2.c' || echo '$(srcdir)/'`ctaocrypt/src/md2.c
@am__fastdepCC_TRUE@ mv -f ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md2.Tpo ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md2.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ctaocrypt/src/md2.c' object='ctaocrypt/src/src_libcyassl_la-md2.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(src_libcyassl_la_CPPFLAGS) $(CPPFLAGS) $(src_libcyassl_la_CFLAGS) $(CFLAGS) -c -o ctaocrypt/src/src_libcyassl_la-md2.lo `test -f 'ctaocrypt/src/md2.c' || echo '$(srcdir)/'`ctaocrypt/src/md2.c
ctaocrypt/src/src_libcyassl_la-ripemd.lo: ctaocrypt/src/ripemd.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(src_libcyassl_la_CPPFLAGS) $(CPPFLAGS) $(src_libcyassl_la_CFLAGS) $(CFLAGS) -MT ctaocrypt/src/src_libcyassl_la-ripemd.lo -MD -MP -MF ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-ripemd.Tpo -c -o ctaocrypt/src/src_libcyassl_la-ripemd.lo `test -f 'ctaocrypt/src/ripemd.c' || echo '$(srcdir)/'`ctaocrypt/src/ripemd.c
@am__fastdepCC_TRUE@ mv -f ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-ripemd.Tpo ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-ripemd.Plo
@ -1444,6 +1481,34 @@ tests/tests_unit-hash.obj: tests/hash.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -c -o tests/tests_unit-hash.obj `if test -f 'tests/hash.c'; then $(CYGPATH_W) 'tests/hash.c'; else $(CYGPATH_W) '$(srcdir)/tests/hash.c'; fi`
examples/client/tests_unit-client.o: examples/client/client.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -MT examples/client/tests_unit-client.o -MD -MP -MF examples/client/$(DEPDIR)/tests_unit-client.Tpo -c -o examples/client/tests_unit-client.o `test -f 'examples/client/client.c' || echo '$(srcdir)/'`examples/client/client.c
@am__fastdepCC_TRUE@ mv -f examples/client/$(DEPDIR)/tests_unit-client.Tpo examples/client/$(DEPDIR)/tests_unit-client.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='examples/client/client.c' object='examples/client/tests_unit-client.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -c -o examples/client/tests_unit-client.o `test -f 'examples/client/client.c' || echo '$(srcdir)/'`examples/client/client.c
examples/client/tests_unit-client.obj: examples/client/client.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -MT examples/client/tests_unit-client.obj -MD -MP -MF examples/client/$(DEPDIR)/tests_unit-client.Tpo -c -o examples/client/tests_unit-client.obj `if test -f 'examples/client/client.c'; then $(CYGPATH_W) 'examples/client/client.c'; else $(CYGPATH_W) '$(srcdir)/examples/client/client.c'; fi`
@am__fastdepCC_TRUE@ mv -f examples/client/$(DEPDIR)/tests_unit-client.Tpo examples/client/$(DEPDIR)/tests_unit-client.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='examples/client/client.c' object='examples/client/tests_unit-client.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -c -o examples/client/tests_unit-client.obj `if test -f 'examples/client/client.c'; then $(CYGPATH_W) 'examples/client/client.c'; else $(CYGPATH_W) '$(srcdir)/examples/client/client.c'; fi`
examples/server/tests_unit-server.o: examples/server/server.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -MT examples/server/tests_unit-server.o -MD -MP -MF examples/server/$(DEPDIR)/tests_unit-server.Tpo -c -o examples/server/tests_unit-server.o `test -f 'examples/server/server.c' || echo '$(srcdir)/'`examples/server/server.c
@am__fastdepCC_TRUE@ mv -f examples/server/$(DEPDIR)/tests_unit-server.Tpo examples/server/$(DEPDIR)/tests_unit-server.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='examples/server/server.c' object='examples/server/tests_unit-server.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -c -o examples/server/tests_unit-server.o `test -f 'examples/server/server.c' || echo '$(srcdir)/'`examples/server/server.c
examples/server/tests_unit-server.obj: examples/server/server.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -MT examples/server/tests_unit-server.obj -MD -MP -MF examples/server/$(DEPDIR)/tests_unit-server.Tpo -c -o examples/server/tests_unit-server.obj `if test -f 'examples/server/server.c'; then $(CYGPATH_W) 'examples/server/server.c'; else $(CYGPATH_W) '$(srcdir)/examples/server/server.c'; fi`
@am__fastdepCC_TRUE@ mv -f examples/server/$(DEPDIR)/tests_unit-server.Tpo examples/server/$(DEPDIR)/tests_unit-server.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='examples/server/server.c' object='examples/server/tests_unit-server.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -c -o examples/server/tests_unit-server.obj `if test -f 'examples/server/server.c'; then $(CYGPATH_W) 'examples/server/server.c'; else $(CYGPATH_W) '$(srcdir)/examples/server/server.c'; fi`
ctaocrypt/test/testsuite_testsuite-test.o: ctaocrypt/test/test.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(testsuite_testsuite_CFLAGS) $(CFLAGS) -MT ctaocrypt/test/testsuite_testsuite-test.o -MD -MP -MF ctaocrypt/test/$(DEPDIR)/testsuite_testsuite-test.Tpo -c -o ctaocrypt/test/testsuite_testsuite-test.o `test -f 'ctaocrypt/test/test.c' || echo '$(srcdir)/'`ctaocrypt/test/test.c
@am__fastdepCC_TRUE@ mv -f ctaocrypt/test/$(DEPDIR)/testsuite_testsuite-test.Tpo ctaocrypt/test/$(DEPDIR)/testsuite_testsuite-test.Po
@ -1547,23 +1612,6 @@ clean-libtool:
distclean-libtool:
-rm -f libtool
install-certsDATA: $(certs_DATA)
@$(NORMAL_INSTALL)
test -z "$(certsdir)" || $(MKDIR_P) "$(DESTDIR)$(certsdir)"
@list='$(certs_DATA)'; for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
f=$(am__strip_dir) \
echo " $(certsDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(certsdir)/$$f'"; \
$(certsDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(certsdir)/$$f"; \
done
uninstall-certsDATA:
@$(NORMAL_UNINSTALL)
@list='$(certs_DATA)'; for p in $$list; do \
f=$(am__strip_dir) \
echo " rm -f '$(DESTDIR)$(certsdir)/$$f'"; \
rm -f "$(DESTDIR)$(certsdir)/$$f"; \
done
install-docDATA: $(doc_DATA)
@$(NORMAL_INSTALL)
test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)"
@ -1891,7 +1939,7 @@ all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(DATA) $(HEADERS) \
install-binPROGRAMS: install-libLTLIBRARIES
installdirs:
for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(certsdir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(exampledir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(exampledir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: $(BUILT_SOURCES)
@ -1967,7 +2015,7 @@ info: info-am
info-am:
install-data-am: install-certsDATA install-docDATA install-exampleDATA \
install-data-am: install-docDATA install-exampleDATA \
install-includeHEADERS install-nobase_includeHEADERS
install-dvi: install-dvi-am
@ -2006,10 +2054,9 @@ ps: ps-am
ps-am:
uninstall-am: uninstall-binPROGRAMS uninstall-certsDATA \
uninstall-docDATA uninstall-exampleDATA \
uninstall-includeHEADERS uninstall-libLTLIBRARIES \
uninstall-nobase_includeHEADERS
uninstall-am: uninstall-binPROGRAMS uninstall-docDATA \
uninstall-exampleDATA uninstall-includeHEADERS \
uninstall-libLTLIBRARIES uninstall-nobase_includeHEADERS
.MAKE: install-am install-strip
@ -2021,19 +2068,18 @@ uninstall-am: uninstall-binPROGRAMS uninstall-certsDATA \
distclean-compile distclean-generic distclean-hdr \
distclean-libtool distclean-tags distcleancheck distdir \
distuninstallcheck dvi dvi-am html html-am info info-am \
install install-am install-binPROGRAMS install-certsDATA \
install-data install-data-am install-docDATA install-dvi \
install-dvi-am install-exampleDATA install-exec \
install-exec-am install-html install-html-am \
install-includeHEADERS install-info install-info-am \
install-libLTLIBRARIES install-man \
install install-am install-binPROGRAMS install-data \
install-data-am install-docDATA install-dvi install-dvi-am \
install-exampleDATA install-exec install-exec-am install-html \
install-html-am install-includeHEADERS install-info \
install-info-am install-libLTLIBRARIES install-man \
install-nobase_includeHEADERS install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags uninstall uninstall-am uninstall-binPROGRAMS \
uninstall-certsDATA uninstall-docDATA uninstall-exampleDATA \
uninstall-docDATA uninstall-exampleDATA \
uninstall-includeHEADERS uninstall-libLTLIBRARIES \
uninstall-nobase_includeHEADERS

21
FreeRTOS-Plus/CyaSSL/README
View file

@ -34,7 +34,26 @@ before calling SSL_new(); Though it's not recommended.
*** end Note ***
CyaSSL Release 2.2.0 (5/18/2012)
CyaSSL Release 2.3.0 (8/10/2012)
Release 2.3.0 CyaSSL has bug fixes and a few new features including:
- AES-GCM crypto and cipher suites
- make test cipher suite checks
- Subject AltName processing
- Command line support for client/server examples
- Sniffer SessionTicket support
- SHA-384 cipher suites
- Verify cipher suite validity when user overrides
- CRL dir monitoring
- DTLS Cookie support, reliability coming soon
The CyaSSL manual is available at:
http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
and comments about the new features please check the manual.
***************CyaSSL Release 2.2.0 (5/18/2012)
Release 2.2.0 CyaSSL has bug fixes and a few new features including:
- Initial CRL support (--enable-crl)

39
FreeRTOS-Plus/CyaSSL/certs/crl/cliCrl.pem Normal file
View file

@ -0,0 +1,39 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Aug 10 18:01:01 2012 GMT
Next Update: Dec 8 18:01:01 2012 GMT
CRL extensions:
X509v3 CRL Number:
62
No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption
1e:69:b2:c4:72:a7:b2:c9:e1:b9:ac:06:40:2c:c5:66:9a:07:
6c:91:2e:17:09:c7:86:b4:62:2d:0f:1f:a3:a3:1c:93:ce:45:
53:d5:57:94:a6:77:af:51:da:86:e4:1e:6f:57:c8:cc:5f:07:
8d:a5:db:bd:b3:f7:cf:e2:11:3c:e2:51:79:7e:b3:a9:47:f7:
c1:17:12:5b:7c:e5:c3:71:17:d2:ce:59:d4:0d:dc:45:ff:bc:
fe:a7:76:7b:92:88:52:0c:a5:e0:79:75:86:50:27:15:2a:01:
66:a6:ba:96:d4:9a:14:1d:92:7d:63:72:5f:25:9b:05:72:cb:
ed:6d:7c:92:1f:4f:3e:64:cb:5d:80:9e:ad:c8:47:83:88:5b:
3d:07:3f:d3:6a:2c:dd:c9:f7:09:bb:05:2f:9a:f4:73:15:f4:
61:b1:47:87:9c:bf:c9:61:42:19:14:b8:67:9c:c5:c1:86:f1:
e8:63:71:40:6c:2f:b1:c1:0c:1f:f4:c4:80:e2:d0:cb:88:6b:
51:1e:e9:b0:06:19:7c:6d:85:cf:05:7f:fe:3d:35:79:9e:f0:
5b:f4:06:63:d4:eb:d2:e2:70:29:a9:02:b4:c1:b4:bd:53:f4:
8f:b3:df:37:91:44:d5:e8:c4:10:86:76:0e:49:2b:ba:9a:a4:
dd:33:0e:7e
-----BEGIN X509 CRL-----
MIIB6DCB0QIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV
BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIw
ODE4MDEwMVqgDjAMMAoGA1UdFAQDAgE+MA0GCSqGSIb3DQEBBQUAA4IBAQAeabLE
cqeyyeG5rAZALMVmmgdskS4XCceGtGItDx+joxyTzkVT1VeUpnevUdqG5B5vV8jM
XweNpdu9s/fP4hE84lF5frOpR/fBFxJbfOXDcRfSzlnUDdxF/7z+p3Z7kohSDKXg
eXWGUCcVKgFmprqW1JoUHZJ9Y3JfJZsFcsvtbXySH08+ZMtdgJ6tyEeDiFs9Bz/T
aizdyfcJuwUvmvRzFfRhsUeHnL/JYUIZFLhnnMXBhvHoY3FAbC+xwQwf9MSA4tDL
iGtRHumwBhl8bYXPBX/+PTV5nvBb9AZj1OvS4nApqQK0wbS9U/SPs983kUTV6MQQ
hnYOSSu6mqTdMw5+
-----END X509 CRL-----

58
FreeRTOS-Plus/CyaSSL/certs/crl/crl.pem
View file

@ -2,40 +2,38 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: May 15 23:51:25 2012 GMT
Next Update: Jun 14 23:51:25 2012 GMT
Last Update: Aug 10 18:01:01 2012 GMT
Next Update: Dec 8 18:01:01 2012 GMT
CRL extensions:
X509v3 CRL Number:
4
Revoked Certificates:
Serial Number: 02
Revocation Date: May 4 17:06:05 2012 GMT
60
No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption
aa:e4:44:9b:6b:c9:0b:d3:6f:ba:09:3d:90:93:ae:96:86:73:
f6:90:28:ba:93:3b:95:0c:91:c9:10:53:f1:15:fd:43:9a:ba:
4e:dc:8e:e8:10:4d:d8:8b:be:a8:a2:12:4c:19:c1:13:9f:3c:
fe:54:60:32:b7:45:77:17:2a:40:f2:16:52:9e:68:fe:be:03:
99:9c:b1:d3:4b:be:87:5b:f4:12:3c:9e:3d:59:c8:b9:a2:2c:
78:94:9c:cd:b0:17:d0:b3:bd:86:99:2b:1d:38:b5:03:d8:d1:
0d:8f:1a:8c:97:ff:87:01:4f:91:22:30:c2:a5:10:bb:e3:fb:
31:b7:44:8a:5a:82:e1:e5:30:69:84:d1:4b:c2:d3:07:bf:21:
d5:33:2d:ad:4b:e4:6f:83:c1:66:16:74:31:7d:f9:d6:1e:10:
66:fd:7d:ad:66:3c:32:cc:a3:98:75:63:16:5c:df:e1:37:3d:
e9:08:d2:7b:05:dd:4c:31:92:53:0c:f1:ea:8e:be:31:d1:eb:
ac:37:a8:cd:c4:30:c5:91:cc:38:a3:55:4a:51:01:39:cf:7d:
50:57:d2:f2:47:4a:1d:7f:3a:32:16:89:e8:5a:1b:f8:64:33:
48:e5:b8:ef:ba:2e:f3:52:7e:ba:28:0e:9b:f7:07:b8:b6:38:
f9:d0:dd:78
26:1c:06:6a:42:ff:8b:18:71:4e:ef:7c:02:74:43:6f:7b:83:
99:2f:e1:4e:74:0f:f9:99:62:a1:90:88:11:1b:d8:59:3b:1e:
34:dd:f4:92:81:6f:49:2c:9a:5f:ba:21:6f:11:95:19:6e:da:
38:a4:4e:a0:7e:4a:fb:7c:c6:9f:c8:26:2d:9b:cd:e8:30:14:
10:38:56:63:89:bf:a7:eb:11:0f:7c:81:60:d7:c3:ab:07:ef:
6c:af:81:4d:b9:cd:6e:91:c6:42:13:01:d8:1a:62:cb:52:fd:
44:0b:fa:9f:34:de:75:ba:5a:3d:df:d4:b1:7e:a0:b9:3f:f5:
ed:a3:e6:ef:ef:20:95:45:3c:75:8c:a8:5c:ae:8c:e9:3c:f1:
e6:34:fd:65:bb:9a:f9:5f:8c:96:7c:32:12:50:43:2b:30:94:
4e:8a:f0:c3:5e:c9:e2:49:08:83:64:7a:3b:f3:d5:30:f3:78:
4b:20:3c:51:d0:da:37:14:f4:c8:f2:ab:41:d2:c3:b9:7a:7f:
42:17:42:79:a4:10:67:4e:84:d4:e9:a9:e8:dd:46:5d:b2:f4:
e8:3d:1c:24:3c:81:e7:56:bb:43:11:e2:d9:a2:9d:ce:b5:78:
ad:19:14:7c:d7:37:e8:bf:f7:30:fc:4d:05:a9:33:6b:12:9f:
24:19:39:35
-----BEGIN X509 CRL-----
MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwNTE1MjM1MTI1WhcNMTIw
NjE0MjM1MTI1WjAUMBICAQIXDTEyMDUwNDE3MDYwNVqgDjAMMAoGA1UdFAQDAgEE
MA0GCSqGSIb3DQEBBQUAA4IBAQCq5ESba8kL02+6CT2Qk66WhnP2kCi6kzuVDJHJ
EFPxFf1DmrpO3I7oEE3Yi76oohJMGcETnzz+VGAyt0V3FypA8hZSnmj+vgOZnLHT
S76HW/QSPJ49Wci5oix4lJzNsBfQs72GmSsdOLUD2NENjxqMl/+HAU+RIjDCpRC7
4/sxt0SKWoLh5TBphNFLwtMHvyHVMy2tS+Rvg8FmFnQxffnWHhBm/X2tZjwyzKOY
dWMWXN/hNz3pCNJ7Bd1MMZJTDPHqjr4x0eusN6jNxDDFkcw4o1VKUQE5z31QV9Ly
R0odfzoyFonoWhv4ZDNI5bjvui7zUn66KA6b9we4tjj50N14
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx
MjA4MTgwMTAxWqAOMAwwCgYDVR0UBAMCATwwDQYJKoZIhvcNAQEFBQADggEBACYc
BmpC/4sYcU7vfAJ0Q297g5kv4U50D/mZYqGQiBEb2Fk7HjTd9JKBb0ksml+6IW8R
lRlu2jikTqB+Svt8xp/IJi2bzegwFBA4VmOJv6frEQ98gWDXw6sH72yvgU25zW6R
xkITAdgaYstS/UQL+p803nW6Wj3f1LF+oLk/9e2j5u/vIJVFPHWMqFyujOk88eY0
/WW7mvlfjJZ8MhJQQyswlE6K8MNeyeJJCINkejvz1TDzeEsgPFHQ2jcU9Mjyq0HS
w7l6f0IXQnmkEGdOhNTpqejdRl2y9Og9HCQ8gedWu0MR4tminc61eK0ZFHzXN+i/
9zD8TQWpM2sSnyQZOTU=
-----END X509 CRL-----

41
FreeRTOS-Plus/CyaSSL/certs/crl/crl.revoked Normal file
View file

@ -0,0 +1,41 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Aug 10 18:01:01 2012 GMT
Next Update: Dec 8 18:01:01 2012 GMT
CRL extensions:
X509v3 CRL Number:
61
Revoked Certificates:
Serial Number: 02
Revocation Date: Aug 10 18:01:01 2012 GMT
Signature Algorithm: sha1WithRSAEncryption
5c:eb:53:33:02:74:bb:c1:37:37:81:1a:36:9c:eb:d0:28:87:
12:56:1a:d8:ec:ae:8e:ef:42:d0:61:07:f0:f0:b5:e8:2a:16:
5e:78:ab:e9:ad:62:f3:6c:c5:fe:7a:b5:c7:0e:8a:e3:0a:2d:
63:b5:ec:c4:c1:1f:1e:c3:77:b7:24:10:4b:09:b1:d8:ea:40:
4f:74:6a:9a:d7:57:bd:b9:d3:e2:42:81:81:b2:5c:42:d8:d3:
21:3f:f2:05:e2:11:8f:ce:60:cc:3b:76:55:e6:5f:6d:71:13:
b1:7e:2c:50:d2:29:fe:f2:ad:96:f9:ee:8f:5c:c3:0a:73:e7:
78:c5:8f:6e:0d:35:66:64:4a:76:05:93:9f:eb:05:b2:c3:a1:
f5:d5:4c:4b:6e:79:f2:8d:51:90:7c:9d:a9:f5:94:7f:93:fe:
39:da:c1:fb:8c:94:66:1d:d4:40:a9:48:ee:3b:91:14:83:4e:
b4:ea:93:07:f6:be:48:4a:ec:4c:26:61:2d:a2:66:01:c5:d8:
d3:18:f6:d0:1b:d2:94:13:c9:94:84:54:e4:44:10:01:66:25:
47:ee:b2:19:4a:65:e3:79:42:9e:12:af:a7:4a:a4:66:35:e3:
1a:db:2c:80:ff:a4:9c:2e:6e:32:8e:50:5d:ec:7e:de:1a:01:
a9:08:fc:a2
-----BEGIN X509 CRL-----
MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx
MjA4MTgwMTAxWjAUMBICAQIXDTEyMDgxMDE4MDEwMVqgDjAMMAoGA1UdFAQDAgE9
MA0GCSqGSIb3DQEBBQUAA4IBAQBc61MzAnS7wTc3gRo2nOvQKIcSVhrY7K6O70LQ
YQfw8LXoKhZeeKvprWLzbMX+erXHDorjCi1jtezEwR8ew3e3JBBLCbHY6kBPdGqa
11e9udPiQoGBslxC2NMhP/IF4hGPzmDMO3ZV5l9tcROxfixQ0in+8q2W+e6PXMMK
c+d4xY9uDTVmZEp2BZOf6wWyw6H11UxLbnnyjVGQfJ2p9ZR/k/452sH7jJRmHdRA
qUjuO5EUg0606pMH9r5ISuxMJmEtomYBxdjTGPbQG9KUE8mUhFTkRBABZiVH7rIZ
SmXjeUKeEq+nSqRmNeMa2yyA/6ScLm4yjlBd7H7eGgGpCPyi
-----END X509 CRL-----

24
FreeRTOS-Plus/CyaSSL/certs/crl/eccCliCRL.pem Normal file
View file

@ -0,0 +1,24 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA1
Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Aug 10 18:01:01 2012 GMT
Next Update: Dec 8 18:01:01 2012 GMT
CRL extensions:
X509v3 CRL Number:
63
No Revoked Certificates.
Signature Algorithm: ecdsa-with-SHA1
30:44:02:20:7f:8d:d7:28:61:96:4c:b7:a8:17:0a:7f:9d:cf:
fa:29:e1:1d:cb:30:61:1b:b3:6b:f0:61:68:15:25:76:62:32:
02:20:55:ca:fc:37:b4:4c:f9:78:99:b3:c9:d4:1a:e1:fa:f7:
8a:4a:94:ce:31:ed:b0:1f:dc:64:d7:2a:59:47:b9:2d
-----BEGIN X509 CRL-----
MIIBHzCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG
A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ
ARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIwODE4MDEwMVqg
DjAMMAoGA1UdFAQDAgE/MAkGByqGSM49BAEDRwAwRAIgf43XKGGWTLeoFwp/nc/6
KeEdyzBhG7Nr8GFoFSV2YjICIFXK/De0TPl4mbPJ1Brh+veKSpTOMe2wH9xk1ypZ
R7kt
-----END X509 CRL-----

24
FreeRTOS-Plus/CyaSSL/certs/crl/eccSrvCRL.pem Normal file
View file

@ -0,0 +1,24 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA1
Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Aug 10 18:01:01 2012 GMT
Next Update: Dec 8 18:01:01 2012 GMT
CRL extensions:
X509v3 CRL Number:
64
No Revoked Certificates.
Signature Algorithm: ecdsa-with-SHA1
30:44:02:20:59:42:06:a7:73:69:03:08:05:e8:4b:95:ca:cf:
f1:30:9e:84:4b:3c:52:c8:10:b9:c8:36:c8:07:64:65:fd:bf:
02:20:71:60:a7:35:d6:8c:52:c2:df:06:dc:40:52:c5:ef:4c:
8b:ec:96:4b:72:b0:c4:36:3e:c8:9d:62:5e:49:f2:5f
-----BEGIN X509 CRL-----
MIIBITCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM
MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIxMjA4MTgwMTAx
WqAOMAwwCgYDVR0UBAMCAUAwCQYHKoZIzj0EAQNHADBEAiBZQganc2kDCAXoS5XK
z/EwnoRLPFLIELnINsgHZGX9vwIgcWCnNdaMUsLfBtxAUsXvTIvslktysMQ2Psid
Yl5J8l8=
-----END X509 CRL-----

11
FreeRTOS-Plus/CyaSSL/certs/crl/include.am
View file

@ -2,8 +2,13 @@
# All paths should be given relative to the root
#
certs_DATA+= \
certs/crl/crl.pem
EXTRA_DIST += \
certs/crl/crl.pem \
certs/crl/cliCrl.pem \
certs/crl/eccSrvCRL.pem \
certs/crl/eccCliCRL.pem
EXTRA_DIST += \
certs/crl/crl.revoked
EXTRA_DIST+= ${certs_DATA}

6
FreeRTOS-Plus/CyaSSL/certs/include.am
View file

@ -2,7 +2,7 @@
# All paths should be given relative to the root
#
certs_DATA+= \
EXTRA_DIST += \
certs/ca-cert.pem \
certs/ca-key.pem \
certs/client-cert.pem \
@ -16,6 +16,7 @@ certs_DATA+= \
certs/dh2048.pem \
certs/server-cert.pem \
certs/server-ecc.pem \
certs/server-ecc-rsa.pem \
certs/server-keyEnc.pem \
certs/server-key.pem \
certs/server-keyPkcs8Enc12.pem \
@ -23,7 +24,7 @@ certs_DATA+= \
certs/server-keyPkcs8Enc.pem \
certs/server-keyPkcs8.pem
certs_DATA+= \
EXTRA_DIST += \
certs/ca-key.der \
certs/client-cert.der \
certs/client-key.der \
@ -32,7 +33,6 @@ certs_DATA+= \
certs/dsa2048.der \
certs/ecc-key.der
EXTRA_DIST+= ${certs_DATA}
doc_DATA+= certs/taoCert.txt

54
FreeRTOS-Plus/CyaSSL/certs/server-ecc-rsa.pem Normal file
View file

@ -0,0 +1,54 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 9 (0x9)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
Validity
Not Before: Aug 8 21:58:29 2012 GMT
Not After : May 5 21:58:29 2015 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.yassl.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
0b:80:34:89:d8
ASN1 OID: prime256v1
Signature Algorithm: sha1WithRSAEncryption
a0:1c:de:98:e8:61:c8:fb:0a:0e:af:ea:99:4b:c0:49:e6:66:
68:5e:7a:18:b8:0c:e3:0f:16:86:bc:b5:86:79:02:69:1c:b7:
e7:ff:53:d9:05:5d:27:39:24:54:67:14:de:ef:8e:c2:a0:11:
ca:c8:27:99:b9:d6:e9:71:1f:86:c9:8f:b1:74:a2:9f:93:6a:
0c:74:cf:17:77:8c:26:08:6e:a8:ac:69:d4:55:15:a2:95:87:
43:7a:ab:72:93:73:40:58:c2:bb:9c:89:f2:73:20:69:df:f1:
f3:65:08:9c:00:67:97:a6:71:00:2b:31:84:10:ac:bd:54:ac:
fd:b3:eb:12:36:77:f6:0a:e3:9a:96:d2:a6:22:bc:1d:6b:ce:
3c:0d:7b:d9:1c:1d:f1:ee:ec:ce:83:c8:98:c9:65:3e:06:31:
c3:b2:87:da:09:b4:90:0b:e2:6b:29:0e:d6:ae:53:1d:10:98:
e2:dc:f9:63:38:a1:a2:af:46:23:a4:4c:ab:0c:0b:08:be:cd:
a4:a6:6d:46:f0:f8:e0:31:99:85:39:10:4a:a0:04:54:3b:21:
e1:e9:b4:f3:a5:06:cd:37:ae:2c:ca:5d:ac:90:b5:ab:92:81:
aa:bf:2d:3f:8e:ee:4d:12:81:0a:8e:a4:ca:87:93:af:b0:25:
7e:e2:07:f7
-----BEGIN CERTIFICATE-----
MIIC1zCCAb8CAQkwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTIwODA4MjE1ODI5WhcN
MTUwNTA1MjE1ODI5WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0
b24xEDAOBgNVBAcTB1NlYXR0bGUxGjAYBgNVBAoTEUVsbGlwdGljIC0gUlNBc2ln
MRMwEQYDVQQLEwpFQ0MtUlNBc2lnMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49
AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5ox
W5eSIX/wzxjakRECNIboIFgzC4A0idgwDQYJKoZIhvcNAQEFBQADggEBAKAc3pjo
Ycj7Cg6v6plLwEnmZmheehi4DOMPFoa8tYZ5Amkct+f/U9kFXSc5JFRnFN7vjsKg
EcrIJ5m51ulxH4bJj7F0op+Tagx0zxd3jCYIbqisadRVFaKVh0N6q3KTc0BYwruc
ifJzIGnf8fNlCJwAZ5emcQArMYQQrL1UrP2z6xI2d/YK45qW0qYivB1rzjwNe9kc
HfHu7M6DyJjJZT4GMcOyh9oJtJAL4mspDtauUx0QmOLc+WM4oaKvRiOkTKsMCwi+
zaSmbUbw+OAxmYU5EEqgBFQ7IeHptPOlBs03rizKXayQtauSgaq/LT+O7k0SgQqO
pMqHk6+wJX7iB/c=
-----END CERTIFICATE-----

2
FreeRTOS-Plus/CyaSSL/certs/taoCert.txt
View file

@ -112,7 +112,7 @@ openssl dhparam -in dh2048.param -text > dh2048.pem
1) create a crl
a) openssl ca -gencrl -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
a) openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
Error No ./CA root/index.txt so:

174
FreeRTOS-Plus/CyaSSL/configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.61 for cyassl 2.2.0.
# Generated by GNU Autoconf 2.61 for cyassl 2.3.0.
#
# Report bugs to <http://www.yassl.com>.
#
@ -594,8 +594,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='cyassl'
PACKAGE_TARNAME='cyassl'
PACKAGE_VERSION='2.2.0'
PACKAGE_STRING='cyassl 2.2.0'
PACKAGE_VERSION='2.3.0'
PACKAGE_STRING='cyassl 2.3.0'
PACKAGE_BUGREPORT='http://www.yassl.com'
# Factoring default headers for most tests.
@ -765,8 +765,12 @@ BUILD_FASTMATH_TRUE
BUILD_FASTMATH_FALSE
BUILD_SNIFFER_TRUE
BUILD_SNIFFER_FALSE
BUILD_AESGCM_TRUE
BUILD_AESGCM_FALSE
BUILD_AESNI_TRUE
BUILD_AESNI_FALSE
BUILD_MD2_TRUE
BUILD_MD2_FALSE
BUILD_RIPEMD_TRUE
BUILD_RIPEMD_FALSE
BUILD_SHA512_TRUE
@ -781,6 +785,8 @@ BUILD_OCSP_TRUE
BUILD_OCSP_FALSE
BUILD_CRL_TRUE
BUILD_CRL_FALSE
BUILD_CRL_MONITOR_TRUE
BUILD_CRL_MONITOR_FALSE
BUILD_NTRU_TRUE
BUILD_NTRU_FALSE
ax_pthread_config
@ -1309,7 +1315,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures cyassl 2.2.0 to adapt to many kinds of systems.
\`configure' configures cyassl 2.3.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1380,7 +1386,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of cyassl 2.2.0:";;
short | recursive ) echo "Configuration of cyassl 2.3.0:";;
esac
cat <<\_ACEOF
@ -1408,9 +1414,11 @@ Optional Features:
--enable-hugecache Enable huge session cache (default: disabled)
--enable-smallcache Enable small session cache (default: disabled)
--enable-sniffer Enable CyaSSL sniffer support (default: disabled)
--enable-aesgcm Enable CyaSSL AES-GCM support (default: disabled)
--enable-aesni Enable CyaSSL AES-NI support (default: disabled)
--enable-md2 Enable CyaSSL MD2 support (default: disabled)
--enable-ripemd Enable CyaSSL RIPEMD-160 support (default: disabled)
--enable-sha512 Enable CyaSSL SHA-160 support (default: disabled)
--enable-sha512 Enable CyaSSL SHA-512 support (default: disabled)
--enable-sessioncerts Enable session cert storing (default: disabled)
--enable-keygen Enable key generation (default: disabled)
--enable-certgen Enable cert generation (default: disabled)
@ -1422,6 +1430,7 @@ Optional Features:
--enable-ecc Enable ECC (default: disabled)
--enable-ocsp Enable OCSP (default: disabled)
--enable-crl Enable CRL (default: disabled)
--enable-crl-monitor Enable CRL Monitor (default: disabled)
--enable-ntru Enable NTRU (default: disabled)
--enable-testcert Enable Test Cert (default: disabled)
--enable-gcc-lots-o-warnings
@ -1517,7 +1526,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
cyassl configure 2.2.0
cyassl configure 2.3.0
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@ -1531,7 +1540,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by cyassl $as_me 2.2.0, which was
It was created by cyassl $as_me 2.3.0, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@ -2353,7 +2362,7 @@ fi
# Define the identity of the package.
PACKAGE='cyassl'
VERSION='2.2.0'
VERSION='2.3.0'
cat >>confdefs.h <<_ACEOF
@ -21826,6 +21835,48 @@ else
fi
# AES-GCM
# Check whether --enable-aesgcm was given.
if test "${enable_aesgcm+set}" = set; then
enableval=$enable_aesgcm; ENABLED_AESGCM=$enableval
else
ENABLED_AESGCM=no
fi
if test "$ENABLED_AESGCM" = "word32"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "table"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM -DCYASSL_SHA384 -DCYASSL_SHA512"
fi
if test "x$ENABLED_AESGCM" = "xyes"; then
BUILD_AESGCM_TRUE=
BUILD_AESGCM_FALSE='#'
else
BUILD_AESGCM_TRUE='#'
BUILD_AESGCM_FALSE=
fi
# AES-NI
# Check whether --enable-aesni was given.
if test "${enable_aesni+set}" = set; then
@ -21856,6 +21907,36 @@ fi
# MD2
# Check whether --enable-md2 was given.
if test "${enable_md2+set}" = set; then
enableval=$enable_md2; ENABLED_MD2=$enableval
else
ENABLED_MD2=no
fi
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_MD2="yes"
fi
if test "$ENABLED_MD2" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCYASSL_MD2"
fi
if test "x$ENABLED_MD2" = "xyes"; then
BUILD_MD2_TRUE=
BUILD_MD2_FALSE='#'
else
BUILD_MD2_TRUE='#'
BUILD_MD2_FALSE=
fi
# RIPEMD
# Check whether --enable-ripemd was given.
if test "${enable_ripemd+set}" = set; then
@ -21901,6 +21982,11 @@ then
ENABLED_SHA512="yes"
fi
if test "$ENABLED_AESGCM" = "yes"
then
ENABLED_SHA512="yes"
fi
if test "x$ENABLED_SHA512" = "xyes"; then
BUILD_SHA512_TRUE=
@ -22141,6 +22227,30 @@ fi
# CRL Monitor
# Check whether --enable-crl-monitor was given.
if test "${enable_crl_monitor+set}" = set; then
enableval=$enable_crl_monitor; ENABLED_CRL_MONITOR=$enableval
else
ENABLED_CRL_MONITOR=no
fi
if test "$ENABLED_CRL_MONITOR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
fi
if test "x$ENABLED_CRL_MONITOR" = "xyes"; then
BUILD_CRL_MONITOR_TRUE=
BUILD_CRL_MONITOR_FALSE='#'
else
BUILD_CRL_MONITOR_TRUE='#'
BUILD_CRL_MONITOR_FALSE=
fi
# NTRU
ntruHome=`pwd`/NTRU_algorithm
ntruInclude=$ntruHome/cryptolib
@ -23088,16 +23198,21 @@ fi
GCCWARNINGS="-Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef \
GCCWARNINGS="-Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef \
-Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes \
-Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment \
-Wformat=2 -Wwrite-strings -Wmissing-declarations -Wredundant-decls \
-Wnested-externs -Wbad-function-cast -Wswitch-enum -Winit-self \
-Wmissing-field-initializers -Wdeclaration-after-statement \
-Wold-style-definition -Waddress -Wmissing-noreturn -Wnormalized=id \
-Woverride-init -Wstrict-overflow=1 -Wextra -Warray-bounds \
-Wstack-protector -Wformat -Wformat-security -Wpointer-sign -Wshadow \
-Wswitch-default"
-Woverride-init -Wstrict-overflow=1 -Wextra -Wstack-protector -Wformat \
-Wformat-security -Wpointer-sign -Wshadow -Wswitch-default"
case "$host_os" in
*linux*)
GCCWARNINGS="$GCCWARNINGS -Warray-bounds"
;;
esac
# Check whether --enable-gcc-lots-o-warnings was given.
if test "${enable_gcc_lots_o_warnings+set}" = set; then
@ -23298,6 +23413,13 @@ echo "$as_me: error: conditional \"BUILD_SNIFFER\" was never defined.
Usually this means the macro was only invoked conditionally." >&2;}
{ (exit 1); exit 1; }; }
fi
if test -z "${BUILD_AESGCM_TRUE}" && test -z "${BUILD_AESGCM_FALSE}"; then
{ { echo "$as_me:$LINENO: error: conditional \"BUILD_AESGCM\" was never defined.
Usually this means the macro was only invoked conditionally." >&5
echo "$as_me: error: conditional \"BUILD_AESGCM\" was never defined.
Usually this means the macro was only invoked conditionally." >&2;}
{ (exit 1); exit 1; }; }
fi
if test -z "${BUILD_AESNI_TRUE}" && test -z "${BUILD_AESNI_FALSE}"; then
{ { echo "$as_me:$LINENO: error: conditional \"BUILD_AESNI\" was never defined.
Usually this means the macro was only invoked conditionally." >&5
@ -23305,6 +23427,13 @@ echo "$as_me: error: conditional \"BUILD_AESNI\" was never defined.
Usually this means the macro was only invoked conditionally." >&2;}
{ (exit 1); exit 1; }; }
fi
if test -z "${BUILD_MD2_TRUE}" && test -z "${BUILD_MD2_FALSE}"; then
{ { echo "$as_me:$LINENO: error: conditional \"BUILD_MD2\" was never defined.
Usually this means the macro was only invoked conditionally." >&5
echo "$as_me: error: conditional \"BUILD_MD2\" was never defined.
Usually this means the macro was only invoked conditionally." >&2;}
{ (exit 1); exit 1; }; }
fi
if test -z "${BUILD_RIPEMD_TRUE}" && test -z "${BUILD_RIPEMD_FALSE}"; then
{ { echo "$as_me:$LINENO: error: conditional \"BUILD_RIPEMD\" was never defined.
Usually this means the macro was only invoked conditionally." >&5
@ -23354,6 +23483,13 @@ echo "$as_me: error: conditional \"BUILD_CRL\" was never defined.
Usually this means the macro was only invoked conditionally." >&2;}
{ (exit 1); exit 1; }; }
fi
if test -z "${BUILD_CRL_MONITOR_TRUE}" && test -z "${BUILD_CRL_MONITOR_FALSE}"; then
{ { echo "$as_me:$LINENO: error: conditional \"BUILD_CRL_MONITOR\" was never defined.
Usually this means the macro was only invoked conditionally." >&5
echo "$as_me: error: conditional \"BUILD_CRL_MONITOR\" was never defined.
Usually this means the macro was only invoked conditionally." >&2;}
{ (exit 1); exit 1; }; }
fi
if test -z "${BUILD_NTRU_TRUE}" && test -z "${BUILD_NTRU_FALSE}"; then
{ { echo "$as_me:$LINENO: error: conditional \"BUILD_NTRU\" was never defined.
Usually this means the macro was only invoked conditionally." >&5
@ -23661,7 +23797,7 @@ exec 6>&1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by cyassl $as_me 2.2.0, which was
This file was extended by cyassl $as_me 2.3.0, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -23714,7 +23850,7 @@ Report bugs to <bug-autoconf@gnu.org>."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
cyassl config.status 2.2.0
cyassl config.status 2.3.0
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
@ -24431,8 +24567,12 @@ BUILD_FASTMATH_TRUE!$BUILD_FASTMATH_TRUE$ac_delim
BUILD_FASTMATH_FALSE!$BUILD_FASTMATH_FALSE$ac_delim
BUILD_SNIFFER_TRUE!$BUILD_SNIFFER_TRUE$ac_delim
BUILD_SNIFFER_FALSE!$BUILD_SNIFFER_FALSE$ac_delim
BUILD_AESGCM_TRUE!$BUILD_AESGCM_TRUE$ac_delim
BUILD_AESGCM_FALSE!$BUILD_AESGCM_FALSE$ac_delim
BUILD_AESNI_TRUE!$BUILD_AESNI_TRUE$ac_delim
BUILD_AESNI_FALSE!$BUILD_AESNI_FALSE$ac_delim
BUILD_MD2_TRUE!$BUILD_MD2_TRUE$ac_delim
BUILD_MD2_FALSE!$BUILD_MD2_FALSE$ac_delim
BUILD_RIPEMD_TRUE!$BUILD_RIPEMD_TRUE$ac_delim
BUILD_RIPEMD_FALSE!$BUILD_RIPEMD_FALSE$ac_delim
BUILD_SHA512_TRUE!$BUILD_SHA512_TRUE$ac_delim
@ -24447,6 +24587,8 @@ BUILD_OCSP_TRUE!$BUILD_OCSP_TRUE$ac_delim
BUILD_OCSP_FALSE!$BUILD_OCSP_FALSE$ac_delim
BUILD_CRL_TRUE!$BUILD_CRL_TRUE$ac_delim
BUILD_CRL_FALSE!$BUILD_CRL_FALSE$ac_delim
BUILD_CRL_MONITOR_TRUE!$BUILD_CRL_MONITOR_TRUE$ac_delim
BUILD_CRL_MONITOR_FALSE!$BUILD_CRL_MONITOR_FALSE$ac_delim
BUILD_NTRU_TRUE!$BUILD_NTRU_TRUE$ac_delim
BUILD_NTRU_FALSE!$BUILD_NTRU_FALSE$ac_delim
ax_pthread_config!$ax_pthread_config$ac_delim
@ -24459,7 +24601,7 @@ AM_LDFLAGS!$AM_LDFLAGS$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 58; then
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 64; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5

91
FreeRTOS-Plus/CyaSSL/configure.ac
View file

@ -1,12 +1,12 @@
# configure.ac
#
# Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
# Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
#
# This file is part of CyaSSL.
#
#
AC_INIT([cyassl],[2.2.0],[http://www.yassl.com])
AC_INIT([cyassl],[2.3.0],[http://www.yassl.com])
AC_CONFIG_AUX_DIR(config)
@ -289,6 +289,38 @@ fi
AM_CONDITIONAL([BUILD_SNIFFER], [test "x$ENABLED_SNIFFER" = "xyes"])
# AES-GCM
AC_ARG_ENABLE(aesgcm,
[ --enable-aesgcm Enable CyaSSL AES-GCM support (default: disabled)],
[ ENABLED_AESGCM=$enableval ],
[ ENABLED_AESGCM=no ]
)
if test "$ENABLED_AESGCM" = "word32"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "table"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM -DCYASSL_SHA384 -DCYASSL_SHA512"
fi
AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])
# AES-NI
AC_ARG_ENABLE(aesni,
[ --enable-aesni Enable CyaSSL AES-NI support (default: disabled)],
@ -309,6 +341,26 @@ fi
AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
# MD2
AC_ARG_ENABLE(md2,
[ --enable-md2 Enable CyaSSL MD2 support (default: disabled)],
[ ENABLED_MD2=$enableval ],
[ ENABLED_MD2=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_MD2="yes"
fi
if test "$ENABLED_MD2" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCYASSL_MD2"
fi
AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
# RIPEMD
AC_ARG_ENABLE(ripemd,
[ --enable-ripemd Enable CyaSSL RIPEMD-160 support (default: disabled)],
@ -326,7 +378,7 @@ AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
# SHA512
AC_ARG_ENABLE(sha512,
[ --enable-sha512 Enable CyaSSL SHA-160 support (default: disabled)],
[ --enable-sha512 Enable CyaSSL SHA-512 support (default: disabled)],
[ ENABLED_SHA512=$enableval ],
[ ENABLED_SHA512=no ]
)
@ -341,6 +393,11 @@ then
ENABLED_SHA512="yes"
fi
if test "$ENABLED_AESGCM" = "yes"
then
ENABLED_SHA512="yes"
fi
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
@ -506,6 +563,21 @@ fi
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
# CRL Monitor
AC_ARG_ENABLE(crl-monitor,
[ --enable-crl-monitor Enable CRL Monitor (default: disabled)],
[ ENABLED_CRL_MONITOR=$enableval ],
[ ENABLED_CRL_MONITOR=no ],
)
if test "$ENABLED_CRL_MONITOR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
fi
AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
# NTRU
ntruHome=`pwd`/NTRU_algorithm
ntruInclude=$ntruHome/cryptolib
@ -610,16 +682,21 @@ AX_PTHREAD([
LIB_SOCKET_NSL
dnl Various GCC warnings that should never fire for release quality code
GCCWARNINGS="-Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef \
GCCWARNINGS="-Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef \
-Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes \
-Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment \
-Wformat=2 -Wwrite-strings -Wmissing-declarations -Wredundant-decls \
-Wnested-externs -Wbad-function-cast -Wswitch-enum -Winit-self \
-Wmissing-field-initializers -Wdeclaration-after-statement \
-Wold-style-definition -Waddress -Wmissing-noreturn -Wnormalized=id \
-Woverride-init -Wstrict-overflow=1 -Wextra -Warray-bounds \
-Wstack-protector -Wformat -Wformat-security -Wpointer-sign -Wshadow \
-Wswitch-default"
-Woverride-init -Wstrict-overflow=1 -Wextra -Wstack-protector -Wformat \
-Wformat-security -Wpointer-sign -Wshadow -Wswitch-default"
case "$host_os" in
*linux*)
GCCWARNINGS="$GCCWARNINGS -Warray-bounds"
;;
esac
AC_ARG_ENABLE(gcc-lots-o-warnings,
AS_HELP_STRING(--enable-gcc-lots-o-warnings, Enable lots of gcc warnings (default: disabled)),

32
FreeRTOS-Plus/CyaSSL/ctaocrypt/benchmark/benchmark.c
View file

@ -54,6 +54,7 @@ void bench_arc4();
void bench_hc128();
void bench_rabbit();
void bench_aes(int);
void bench_aesgcm();
void bench_md5();
void bench_sha();
@ -78,6 +79,9 @@ int main(int argc, char** argv)
#ifndef NO_AES
bench_aes(0);
bench_aes(1);
#endif
#ifdef HAVE_AESGCM
bench_aesgcm();
#endif
bench_arc4();
#ifdef HAVE_HC128
@ -171,6 +175,34 @@ void bench_aes(int show)
#endif
byte additional[13];
byte tag[16];
#ifdef HAVE_AESGCM
void bench_aesgcm()
{
Aes enc;
double start, total, persec;
int i;
AesGcmSetKey(&enc, key, 16, iv);
AesGcmSetExpIV(&enc, iv+4);
start = current_time();
for(i = 0; i < megs; i++)
AesGcmEncrypt(&enc, cipher, plain, sizeof(plain),
tag, 16, additional, 13);
total = current_time() - start;
persec = 1 / total * megs;
printf("AES-GCM %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
persec);
}
#endif
#ifndef NO_DES3
void bench_des()
{

748
FreeRTOS-Plus/CyaSSL/ctaocrypt/src/aes.c
View file

@ -1404,5 +1404,753 @@ void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
#endif /* CYASSL_AES_COUNTER */
#ifdef HAVE_AESGCM
/*
* The IV for AES GCM, stored in struct Aes's member reg, is comprised of
* three parts in order:
* 1. The implicit IV. This is generated from the PRF using the shared
* secrets between endpoints. It is 4 bytes long.
* 2. The explicit IV. This is set by the user of the AES. It needs to be
* unique for each call to encrypt. The explicit IV is shared with the
* other end of the transaction in the clear.
* 3. The counter. Each block of data is encrypted with its own sequence
* number counter.
*/
enum {
IMPLICIT_IV_SZ = 4,
EXPLICIT_IV_SZ = 8,
CTR_SZ = 4
};
static INLINE void InitGcmCounter(byte* inOutCtr)
{
inOutCtr[AES_BLOCK_SIZE - 4] = 0;
inOutCtr[AES_BLOCK_SIZE - 3] = 0;
inOutCtr[AES_BLOCK_SIZE - 2] = 0;
inOutCtr[AES_BLOCK_SIZE - 1] = 1;
}
static INLINE void IncrementGcmCounter(byte* inOutCtr)
{
int i;
/* in network byte order so start at end and work back */
for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
if (++inOutCtr[i]) /* we're done unless we overflow */
return;
}
}
/*
* The explicit IV is set by the caller. A common practice is to treat it as
* a sequence number seeded with a random number. The caller manages
* incrementing the explicit IV when appropriate.
*/
void AesGcmSetExpIV(Aes* aes, const byte* iv)
{
XMEMCPY((byte*)aes->reg + IMPLICIT_IV_SZ, iv, EXPLICIT_IV_SZ);
}
void AesGcmGetExpIV(Aes* aes, byte* iv)
{
XMEMCPY(iv, (byte*)aes->reg + IMPLICIT_IV_SZ, EXPLICIT_IV_SZ);
}
void AesGcmIncExpIV(Aes* aes)
{
int i;
byte* iv = (byte*)aes->reg + IMPLICIT_IV_SZ;
for (i = EXPLICIT_IV_SZ - 1; i >= 0; i--) {
if (++iv[i])
return;
}
}
#if defined(GCM_SMALL) || defined(GCM_TABLE)
static INLINE void FlattenSzInBits(byte* buf, word32 sz)
{
/* Multiply the sz by 8 */
word32 szHi = (sz >> (8*sizeof(sz) - 3));
sz <<= 3;
/* copy over the words of the sz into the destination buffer */
buf[0] = (szHi >> 24) & 0xff;
buf[1] = (szHi >> 16) & 0xff;
buf[2] = (szHi >> 8) & 0xff;
buf[3] = szHi & 0xff;
buf[4] = (sz >> 24) & 0xff;
buf[5] = (sz >> 16) & 0xff;
buf[6] = (sz >> 8) & 0xff;
buf[7] = sz & 0xff;
}
static INLINE void RIGHTSHIFTX(byte* x)
{
int i;
int carryOut = 0;
int carryIn = 0;
int borrow = x[15] & 0x01;
for (i = 0; i < AES_BLOCK_SIZE; i++) {
carryOut = x[i] & 0x01;
x[i] = (x[i] >> 1) | (carryIn ? 0x80 : 0);
carryIn = carryOut;
}
if (borrow) x[0] ^= 0xE1;
}
#endif /* defined(GCM_SMALL) || defined(GCM_TABLE) */
#ifdef GCM_TABLE
static void GenerateM0(Aes* aes)
{
int i, j;
byte (*m)[AES_BLOCK_SIZE] = aes->M0;
XMEMCPY(m[128], aes->H, AES_BLOCK_SIZE);
for (i = 64; i > 0; i /= 2) {
XMEMCPY(m[i], m[i*2], AES_BLOCK_SIZE);
RIGHTSHIFTX(m[i]);
}
for (i = 2; i < 256; i *= 2) {
for (j = 1; j < i; j++) {
XMEMCPY(m[i+j], m[i], AES_BLOCK_SIZE);
xorbuf(m[i+j], m[j], AES_BLOCK_SIZE);
}
}
XMEMSET(m[0], 0, AES_BLOCK_SIZE);
}
#endif /* GCM_TABLE */
void AesGcmSetKey(Aes* aes, const byte* key, word32 len,
const byte* implicitIV)
{
byte fullIV[AES_BLOCK_SIZE];
XMEMSET(fullIV, 0, AES_BLOCK_SIZE);
XMEMCPY(fullIV, implicitIV, IMPLICIT_IV_SZ);
AesSetKey(aes, key, len, fullIV, AES_ENCRYPTION);
XMEMSET(fullIV, 0, AES_BLOCK_SIZE);
AesEncrypt(aes, fullIV, aes->H);
#ifdef GCM_TABLE
GenerateM0(aes);
#endif /* GCM_TABLE */
}
#if defined(GCM_SMALL)
static void GMULT(byte* X, byte* Y)
{
byte Z[AES_BLOCK_SIZE];
byte V[AES_BLOCK_SIZE];
int i, j;
XMEMSET(Z, 0, AES_BLOCK_SIZE);
XMEMCPY(V, X, AES_BLOCK_SIZE);
for (i = 0; i < AES_BLOCK_SIZE; i++)
{
byte y = Y[i];
for (j = 0; j < 8; j++)
{
if (y & 0x80) {
xorbuf(Z, V, AES_BLOCK_SIZE);
}
RIGHTSHIFTX(V);
y = y << 1;
}
}
XMEMCPY(X, Z, AES_BLOCK_SIZE);
}
static void GHASH(Aes* aes, const byte* a, word32 aSz,
const byte* c, word32 cSz, byte* s, word32 sSz)
{
byte x[AES_BLOCK_SIZE];
byte scratch[AES_BLOCK_SIZE];
word32 blocks, partial;
byte* h = aes->H;
XMEMSET(x, 0, AES_BLOCK_SIZE);
/* Hash in A, the Additional Authentication Data */
if (aSz != 0 && a != NULL) {
blocks = aSz / AES_BLOCK_SIZE;
partial = aSz % AES_BLOCK_SIZE;
while (blocks--) {
xorbuf(x, a, AES_BLOCK_SIZE);
GMULT(x, h);
a += AES_BLOCK_SIZE;
}
if (partial != 0) {
XMEMSET(scratch, 0, AES_BLOCK_SIZE);
XMEMCPY(scratch, a, partial);
xorbuf(x, scratch, AES_BLOCK_SIZE);
GMULT(x, h);
}
}
/* Hash in C, the Ciphertext */
if (cSz != 0 && c != NULL) {
blocks = cSz / AES_BLOCK_SIZE;
partial = cSz % AES_BLOCK_SIZE;
while (blocks--) {
xorbuf(x, c, AES_BLOCK_SIZE);
GMULT(x, h);
c += AES_BLOCK_SIZE;
}
if (partial != 0) {
XMEMSET(scratch, 0, AES_BLOCK_SIZE);
XMEMCPY(scratch, c, partial);
xorbuf(x, scratch, AES_BLOCK_SIZE);
GMULT(x, h);
}
}
/* Hash in the lengths of A and C in bits */
FlattenSzInBits(&scratch[0], aSz);
FlattenSzInBits(&scratch[8], cSz);
xorbuf(x, scratch, AES_BLOCK_SIZE);
GMULT(x, h);
/* Copy the result into s. */
XMEMCPY(s, x, sSz);
}
/* end GCM_SMALL */
#elif defined(GCM_TABLE)
static const byte R[256][2] = {
{0x00, 0x00}, {0x01, 0xc2}, {0x03, 0x84}, {0x02, 0x46},
{0x07, 0x08}, {0x06, 0xca}, {0x04, 0x8c}, {0x05, 0x4e},
{0x0e, 0x10}, {0x0f, 0xd2}, {0x0d, 0x94}, {0x0c, 0x56},
{0x09, 0x18}, {0x08, 0xda}, {0x0a, 0x9c}, {0x0b, 0x5e},
{0x1c, 0x20}, {0x1d, 0xe2}, {0x1f, 0xa4}, {0x1e, 0x66},
{0x1b, 0x28}, {0x1a, 0xea}, {0x18, 0xac}, {0x19, 0x6e},
{0x12, 0x30}, {0x13, 0xf2}, {0x11, 0xb4}, {0x10, 0x76},
{0x15, 0x38}, {0x14, 0xfa}, {0x16, 0xbc}, {0x17, 0x7e},
{0x38, 0x40}, {0x39, 0x82}, {0x3b, 0xc4}, {0x3a, 0x06},
{0x3f, 0x48}, {0x3e, 0x8a}, {0x3c, 0xcc}, {0x3d, 0x0e},
{0x36, 0x50}, {0x37, 0x92}, {0x35, 0xd4}, {0x34, 0x16},
{0x31, 0x58}, {0x30, 0x9a}, {0x32, 0xdc}, {0x33, 0x1e},
{0x24, 0x60}, {0x25, 0xa2}, {0x27, 0xe4}, {0x26, 0x26},
{0x23, 0x68}, {0x22, 0xaa}, {0x20, 0xec}, {0x21, 0x2e},
{0x2a, 0x70}, {0x2b, 0xb2}, {0x29, 0xf4}, {0x28, 0x36},
{0x2d, 0x78}, {0x2c, 0xba}, {0x2e, 0xfc}, {0x2f, 0x3e},
{0x70, 0x80}, {0x71, 0x42}, {0x73, 0x04}, {0x72, 0xc6},
{0x77, 0x88}, {0x76, 0x4a}, {0x74, 0x0c}, {0x75, 0xce},
{0x7e, 0x90}, {0x7f, 0x52}, {0x7d, 0x14}, {0x7c, 0xd6},
{0x79, 0x98}, {0x78, 0x5a}, {0x7a, 0x1c}, {0x7b, 0xde},
{0x6c, 0xa0}, {0x6d, 0x62}, {0x6f, 0x24}, {0x6e, 0xe6},
{0x6b, 0xa8}, {0x6a, 0x6a}, {0x68, 0x2c}, {0x69, 0xee},
{0x62, 0xb0}, {0x63, 0x72}, {0x61, 0x34}, {0x60, 0xf6},
{0x65, 0xb8}, {0x64, 0x7a}, {0x66, 0x3c}, {0x67, 0xfe},
{0x48, 0xc0}, {0x49, 0x02}, {0x4b, 0x44}, {0x4a, 0x86},
{0x4f, 0xc8}, {0x4e, 0x0a}, {0x4c, 0x4c}, {0x4d, 0x8e},
{0x46, 0xd0}, {0x47, 0x12}, {0x45, 0x54}, {0x44, 0x96},
{0x41, 0xd8}, {0x40, 0x1a}, {0x42, 0x5c}, {0x43, 0x9e},
{0x54, 0xe0}, {0x55, 0x22}, {0x57, 0x64}, {0x56, 0xa6},
{0x53, 0xe8}, {0x52, 0x2a}, {0x50, 0x6c}, {0x51, 0xae},
{0x5a, 0xf0}, {0x5b, 0x32}, {0x59, 0x74}, {0x58, 0xb6},
{0x5d, 0xf8}, {0x5c, 0x3a}, {0x5e, 0x7c}, {0x5f, 0xbe},
{0xe1, 0x00}, {0xe0, 0xc2}, {0xe2, 0x84}, {0xe3, 0x46},
{0xe6, 0x08}, {0xe7, 0xca}, {0xe5, 0x8c}, {0xe4, 0x4e},
{0xef, 0x10}, {0xee, 0xd2}, {0xec, 0x94}, {0xed, 0x56},
{0xe8, 0x18}, {0xe9, 0xda}, {0xeb, 0x9c}, {0xea, 0x5e},
{0xfd, 0x20}, {0xfc, 0xe2}, {0xfe, 0xa4}, {0xff, 0x66},
{0xfa, 0x28}, {0xfb, 0xea}, {0xf9, 0xac}, {0xf8, 0x6e},
{0xf3, 0x30}, {0xf2, 0xf2}, {0xf0, 0xb4}, {0xf1, 0x76},
{0xf4, 0x38}, {0xf5, 0xfa}, {0xf7, 0xbc}, {0xf6, 0x7e},
{0xd9, 0x40}, {0xd8, 0x82}, {0xda, 0xc4}, {0xdb, 0x06},
{0xde, 0x48}, {0xdf, 0x8a}, {0xdd, 0xcc}, {0xdc, 0x0e},
{0xd7, 0x50}, {0xd6, 0x92}, {0xd4, 0xd4}, {0xd5, 0x16},
{0xd0, 0x58}, {0xd1, 0x9a}, {0xd3, 0xdc}, {0xd2, 0x1e},
{0xc5, 0x60}, {0xc4, 0xa2}, {0xc6, 0xe4}, {0xc7, 0x26},
{0xc2, 0x68}, {0xc3, 0xaa}, {0xc1, 0xec}, {0xc0, 0x2e},
{0xcb, 0x70}, {0xca, 0xb2}, {0xc8, 0xf4}, {0xc9, 0x36},
{0xcc, 0x78}, {0xcd, 0xba}, {0xcf, 0xfc}, {0xce, 0x3e},
{0x91, 0x80}, {0x90, 0x42}, {0x92, 0x04}, {0x93, 0xc6},
{0x96, 0x88}, {0x97, 0x4a}, {0x95, 0x0c}, {0x94, 0xce},
{0x9f, 0x90}, {0x9e, 0x52}, {0x9c, 0x14}, {0x9d, 0xd6},
{0x98, 0x98}, {0x99, 0x5a}, {0x9b, 0x1c}, {0x9a, 0xde},
{0x8d, 0xa0}, {0x8c, 0x62}, {0x8e, 0x24}, {0x8f, 0xe6},
{0x8a, 0xa8}, {0x8b, 0x6a}, {0x89, 0x2c}, {0x88, 0xee},
{0x83, 0xb0}, {0x82, 0x72}, {0x80, 0x34}, {0x81, 0xf6},
{0x84, 0xb8}, {0x85, 0x7a}, {0x87, 0x3c}, {0x86, 0xfe},
{0xa9, 0xc0}, {0xa8, 0x02}, {0xaa, 0x44}, {0xab, 0x86},
{0xae, 0xc8}, {0xaf, 0x0a}, {0xad, 0x4c}, {0xac, 0x8e},
{0xa7, 0xd0}, {0xa6, 0x12}, {0xa4, 0x54}, {0xa5, 0x96},
{0xa0, 0xd8}, {0xa1, 0x1a}, {0xa3, 0x5c}, {0xa2, 0x9e},
{0xb5, 0xe0}, {0xb4, 0x22}, {0xb6, 0x64}, {0xb7, 0xa6},
{0xb2, 0xe8}, {0xb3, 0x2a}, {0xb1, 0x6c}, {0xb0, 0xae},
{0xbb, 0xf0}, {0xba, 0x32}, {0xb8, 0x74}, {0xb9, 0xb6},
{0xbc, 0xf8}, {0xbd, 0x3a}, {0xbf, 0x7c}, {0xbe, 0xbe} };
static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
{
int i, j;
byte Z[AES_BLOCK_SIZE];
byte a;
XMEMSET(Z, 0, sizeof(Z));
for (i = 15; i > 0; i--) {
xorbuf(Z, m[x[i]], AES_BLOCK_SIZE);
a = Z[15];
for (j = 15; j > 0; j--) {
Z[j] = Z[j-1];
}
Z[0] = R[a][0];
Z[1] ^= R[a][1];
}
xorbuf(Z, m[x[0]], AES_BLOCK_SIZE);
XMEMCPY(x, Z, AES_BLOCK_SIZE);
}
static void GHASH(Aes* aes, const byte* a, word32 aSz,
const byte* c, word32 cSz, byte* s, word32 sSz)
{
byte x[AES_BLOCK_SIZE];
byte scratch[AES_BLOCK_SIZE];
word32 blocks, partial;
XMEMSET(x, 0, AES_BLOCK_SIZE);
/* Hash in A, the Additional Authentication Data */
if (aSz != 0 && a != NULL) {
blocks = aSz / AES_BLOCK_SIZE;
partial = aSz % AES_BLOCK_SIZE;
while (blocks--) {
xorbuf(x, a, AES_BLOCK_SIZE);
GMULT(x, aes->M0);
a += AES_BLOCK_SIZE;
}
if (partial != 0) {
XMEMSET(scratch, 0, AES_BLOCK_SIZE);
XMEMCPY(scratch, a, partial);
xorbuf(x, scratch, AES_BLOCK_SIZE);
GMULT(x, aes->M0);
}
}
/* Hash in C, the Ciphertext */
if (cSz != 0 && c != NULL) {
blocks = cSz / AES_BLOCK_SIZE;
partial = cSz % AES_BLOCK_SIZE;
while (blocks--) {
xorbuf(x, c, AES_BLOCK_SIZE);
GMULT(x, aes->M0);
c += AES_BLOCK_SIZE;
}
if (partial != 0) {
XMEMSET(scratch, 0, AES_BLOCK_SIZE);
XMEMCPY(scratch, c, partial);
xorbuf(x, scratch, AES_BLOCK_SIZE);
GMULT(x, aes->M0);
}
}
/* Hash in the lengths of A and C in bits */
FlattenSzInBits(&scratch[0], aSz);
FlattenSzInBits(&scratch[8], cSz);
xorbuf(x, scratch, AES_BLOCK_SIZE);
GMULT(x, aes->M0);
/* Copy the result into s. */
XMEMCPY(s, x, sSz);
}
/* end GCM_TABLE */
#elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32)
static void GMULT(word64* X, word64* Y)
{
word64 Z[2] = {0,0};
word64 V[2] = {X[0], X[1]};
int i, j;
for (i = 0; i < 2; i++)
{
word64 y = Y[i];
for (j = 0; j < 64; j++)
{
if (y & 0x8000000000000000) {
Z[0] ^= V[0];
Z[1] ^= V[1];
}
if (V[1] & 0x0000000000000001) {
V[1] >>= 1;
V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000 : 0);
V[0] >>= 1;
V[0] ^= 0xE100000000000000;
}
else {
V[1] >>= 1;
V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000 : 0);
V[0] >>= 1;
}
y <<= 1;
}
}
X[0] = Z[0];
X[1] = Z[1];
}
static void GHASH(Aes* aes, const byte* a, word32 aSz,
const byte* c, word32 cSz, byte* s, word32 sSz)
{
word64 x[2] = {0,0};
word32 blocks, partial;
word64 bigH[2];
XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE);
#endif
/* Hash in A, the Additional Authentication Data */
if (aSz != 0 && a != NULL) {
word64 bigA[2];
blocks = aSz / AES_BLOCK_SIZE;
partial = aSz % AES_BLOCK_SIZE;
while (blocks--) {
XMEMCPY(bigA, a, AES_BLOCK_SIZE);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
#endif
x[0] ^= bigA[0];
x[1] ^= bigA[1];
GMULT(x, bigH);
a += AES_BLOCK_SIZE;
}
if (partial != 0) {
XMEMSET(bigA, 0, AES_BLOCK_SIZE);
XMEMCPY(bigA, a, partial);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
#endif
x[0] ^= bigA[0];
x[1] ^= bigA[1];
GMULT(x, bigH);
}
}
/* Hash in C, the Ciphertext */
if (cSz != 0 && c != NULL) {
word64 bigC[2];
blocks = cSz / AES_BLOCK_SIZE;
partial = cSz % AES_BLOCK_SIZE;
while (blocks--) {
XMEMCPY(bigC, c, AES_BLOCK_SIZE);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
#endif
x[0] ^= bigC[0];
x[1] ^= bigC[1];
GMULT(x, bigH);
c += AES_BLOCK_SIZE;
}
if (partial != 0) {
XMEMSET(bigC, 0, AES_BLOCK_SIZE);
XMEMCPY(bigC, c, partial);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
#endif
x[0] ^= bigC[0];
x[1] ^= bigC[1];
GMULT(x, bigH);
}
}
/* Hash in the lengths in bits of A and C */
{
word64 len[2] = {aSz, cSz};
/* Lengths are in bytes. Convert to bits. */
len[0] *= 8;
len[1] *= 8;
x[0] ^= len[0];
x[1] ^= len[1];
GMULT(x, bigH);
}
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords64(x, x, AES_BLOCK_SIZE);
#endif
XMEMCPY(s, x, sSz);
}
/* end defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) */
#else /* GCM_WORD32 */
static void GMULT(word32* X, word32* Y)
{
word32 Z[4] = {0,0,0,0};
word32 V[4] = {X[0], X[1], X[2], X[3]};
int i, j;
for (i = 0; i < 4; i++)
{
word32 y = Y[i];
for (j = 0; j < 32; j++)
{
if (y & 0x80000000) {
Z[0] ^= V[0];
Z[1] ^= V[1];
Z[2] ^= V[2];
Z[3] ^= V[3];
}
if (V[3] & 0x00000001) {
V[3] >>= 1;
V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
V[2] >>= 1;
V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
V[1] >>= 1;
V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
V[0] >>= 1;
V[0] ^= 0xE1000000;
} else {
V[3] >>= 1;
V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
V[2] >>= 1;
V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
V[1] >>= 1;
V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
V[0] >>= 1;
}
y <<= 1;
}
}
X[0] = Z[0];
X[1] = Z[1];
X[2] = Z[2];
X[3] = Z[3];
}
static void GHASH(Aes* aes, const byte* a, word32 aSz,
const byte* c, word32 cSz, byte* s, word32 sSz)
{
word32 x[4] = {0,0,0,0};
word32 blocks, partial;
word32 bigH[4];
XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords(bigH, bigH, AES_BLOCK_SIZE);
#endif
/* Hash in A, the Additional Authentication Data */
if (aSz != 0 && a != NULL) {
word32 bigA[4];
blocks = aSz / AES_BLOCK_SIZE;
partial = aSz % AES_BLOCK_SIZE;
while (blocks--) {
XMEMCPY(bigA, a, AES_BLOCK_SIZE);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
#endif
x[0] ^= bigA[0];
x[1] ^= bigA[1];
x[2] ^= bigA[2];
x[3] ^= bigA[3];
GMULT(x, bigH);
a += AES_BLOCK_SIZE;
}
if (partial != 0) {
XMEMSET(bigA, 0, AES_BLOCK_SIZE);
XMEMCPY(bigA, a, partial);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
#endif
x[0] ^= bigA[0];
x[1] ^= bigA[1];
x[2] ^= bigA[2];
x[3] ^= bigA[3];
GMULT(x, bigH);
}
}
/* Hash in C, the Ciphertext */
if (cSz != 0 && c != NULL) {
word32 bigC[4];
blocks = cSz / AES_BLOCK_SIZE;
partial = cSz % AES_BLOCK_SIZE;
while (blocks--) {
XMEMCPY(bigC, c, AES_BLOCK_SIZE);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
#endif
x[0] ^= bigC[0];
x[1] ^= bigC[1];
x[2] ^= bigC[2];
x[3] ^= bigC[3];
GMULT(x, bigH);
c += AES_BLOCK_SIZE;
}
if (partial != 0) {
XMEMSET(bigC, 0, AES_BLOCK_SIZE);
XMEMCPY(bigC, c, partial);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
#endif
x[0] ^= bigC[0];
x[1] ^= bigC[1];
x[2] ^= bigC[2];
x[3] ^= bigC[3];
GMULT(x, bigH);
}
}
/* Hash in the lengths in bits of A and C */
{
word32 len[4];
/* Lengths are in bytes. Convert to bits. */
len[0] = (aSz >> (8*sizeof(aSz) - 3));
len[1] = aSz << 3;
len[2] = (cSz >> (8*sizeof(cSz) - 3));
len[3] = cSz << 3;
x[0] ^= len[0];
x[1] ^= len[1];
x[2] ^= len[2];
x[3] ^= len[3];
GMULT(x, bigH);
}
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords(x, x, AES_BLOCK_SIZE);
#endif
XMEMCPY(s, x, sSz);
}
#endif /* end GCM_WORD32 */
void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
{
word32 blocks = sz / AES_BLOCK_SIZE;
word32 partial = sz % AES_BLOCK_SIZE;
const byte* p = in;
byte* c = out;
byte ctr[AES_BLOCK_SIZE];
byte scratch[AES_BLOCK_SIZE];
CYASSL_ENTER("AesGcmEncrypt");
/* Initialize the counter with the MS 96 bits of IV, and the counter
* portion set to "1". */
XMEMCPY(ctr, aes->reg, AES_BLOCK_SIZE);
InitGcmCounter(ctr);
while (blocks--) {
IncrementGcmCounter(ctr);
AesEncrypt(aes, ctr, scratch);
xorbuf(scratch, p, AES_BLOCK_SIZE);
XMEMCPY(c, scratch, AES_BLOCK_SIZE);
p += AES_BLOCK_SIZE;
c += AES_BLOCK_SIZE;
}
if (partial != 0) {
IncrementGcmCounter(ctr);
AesEncrypt(aes, ctr, scratch);
xorbuf(scratch, p, partial);
XMEMCPY(c, scratch, partial);
}
GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
InitGcmCounter(ctr);
AesEncrypt(aes, ctr, scratch);
xorbuf(authTag, scratch, authTagSz);
}
int AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
{
word32 blocks = sz / AES_BLOCK_SIZE;
word32 partial = sz % AES_BLOCK_SIZE;
const byte* c = in;
byte* p = out;
byte ctr[AES_BLOCK_SIZE];
byte scratch[AES_BLOCK_SIZE];
CYASSL_ENTER("AesGcmDecrypt");
/* Initialize the counter with the MS 96 bits of IV, and the counter
* portion set to "1". */
XMEMCPY(ctr, aes->reg, AES_BLOCK_SIZE);
InitGcmCounter(ctr);
/* Calculate the authTag again using the received auth data and the
* cipher text. */
{
byte Tprime[AES_BLOCK_SIZE];
byte EKY0[AES_BLOCK_SIZE];
GHASH(aes, authIn, authInSz, in, sz, Tprime, sizeof(Tprime));
AesEncrypt(aes, ctr, EKY0);
xorbuf(Tprime, EKY0, sizeof(Tprime));
if (XMEMCMP(authTag, Tprime, authTagSz) != 0) {
return AES_GCM_AUTH_E;
}
}
while (blocks--) {
IncrementGcmCounter(ctr);
AesEncrypt(aes, ctr, scratch);
xorbuf(scratch, c, AES_BLOCK_SIZE);
XMEMCPY(p, scratch, AES_BLOCK_SIZE);
p += AES_BLOCK_SIZE;
c += AES_BLOCK_SIZE;
}
if (partial != 0) {
IncrementGcmCounter(ctr);
AesEncrypt(aes, ctr, scratch);
xorbuf(scratch, c, partial);
XMEMCPY(p, scratch, partial);
}
return 0;
}
#endif /* HAVE_AESGCM */
#endif /* NO_AES */

875
FreeRTOS-Plus/CyaSSL/ctaocrypt/src/asn.c
View file

File diff suppressed because it is too large Load diff

11
FreeRTOS-Plus/CyaSSL/ctaocrypt/src/coding.c
View file

@ -54,6 +54,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
word32 i = 0;
word32 j = 0;
word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;
plainSz = (plainSz * 3 + 3) / 4;
if (plainSz > *outLen) return BAD_FUNC_ARG;
@ -75,6 +76,16 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
if (e4 == PAD)
pad4 = 1;
if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
CYASSL_MSG("Bad Base64 Decode data, too small");
return ASN_INPUT_E;
}
if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
CYASSL_MSG("Bad Base64 Decode data, too big");
return ASN_INPUT_E;
}
e1 = base64Decode[e1 - 0x2B];
e2 = base64Decode[e2 - 0x2B];
e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];

87
FreeRTOS-Plus/CyaSSL/ctaocrypt/src/hmac.c
View file

@ -34,7 +34,7 @@ static int InitHmac(Hmac* hmac, int type)
hmac->innerHashKeyed = 0;
hmac->macType = (byte)type;
if (!(type == MD5 || type == SHA || type == SHA256))
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384))
return BAD_FUNC_ARG;
if (type == MD5)
@ -45,6 +45,10 @@ static int InitHmac(Hmac* hmac, int type)
else if (type == SHA256)
InitSha256(&hmac->hash.sha256);
#endif
#ifdef CYASSL_SHA384
else if (type == SHA384)
InitSha384(&hmac->hash.sha384);
#endif
return 0;
}
@ -54,34 +58,60 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
byte* ip = (byte*) hmac->ipad;
byte* op = (byte*) hmac->opad;
word32 i;
word32 i, hmac_block_size = MD5_BLOCK_SIZE;
InitHmac(hmac, type);
if (length <= HMAC_BLOCK_SIZE)
XMEMCPY(ip, key, length);
else {
if (hmac->macType == MD5) {
if (hmac->macType == MD5) {
if (length <= MD5_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
Md5Update(&hmac->hash.md5, key, length);
Md5Final(&hmac->hash.md5, ip);
length = MD5_DIGEST_SIZE;
}
else if (hmac->macType == SHA) {
}
else if (hmac->macType == SHA) {
hmac_block_size = SHA_BLOCK_SIZE;
if (length <= SHA_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
ShaUpdate(&hmac->hash.sha, key, length);
ShaFinal(&hmac->hash.sha, ip);
length = SHA_DIGEST_SIZE;
}
}
#ifndef NO_SHA256
else if (hmac->macType == SHA256) {
else if (hmac->macType == SHA256) {
hmac_block_size = SHA256_BLOCK_SIZE;
if (length <= SHA256_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
Sha256Update(&hmac->hash.sha256, key, length);
Sha256Final(&hmac->hash.sha256, ip);
length = SHA256_DIGEST_SIZE;
}
#endif
}
XMEMSET(ip + length, 0, HMAC_BLOCK_SIZE - length);
#endif
#ifdef CYASSL_SHA384
else if (hmac->macType == SHA384) {
hmac_block_size = SHA384_BLOCK_SIZE;
if (length <= SHA384_BLOCK_SIZE) {
XMEMCPY(ip, key, length);
}
else {
Sha384Update(&hmac->hash.sha384, key, length);
Sha384Final(&hmac->hash.sha384, ip);
length = SHA384_DIGEST_SIZE;
}
}
#endif
XMEMSET(ip + length, 0, hmac_block_size - length);
for(i = 0; i < HMAC_BLOCK_SIZE; i++) {
for(i = 0; i < hmac_block_size; i++) {
op[i] = ip[i] ^ OPAD;
ip[i] ^= IPAD;
}
@ -91,12 +121,16 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
static void HmacKeyInnerHash(Hmac* hmac)
{
if (hmac->macType == MD5)
Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
else if (hmac->macType == SHA)
ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
#ifndef NO_SHA256
else if (hmac->macType == SHA256)
Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, SHA256_BLOCK_SIZE);
#endif
#ifdef CYASSL_SHA384
else if (hmac->macType == SHA384)
Sha384Update(&hmac->hash.sha384, (byte*) hmac->ipad, SHA384_BLOCK_SIZE);
#endif
hmac->innerHashKeyed = 1;
@ -116,6 +150,10 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
else if (hmac->macType == SHA256)
Sha256Update(&hmac->hash.sha256, msg, length);
#endif
#ifdef CYASSL_SHA384
else if (hmac->macType == SHA384)
Sha384Update(&hmac->hash.sha384, msg, length);
#endif
}
@ -128,30 +166,41 @@ void HmacFinal(Hmac* hmac, byte* hash)
if (hmac->macType == MD5) {
Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);
Md5Update(&hmac->hash.md5, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
Md5Update(&hmac->hash.md5, (byte*) hmac->innerHash, MD5_DIGEST_SIZE);
Md5Final(&hmac->hash.md5, hash);
}
else if (hmac->macType ==SHA) {
else if (hmac->macType == SHA) {
ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
ShaUpdate(&hmac->hash.sha, (byte*) hmac->innerHash, SHA_DIGEST_SIZE);
ShaFinal(&hmac->hash.sha, hash);
}
#ifndef NO_SHA256
else if (hmac->macType ==SHA256) {
else if (hmac->macType == SHA256) {
Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, SHA256_BLOCK_SIZE);
Sha256Update(&hmac->hash.sha256, (byte*) hmac->innerHash,
SHA256_DIGEST_SIZE);
Sha256Final(&hmac->hash.sha256, hash);
}
#endif
#ifdef CYASSL_SHA384
else if (hmac->macType == SHA384) {
Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
Sha384Update(&hmac->hash.sha384, (byte*) hmac->opad, SHA384_BLOCK_SIZE);
Sha384Update(&hmac->hash.sha384, (byte*) hmac->innerHash,
SHA384_DIGEST_SIZE);
Sha384Final(&hmac->hash.sha384, hash);
}
#endif
hmac->innerHashKeyed = 0;
}

8
FreeRTOS-Plus/CyaSSL/ctaocrypt/src/integer.c
View file

@ -2762,6 +2762,9 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
}
}
if (pa > MP_WARRAY)
return MP_RANGE; /* TAO range check */
#ifdef CYASSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
if (W == NULL)
@ -2878,6 +2881,8 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* number of output digits to produce */
pa = MIN(digs, a->used + b->used);
if (pa > MP_WARRAY)
return MP_RANGE; /* TAO range check */
#ifdef CYASSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
@ -3598,6 +3603,9 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
}
}
if (pa > MP_WARRAY)
return MP_RANGE; /* TAO range check */
#ifdef CYASSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
if (W == NULL)

129
FreeRTOS-Plus/CyaSSL/ctaocrypt/src/md2.c Normal file
View file

@ -0,0 +1,129 @@
/* md2.c
*
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef CYASSL_MD2
#include <cyassl/ctaocrypt/md2.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
#else
#include <ctaocrypt/src/misc.c>
#endif
void InitMd2(Md2* md2)
{
XMEMSET(md2->X, 0, MD2_X_SIZE);
XMEMSET(md2->C, 0, MD2_BLOCK_SIZE);
XMEMSET(md2->buffer, 0, MD2_BLOCK_SIZE);
md2->count = 0;
}
void Md2Update(Md2* md2, const byte* data, word32 len)
{
static const byte S[256] =
{
41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
31, 26, 219, 153, 141, 51, 159, 17, 131, 20
};
while (len) {
word32 L = (MD2_PAD_SIZE - md2->count) < len ?
(MD2_PAD_SIZE - md2->count) : len;
XMEMCPY(md2->buffer + md2->count, data, L);
md2->count += L;
data += L;
len -= L;
if (md2->count == MD2_PAD_SIZE) {
int i;
byte t;
md2->count = 0;
XMEMCPY(md2->X + MD2_PAD_SIZE, md2->buffer, MD2_PAD_SIZE);
t = md2->C[15];
for(i = 0; i < MD2_PAD_SIZE; i++) {
md2->X[32 + i] = md2->X[MD2_PAD_SIZE + i] ^ md2->X[i];
t = md2->C[i] ^= S[md2->buffer[i] ^ t];
}
t=0;
for(i = 0; i < 18; i++) {
int j;
for(j = 0; j < MD2_X_SIZE; j += 8) {
t = md2->X[j+0] ^= S[t];
t = md2->X[j+1] ^= S[t];
t = md2->X[j+2] ^= S[t];
t = md2->X[j+3] ^= S[t];
t = md2->X[j+4] ^= S[t];
t = md2->X[j+5] ^= S[t];
t = md2->X[j+6] ^= S[t];
t = md2->X[j+7] ^= S[t];
}
t = (t + i) & 0xFF;
}
}
}
}
void Md2Final(Md2* md2, byte* hash)
{
byte padding[MD2_BLOCK_SIZE];
word32 padLen = MD2_PAD_SIZE - md2->count;
word32 i;
for (i = 0; i < padLen; i++)
padding[i] = (byte)padLen;
Md2Update(md2, padding, padLen);
Md2Update(md2, md2->C, MD2_BLOCK_SIZE);
XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE);
InitMd2(md2);
}
#endif /* CYASSL_MD2 */

187
FreeRTOS-Plus/CyaSSL/ctaocrypt/test/test.c
View file

@ -32,6 +32,7 @@
#else
#include <cyassl/ctaocrypt/asn_public.h>
#endif
#include <cyassl/ctaocrypt/md2.h>
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/md4.h>
#include <cyassl/ctaocrypt/sha.h>
@ -86,6 +87,7 @@ typedef struct testVector {
size_t outLen;
} testVector;
int md2_test();
int md5_test();
int md4_test();
int sha_test();
@ -99,6 +101,7 @@ int rabbit_test();
int des_test();
int des3_test();
int aes_test();
int aesgcm_test();
int rsa_test();
int dh_test();
int dsa_test();
@ -148,6 +151,13 @@ void ctaocrypt_test(void* args)
else
printf( "MD5 test passed!\n");
#ifdef CYASSL_MD2
if ( (ret = md2_test()) )
err_sys("MD2 test failed!\n", ret);
else
printf( "MD2 test passed!\n");
#endif
#ifndef NO_MD4
if ( (ret = md4_test()) )
err_sys("MD4 test failed!\n", ret);
@ -233,6 +243,13 @@ void ctaocrypt_test(void* args)
err_sys("AES test failed!\n", ret);
else
printf( "AES test passed!\n");
#ifdef HAVE_AESGCM
if ( (ret = aesgcm_test()) )
err_sys("AES-GCM test failed!\n", ret);
else
printf( "AES-GCM test passed!\n");
#endif
#endif
if ( (ret = random_test()) )
@ -301,6 +318,83 @@ void ctaocrypt_test(void* args)
#endif /* NO_MAIN_DRIVER */
#ifdef CYASSL_MD2
int md2_test()
{
Md2 md2;
byte hash[MD2_DIGEST_SIZE];
testVector a, b, c, d, e, f, g;
testVector test_md2[7];
int times = sizeof(test_md2) / sizeof(testVector), i;
a.input = "";
a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
"\x27\x73";
a.inLen = strlen(a.input);
a.outLen = strlen(a.output);
b.input = "a";
b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
"\xb5\xd1";
b.inLen = strlen(b.input);
b.outLen = strlen(b.output);
c.input = "abc";
c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
"\xd6\xbb";
c.inLen = strlen(c.input);
c.outLen = strlen(c.output);
d.input = "message digest";
d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
"\x06\xb0";
d.inLen = strlen(d.input);
d.outLen = strlen(d.output);
e.input = "abcdefghijklmnopqrstuvwxyz";
e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
"\x94\x0b";
e.inLen = strlen(e.input);
e.outLen = strlen(e.output);
f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
"6789";
f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
"\x38\xcd";
f.inLen = strlen(f.input);
f.outLen = strlen(f.output);
g.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890";
g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
"\xef\xd8";
g.inLen = strlen(g.input);
g.outLen = strlen(g.output);
test_md2[0] = a;
test_md2[1] = b;
test_md2[2] = c;
test_md2[3] = d;
test_md2[4] = e;
test_md2[5] = f;
test_md2[6] = g;
InitMd2(&md2);
for (i = 0; i < times; ++i) {
Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
Md2Final(&md2, hash);
if (memcmp(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
return -155 - i;
}
return 0;
}
#endif
int md5_test()
{
Md5 md5;
@ -1146,6 +1240,99 @@ int aes_test()
return 0;
}
#ifdef HAVE_AESGCM
int aesgcm_test()
{
Aes enc;
/*
* This is Test Case 16 from the document Galois/
* Counter Mode of Operation (GCM) by McGrew and
* Viega.
*/
const byte k[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
const byte iv[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88, 0x00, 0x00, 0x00, 0x00
};
const byte p[] =
{
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
const byte a[] =
{
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
const byte c[] =
{
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62
};
const byte t[] =
{
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
};
byte t2[16];
byte p2[60];
byte c2[60];
int result;
memset(t2, 0, 16);
memset(c2, 0, 60);
memset(p2, 0, 60);
AesGcmSetKey(&enc, k, sizeof(k), iv);
AesGcmSetExpIV(&enc, iv + /*AES_GCM_IMP_IV_SZ*/ 4);
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
AesGcmEncrypt(&enc, c2, p, sizeof(c2), t2, sizeof(t2), a, sizeof(a));
if (memcmp(c, c2, sizeof(c2)))
return -68;
if (memcmp(t, t2, sizeof(t2)))
return -69;
result = AesGcmDecrypt(&enc,
p2, c2, sizeof(p2), t2, sizeof(t2), a, sizeof(a));
if (result != 0)
return -70;
if (memcmp(p, p2, sizeof(p2)))
return -71;
return 0;
}
#endif /* HAVE_AESGCM */
#endif /* NO_AES */

22
FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/aes.h
View file

@ -68,6 +68,14 @@ typedef struct Aes {
ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)]; /* same */
#ifdef HAVE_AESGCM
ALIGN16 byte H[AES_BLOCK_SIZE];
#ifdef GCM_TABLE
/* key-based fast multiplication table. */
ALIGN16 byte M0[256][AES_BLOCK_SIZE];
#endif /* GCM_TABLE */
#endif /* HAVE_AESGCM */
} Aes;
@ -80,6 +88,20 @@ CYASSL_API void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
CYASSL_API void AesEncryptDirect(Aes* aes, byte* out, const byte* in);
CYASSL_API void AesDecryptDirect(Aes* aes, byte* out, const byte* in);
#ifdef HAVE_AESGCM
CYASSL_API void AesGcmSetKey(Aes* aes, const byte* key, word32 len,
const byte* implicitIV);
CYASSL_API void AesGcmSetExpIV(Aes* aes, const byte* iv);
CYASSL_API void AesGcmGetExpIV(Aes* aes, byte* iv);
CYASSL_API void AesGcmIncExpIV(Aes* aes);
CYASSL_API void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
CYASSL_API int AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
#endif /* HAVE_AESGCM */
#ifdef __cplusplus
} /* extern "C" */

99
FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/asn.h
View file

@ -61,6 +61,7 @@ enum ASN_Tags {
ASN_SEQUENCE = 0x10,
ASN_SET = 0x11,
ASN_UTC_TIME = 0x17,
ASN_DNS_TYPE = 0x02,
ASN_GENERALIZED_TIME = 0x18,
CRL_EXTENSIONS = 0xa0,
ASN_EXTENSIONS = 0xa3,
@ -138,6 +139,8 @@ enum Misc_ASN {
#endif
/* Max total extensions, id + len + others */
#endif
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */
MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2
/* use bigger NTRU size */
};
@ -198,6 +201,13 @@ enum VerifyType {
};
typedef struct DNS_entry DNS_entry;
struct DNS_entry {
DNS_entry* next; /* next on DNS list */
char* name; /* actual DNS name */
};
typedef struct DecodedCert DecodedCert;
typedef struct Signer Signer;
@ -211,6 +221,7 @@ struct DecodedCert {
word32 sigLength; /* length of signature */
word32 signatureOID; /* sum of algorithm object id */
word32 keyOID; /* sum of key algo object id */
DNS_entry* altNames; /* alt names list of dns entries */
byte subjectHash[SHA_SIZE]; /* hash of all Names */
byte issuerHash[SHA_SIZE]; /* hash of all Names */
#ifdef HAVE_OCSP
@ -219,6 +230,7 @@ struct DecodedCert {
byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */
int subjectCNLen;
int subjectCNStored; /* have we saved a copy we own */
char issuer[ASN_NAME_MAX]; /* full name including common name */
char subject[ASN_NAME_MAX]; /* full name including common name */
int verify; /* Default to yes, but could be off */
@ -278,6 +290,7 @@ struct Signer {
#define CYASSL_TEST_API CYASSL_LOCAL
#endif
CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*);
CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
CYASSL_TEST_API void FreeDecodedCert(DecodedCert*);
CYASSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
@ -295,6 +308,7 @@ CYASSL_LOCAL void FreeSigners(Signer*, void*);
CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length);
CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int);
CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
#ifdef HAVE_ECC
/* ASN sig helpers */
@ -321,6 +335,10 @@ enum cert_enums {
#endif /* CYASSL_CERT_GEN */
/* for pointer use */
typedef struct CertStatus CertStatus;
#ifdef HAVE_OCSP
enum Ocsp_Response_Status {
@ -341,47 +359,82 @@ enum Ocsp_Cert_Status {
enum Ocsp_Sums {
OCSP_BASIC_OID = 117
OCSP_BASIC_OID = 117,
OCSP_NONCE_OID = 118
};
#define STATUS_LIST_SIZE 5
typedef struct OcspRequest OcspRequest;
typedef struct OcspResponse OcspResponse;
struct CertStatus {
CertStatus* next;
byte serial[EXTERNAL_SERIAL_SIZE];
int serialSz;
int status;
byte thisDate[MAX_DATE_SIZE];
byte nextDate[MAX_DATE_SIZE];
byte thisDateFormat;
byte nextDateFormat;
};
struct OcspResponse {
int responseStatus; /* return code from Responder */
word32 respBegin; /* index to beginning of OCSP Response */
word32 respLength; /* length of the OCSP Response */
byte* response; /* Pointer to beginning of OCSP Response */
word32 responseSz; /* length of the OCSP Response */
int version; /* Response version number */
byte producedDate[MAX_DATE_SIZE];
/* Date at which this response was signed */
byte producedDateFormat; /* format of the producedDate */
byte* issuerHash;
byte* issuerKeyHash;
word32 sigIndex; /* Index into source for start of sig */
word32 sigLength; /* Length in octets for the sig */
byte* cert;
word32 certSz;
byte* sig; /* Pointer to sig in source */
word32 sigSz; /* Length in octets for the sig */
word32 sigOID; /* OID for hash used for sig */
int certStatusCount; /* Count of certificate statuses, Note
* 1:1 correspondence between certStatus
* and certSerialNumber */
byte certSN[STATUS_LIST_SIZE][EXTERNAL_SERIAL_SIZE];
int certSNsz[STATUS_LIST_SIZE];
/* Certificate serial number array. */
word32 certStatus[STATUS_LIST_SIZE];
/* Certificate status array */
CertStatus* status; /* certificate status to fill out */
byte* nonce; /* pointer to nonce inside ASN.1 response */
int nonceSz; /* length of the nonce string */
byte* source; /* pointer to source buffer, not owned */
word32 maxIdx; /* max offset based on init size */
void* heap; /* for user memory overrides */
};
CYASSL_LOCAL void InitOcspResponse(OcspResponse*, byte*, word32, void*);
CYASSL_LOCAL void FreeOcspResponse(OcspResponse*);
struct OcspRequest {
DecodedCert* cert;
byte nonce[MAX_OCSP_NONCE_SZ];
int nonceSz;
byte* issuerHash; /* pointer to issuerHash in source cert */
byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */
byte* serial; /* pointer to serial number in source cert */
int serialSz; /* length of the serial number */
byte* dest; /* pointer to the destination ASN.1 buffer */
word32 destSz; /* length of the destination buffer */
};
CYASSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
CYASSL_LOCAL int OcspResponseDecode(OcspResponse*);
CYASSL_LOCAL int EncodeOcspRequest(DecodedCert*, byte*, word32);
CYASSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*, byte*, word32);
CYASSL_LOCAL int EncodeOcspRequest(OcspRequest*);
CYASSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*);
#endif /* HAVE_OCSP */
@ -410,12 +463,14 @@ struct DecodedCRL {
byte crlHash[MD5_DIGEST_SIZE]; /* raw crl data hash */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */
byte lastDateFormat; /* format of last date */
byte nextDateFormat; /* format of next date */
RevokedCert* certs; /* revoked cert list */
int totalCerts; /* number on list */
};
CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*);
CYASSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, long sz);
CYASSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, long sz, void* cm);
CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*);

2
FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/error.h
View file

@ -98,6 +98,8 @@ enum {
NO_PASSWORD = -176, /* no password provided by user */
ALT_NAME_E = -177, /* alt name size problem, too big */
AES_GCM_AUTH_E = -180, /* AES-GCM Authentication check failure */
MIN_CODE_E = -200 /* errors -101 - -199 */
};

17
FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/hmac.h
View file

@ -32,6 +32,10 @@
#include <cyassl/ctaocrypt/sha256.h>
#endif
#ifdef CYASSL_SHA384
#include <cyassl/ctaocrypt/sha512.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
@ -40,13 +44,19 @@
enum {
IPAD = 0x36,
OPAD = 0x5C,
#ifndef NO_SHA256
#if defined(CYASSL_SHA384)
INNER_HASH_SIZE = SHA384_DIGEST_SIZE,
HMAC_BLOCK_SIZE = SHA384_BLOCK_SIZE
#elif !defined(NO_SHA256)
INNER_HASH_SIZE = SHA256_DIGEST_SIZE,
HMAC_BLOCK_SIZE = SHA256_BLOCK_SIZE,
SHA384 = 5
#else
INNER_HASH_SIZE = SHA_DIGEST_SIZE,
HMAC_BLOCK_SIZE = SHA_BLOCK_SIZE,
SHA256 = 2, /* hash type unique */
SHA384 = 5
#endif
HMAC_BLOCK_SIZE = MD5_BLOCK_SIZE
};
@ -57,6 +67,9 @@ typedef union {
#ifndef NO_SHA256
Sha256 sha256;
#endif
#ifdef CYASSL_SHA384
Sha384 sha384;
#endif
} Hash;
/* Hmac digest */

1
FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/include.am
View file

@ -15,6 +15,7 @@ nobase_include_HEADERS+= \
cyassl/ctaocrypt/hc128.h \
cyassl/ctaocrypt/hmac.h \
cyassl/ctaocrypt/integer.h \
cyassl/ctaocrypt/md2.h \
cyassl/ctaocrypt/md4.h \
cyassl/ctaocrypt/md5.h \
cyassl/ctaocrypt/misc.h \

64
FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/md2.h Normal file
View file

@ -0,0 +1,64 @@
/* md2.h
*
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef CYASSL_MD2
#ifndef CTAO_CRYPT_MD2_H
#define CTAO_CRYPT_MD2_H
#include <cyassl/ctaocrypt/types.h>
#ifdef __cplusplus
extern "C" {
#endif
/* in bytes */
enum {
MD2 = 6, /* hash type unique */
MD2_BLOCK_SIZE = 16,
MD2_DIGEST_SIZE = 16,
MD2_PAD_SIZE = 16,
MD2_X_SIZE = 48
};
/* Md2 digest */
typedef struct Md2 {
word32 count; /* bytes % PAD_SIZE */
byte X[MD2_X_SIZE];
byte C[MD2_BLOCK_SIZE];
byte buffer[MD2_BLOCK_SIZE];
} Md2;
CYASSL_API void InitMd2(Md2*);
CYASSL_API void Md2Update(Md2*, const byte*, word32);
CYASSL_API void Md2Final(Md2*, byte*);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* CTAO_CRYPT_MD2_H */
#endif /* CYASSL_MD2 */

13
FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/misc.h
View file

@ -49,6 +49,19 @@ CYASSL_LOCAL
void XorWords(word*, const word*, word32);
CYASSL_LOCAL
void xorbuf(byte*, const byte*, word32);
#ifdef WORD64_AVAILABLE
CYASSL_LOCAL
word64 rotlFixed64(word64, word64);
CYASSL_LOCAL
word64 rotrFixed64(word64, word64);
CYASSL_LOCAL
word64 ByteReverseWord64(word64);
CYASSL_LOCAL
void ByteReverseWords64(word64*, const word64*, word32);
#endif /* WORD64_AVAILABLE */
#endif /* NO_INLINE */

15
FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/settings.h
View file

@ -85,17 +85,22 @@
#define NO_HC128
#endif /* MBED */
#ifdef FREERTOS
#ifdef FREERTOS_WINSIM
#define FREERTOS
#define USE_WINDOWS_API
#endif
#ifdef FREERTOS
#define NO_WRITEV
#define NO_SHA512
#define NO_DH
#define NO_DSA
#define NO_HC128
#endif
#ifdef FREERTOS_WINSIM
#define FREERTOS
#define USE_WINDOWS_API
#ifndef SINGLE_THREADED
#include "FreeRTOS.h"
#include "semphr.h"
#endif
#endif
#ifdef CYASSL_GAME_BUILD

9
FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/types.h
View file

@ -157,6 +157,8 @@ enum {
#ifndef STRING_USER
#include <string.h>
char* mystrnstr(const char* s1, const char* s2, unsigned int n);
#define XMEMCPY(d,s,l) memcpy((d),(s),(l))
#define XMEMSET(b,c,l) memset((b),(c),(l))
#define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
@ -167,6 +169,7 @@ enum {
/* strstr, strncmp, and strncat only used by CyaSSL proper, not required for
CTaoCrypt only */
#define XSTRSTR(s1,s2) strstr((s1),(s2))
#define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
#endif
@ -205,7 +208,11 @@ enum {
DYNAMIC_TYPE_CRL = 22,
DYNAMIC_TYPE_REVOKED = 23,
DYNAMIC_TYPE_CRL_ENTRY = 24,
DYNAMIC_TYPE_CERT_MANAGER = 25
DYNAMIC_TYPE_CERT_MANAGER = 25,
DYNAMIC_TYPE_CRL_MONITOR = 26,
DYNAMIC_TYPE_OCSP_STATUS = 27,
DYNAMIC_TYPE_OCSP_ENTRY = 28,
DYNAMIC_TYPE_ALTNAME = 29
};
/* stack protection */

13
FreeRTOS-Plus/CyaSSL/cyassl/error.h
View file

@ -92,14 +92,21 @@ enum CyaSSL_ErrorCodes {
NOT_CA_ERROR = -257, /* Not a CA cert error */
BAD_PATH_ERROR = -258, /* Bad path for opendir */
BAD_CERT_MANAGER_ERROR = -259, /* Bad Cert Manager */
OCSP_CERT_REVOKED = -260,
OCSP_CERT_REVOKED = -260, /* OCSP Certificate revoked */
CRL_CERT_REVOKED = -261, /* CRL Certificate revoked */
CRL_MISSING = -262, /* CRL Not loaded */
MONITOR_RUNNING_E = -263, /* CRL Monitor already running */
THREAD_CREATE_E = -264, /* Thread Create Error */
OCSP_NEED_URL = -265, /* OCSP need an URL for lookup */
OCSP_CERT_UNKNOWN = -266, /* OCSP responder doesn't know */
OCSP_LOOKUP_FAIL = -267, /* OCSP lookup not successful */
MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */
COOKIE_ERROR = -269, /* dtls cookie error */
/* add strings to SetErrorString !!!!! */
/* begin negotiation parameter errors */
UNSUPPORTED_SUITE = -270, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -271 /* can't match cipher suite */
UNSUPPORTED_SUITE = -290, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -291 /* can't match cipher suite */
/* end negotiation parameter errors only 10 for now */
/* add strings to SetErrorString !!!!! */
};

150
FreeRTOS-Plus/CyaSSL/cyassl/internal.h
View file

@ -44,6 +44,9 @@
#ifdef HAVE_OCSP
#include <cyassl/ocsp.h>
#endif
#ifdef CYASSL_SHA512
#include <cyassl/ctaocrypt/sha512.h>
#endif
#ifdef CYASSL_CALLBACKS
#include <cyassl/openssl/cyassl_callbacks.h>
@ -59,10 +62,6 @@
#include <winsock2.h>
#endif
#include <windows.h>
#if defined(FREERTOS_WINSIM) && !defined(SINGLE_THREADED)
#include "FreeRTOS.h"
#include "semphr.h"
#endif
#endif
#elif defined(THREADX)
#ifndef SINGLE_THREADED
@ -71,10 +70,7 @@
#elif defined(MICRIUM)
/* do nothing, just don't pick Unix */
#elif defined(FREERTOS)
#ifndef SINGLE_THREADED
#include "FreeRTOS.h"
#include "semphr.h"
#endif
/* do nothing */
#else
#ifndef SINGLE_THREADED
#define CYASSL_PTHREADS
@ -156,6 +152,10 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
#endif
#if defined (HAVE_AESGCM)
#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
#endif
#endif
#if !defined(NO_HC128) && !defined(NO_TLS)
@ -173,6 +173,10 @@ void c32to24(word32 in, word24 out);
#if !defined (NO_SHA256)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
#if defined (HAVE_AESGCM)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
#endif
#endif
#endif
@ -187,6 +191,18 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
#if defined (HAVE_AESGCM)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
#endif
#endif
#if !defined(NO_RC4)
#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
@ -219,6 +235,10 @@ void c32to24(word32 in, word24 out);
#define BUILD_AES
#endif
#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256)
#define BUILD_AESGCM
#endif
#if defined(BUILD_TLS_RSA_WITH_HC_128_CBC_SHA) || \
defined(BUILD_TLS_RSA_WITH_HC_128_CBC_MD5)
#define BUILD_HC128
@ -284,7 +304,23 @@ enum {
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
/* AES-GCM */
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32
};
@ -306,12 +342,15 @@ enum Misc {
TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
NO_COMPRESSION = 0,
ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */
HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
SECRET_LEN = 48, /* pre RSA and all master */
ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
SIZEOF_SENDER = 4, /* clnt or srvr */
FINISHED_SZ = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE,
MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
MAX_MSG_EXTRA = 68, /* max added to msg, mac + pad */
MAX_MSG_EXTRA = 70, /* max added to msg, mac + pad from */
/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + SHA_256
digest sz + BLOC_SZ (iv) + pad byte (1) */
MAX_COMP_EXTRA = 1024, /* max compression extra */
MAX_MTU = 1500, /* max expected MTU */
MAX_UDP_SIZE = MAX_MTU - 100, /* don't exceed MTU w/ 100 byte header */
@ -335,6 +374,7 @@ enum Misc {
SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
ID_LEN = 32, /* session id length */
MAX_COOKIE_LEN = 32, /* max dtls cookie size */
COOKIE_SZ = 20, /* use a 20 byte cookie */
SUITE_LEN = 2, /* cipher suite sz length */
ENUM_LEN = 1, /* always a byte */
COMP_LEN = 1, /* compression length */
@ -345,6 +385,10 @@ enum Misc {
CERT_HEADER_SZ = 3, /* always 3 bytes */
REQ_HEADER_SZ = 2, /* cert request header sz */
HINT_LEN_SZ = 2, /* length of hint size field */
HELLO_EXT_SZ = 14, /* total length of the lazy hello extensions */
HELLO_EXT_LEN = 12, /* length of the lazy hello extensions */
HELLO_EXT_SIGALGO_SZ = 8, /* length of signature algo extension */
HELLO_EXT_SIGALGO_LEN = 6, /* number of items in the signature algo list */
DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
@ -368,8 +412,19 @@ enum Misc {
AES_256_KEY_SIZE = 32, /* for 256 bit */
AES_192_KEY_SIZE = 24, /* for 192 bit */
AES_IV_SIZE = 16, /* always block size */
AES_GCM_IMP_IV_SZ = 4, /* Implicit part of IV */
AES_GCM_EXP_IV_SZ = 8, /* Explicit part of IV */
AES_GCM_CTR_IV_SZ = 4, /* Counter part of IV */
AES_128_KEY_SIZE = 16, /* for 128 bit */
AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
AEAD_AUTH_TAG_SZ = 16, /* Size of the authentication tag */
AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
HC_128_KEY_SIZE = 16, /* 128 bits */
HC_128_IV_SIZE = 16, /* also 128 bits */
@ -394,7 +449,7 @@ enum Misc {
MAX_EX_DATA = 3, /* allow for three items of ex_data */
MAX_CHAIN_DEPTH = 9, /* max cert chain peer depth, FORTRESS option */
#else
MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */
MAX_CHAIN_DEPTH = 6, /* max cert chain peer depth */
#endif
MAX_X509_SIZE = 2048, /* max static x509 buffer size */
CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
@ -484,9 +539,6 @@ struct CYASSL_BIO {
struct CYASSL_METHOD {
ProtocolVersion version;
byte side; /* connection side, server or client */
byte verifyPeer; /* request or send certificate */
byte verifyNone; /* whether to verify certificate */
byte failNoCert; /* fail if no certificate */
byte downgrade; /* whether to downgrade version, default no */
};
@ -520,9 +572,9 @@ enum {
#define COMP_EXTRA 0
#endif
/* only the sniffer needs space in the buffer for an extra MTU record */
/* only the sniffer needs space in the buffer for extra MTU record(s) */
#ifdef CYASSL_SNIFFER
#define MTU_EXTRA MAX_MTU
#define MTU_EXTRA MAX_MTU * 3
#else
#define MTU_EXTRA 0
#endif
@ -599,6 +651,8 @@ int SetCipherList(Suites*, const char* list);
#endif
#ifdef CYASSL_DTLS
CYASSL_LOCAL
int EmbedGenerateCookie(byte *buf, int sz, void *ctx);
CYASSL_LOCAL
int IsUDP(void*);
#endif
@ -613,7 +667,7 @@ struct CYASSL_CIPHER {
#ifdef SINGLE_THREADED
typedef int CyaSSL_Mutex;
#else /* MULTI_THREADED */
/* Comes first to enable use of FreeRTOS Windows simulator only. */
/* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
#ifdef FREERTOS
typedef xSemaphoreHandle CyaSSL_Mutex;
#elif defined(USE_WINDOWS_API)
@ -636,6 +690,28 @@ CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
typedef struct OCSP_Entry OCSP_Entry;
struct OCSP_Entry {
OCSP_Entry* next; /* next entry */
byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
byte issuerKeyHash[SHA_DIGEST_SIZE]; /* issuer public key hash */
CertStatus* status; /* OCSP response list */
int totalStatus; /* number on list */
};
/* CyaSSL OCSP controller */
struct CYASSL_OCSP {
byte enabled;
byte useOverrideUrl;
char overrideName[80];
char overridePath[80];
int overridePort;
OCSP_Entry* ocspList;
};
typedef struct CRL_Entry CRL_Entry;
/* Complete CRL */
@ -645,16 +721,31 @@ struct CRL_Entry {
byte crlHash[MD5_DIGEST_SIZE]; /* raw crl data hash */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */
byte lastDateFormat; /* last date format */
byte nextDateFormat; /* next date format */
RevokedCert* certs; /* revoked cert list */
int totalCerts; /* number on list */
};
typedef struct CRL_Monitor CRL_Monitor;
/* CRL directory monitor */
struct CRL_Monitor {
char* path; /* full dir path, if valid pointer we're using */
int type; /* PEM or ASN1 type */
};
/* CyaSSL CRL controller */
struct CYASSL_CRL {
CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
CRL_Entry* crlList; /* our CRL list */
CyaSSL_Mutex crlLock; /* CRL list lock */
CRL_Monitor monitors[2]; /* PEM and DER possible */
#ifdef HAVE_CRL_MONITOR
pthread_t tid; /* monitoring thread */
#endif
};
@ -693,7 +784,7 @@ struct CYASSL_CTX {
byte sendVerify; /* for client side */
byte haveDH; /* server DH parms set by user */
byte haveNTRU; /* server private NTRU key loaded */
byte haveECDSA; /* server cert signed w/ ECDSA loaded */
byte haveECDSAsig; /* server cert signed w/ ECDSA */
byte haveStaticECC; /* static server ECC private key */
byte partialWrite; /* only one msg per write call */
byte quietShutdown; /* don't send close notify */
@ -741,7 +832,7 @@ int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
/* All cipher suite related info */
typedef struct CipherSpecs {
byte bulk_cipher_algorithm;
byte cipher_type; /* block or stream */
byte cipher_type; /* block, stream, or aead */
byte mac_algorithm;
byte kea; /* key exchange algo */
byte sig_algo;
@ -765,6 +856,7 @@ enum BulkCipherAlgorithm {
des40,
idea,
aes,
aes_gcm,
hc128, /* CyaSSL extensions */
rabbit
};
@ -772,7 +864,7 @@ enum BulkCipherAlgorithm {
/* Supported Message Authentication Codes from page 43 */
enum MACAlgorithm {
no_mac = 0,
no_mac,
md5_mac,
sha_mac,
sha224_mac,
@ -785,19 +877,20 @@ enum MACAlgorithm {
/* Supported Key Exchange Protocols */
enum KeyExchangeAlgorithm {
no_kea = 0,
no_kea,
rsa_kea,
diffie_hellman_kea,
fortezza_kea,
psk_kea,
ntru_kea,
ecc_diffie_hellman_kea
ecc_diffie_hellman_kea,
ecc_static_diffie_hellman_kea /* for verify suite only */
};
/* Supported Authentication Schemes */
enum SignatureAlgorithm {
anonymous_sa_algo = 0,
anonymous_sa_algo,
rsa_sa_algo,
dsa_sa_algo,
ecc_dsa_sa_algo
@ -834,7 +927,7 @@ enum ClientCertificateType {
};
enum CipherType { stream, block };
enum CipherType { stream, block, aead };
/* keys and secrets */
@ -1011,7 +1104,7 @@ typedef struct Options {
byte usingCompression; /* are we using compression */
byte haveDH; /* server DH parms set by user */
byte haveNTRU; /* server NTRU private key loaded */
byte haveECDSA; /* server ECDSA signed cert */
byte haveECDSAsig; /* server ECDSA signed cert */
byte haveStaticECC; /* static server ECC private key */
byte havePeerCert; /* do we have peer's cert */
byte usingPSK_cipher; /* whether we're using psk as cipher */
@ -1037,6 +1130,7 @@ typedef struct Arrays {
byte masterSecret[SECRET_LEN];
#ifdef CYASSL_DTLS
byte cookie[MAX_COOKIE_LEN];
byte cookieSz;
#endif
#ifndef NO_PSK
char client_identity[MAX_PSK_ID_LEN];
@ -1061,6 +1155,8 @@ struct CYASSL_X509 {
byte serial[EXTERNAL_SERIAL_SIZE];
char subjectCN[ASN_NAME_MAX]; /* common name short cut */
buffer derCert; /* may need */
DNS_entry* altNames; /* alt names list */
DNS_entry* altNamesNext; /* hint for retrieval */
};
@ -1104,6 +1200,9 @@ struct CYASSL {
Sha hashSha; /* sha hash of handshake msgs */
#ifndef NO_SHA256
Sha256 hashSha256; /* sha256 hash of handshake msgs */
#endif
#ifdef CYASSL_SHA384
Sha384 hashSha384; /* sha384 hash of handshake msgs */
#endif
Hashes verifyHashes;
Hashes certHashes; /* for cert verify */
@ -1241,6 +1340,7 @@ enum HandShakeType {
client_hello = 1,
server_hello = 2,
hello_verify_request = 3, /* DTLS addition */
session_ticket = 4,
certificate = 11,
server_key_exchange = 12,
certificate_request = 13,

24
FreeRTOS-Plus/CyaSSL/cyassl/ocsp.h
View file

@ -26,38 +26,18 @@
#define CYASSL_OCSP_H
#include <cyassl/ssl.h>
#include <cyassl/ctaocrypt/asn.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct CYASSL_OCSP CYASSL_OCSP;
typedef struct CertStatus CertStatus;
struct CertStatus {
byte issuerHash[SHA_SIZE];
byte issuerKeyHash[SHA_SIZE];
byte serial[EXTERNAL_SERIAL_SIZE];
int serialSz;
int status;
};
struct CYASSL_OCSP {
byte enabled;
byte useOverrideUrl;
char overrideName[80];
char overridePath[80];
int overridePort;
int statusLen;
CertStatus status[1];
};
CYASSL_LOCAL int CyaSSL_OCSP_Init(CYASSL_OCSP*);
CYASSL_LOCAL void CyaSSL_OCSP_Cleanup(CYASSL_OCSP*);
CYASSL_LOCAL int CyaSSL_OCSP_set_override_url(CYASSL_OCSP*, const char*);
CYASSL_LOCAL int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP*, DecodedCert*);

2
FreeRTOS-Plus/CyaSSL/cyassl/openssl/ssl.h
View file

@ -37,8 +37,6 @@
#ifdef _WIN32
/* wincrypt.h clashes */
#undef X509_NAME
#undef OCSP_REQUEST
#undef OCSP_RESPONSE
#endif

8
FreeRTOS-Plus/CyaSSL/cyassl/sniffer_error.h
View file

@ -90,9 +90,15 @@
#define OUT_OF_ORDER_STR 57
#define OVERLAP_DUPLICATE_STR 58
#define OVERLAP_REASSEMBLY_BEGIN_STR 59
#define OVERLAP_REASSEMBLY_END_STR 60
#define MISSED_CLIENT_HELLO_STR 61
#define GOT_HELLO_REQUEST_STR 62
#define GOT_SESSION_TICKET_STR 63
#define BAD_INPUT_STR 64
#define BAD_DECRYPT_TYPE 65
#define BAD_FINISHED_MSG 66
#define BAD_COMPRESSION_STR 67
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */

7
FreeRTOS-Plus/CyaSSL/cyassl/sniffer_error.rc
View file

@ -74,5 +74,12 @@ STRINGTABLE
60, "Received an Overlap Reassembly End Duplicate Packet"
61, "Missed the Client Hello Entirely"
62, "Got Hello Request msg"
63, "Got Session Ticket msg"
64, "Bad Input"
65, "Bad Decrypt Type"
66, "Bad Finished Message Processing"
67, "Bad Compression Type"
}

18
FreeRTOS-Plus/CyaSSL/cyassl/ssl.h
View file

@ -43,6 +43,12 @@
#define CYASSL_VERSION LIBCYASSL_VERSION_STRING
#endif
#ifdef _WIN32
/* wincrypt.h clashes */
#undef OCSP_REQUEST
#undef OCSP_RESPONSE
#endif
#ifdef __cplusplus
@ -686,6 +692,8 @@ CYASSL_API const unsigned char* CyaSSL_X509_get_der(CYASSL_X509*, int*);
CYASSL_API int CyaSSL_cmp_peer_cert_to_file(CYASSL*, const char*);
CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*);
/* connect enough to get peer cert */
CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl);
@ -763,10 +771,15 @@ CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx);
/* CA cache callbacks */
enum {
CYASSL_SSLV3 = 0,
CYASSL_TLSV1 = 1,
CYASSL_TLSV1_1 = 2,
CYASSL_TLSV1_2 = 3,
CYASSL_USER_CA = 1, /* user added as trusted */
CYASSL_CHAIN_CA = 2 /* added to cache from trusted chain */
};
CYASSL_API int CyaSSL_SetVersion(CYASSL* ssl, int version);
CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
int, const char*);
@ -783,6 +796,8 @@ CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
const char* d);
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
int format);
CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
const unsigned char* buff, int sz, int format);
CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
int sz);
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
@ -801,7 +816,8 @@ CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);
#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */
#define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */
#ifdef CYASSL_CALLBACKS

165
FreeRTOS-Plus/CyaSSL/cyassl/test.h
View file

@ -7,6 +7,7 @@
#include <stdlib.h>
#include <assert.h>
#include <ctype.h>
#include <cyassl/ssl.h>
#include <cyassl/ctaocrypt/types.h>
#ifdef USE_WINDOWS_API
@ -44,6 +45,7 @@
#pragma warning(disable:4244 4996)
#endif
#if defined(__MACH__) || defined(USE_WINDOWS_API)
#ifndef _SOCKLEN_T
typedef int socklen_t;
@ -96,20 +98,23 @@
#endif
#define SERVER_DEFAULT_VERSION 3
#define CLIENT_DEFAULT_VERSION 3
/* all certs relative to CyaSSL home directory now */
static const char* caCert = "./certs/ca-cert.pem";
static const char* eccCert = "./certs/server-ecc.pem";
static const char* eccKey = "./certs/ecc-key.pem";
static const char* svrCert = "./certs/server-cert.pem";
static const char* svrKey = "./certs/server-key.pem";
static const char* cliCert = "./certs/client-cert.pem";
static const char* cliKey = "./certs/client-key.pem";
static const char* ntruCert = "./certs/ntru-cert.pem";
static const char* ntruKey = "./certs/ntru-key.raw";
static const char* dhParam = "./certs/dh2048.pem";
static const char* cliEccKey = "./certs/ecc-client-key.pem";
static const char* cliEccCert = "./certs/client-ecc-cert.pem";
static const char* crlPemDir = "./certs/crl";
#define caCert "./certs/ca-cert.pem"
#define eccCert "./certs/server-ecc.pem"
#define eccKey "./certs/ecc-key.pem"
#define svrCert "./certs/server-cert.pem"
#define svrKey "./certs/server-key.pem"
#define cliCert "./certs/client-cert.pem"
#define cliKey "./certs/client-key.pem"
#define ntruCert "./certs/ntru-cert.pem"
#define ntruKey "./certs/ntru-key.raw"
#define dhParam "./certs/dh2048.pem"
#define cliEccKey "./certs/ecc-client-key.pem"
#define cliEccCert "./certs/client-ecc-cert.pem"
#define crlPemDir "./certs/crl"
typedef struct tcp_ready {
int ready; /* predicate */
@ -131,6 +136,7 @@ typedef struct func_args {
tcp_ready* signal;
} func_args;
void wait_tcp_ready(func_args*);
typedef THREAD_RETURN CYASSL_THREAD THREAD_FUNC(void*);
@ -149,9 +155,77 @@ static INLINE void err_sys(const char* msg)
}
#define MY_EX_USAGE 2
extern int myoptind;
extern char* myoptarg;
static INLINE int mygetopt(int argc, char** argv, char* optstring)
{
static char* next = NULL;
char c;
char* cp;
if (myoptind == 0)
next = NULL; /* we're starting new/over */
if (next == NULL || *next == '\0') {
if (myoptind == 0)
myoptind++;
if (myoptind >= argc || argv[myoptind][0] != '-' ||
argv[myoptind][1] == '\0') {
myoptarg = NULL;
if (myoptind < argc)
myoptarg = argv[myoptind];
return -1;
}
if (strcmp(argv[myoptind], "--") == 0) {
myoptind++;
myoptarg = NULL;
if (myoptind < argc)
myoptarg = argv[myoptind];
return -1;
}
next = argv[myoptind];
next++; /* skip - */
myoptind++;
}
c = *next++;
cp = strchr(optstring, c);
if (cp == NULL || c == ':')
return '?';
cp++;
if (*cp == ':') {
if (*next != '\0') {
myoptarg = next;
next = NULL;
}
else if (myoptind < argc) {
myoptarg = argv[myoptind];
myoptind++;
}
else
return '?';
}
return c;
}
#ifdef OPENSSL_EXTRA
static int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
{
strncpy(passwd, "yassl123", sz);
return 8;
@ -167,6 +241,7 @@ static INLINE void showPeer(CYASSL* ssl)
CYASSL_CIPHER* cipher;
CYASSL_X509* peer = CyaSSL_get_peer_certificate(ssl);
if (peer) {
char* altName;
char* issuer = CyaSSL_X509_NAME_oneline(
CyaSSL_X509_get_issuer_name(peer), 0, 0);
char* subject = CyaSSL_X509_NAME_oneline(
@ -177,6 +252,10 @@ static INLINE void showPeer(CYASSL* ssl)
printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
subject);
while ( (altName = CyaSSL_X509_get_next_altname(peer)) )
printf(" altname = %s\n", altName);
ret = CyaSSL_X509_get_serial_number(peer, serial, &sz);
if (ret == 0) {
int i;
@ -204,8 +283,8 @@ static INLINE void showPeer(CYASSL* ssl)
#if defined(SESSION_CERTS) && defined(SHOW_CERTS)
{
X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl);
int count = CyaSSL_get_chain_count(chain);
CYASSL_X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl);
int count = CyaSSL_get_chain_count(chain);
int i;
for (i = 0; i < count; i++) {
@ -223,7 +302,7 @@ static INLINE void showPeer(CYASSL* ssl)
static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
const char* peer, word16 port)
const char* peer, word16 port, int udp)
{
#ifndef TEST_IPV6
const char* host = peer;
@ -244,11 +323,10 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
}
#endif
#ifdef CYASSL_DTLS
*sockfd = socket(AF_INET_V, SOCK_DGRAM, 0);
#else
*sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
#endif
if (udp)
*sockfd = socket(AF_INET_V, SOCK_DGRAM, 0);
else
*sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
memset(addr, 0, sizeof(SOCKADDR_IN_T));
#ifndef TEST_IPV6
@ -275,7 +353,8 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
}
#endif
#if defined(TCP_NODELAY) && !defined(CYASSL_DTLS)
#if defined(TCP_NODELAY)
if (!udp)
{
int on = 1;
socklen_t len = sizeof(on);
@ -288,27 +367,28 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
}
static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
int udp)
{
SOCKADDR_IN_T addr;
tcp_socket(sockfd, &addr, ip, port);
tcp_socket(sockfd, &addr, ip, port, udp);
if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
err_sys("tcp connect failed");
}
static INLINE void tcp_listen(SOCKET_T* sockfd)
static INLINE void tcp_listen(SOCKET_T* sockfd, int port, int useAnyAddr,
int udp)
{
SOCKADDR_IN_T addr;
/* don't use INADDR_ANY by default, firewall may block, make user switch
on */
#ifdef USE_ANY_ADDR
tcp_socket(sockfd, &addr, INADDR_ANY, yasslPort);
#else
tcp_socket(sockfd, &addr, yasslIP, yasslPort);
#endif
if (useAnyAddr)
tcp_socket(sockfd, &addr, INADDR_ANY, port, udp);
else
tcp_socket(sockfd, &addr, yasslIP, port, udp);
#ifndef USE_WINDOWS_API
{
@ -320,10 +400,10 @@ static INLINE void tcp_listen(SOCKET_T* sockfd)
if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
err_sys("tcp bind failed");
#ifndef CYASSL_DTLS
if (listen(*sockfd, 5) != 0)
err_sys("tcp listen failed");
#endif
if (!udp) {
if (listen(*sockfd, 5) != 0)
err_sys("tcp listen failed");
}
}
@ -351,7 +431,7 @@ static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
{
SOCKADDR_IN_T addr;
tcp_socket(sockfd, &addr, yasslIP, yasslPort);
tcp_socket(sockfd, &addr, yasslIP, yasslPort, 1);
#ifndef USE_WINDOWS_API
@ -379,17 +459,18 @@ static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
*clientfd = udp_read_connect(*sockfd);
}
static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args,
int port, int useAnyAddr, int udp)
{
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
#ifdef CYASSL_DTLS
if (udp) {
udp_accept(sockfd, clientfd, args);
return;
#endif
}
tcp_listen(sockfd);
tcp_listen(sockfd, port, useAnyAddr, udp);
#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER)
/* signal ready to tcp_accept */
@ -545,7 +626,7 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
#ifdef VERIFY_CALLBACK
static int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
{
char buffer[80];
@ -577,7 +658,7 @@ static int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
#ifdef HAVE_CRL
static void CRL_CallBack(char* url)
static void INLINE CRL_CallBack(const char* url)
{
printf("CRL callback url = %s\n", url);
}

4
FreeRTOS-Plus/CyaSSL/cyassl/version.h
View file

@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBCYASSL_VERSION_STRING "2.2.0"
#define LIBCYASSL_VERSION_HEX 0x02002000
#define LIBCYASSL_VERSION_STRING "2.3.0"
#define LIBCYASSL_VERSION_HEX 0x02003000
#ifdef __cplusplus
}

282
FreeRTOS-Plus/CyaSSL/examples/client/client.c
View file

@ -38,7 +38,7 @@
#endif
#if defined(NON_BLOCKING) || defined(CYASSL_CALLBACKS)
void NonBlockingSSL_Connect(CyaSSL* ssl)
void NonBlockingSSL_Connect(CYASSL* ssl)
{
#ifndef CYASSL_CALLBACKS
int ret = CyaSSL_connect(ssl);
@ -70,6 +70,28 @@
#endif
static void Usage(void)
{
printf("client " LIBCYASSL_VERSION_STRING
" NOTE: All files relative to CyaSSL home dir\n");
printf("-? Help, print this usage\n");
printf("-h <host> Host to connect to, default %s\n", yasslIP);
printf("-p <num> Port to connect on, default %d\n", yasslPort);
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
CLIENT_DEFAULT_VERSION);
printf("-l <str> Cipher list\n");
printf("-c <file> Certificate file, default %s\n", cliCert);
printf("-k <file> Key file, default %s\n", cliKey);
printf("-A <file> Certificate Authority file, default %s\n", caCert);
printf("-b <num> Benchmark <num> connections and print stats\n");
printf("-s Use pre Shared keys\n");
printf("-d Disable peer checks\n");
printf("-g Send server HTTP GET\n");
printf("-u Use UDP DTLS\n");
printf("-m Match domain name in cert\n");
}
void client_test(void* args)
{
SOCKET_T sockfd = 0;
@ -90,22 +112,149 @@ void client_test(void* args)
int input;
int msgSz = strlen(msg);
int port = yasslPort;
char* host = (char*)yasslIP;
char* domain = "www.yassl.com";
int ch;
int version = CLIENT_DEFAULT_VERSION;
int usePsk = 0;
int sendGET = 0;
int benchmark = 0;
int doDTLS = 0;
int matchName = 0;
int doPeerCheck = 1;
char* cipherList = NULL;
char* verifyCert = (char*)caCert;
char* ourCert = (char*)cliCert;
char* ourKey = (char*)cliKey;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
#if defined(CYASSL_DTLS)
method = CyaDTLSv1_client_method();
#elif !defined(NO_TLS)
method = CyaSSLv23_client_method();
#else
method = CyaSSLv3_client_method();
while ((ch = mygetopt(argc, argv, "?gdusmh:p:v:l:A:c:k:b:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 's' :
usePsk = 1;
break;
case 'm' :
matchName = 1;
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
break;
case 'p' :
port = atoi(myoptarg);
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* DTLS flag */
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
case 'b' :
benchmark = atoi(myoptarg);
if (benchmark < 0 || benchmark > 1000000) {
Usage();
exit(MY_EX_USAGE);
}
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
argc -= myoptind;
argv += myoptind;
myoptind = 0; /* reset for test cases */
switch (version) {
case 0:
method = CyaSSLv3_client_method();
break;
case 1:
method = CyaTLSv1_client_method();
break;
case 2:
method = CyaTLSv1_1_client_method();
break;
case 3:
method = CyaTLSv1_2_client_method();
break;
#ifdef CYASSL_DTLS
case -1:
method = CyaDTLSv1_client_method();
break;
#endif
ctx = CyaSSL_CTX_new(method);
default:
err_sys("Bad SSL version");
}
if (method == NULL)
err_sys("unable to get method");
ctx = CyaSSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("can't set cipher list");
#ifndef NO_PSK
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
if (usePsk)
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
#endif
#ifdef OPENSSL_EXTRA
@ -114,76 +263,44 @@ void client_test(void* args)
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
if (cipherList == NULL)
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
err_sys("can't set cipher list");
#endif
#ifdef USER_CA_CB
CyaSSL_CTX_SetCACb(ctx, CaCb);
#endif
#ifndef NO_FILESYSTEM
if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#ifdef HAVE_ECC
if (CyaSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#endif
#else
load_buffer(ctx, caCert, CYASSL_CA);
#endif
#ifdef VERIFY_CALLBACK
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
#endif
if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
if (argc == 3) {
/* ./client server securePort */
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); /* TODO: add ca cert */
/* this is just to allow easy testing of other servers */
tcp_connect(&sockfd, argv[1], (short)atoi(argv[2]));
}
else if (argc == 1) {
/* ./client // plain mode */
/* for client cert authentication if server requests */
#ifndef NO_FILESYSTEM
#ifdef HAVE_ECC
if (CyaSSL_CTX_use_certificate_file(ctx, cliEccCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load ecc client cert file, "
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliEccKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load ecc client key file, "
"Please run from CyaSSL home dir");
#else
if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, "
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client key file, "
"Please run from CyaSSL home dir");
#endif /* HAVE_ECC */
#else
load_buffer(ctx, cliCert, CYASSL_CERT);
load_buffer(ctx, cliKey, CYASSL_KEY);
#endif
if (doPeerCheck == 0)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
tcp_connect(&sockfd, yasslIP, yasslPort);
}
else if (argc == 2) {
if (benchmark) {
/* time passed in number of connects give average */
int times = atoi(argv[1]);
int times = benchmark;
int i = 0;
double start = current_time(), avg;
for (i = 0; i < times; i++) {
tcp_connect(&sockfd, yasslIP, yasslPort);
tcp_connect(&sockfd, host, port, doDTLS);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
if (CyaSSL_connect(ssl) != SSL_SUCCESS)
@ -195,25 +312,30 @@ void client_test(void* args)
}
avg = current_time() - start;
avg /= times;
avg *= 1000; /* milliseconds */
printf("SSL_connect avg took:%6.3f milliseconds\n", avg);
avg *= 1000; /* milliseconds */
printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg);
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
return;
}
else
err_sys("usage: ./client server securePort");
exit(EXIT_SUCCESS);
}
tcp_connect(&sockfd, host, port, doDTLS);
ssl = CyaSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS)
err_sys("can't enable crl check");
if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
err_sys("can't load crl, check crlfile and date validity");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
#endif
if (argc != 3)
CyaSSL_check_domain_name(ssl, "www.yassl.com");
if (matchName && doPeerCheck)
CyaSSL_check_domain_name(ssl, domain);
#ifdef NON_BLOCKING
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(ssl);
@ -233,7 +355,7 @@ void client_test(void* args)
#endif
showPeer(ssl);
if (argc == 3) {
if (sendGET) {
printf("SSL connect ok, sending GET...\n");
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
@ -246,7 +368,7 @@ void client_test(void* args)
reply[input] = 0;
printf("Server response: %s\n", reply);
if (argc == 3) { /* get html */
if (sendGET) { /* get html */
while (1) {
input = CyaSSL_read(ssl, reply, sizeof(reply));
if (input > 0) {
@ -260,12 +382,12 @@ void client_test(void* args)
}
#ifdef TEST_RESUME
#ifdef CYASSL_DTLS
if (doDTLS) {
strncpy(msg, "break", 6);
msgSz = (int)strlen(msg);
/* try to send session close */
CyaSSL_write(ssl, msg, msgSz);
#endif
}
session = CyaSSL_get_session(ssl);
sslResume = CyaSSL_new(ctx);
#endif
@ -275,17 +397,14 @@ void client_test(void* args)
CloseSocket(sockfd);
#ifdef TEST_RESUME
#ifdef CYASSL_DTLS
if (doDTLS) {
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
#endif
if (argc == 3)
tcp_connect(&sockfd, argv[1], (short)atoi(argv[2]));
else
tcp_connect(&sockfd, yasslIP, yasslPort);
}
tcp_connect(&sockfd, host, port);
CyaSSL_set_fd(sslResume, sockfd);
CyaSSL_set_session(sslResume, session);
@ -347,6 +466,9 @@ void client_test(void* args)
return args.return_code;
}
int myoptind = 0;
char* myoptarg = NULL;
#endif /* NO_MAIN_DRIVER */

20
FreeRTOS-Plus/CyaSSL/examples/echoclient/echoclient.c
View file

@ -44,6 +44,7 @@ void echoclient_test(void* args)
SSL_CTX* ctx = 0;
SSL* ssl = 0;
int doDTLS = 0;
int sendSz;
int argc = 0;
char** argv = 0;
@ -64,12 +65,16 @@ void echoclient_test(void* args)
if (!fin) err_sys("can't open input file");
if (!fout) err_sys("can't open output file");
tcp_connect(&sockfd, yasslIP, yasslPort);
#ifdef CYASSL_DTLS
doDTLS = 1;
#endif
tcp_connect(&sockfd, yasslIP, yasslPort, doDTLS);
#if defined(CYASSL_DTLS)
method = DTLSv1_client_method();
#elif !defined(NO_TLS)
method = TLSv1_client_method();
method = CyaSSLv23_client_method();
#else
method = SSLv3_client_method();
#endif
@ -105,7 +110,7 @@ void echoclient_test(void* args)
while (fgets(send, sizeof(send), fin)) {
sendSz = (int)strlen(send) + 1;
sendSz = (int)strlen(send);
if (SSL_write(ssl, send, sendSz) != sendSz)
err_sys("SSL_write failed");
@ -115,7 +120,7 @@ void echoclient_test(void* args)
break;
}
if (strncmp(send, "break", 4) == 0) {
if (strncmp(send, "break", 5) == 0) {
fputs("sending server session close: break!\n", fout);
break;
}
@ -123,6 +128,7 @@ void echoclient_test(void* args)
while (sendSz) {
int got;
if ( (got = SSL_read(ssl, reply, sizeof(reply))) > 0) {
reply[got] = 0;
fputs(reply, fout);
sendSz -= got;
}
@ -165,6 +171,9 @@ void echoclient_test(void* args)
args.argv = argv;
CyaSSL_Init();
#ifdef DEBUG_CYASSL
CyaSSL_Debugging_ON();
#endif
if (CurrentDir("echoclient") || CurrentDir("build"))
ChangeDirBack(2);
echoclient_test(&args);
@ -173,6 +182,9 @@ void echoclient_test(void* args)
return args.return_code;
}
int myoptind = 0;
char* myoptarg = NULL;
#endif /* NO_MAIN_DRIVER */

18
FreeRTOS-Plus/CyaSSL/examples/echoserver/echoserver.c
View file

@ -56,8 +56,10 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
int doDTLS = 0;
int outCreated = 0;
int shutdown = 0;
int useAnyAddr = 0;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
@ -72,7 +74,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
((func_args*)args)->return_code = -1; /* error state */
tcp_listen(&sockfd);
#ifdef CYASSL_DTLS
doDTLS = 1;
#endif
tcp_listen(&sockfd, yasslPort, useAnyAddr, doDTLS);
#if defined(CYASSL_DTLS)
method = CyaDTLSv1_server_method();
@ -128,6 +134,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
load_buffer(ctx, svrKey, CYASSL_KEY);
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
#endif
SignalReady(args);
while (!shutdown) {
@ -231,7 +242,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_free(ssl);
CloseSocket(clientfd);
#ifdef CYASSL_DTLS
tcp_listen(&sockfd);
tcp_listen(&sockfd, yasslPort, useAnyAddr, doDTLS);
SignalReady(args);
#endif
}
@ -273,6 +284,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
return args.return_code;
}
int myoptind = 0;
char* myoptarg = NULL;
#endif /* NO_MAIN_DRIVER */

263
FreeRTOS-Plus/CyaSSL/examples/server/server.c
View file

@ -63,6 +63,25 @@
#endif
static void Usage(void)
{
printf("server " LIBCYASSL_VERSION_STRING
" NOTE: All files relative to CyaSSL home dir\n");
printf("-? Help, print this usage\n");
printf("-p <num> Port to listen on, default %d\n", yasslPort);
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
SERVER_DEFAULT_VERSION);
printf("-l <str> Cipher list\n");
printf("-c <file> Certificate file, default %s\n", svrCert);
printf("-k <file> Key file, default %s\n", svrKey);
printf("-A <file> Certificate Authority file, default %s\n", cliCert);
printf("-d Disable client cert check\n");
printf("-b Bind to any interface instead of localhost only\n");
printf("-s Use pre Shared keys\n");
printf("-u Use UDP DTLS\n");
}
THREAD_RETURN CYASSL_THREAD server_test(void* args)
{
SOCKET_T sockfd = 0;
@ -72,85 +91,194 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SSL_CTX* ctx = 0;
SSL* ssl = 0;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
int ch;
int version = SERVER_DEFAULT_VERSION;
int doCliCertCheck = 1;
int useAnyAddr = 0;
int port = yasslPort;
int usePsk = 0;
int doDTLS = 0;
int useNtruKey = 0;
char* cipherList = NULL;
char* verifyCert = (char*)cliCert;
char* ourCert = (char*)svrCert;
char* ourKey = (char*)svrKey;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
#if defined(CYASSL_DTLS)
method = DTLSv1_server_method();
#elif !defined(NO_TLS)
method = SSLv23_server_method();
#else
method = SSLv3_server_method();
while ((ch = mygetopt(argc, argv, "?dbsnup:v:l:A:c:k:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'd' :
doCliCertCheck = 0;
break;
case 'b' :
useAnyAddr = 1;
break;
case 's' :
usePsk = 1;
break;
case 'n' :
useNtruKey = 1;
break;
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 'p' :
port = atoi(myoptarg);
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* stay with DTLS */
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
argc -= myoptind;
argv += myoptind;
myoptind = 0; /* reset for test cases */
switch (version) {
case 0:
method = SSLv3_server_method();
break;
case 1:
method = TLSv1_server_method();
break;
case 2:
method = TLSv1_1_server_method();
break;
case 3:
method = TLSv1_2_server_method();
break;
#ifdef CYASSL_DTLS
case -1:
method = DTLSv1_server_method();
break;
#endif
ctx = SSL_CTX_new(method);
default:
err_sys("Bad SSL version");
}
if (method == NULL)
err_sys("unable to get method");
ctx = SSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("can't set cipher list");
if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
" CyaSSL home dir");
#ifdef HAVE_NTRU
if (useNtruKey) {
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from CyaSSL home dir");
}
#endif
if (!useNtruKey) {
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
" CyaSSL home dir");
}
#ifndef NO_PSK
/* do PSK */
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
SSL_CTX_set_cipher_list(ctx, "PSK-AES256-CBC-SHA");
#else
/* not using PSK, verify peer with certs */
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
if (usePsk) {
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
if (cipherList == NULL)
if (SSL_CTX_set_cipher_list(ctx,"PSK-AES256-CBC-SHA") !=SSL_SUCCESS)
err_sys("can't set cipher list");
}
#endif
/* if not using PSK, verify peer with certs */
if (doCliCertCheck && usePsk == 0) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#ifdef OPENSSL_EXTRA
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#ifndef NO_FILESYSTEM
/* for client auth */
if (SSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#ifdef HAVE_ECC
if (SSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server ecc cert file, "
"Please run from CyaSSL home dir");
if (SSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server ecc key file, "
"Please run from CyaSSL home dir");
/* for client auth */
if (SSL_CTX_load_verify_locations(ctx, cliEccCert, 0) != SSL_SUCCESS)
err_sys("can't load ecc ca file, Please run from CyaSSL home dir");
#elif HAVE_NTRU
if (SSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load ntru cert file, "
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from CyaSSL home dir");
#else /* normal */
if (SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert chain file, "
"Please run from CyaSSL home dir");
if (SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from CyaSSL home dir");
#endif /* NTRU */
#else
load_buffer(ctx, cliCert, CYASSL_CA);
load_buffer(ctx, svrCert, CYASSL_CERT);
load_buffer(ctx, svrKey, CYASSL_KEY);
#endif /* NO_FILESYSTEM */
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
err_sys("can't set cipher list");
#endif
ssl = SSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args);
#ifndef CYASSL_DTLS
CloseSocket(sockfd);
if (ssl == NULL)
err_sys("unable to get SSL");
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
CYASSL_CRL_START_MON);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
#endif
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS);
if (!doDTLS)
CloseSocket(sockfd);
SSL_set_fd(ssl, clientfd);
#ifdef NO_PSK
@ -222,6 +350,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
return args.return_code;
}
int myoptind = 0;
char* myoptarg = NULL;
#endif /* NO_MAIN_DRIVER */

609
FreeRTOS-Plus/CyaSSL/src/crl.c
View file

@ -36,41 +36,48 @@
/* Initialze CRL members */
int InitCRL(CYASSL_CRL* crl, CYASSL_CERT_MANAGER* cm)
{
CYASSL_ENTER("InitCRL");
CYASSL_ENTER("InitCRL");
crl->cm = cm;
crl->crlList = NULL;
if (InitMutex(&crl->crlLock) != 0)
return BAD_MUTEX_ERROR;
crl->cm = cm;
crl->crlList = NULL;
crl->monitors[0].path = NULL;
crl->monitors[1].path = NULL;
#ifdef HAVE_CRL_MONITOR
crl->tid = 0;
#endif
if (InitMutex(&crl->crlLock) != 0)
return BAD_MUTEX_ERROR;
return 0;
return 0;
}
/* Initialze CRL Entry */
static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
{
CYASSL_ENTER("FreeCRL_Entry");
CYASSL_ENTER("InitCRL_Entry");
XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE);
XMEMCPY(crle->crlHash, dcrl->crlHash, MD5_DIGEST_SIZE);
XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE);
XMEMCPY(crle->crlHash, dcrl->crlHash, MD5_DIGEST_SIZE);
XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
crle->lastDateFormat = dcrl->lastDateFormat;
crle->nextDateFormat = dcrl->nextDateFormat;
crle->certs = dcrl->certs; /* take ownsership */
dcrl->certs = NULL;
crle->totalCerts = dcrl->totalCerts;
crle->certs = dcrl->certs; /* take ownsership */
dcrl->certs = NULL;
crle->totalCerts = dcrl->totalCerts;
return 0;
return 0;
}
/* Free all CRL Entry resources */
static void FreeCRL_Entry(CRL_Entry* crle)
{
RevokedCert* tmp = crle->certs;
RevokedCert* tmp = crle->certs;
CYASSL_ENTER("FreeCRL_Entry");
CYASSL_ENTER("FreeCRL_Entry");
while(tmp) {
RevokedCert* next = tmp->next;
@ -84,9 +91,15 @@ static void FreeCRL_Entry(CRL_Entry* crle)
/* Free all CRL resources */
void FreeCRL(CYASSL_CRL* crl)
{
CRL_Entry* tmp = crl->crlList;
CRL_Entry* tmp = crl->crlList;
CYASSL_ENTER("FreeCRL");
CYASSL_ENTER("FreeCRL");
if (crl->monitors[0].path)
XFREE(crl->monitors[0].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
if (crl->monitors[1].path)
XFREE(crl->monitors[1].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
while(tmp) {
CRL_Entry* next = tmp->next;
@ -95,6 +108,12 @@ void FreeCRL(CYASSL_CRL* crl)
tmp = next;
}
#ifdef HAVE_CRL_MONITOR
if (crl->tid != 0) {
CYASSL_MSG("Canceling monitor thread");
pthread_cancel(crl->tid);
}
#endif
FreeMutex(&crl->crlLock);
}
@ -102,202 +121,456 @@ void FreeCRL(CYASSL_CRL* crl)
/* Is the cert ok with CRL, return 0 on success */
int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert)
{
CRL_Entry* crle;
int foundEntry = 0;
int revoked = 0;
int ret = 0;
CRL_Entry* crle;
int foundEntry = 0;
int revoked = 0;
int ret = 0;
CYASSL_ENTER("CheckCertCRL");
CYASSL_ENTER("CheckCertCRL");
if (LockMutex(&crl->crlLock) != 0) {
CYASSL_MSG("LockMutex failed");
return BAD_MUTEX_ERROR;
}
if (LockMutex(&crl->crlLock) != 0) {
CYASSL_MSG("LockMutex failed");
return BAD_MUTEX_ERROR;
}
crle = crl->crlList;
crle = crl->crlList;
while (crle) {
if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) {
CYASSL_MSG("Found CRL Entry on list");
foundEntry = 1;
break;
}
crle = crle->next;
}
while (crle) {
if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) {
CYASSL_MSG("Found CRL Entry on list");
CYASSL_MSG("Checking next date validity");
if (foundEntry) {
RevokedCert* rc = crle->certs;
while (rc) {
if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
CYASSL_MSG("Cert revoked");
revoked = 1;
ret = CRL_CERT_REVOKED;
break;
}
rc = rc->next;
}
}
UnLockMutex(&crl->crlLock);
if (foundEntry == 0) {
CYASSL_MSG("Couldn't find CRL for status check");
ret = CRL_MISSING;
if (crl->cm->cbMissingCRL) {
char url[256];
CYASSL_MSG("Issuing missing CRL callback");
url[0] = '\0';
if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
url[cert->extCrlInfoSz] = '\0';
}
else {
CYASSL_MSG("CRL url too long");
if (!ValidateDate(crle->nextDate, crle->nextDateFormat, AFTER)) {
CYASSL_MSG("CRL next date is no longer valid");
ret = ASN_AFTER_DATE_E;
}
crl->cm->cbMissingCRL(url);
}
}
else
foundEntry = 1;
break;
}
crle = crle->next;
}
if (foundEntry) {
RevokedCert* rc = crle->certs;
while (rc) {
if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
CYASSL_MSG("Cert revoked");
revoked = 1;
ret = CRL_CERT_REVOKED;
break;
}
rc = rc->next;
}
}
UnLockMutex(&crl->crlLock);
if (foundEntry == 0) {
CYASSL_MSG("Couldn't find CRL for status check");
ret = CRL_MISSING;
if (crl->cm->cbMissingCRL) {
char url[256];
CYASSL_MSG("Issuing missing CRL callback");
url[0] = '\0';
if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
url[cert->extCrlInfoSz] = '\0';
}
else {
CYASSL_MSG("CRL url too long");
}
crl->cm->cbMissingCRL(url);
}
}
return ret;
return ret;
}
/* Add Decoded CRL, 0 on success */
static int AddCRL(CYASSL_CRL* crl, DecodedCRL* dcrl)
{
CRL_Entry* crle;
CRL_Entry* crle;
CYASSL_ENTER("AddCRL");
CYASSL_ENTER("AddCRL");
crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY);
if (crle == NULL) {
CYASSL_MSG("alloc CRL Entry failed");
return -1;
}
crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY);
if (crle == NULL) {
CYASSL_MSG("alloc CRL Entry failed");
return -1;
}
if (InitCRL_Entry(crle, dcrl) < 0) {
CYASSL_MSG("Init CRL Entry failed");
return -1;
}
if (InitCRL_Entry(crle, dcrl) < 0) {
CYASSL_MSG("Init CRL Entry failed");
XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
return -1;
}
if (LockMutex(&crl->crlLock) != 0) {
CYASSL_MSG("LockMutex failed");
FreeCRL_Entry(crle);
return BAD_MUTEX_ERROR;
}
crle->next = crl->crlList;
crl->crlList = crle;
UnLockMutex(&crl->crlLock);
if (LockMutex(&crl->crlLock) != 0) {
CYASSL_MSG("LockMutex failed");
FreeCRL_Entry(crle);
XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
return BAD_MUTEX_ERROR;
}
crle->next = crl->crlList;
crl->crlList = crle;
UnLockMutex(&crl->crlLock);
return 0;
return 0;
}
/* Load CRL File of type, SSL_SUCCESS on ok */
int BufferLoadCRL(CYASSL_CRL* crl, const byte* buff, long sz, int type)
{
int ret = SSL_SUCCESS;
const byte* myBuffer = buff; /* if DER ok, otherwise switch */
buffer der;
DecodedCRL dcrl;
int ret = SSL_SUCCESS;
const byte* myBuffer = buff; /* if DER ok, otherwise switch */
buffer der;
DecodedCRL dcrl;
der.buffer = NULL;
der.buffer = NULL;
CYASSL_ENTER("BufferLoadCRL");
CYASSL_ENTER("BufferLoadCRL");
if (crl == NULL || buff == NULL || sz == 0)
return BAD_FUNC_ARG;
if (crl == NULL || buff == NULL || sz == 0)
return BAD_FUNC_ARG;
if (type == SSL_FILETYPE_PEM) {
int eccKey = 0; /* not used */
EncryptedInfo info;
info.ctx = NULL;
if (type == SSL_FILETYPE_PEM) {
int eccKey = 0; /* not used */
EncryptedInfo info;
info.ctx = NULL;
ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey);
if (ret == 0) {
myBuffer = der.buffer;
sz = der.length;
}
else {
CYASSL_MSG("Pem to Der failed");
return -1;
}
}
InitDecodedCRL(&dcrl);
ret = ParseCRL(&dcrl, myBuffer, sz);
if (ret != 0) {
CYASSL_MSG("ParseCRL error");
}
else {
ret = AddCRL(crl, &dcrl);
if (ret != 0) {
CYASSL_MSG("AddCRL error");
ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey);
if (ret == 0) {
myBuffer = der.buffer;
sz = der.length;
}
}
FreeDecodedCRL(&dcrl);
else {
CYASSL_MSG("Pem to Der failed");
return -1;
}
}
if (der.buffer)
XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
InitDecodedCRL(&dcrl);
ret = ParseCRL(&dcrl, myBuffer, sz, crl->cm);
if (ret != 0) {
CYASSL_MSG("ParseCRL error");
}
else {
ret = AddCRL(crl, &dcrl);
if (ret != 0) {
CYASSL_MSG("AddCRL error");
}
}
FreeDecodedCRL(&dcrl);
if (ret == 0)
return SSL_SUCCESS; /* convert */
return ret;
if (der.buffer)
XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
if (ret == 0)
return SSL_SUCCESS; /* convert */
return ret;
}
#ifdef HAVE_CRL_MONITOR
/* read in new CRL entries and save new list */
static int SwapLists(CYASSL_CRL* crl)
{
int ret;
CYASSL_CRL tmp;
CRL_Entry* newList;
if (InitCRL(&tmp, crl->cm) < 0) {
CYASSL_MSG("Init tmp CRL failed");
return -1;
}
if (crl->monitors[0].path) {
ret = LoadCRL(&tmp, crl->monitors[0].path, SSL_FILETYPE_PEM, 0);
if (ret != SSL_SUCCESS) {
CYASSL_MSG("PEM LoadCRL on dir change failed");
FreeCRL(&tmp);
return -1;
}
}
if (crl->monitors[1].path) {
ret = LoadCRL(&tmp, crl->monitors[1].path, SSL_FILETYPE_ASN1, 0);
if (ret != SSL_SUCCESS) {
CYASSL_MSG("DER LoadCRL on dir change failed");
FreeCRL(&tmp);
return -1;
}
}
if (LockMutex(&crl->crlLock) != 0) {
CYASSL_MSG("LockMutex failed");
FreeCRL(&tmp);
return -1;
}
newList = tmp.crlList;
/* swap lists */
tmp.crlList = crl->crlList;
crl->crlList = newList;
UnLockMutex(&crl->crlLock);
FreeCRL(&tmp);
return 0;
}
#ifdef __MACH__
#include <sys/event.h>
#include <sys/time.h>
#include <fcntl.h>
/* OS X monitoring */
static void* DoMonitor(void* arg)
{
int fPEM, fDER, kq;
struct kevent change;
CYASSL_CRL* crl = (CYASSL_CRL*)arg;
CYASSL_ENTER("DoMonitor");
kq = kqueue();
if (kq == -1) {
CYASSL_MSG("kqueue failed");
return NULL;
}
fPEM = -1;
fDER = -1;
if (crl->monitors[0].path) {
fPEM = open(crl->monitors[0].path, O_EVTONLY);
if (fPEM == -1) {
CYASSL_MSG("PEM event dir open failed");
return NULL;
}
}
if (crl->monitors[1].path) {
fDER = open(crl->monitors[1].path, O_EVTONLY);
if (fDER == -1) {
CYASSL_MSG("DER event dir open failed");
return NULL;
}
}
if (fPEM != -1)
EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
if (fDER != -1)
EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
for (;;) {
struct kevent event;
int numEvents = kevent(kq, &change, 1, &event, 1, NULL);
CYASSL_MSG("Got kevent");
if (numEvents == -1) {
CYASSL_MSG("kevent problem, continue");
continue;
}
if (SwapLists(crl) < 0) {
CYASSL_MSG("SwapLists problem, continue");
}
}
return NULL;
}
#elif __linux__
#include <sys/types.h>
#include <sys/inotify.h>
#include <unistd.h>
/* linux monitoring */
static void* DoMonitor(void* arg)
{
int notifyFd;
int wd;
CYASSL_CRL* crl = (CYASSL_CRL*)arg;
CYASSL_ENTER("DoMonitor");
notifyFd = inotify_init();
if (notifyFd < 0) {
CYASSL_MSG("inotify failed");
return NULL;
}
if (crl->monitors[0].path) {
wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE |
IN_DELETE);
if (wd < 0) {
CYASSL_MSG("PEM notify add watch failed");
return NULL;
}
}
if (crl->monitors[1].path) {
wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE |
IN_DELETE);
if (wd < 0) {
CYASSL_MSG("DER notify add watch failed");
return NULL;
}
}
for (;;) {
char buffer[8192];
int length = read(notifyFd, buffer, sizeof(buffer));
CYASSL_MSG("Got notify event");
if (length < 0) {
CYASSL_MSG("notify read problem, continue");
continue;
}
if (SwapLists(crl) < 0) {
CYASSL_MSG("SwapLists problem, continue");
}
}
return NULL;
}
#endif /* MACH or linux */
/* Start Monitoring the CRL path(s) in a thread */
static int StartMonitorCRL(CYASSL_CRL* crl)
{
pthread_attr_t attr;
CYASSL_ENTER("StartMonitorCRL");
if (crl == NULL)
return BAD_FUNC_ARG;
if (crl->tid != 0) {
CYASSL_MSG("Monitor thread already running");
return MONITOR_RUNNING_E;
}
pthread_attr_init(&attr);
if (pthread_create(&crl->tid, &attr, DoMonitor, crl) != 0) {
CYASSL_MSG("Thread creation error");
return THREAD_CREATE_E;
}
return SSL_SUCCESS;
}
#else /* HAVE_CRL_MONITOR */
static int StartMonitorCRL(CYASSL_CRL* crl)
{
CYASSL_ENTER("StartMonitorCRL");
CYASSL_MSG("Not compiled in");
return NOT_COMPILED_IN;
}
#endif /* HAVE_CRL_MONITOR */
/* Load CRL path files of type, SSL_SUCCESS on ok */
int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
{
struct dirent* entry;
DIR* dir;
int ret = SSL_SUCCESS;
struct dirent* entry;
DIR* dir;
int ret = SSL_SUCCESS;
CYASSL_ENTER("LoadCRL");
if (crl == NULL)
return BAD_FUNC_ARG;
CYASSL_ENTER("LoadCRL");
if (crl == NULL)
return BAD_FUNC_ARG;
dir = opendir(path);
if (dir == NULL) {
CYASSL_MSG("opendir path crl load failed");
return BAD_PATH_ERROR;
}
while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
if (entry->d_type & DT_REG) {
char name[MAX_FILENAME_SZ];
dir = opendir(path);
if (dir == NULL) {
CYASSL_MSG("opendir path crl load failed");
return BAD_PATH_ERROR;
}
while ( (entry = readdir(dir)) != NULL) {
if (entry->d_type & DT_REG) {
char name[MAX_FILENAME_SZ];
if (type == SSL_FILETYPE_PEM) {
if (strstr(entry->d_name, ".pem") == NULL) {
CYASSL_MSG("not .pem file, skipping");
continue;
}
}
else {
if (strstr(entry->d_name, ".der") == NULL &&
strstr(entry->d_name, ".crl") == NULL) {
if (type == SSL_FILETYPE_PEM) {
if (strstr(entry->d_name, ".pem") == NULL) {
CYASSL_MSG("not .pem file, skipping");
continue;
}
}
else {
if (strstr(entry->d_name, ".der") == NULL &&
strstr(entry->d_name, ".crl") == NULL) {
CYASSL_MSG("not .der or .crl file, skipping");
continue;
}
}
CYASSL_MSG("not .der or .crl file, skipping");
continue;
}
}
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
ret = ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl);
}
}
if (monitor) {
CYASSL_MSG("monitor path requested");
if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
!= SSL_SUCCESS) {
CYASSL_MSG("CRL file load failed, continuing");
}
}
}
return SSL_SUCCESS;
if (monitor & CYASSL_CRL_MONITOR) {
CYASSL_MSG("monitor path requested");
if (type == SSL_FILETYPE_PEM) {
crl->monitors[0].path = strdup(path);
crl->monitors[0].type = SSL_FILETYPE_PEM;
if (crl->monitors[0].path == NULL)
ret = MEMORY_E;
} else {
crl->monitors[1].path = strdup(path);
crl->monitors[1].type = SSL_FILETYPE_ASN1;
if (crl->monitors[1].path == NULL)
ret = MEMORY_E;
}
if (monitor & CYASSL_CRL_START_MON) {
CYASSL_MSG("start monitoring requested");
ret = StartMonitorCRL(crl);
}
}
return ret;
}
#endif /* HAVE_CRL */

9
FreeRTOS-Plus/CyaSSL/src/include.am
View file

@ -36,6 +36,10 @@ if BUILD_AESNI
src_libcyassl_la_SOURCES += ctaocrypt/src/aes_asm.s
endif
if BUILD_MD2
src_libcyassl_la_SOURCES += ctaocrypt/src/md2.c
endif
if BUILD_RIPEMD
src_libcyassl_la_SOURCES += ctaocrypt/src/ripemd.c
endif
@ -74,3 +78,8 @@ if BUILD_CRL
src_libcyassl_la_SOURCES += src/crl.c
endif
if BUILD_CRL_MONITOR
src_libcyassl_la_CFLAGS += $(PTHREAD_CFLAGS)
src_libcyassl_la_LIBADD += $(PTHREAD_LIBS)
endif

1144
FreeRTOS-Plus/CyaSSL/src/internal.c
View file

File diff suppressed because it is too large Load diff

46
FreeRTOS-Plus/CyaSSL/src/io.c
View file

@ -200,6 +200,52 @@ int EmbedSend(char *buf, int sz, void *ctx)
}
#ifdef CYASSL_DTLS
#include <cyassl/ctaocrypt/sha.h>
/* The DTLS Generate Cookie callback
* return : number of bytes copied into buf, or error
*/
int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
{
CYASSL* ssl = (CYASSL*)ctx;
int sd = ssl->wfd;
struct sockaddr_storage peer;
socklen_t peerSz = sizeof(peer);
byte cookieSrc[sizeof(struct in6_addr) + sizeof(int)];
int cookieSrcSz = 0;
Sha sha;
getpeername(sd, (struct sockaddr*)&peer, &peerSz);
if (peer.ss_family == AF_INET) {
struct sockaddr_in *s = (struct sockaddr_in*)&peer;
cookieSrcSz = sizeof(struct in_addr) + sizeof(s->sin_port);
XMEMCPY(cookieSrc, &s->sin_port, sizeof(s->sin_port));
XMEMCPY(cookieSrc + sizeof(s->sin_port),
&s->sin_addr, sizeof(struct in_addr));
}
else if (peer.ss_family == AF_INET6) {
struct sockaddr_in6 *s = (struct sockaddr_in6*)&peer;
cookieSrcSz = sizeof(struct in6_addr) + sizeof(s->sin6_port);
XMEMCPY(cookieSrc, &s->sin6_port, sizeof(s->sin6_port));
XMEMCPY(cookieSrc + sizeof(s->sin6_port),
&s->sin6_addr, sizeof(struct in6_addr));
}
InitSha(&sha);
ShaUpdate(&sha, cookieSrc, cookieSrcSz);
ShaFinal(&sha, buf);
return SHA_DIGEST_SIZE;
}
#endif /* CYASSL_DTLS */
#endif /* CYASSL_USER_IO */
CYASSL_API void CyaSSL_SetIORecv(CYASSL_CTX *ctx, CallbackIORecv CBIORecv)

243
FreeRTOS-Plus/CyaSSL/src/keys.c
View file

@ -311,6 +311,142 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
default:
CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
return UNSUPPORTED_SUITE;
@ -646,6 +782,74 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
break;
#endif
default:
CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs");
return UNSUPPORTED_SUITE;
@ -802,6 +1006,23 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
#endif
#ifdef BUILD_AESGCM
if (specs->bulk_cipher_algorithm == aes_gcm) {
if (side == CLIENT_END) {
AesGcmSetKey(&enc->aes, keys->client_write_key, specs->key_size,
keys->client_write_IV);
AesGcmSetKey(&dec->aes, keys->server_write_key, specs->key_size,
keys->server_write_IV);
}
else {
AesGcmSetKey(&enc->aes, keys->server_write_key, specs->key_size,
keys->server_write_IV);
AesGcmSetKey(&dec->aes, keys->client_write_key, specs->key_size,
keys->client_write_IV);
}
}
#endif
keys->sequence_number = 0;
keys->peer_sequence_number = 0;
keys->encryptionOn = 0;
@ -813,12 +1034,24 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
/* TLS can call too */
int StoreKeys(CYASSL* ssl, const byte* keyData)
{
int sz = ssl->specs.hash_size, i;
int sz, i = 0;
XMEMCPY(ssl->keys.client_write_MAC_secret, keyData, sz);
i = sz;
XMEMCPY(ssl->keys.server_write_MAC_secret,&keyData[i], sz);
i += sz;
if (ssl->specs.cipher_type != aead) {
sz = ssl->specs.hash_size;
XMEMCPY(ssl->keys.client_write_MAC_secret,&keyData[i], sz);
i += sz;
XMEMCPY(ssl->keys.server_write_MAC_secret,&keyData[i], sz);
i += sz;
}
#ifdef BUILD_AESGCM
else if (ssl->specs.bulk_cipher_algorithm == aes_gcm) {
byte iv[AES_GCM_EXP_IV_SZ];
/* Initialize the AES-GCM explicit IV to a random number. */
RNG_GenerateBlock(&ssl->rng, iv, sizeof(iv));
AesGcmSetExpIV(&ssl->encrypt.aes, iv);
}
#endif
sz = ssl->specs.key_size;
XMEMCPY(ssl->keys.client_write_key, &keyData[i], sz);

462
FreeRTOS-Plus/CyaSSL/src/ocsp.c
View file

@ -23,6 +23,8 @@
#include <config.h>
#endif
#ifdef HAVE_OCSP
#include <cyassl/error.h>
#include <cyassl/ocsp.h>
#include <cyassl/internal.h>
@ -40,7 +42,6 @@
#include <sys/socket.h>
#ifdef HAVE_OCSP
CYASSL_API int ocsp_test(unsigned char* buf, int sz);
#define CYASSL_OCSP_ENABLE 0x0001 /* Enable OCSP lookups */
#define CYASSL_OCSP_URL_OVERRIDE 0x0002 /* Use the override URL instead of URL
@ -51,29 +52,6 @@ typedef struct sockaddr_in SOCKADDR_IN_T;
#define SOCKET_T unsigned int
int ocsp_test(unsigned char* buf, int sz)
{
CYASSL_OCSP ocsp;
OcspResponse resp;
int result;
CyaSSL_OCSP_Init(&ocsp);
InitOcspResponse(&resp, buf, sz, NULL);
ocsp.enabled = 1;
ocsp.useOverrideUrl = 1;
CyaSSL_OCSP_set_override_url(&ocsp, "http://ocsp.example.com:8080/bob");
CyaSSL_OCSP_Lookup_Cert(&ocsp, NULL);
result = OcspResponseDecode(&resp);
FreeOcspResponse(&resp);
CyaSSL_OCSP_Cleanup(&ocsp);
return result;
}
int CyaSSL_OCSP_Init(CYASSL_OCSP* ocsp)
{
if (ocsp != NULL) {
@ -85,62 +63,105 @@ int CyaSSL_OCSP_Init(CYASSL_OCSP* ocsp)
}
static void FreeOCSP_Entry(OCSP_Entry* ocspe)
{
CertStatus* tmp = ocspe->status;
CYASSL_ENTER("FreeOCSP_Entry");
while (tmp) {
CertStatus* next = tmp->next;
XFREE(tmp, NULL, DYNAMIC_TYPE_OCSP_STATUS);
tmp = next;
}
}
void CyaSSL_OCSP_Cleanup(CYASSL_OCSP* ocsp)
{
OCSP_Entry* tmp = ocsp->ocspList;
ocsp->enabled = 0;
while (tmp) {
OCSP_Entry* next = tmp->next;
FreeOCSP_Entry(tmp);
XFREE(tmp, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
tmp = next;
}
}
static int decode_url(const char* url, int urlSz,
char* outName, char* outPath, int* outPort)
{
if (outName != NULL && outPath != NULL && outPort != NULL)
{
if (url == NULL || urlSz == 0)
{
*outName = 0;
*outPath = 0;
*outPort = 0;
}
else
{
int i, cur;
/* need to break the url down into scheme, address, and port */
/* "http://example.com:8080/" */
if (XSTRNCMP(url, "http://", 7) == 0) {
cur = 7;
} else cur = 0;
i = 0;
while (url[cur] != 0 && url[cur] != ':' && url[cur] != '/') {
outName[i++] = url[cur++];
}
outName[i] = 0;
/* Need to pick out the path after the domain name */
if (cur < urlSz && url[cur] == ':') {
char port[6];
int j;
i = 0;
cur++;
while (cur < urlSz && url[cur] != 0 && url[cur] != '/' &&
i < 6) {
port[i++] = url[cur++];
}
*outPort = 0;
for (j = 0; j < i; j++) {
if (port[j] < '0' || port[j] > '9') return -1;
*outPort = (*outPort * 10) + (port[j] - '0');
}
}
else
*outPort = 80;
if (cur < urlSz && url[cur] == '/') {
i = 0;
while (cur < urlSz && url[cur] != 0 && i < 80) {
outPath[i++] = url[cur++];
}
outPath[i] = 0;
}
else {
outPath[0] = '/';
outPath[1] = 0;
}
}
}
return 0;
}
int CyaSSL_OCSP_set_override_url(CYASSL_OCSP* ocsp, const char* url)
{
if (ocsp != NULL && url != NULL) {
int i, cur, hostname;
/* need to break the url down into scheme, address, and port */
/* "http://example.com:8080/" */
if (XSTRNCMP(url, "http://", 7) == 0) {
cur = 7;
} else cur = 0;
i = 0;
while (url[cur] != 0 && url[cur] != ':' && url[cur] != '/') {
ocsp->overrideName[i++] = url[cur++];
}
ocsp->overrideName[i] = 0;
/* Need to pick out the path after the domain name */
if (url[cur] == ':') {
char port[6];
int j;
i = 0;
cur++;
while (url[cur] != 0 && url[cur] != '/' && i < 6) {
port[i++] = url[cur++];
}
ocsp->overridePort = 0;
for (j = 0; j < i; j++) {
if (port[j] < '0' || port[j] > '9') return -1;
ocsp->overridePort =
(ocsp->overridePort * 10) + (port[j] - '0');
}
}
else
ocsp->overridePort = 80;
if (url[cur] == '/') {
i = 0;
while (url[cur] != 0 && i < 80) {
ocsp->overridePath[i++] = url[cur++];
}
ocsp->overridePath[i] = 0;
}
else {
ocsp->overridePath[0] = '/';
ocsp->overridePath[1] = 0;
}
if (ocsp != NULL) {
int urlSz = strlen(url);
decode_url(url, urlSz,
ocsp->overrideName, ocsp->overridePath, &ocsp->overridePort);
return 1;
}
@ -164,8 +185,9 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
entry->h_length);
host = inet_ntoa(tmp.sin_addr);
}
else
else {
CYASSL_MSG("no entry for host");
}
}
*sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
@ -185,13 +207,14 @@ static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
SOCKADDR_IN_T addr;
tcp_socket(sockfd, &addr, ip, port);
if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) {
CYASSL_MSG("tcp connect failed");
}
}
static int build_http_request(CYASSL_OCSP* ocsp, int ocspReqSz,
byte* buf, int bufSize)
static int build_http_request(const char* domainName, const char* path,
int ocspReqSz, byte* buf, int bufSize)
{
return snprintf((char*)buf, bufSize,
"POST %s HTTP/1.1\r\n"
@ -199,47 +222,27 @@ static int build_http_request(CYASSL_OCSP* ocsp, int ocspReqSz,
"Content-Length: %d\r\n"
"Content-Type: application/ocsp-request\r\n"
"\r\n",
ocsp->overridePath, ocsp->overrideName, ocspReqSz);
path, domainName, ocspReqSz);
}
#if 0
static const char foo[] = \
"\x30\x81\xB7\x30\x81\xB4\x30\x81\x8C\x30\x44\x30\x42\x30\x09\x06\x05\x2B\x0E\x03" \
"\x02\x1A\x05\x00\x04\x14\x49\x2D\x52\x83\x4B\x40\x37\xF5\xA9\x9E\x26\xA2\x3E\x48" \
"\x2F\x2E\x37\x34\xC9\x54\x04\x14\x21\xA2\x25\xEE\x57\x38\x34\x5A\x24\x9D\xF3\x7C" \
"\x18\x60\x59\x7A\x04\x3D\xF5\x69\x02\x09\x00\x89\x5A\xA2\xBD\xFE\x26\x8B\xEE\x30" \
"\x44\x30\x42\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x49\x2D\x52\x83" \
"\x4B\x40\x37\xF5\xA9\x9E\x26\xA2\x3E\x48\x2F\x2E\x37\x34\xC9\x54\x04\x14\x21\xA2" \
"\x25\xEE\x57\x38\x34\x5A\x24\x9D\xF3\x7C\x18\x60\x59\x7A\x04\x3D\xF5\x69\x02\x09" \
"\x00\x89\x5A\xA2\xBD\xFE\x26\x8B\xEF\xA2\x23\x30\x21\x30\x1F\x06\x09\x2B\x06\x01" \
"\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x20\x56\x47\x19\x65\x33\xB6\xB5\xAD\x39" \
"\x1F\x21\x65\xE0\x44\x1E";
static int build_ocsp_request(CYASSL_OCSP* ocsp, byte* buf, int bufSz)
{
memcpy(buf, foo, sizeof(foo));
return sizeof(foo) - 1;
}
#endif
static byte* decode_http_response(byte* httpBuf, int httpBufSz, int* ocspRespSz)
static int decode_http_response(byte* httpBuf, int httpBufSz, byte** dst)
{
int idx = 0;
int stop = 0;
int len = 0;
byte* contentType = NULL;
byte* contentLength = NULL;
byte* content = NULL;
char* buf = (char*)httpBuf; /* kludge so I'm not constantly casting */
if (strncasecmp(buf, "HTTP/1", 6) != 0)
return NULL;
return 0;
idx = 9; /* sets to the first byte after "HTTP/1.X ", which should be the
* HTTP result code */
if (strncasecmp(&buf[idx], "200 OK", 6) != 0)
return NULL;
return 0;
idx += 8;
@ -254,18 +257,16 @@ static byte* decode_http_response(byte* httpBuf, int httpBufSz, int* ocspRespSz)
idx += 13;
if (buf[idx] == ' ') idx++;
if (strncasecmp(&buf[idx], "application/ocsp-response", 25) != 0)
return NULL;
return 0;
idx += 27;
} else if (contentLength == NULL &&
strncasecmp(&buf[idx], "Content-Length:", 15) == 0) {
int len = 0;
idx += 15;
if (buf[idx] == ' ') idx++;
while (buf[idx] > '0' && buf[idx] < '9' && idx < httpBufSz) {
while (buf[idx] >= '0' && buf[idx] <= '9' && idx < httpBufSz) {
len = (len * 10) + (buf[idx] - '0');
idx++;
}
*ocspRespSz = len;
idx += 2; /* skip the crlf */
} else {
/* Advance idx past the next \r\n */
@ -275,78 +276,251 @@ static byte* decode_http_response(byte* httpBuf, int httpBufSz, int* ocspRespSz)
}
}
}
return &httpBuf[idx];
if (len > 0) {
*dst = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_IN_BUFFER);
XMEMCPY(*dst, httpBuf + idx, len);
}
return len;
}
static int InitOCSP_Entry(OCSP_Entry* ocspe, DecodedCert* cert)
{
CYASSL_ENTER("InitOCSP_Entry");
ocspe->next = NULL;
XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE);
XMEMCPY(ocspe->issuerKeyHash, cert->issuerKeyHash, SHA_DIGEST_SIZE);
ocspe->status = NULL;
ocspe->totalStatus = 0;
return 0;
}
static OCSP_Entry* find_ocsp_entry(CYASSL_OCSP* ocsp, DecodedCert* cert)
{
OCSP_Entry* entry = ocsp->ocspList;
while (entry)
{
if (XMEMCMP(entry->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0
&& XMEMCMP(entry->issuerKeyHash, cert->issuerKeyHash,
SHA_DIGEST_SIZE) == 0)
{
CYASSL_MSG("Found OCSP responder");
break;
}
else
{
entry = entry->next;
}
}
if (entry == NULL)
{
CYASSL_MSG("Add a new OCSP entry");
entry = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry),
NULL, DYNAMIC_TYPE_OCSP_ENTRY);
if (entry != NULL)
{
InitOCSP_Entry(entry, cert);
entry->next = ocsp->ocspList;
ocsp->ocspList = entry;
}
}
return entry;
}
static CertStatus* find_cert_status(OCSP_Entry* ocspe, DecodedCert* cert)
{
CertStatus* stat = ocspe->status;
while (stat)
{
if(stat->serialSz == cert->serialSz &&
(XMEMCMP(stat->serial, cert->serial, cert->serialSz) == 0))
{
break;
}
else
{
stat = stat->next;
}
}
if (stat == NULL)
{
stat = (CertStatus*)XMALLOC(sizeof(CertStatus),
NULL, DYNAMIC_TYPE_OCSP_STATUS);
if (stat != NULL)
{
XMEMCPY(stat->serial, cert->serial, cert->serialSz);
stat->serialSz = cert->serialSz;
stat->status = -1;
stat->nextDate[0] = 0;
ocspe->totalStatus++;
stat->next = ocspe->status;
ocspe->status = stat;
}
}
return stat;
}
#define SCRATCH_BUFFER_SIZE 2048
int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
static int http_ocsp_transaction(CYASSL_OCSP* ocsp, DecodedCert* cert,
byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
{
SOCKET_T sfd = -1;
byte buf[SCRATCH_BUFFER_SIZE];
byte* httpBuf = &buf[0];
int httpBufSz = SCRATCH_BUFFER_SIZE/4;
byte* ocspReqBuf = &buf[httpBufSz];
int ocspReqSz = SCRATCH_BUFFER_SIZE - httpBufSz;
OcspResponse ocspResponse;
int result = CERT_UNKNOWN;
byte httpBuf[SCRATCH_BUFFER_SIZE];
int httpBufSz = SCRATCH_BUFFER_SIZE;
char domainName[80], path[80];
int port, ocspRespSz;
/* If OCSP lookups are disabled, return success. */
if (!ocsp->enabled) {
CYASSL_MSG("OCSP lookup disabled, assuming CERT_GOOD");
return CERT_GOOD;
if (ocsp->useOverrideUrl || cert->extAuthInfo == NULL) {
if (ocsp->overrideName != NULL) {
XMEMCPY(domainName, ocsp->overrideName, 80);
XMEMCPY(path, ocsp->overridePath, 80);
port = ocsp->overridePort;
} else
return OCSP_NEED_URL;
} else {
if (!decode_url((const char*)cert->extAuthInfo, cert->extAuthInfoSz,
domainName, path, &port))
return OCSP_NEED_URL;
}
/* If OCSP lookups are enabled, but URL Override is disabled, return
** a failure. Need to have an override URL for right now. */
if (!ocsp->useOverrideUrl || cert == NULL) {
CYASSL_MSG("OCSP lookup enabled, but URL Override disabled");
return CERT_UNKNOWN;
}
httpBufSz = build_http_request(domainName, path, ocspReqSz,
httpBuf, httpBufSz);
XMEMCPY(ocsp->status[0].issuerHash, cert->issuerHash, SHA_SIZE);
XMEMCPY(ocsp->status[0].issuerKeyHash, cert->issuerKeyHash, SHA_SIZE);
XMEMCPY(ocsp->status[0].serial, cert->serial, cert->serialSz);
ocsp->status[0].serialSz = cert->serialSz;
ocsp->statusLen = 1;
/*ocspReqSz = build_ocsp_request(ocsp, ocspReqBuf, ocspReqSz);*/
ocspReqSz = EncodeOcspRequest(cert, ocspReqBuf, ocspReqSz);
httpBufSz = build_http_request(ocsp, ocspReqSz, httpBuf, httpBufSz);
tcp_connect(&sfd, ocsp->overrideName, ocsp->overridePort);
tcp_connect(&sfd, domainName, port);
if (sfd > 0) {
int written;
written = write(sfd, httpBuf, httpBufSz);
if (written == httpBufSz) {
written = write(sfd, ocspReqBuf, ocspReqSz);
if (written == ocspReqSz) {
httpBufSz = read(sfd, buf, SCRATCH_BUFFER_SIZE);
httpBufSz = read(sfd, httpBuf, SCRATCH_BUFFER_SIZE);
if (httpBufSz > 0) {
ocspReqBuf = decode_http_response(buf, httpBufSz,
&ocspReqSz);
ocspRespSz = decode_http_response(httpBuf, httpBufSz,
ocspRespBuf);
}
}
}
close(sfd);
if (ocspReqBuf == NULL) {
if (ocspRespSz == 0) {
CYASSL_MSG("HTTP response was not OK, no OCSP response");
return CERT_UNKNOWN;
return OCSP_LOOKUP_FAIL;
}
} else {
CYASSL_MSG("OCSP Responder connection failed");
return CERT_UNKNOWN;
return OCSP_LOOKUP_FAIL;
}
InitOcspResponse(&ocspResponse, ocspReqBuf, ocspReqSz, NULL);
return ocspRespSz;
}
static int xstat2err(int stat)
{
switch (stat) {
case CERT_GOOD:
return 0;
break;
case CERT_REVOKED:
return OCSP_CERT_REVOKED;
break;
default:
return OCSP_CERT_UNKNOWN;
break;
}
}
int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
{
byte ocspReqBuf[SCRATCH_BUFFER_SIZE];
int ocspReqSz = SCRATCH_BUFFER_SIZE;
byte* ocspRespBuf = NULL;
int ocspRespSz;
OcspRequest ocspRequest;
OcspResponse ocspResponse;
int result = 0;
OCSP_Entry* ocspe;
CertStatus* certStatus;
/* If OCSP lookups are disabled, return success. */
if (!ocsp->enabled) {
CYASSL_MSG("OCSP lookup disabled, assuming CERT_GOOD");
return 0;
}
ocspe = find_ocsp_entry(ocsp, cert);
if (ocspe == NULL) {
CYASSL_MSG("alloc OCSP entry failed");
return MEMORY_ERROR;
}
certStatus = find_cert_status(ocspe, cert);
if (certStatus == NULL)
{
CYASSL_MSG("alloc OCSP cert status failed");
return MEMORY_ERROR;
}
if (certStatus->status != -1)
{
if (!ValidateDate(certStatus->thisDate,
certStatus->thisDateFormat, BEFORE) ||
(certStatus->nextDate[0] == 0) ||
!ValidateDate(certStatus->nextDate,
certStatus->nextDateFormat, AFTER))
{
CYASSL_MSG("\tinvalid status date, looking up cert");
certStatus->status = -1;
}
else
{
CYASSL_MSG("\tusing cached status");
result = xstat2err(certStatus->status);
return result;
}
}
InitOcspRequest(&ocspRequest, cert, ocspReqBuf, ocspReqSz);
ocspReqSz = EncodeOcspRequest(&ocspRequest);
result = http_ocsp_transaction(ocsp, cert,
ocspReqBuf, ocspReqSz, &ocspRespBuf);
if (result < 0) return result;
/* If the transaction failed, return that result. */
InitOcspResponse(&ocspResponse, certStatus, ocspRespBuf, ocspRespSz);
OcspResponseDecode(&ocspResponse);
if (ocspResponse.responseStatus != OCSP_SUCCESSFUL) {
CYASSL_MSG("OCSP Responder failure");
result = OCSP_LOOKUP_FAIL;
} else {
result = ocspResponse.certStatus[0];
if (CompareOcspReqResp(&ocspRequest, &ocspResponse) == 0)
{
result = xstat2err(ocspResponse.status->status);
}
else
{
CYASSL_MSG("OCSP Response incorrect for Request");
result = OCSP_LOOKUP_FAIL;
}
}
if (ocspReqBuf != NULL) {
XFREE(ocspRespBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
}
FreeOcspResponse(&ocspResponse);
return result;
}

285
FreeRTOS-Plus/CyaSSL/src/sniffer.c
View file

@ -45,6 +45,17 @@
#include <cyassl/sniffer.h>
#include <cyassl/sniffer_error.h>
#ifndef min
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif
/* Misc constants */
enum {
MAX_SERVER_ADDRESS = 128, /* maximum server address length */
@ -61,6 +72,9 @@ enum {
PSEUDO_HDR_SZ = 12, /* TCP Pseudo Header size in bytes */
FATAL_ERROR_STATE = 1, /* SnifferSession fatal error state */
SNIFFER_TIMEOUT = 900, /* Cache unclosed Sessions for 15 minutes */
TICKET_HINT_LEN = 4, /* Session Ticket Hint length */
EXT_TYPE_SZ = 2, /* Extension length */
TICKET_EXT_ID = 0x23 /* Session Ticket Extension ID */
};
@ -196,6 +210,14 @@ static const char* const msgTable[] =
/* 61 */
"Missed the Client Hello Entirely",
"Got Hello Request msg",
"Got Session Ticket msg",
"Bad Input",
"Bad Decrypt Type",
/* 66 */
"Bad Finished Message Processing",
"Bad Compression Type"
};
@ -248,7 +270,7 @@ typedef struct Flags {
byte cached; /* have we cached this session yet */
byte clientHello; /* processed client hello yet, for SSLv2 */
byte finCount; /* get both FINs before removing */
byte fatalError; /* fatal error state */
byte fatalError; /* fatal error state */
} Flags;
@ -279,7 +301,8 @@ typedef struct SnifferSession {
time_t bornOn; /* born on ticks */
PacketBuffer* cliReassemblyList; /* client out of order packets */
PacketBuffer* srvReassemblyList; /* server out of order packets */
struct SnifferSession* next; /* for hash table list */
struct SnifferSession* next; /* for hash table list */
byte* ticketID; /* mac ID of session ticket */
} SnifferSession;
@ -347,6 +370,8 @@ static void FreeSnifferSession(SnifferSession* session)
FreePacketList(session->cliReassemblyList);
FreePacketList(session->srvReassemblyList);
free(session->ticketID);
}
free(session);
}
@ -442,6 +467,7 @@ static void InitSession(SnifferSession* session)
session->cliReassemblyList = 0;
session->srvReassemblyList = 0;
session->next = 0;
session->ticketID = 0;
InitFlags(&session->flags);
InitFinCapture(&session->finCaputre);
@ -1041,7 +1067,7 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
FreeRsaKey(&key);
return -1;
}
MakeMasterSecret(session->sslServer);
MakeMasterSecret(session->sslClient);
#ifdef SHOW_SECRETS
@ -1067,6 +1093,39 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
}
/* Process Session Ticket */
static int ProcessSessionTicket(const byte* input, int* sslBytes,
SnifferSession* session, char* error)
{
word16 len;
/* make sure can read through hint and len */
if (TICKET_HINT_LEN + LENGTH_SZ > *sslBytes) {
SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
input += TICKET_HINT_LEN; /* skip over hint */
*sslBytes -= TICKET_HINT_LEN;
len = (input[0] << 8) | input[1];
input += LENGTH_SZ;
*sslBytes -= LENGTH_SZ;
/* make sure can read through ticket */
if (len > *sslBytes || len < ID_LEN) {
SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
/* store session with macID as sessionID */
session->sslServer->options.haveSessionId = 1;
XMEMCPY(session->sslServer->arrays.sessionID, input + len - ID_LEN, ID_LEN);
return 0;
}
/* Process Server Hello */
static int ProcessServerHello(const byte* input, int* sslBytes,
SnifferSession* session, char* error)
@ -1074,6 +1133,7 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
ProtocolVersion pv;
byte b;
int toRead = sizeof(ProtocolVersion) + RAN_LEN + ENUM_LEN;
int doResume = 0;
/* make sure we didn't miss ClientHello */
if (session->flags.clientHello == 0) {
@ -1107,19 +1167,44 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
XMEMCPY(session->sslServer->arrays.sessionID, input, ID_LEN);
if (b) {
XMEMCPY(session->sslServer->arrays.sessionID, input, ID_LEN);
session->sslServer->options.haveSessionId = 1;
}
input += b;
*sslBytes -= b;
/* cipher suite */
(void)*input++; /* eat first byte, always 0 */
b = *input++;
session->sslServer->options.cipherSuite = b;
session->sslClient->options.cipherSuite = b;
*sslBytes -= SUITE_LEN;
if (XMEMCMP(session->sslServer->arrays.sessionID,
session->sslClient->arrays.sessionID, ID_LEN) == 0) {
/* resuming */
/* compression */
b = *input++;
*sslBytes -= ENUM_LEN;
if (b) {
SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
if (session->sslServer->options.haveSessionId &&
XMEMCMP(session->sslServer->arrays.sessionID,
session->sslClient->arrays.sessionID, ID_LEN) == 0)
doResume = 1;
else if (session->sslClient->options.haveSessionId == 0 &&
session->sslServer->options.haveSessionId == 0 &&
session->ticketID)
doResume = 1;
if (session->ticketID && doResume) {
/* use ticketID to retrieve from session */
XMEMCPY(session->sslServer->arrays.sessionID, session->ticketID,ID_LEN);
}
if (doResume ) {
SSL_SESSION* resume = GetSession(session->sslServer,
session->sslServer->arrays.masterSecret);
if (resume == NULL) {
@ -1170,8 +1255,9 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
static int ProcessClientHello(const byte* input, int* sslBytes,
SnifferSession* session, char* error)
{
byte sessionLen;
int toRead = sizeof(ProtocolVersion) + RAN_LEN + ENUM_LEN;
byte bLen;
word16 len;
int toRead = sizeof(ProtocolVersion) + RAN_LEN + ENUM_LEN;
session->flags.clientHello = 1; /* don't process again */
@ -1192,14 +1278,16 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
*sslBytes -= RAN_LEN;
/* store session in case trying to resume */
sessionLen = *input++;
if (sessionLen) {
bLen = *input++;
*sslBytes -= ENUM_LEN;
if (bLen) {
if (ID_LEN > *sslBytes) {
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
Trace(CLIENT_RESUME_TRY_STR);
XMEMCPY(session->sslClient->arrays.sessionID, input, ID_LEN);
session->sslClient->options.haveSessionId = 1;
}
#ifdef SHOW_SECRETS
{
@ -1210,11 +1298,142 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
printf("\n");
}
#endif
input += bLen;
*sslBytes -= bLen;
/* skip cipher suites */
/* make sure can read len */
if (SUITE_LEN > *sslBytes) {
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
len = (input[0] << 8) | input[1];
input += SUITE_LEN;
*sslBytes -= SUITE_LEN;
/* make sure can read suites + comp len */
if (len + ENUM_LEN > *sslBytes) {
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
input += len;
*sslBytes -= len;
/* skip compression */
bLen = *input++;
*sslBytes -= ENUM_LEN;
/* make sure can read len */
if (bLen > *sslBytes) {
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
input += bLen;
*sslBytes -= bLen;
if (*sslBytes == 0) {
/* no extensions */
return 0;
}
/* skip extensions until session ticket */
/* make sure can read len */
if (SUITE_LEN > *sslBytes) {
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
len = (input[0] << 8) | input[1];
input += SUITE_LEN;
*sslBytes -= SUITE_LEN;
/* make sure can read through all extensions */
if (len > *sslBytes) {
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
while (len > EXT_TYPE_SZ + LENGTH_SZ) {
byte extType[EXT_TYPE_SZ];
word16 extLen;
extType[0] = input[0];
extType[1] = input[1];
input += EXT_TYPE_SZ;
*sslBytes -= EXT_TYPE_SZ;
extLen = (input[0] << 8) | input[1];
input += LENGTH_SZ;
*sslBytes -= LENGTH_SZ;
/* make sure can read through individual extension */
if (extLen > *sslBytes) {
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
if (extType[0] == 0x00 && extType[1] == TICKET_EXT_ID) {
/* make sure can read through ticket if there is a non blank one */
if (extLen && extLen < ID_LEN) {
SetError(CLIENT_HELLO_INPUT_STR, error, session,
FATAL_ERROR_STATE);
return -1;
}
if (extLen) {
if (session->ticketID == 0) {
session->ticketID = (byte*)malloc(ID_LEN);
if (session->ticketID == 0) {
SetError(MEMORY_STR, error, session,
FATAL_ERROR_STATE);
return -1;
}
}
XMEMCPY(session->ticketID, input + extLen - ID_LEN, ID_LEN);
}
}
input += extLen;
*sslBytes -= extLen;
len -= extLen + EXT_TYPE_SZ + LENGTH_SZ;
}
return 0;
}
/* Process Finished */
static int ProcessFinished(const byte* input, int* sslBytes,
SnifferSession* session, char* error)
{
SSL* ssl;
word32 inOutIdx = 0;
int ret;
if (session->flags.side == SERVER_END)
ssl = session->sslServer;
else
ssl = session->sslClient;
ret = DoFinished(ssl, input, &inOutIdx, SNIFF);
*sslBytes -= (int)inOutIdx;
if (ret < 0) {
SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
return ret;
}
if (ret == 0 && session->flags.cached == 0) {
if (session->sslServer->options.haveSessionId) {
CYASSL_SESSION* sess = GetSession(session->sslServer, NULL);
if (sess == NULL)
AddSession(session->sslServer); /* don't re add */
session->flags.cached = 1;
}
}
return ret;
}
/* Process HandShake input */
static int DoHandShake(const byte* input, int* sslBytes,
SnifferSession* session, char* error)
@ -1242,6 +1461,13 @@ static int DoHandShake(const byte* input, int* sslBytes,
case hello_verify_request:
Trace(GOT_HELLO_VERIFY_STR);
break;
case hello_request:
Trace(GOT_HELLO_REQUEST_STR);
break;
case session_ticket:
Trace(GOT_SESSION_TICKET_STR);
ret = ProcessSessionTicket(input, sslBytes, session, error);
break;
case server_hello:
Trace(GOT_SERVER_HELLO_STR);
ret = ProcessServerHello(input, sslBytes, session, error);
@ -1251,6 +1477,9 @@ static int DoHandShake(const byte* input, int* sslBytes,
break;
case server_key_exchange:
Trace(GOT_SERVER_KEY_EX_STR);
/* can't know temp key passively */
SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
ret = -1;
break;
case certificate:
Trace(GOT_CERT_STR);
@ -1260,21 +1489,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
break;
case finished:
Trace(GOT_FINISHED_STR);
{
SSL* ssl;
word32 inOutIdx = 0;
if (session->flags.side == SERVER_END)
ssl = session->sslServer;
else
ssl = session->sslClient;
ret = DoFinished(ssl, input, &inOutIdx, SNIFF);
if (ret == 0 && session->flags.cached == 0) {
AddSession(session->sslServer);
session->flags.cached = 1;
}
}
ret = ProcessFinished(input, sslBytes, session, error);
break;
case client_hello:
Trace(GOT_CLIENT_HELLO_STR);
@ -1329,6 +1544,10 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
RabbitProcess(&ssl->decrypt.rabbit, output, input, sz);
break;
#endif
default:
Trace(BAD_DECRYPT_TYPE);
break;
}
}
@ -1644,16 +1863,6 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
}
#ifndef min
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif
/* Create a Packet Buffer from *begin - end, adjust new *begin and bytesLeft */
static PacketBuffer* CreateBuffer(word32* begin, word32 end, const byte* data,
int* bytesLeft)

275
FreeRTOS-Plus/CyaSSL/src/ssl.c
View file

@ -77,6 +77,24 @@
#endif /* min */
char* mystrnstr(const char* s1, const char* s2, unsigned int n)
{
unsigned int s2_len = XSTRLEN(s2);
if (s2_len == 0)
return (char*)s1;
while (n >= s2_len && s1[0]) {
if (s1[0] == s2[0])
if (XMEMCMP(s1, s2, s2_len) == 0)
return (char*)s1;
s1++;
n--;
}
return NULL;
}
CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD* method)
{
@ -227,8 +245,8 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
havePSK = ssl->options.havePSK;
#endif
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH,
havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA,
ssl->options.haveStaticECC, ssl->ctx->method->side);
havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig,
ssl->options.haveStaticECC, ssl->options.side);
CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
return 0;
@ -473,6 +491,53 @@ int CyaSSL_set_group_messages(CYASSL* ssl)
}
int CyaSSL_SetVersion(CYASSL* ssl, int version)
{
byte havePSK = 0;
CYASSL_ENTER("CyaSSL_SetVersion");
if (ssl == NULL) {
CYASSL_MSG("Bad function argument");
return BAD_FUNC_ARG;
}
switch (version) {
case CYASSL_SSLV3:
ssl->version = MakeSSLv3();
break;
#ifndef NO_TLS
case CYASSL_TLSV1:
ssl->version = MakeTLSv1();
break;
case CYASSL_TLSV1_1:
ssl->version = MakeTLSv1_1();
break;
case CYASSL_TLSV1_2:
ssl->version = MakeTLSv1_2();
break;
#endif
default:
CYASSL_MSG("Bad function argument");
return BAD_FUNC_ARG;
}
#ifndef NO_PSK
havePSK = ssl->options.havePSK;
#endif
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
ssl->options.haveStaticECC, ssl->options.side);
return SSL_SUCCESS;
}
/* does CA already exist on signer list */
int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash)
{
@ -674,12 +739,12 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
}
/* find header */
headerEnd = XSTRSTR((char*)buff, header);
headerEnd = XSTRNSTR((char*)buff, header, sz);
if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be pkcs8 */
XSTRNCPY(header, "-----BEGIN PRIVATE KEY-----", sizeof(header));
XSTRNCPY(footer, "-----END PRIVATE KEY-----", sizeof(footer));
headerEnd = XSTRSTR((char*)buff, header);
headerEnd = XSTRNSTR((char*)buff, header, sz);
if (headerEnd)
pkcs8 = 1;
else {
@ -688,7 +753,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
XSTRNCPY(footer, "-----END ENCRYPTED PRIVATE KEY-----",
sizeof(footer));
headerEnd = XSTRSTR((char*)buff, header);
headerEnd = XSTRNSTR((char*)buff, header, sz);
if (headerEnd)
pkcs8Enc = 1;
}
@ -697,7 +762,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----", sizeof(header));
XSTRNCPY(footer, "-----END EC PRIVATE KEY-----", sizeof(footer));
headerEnd = XSTRSTR((char*)buff, header);
headerEnd = XSTRNSTR((char*)buff, header, sz);
if (headerEnd)
*eccKey = 1;
}
@ -705,7 +770,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
XSTRNCPY(header, "-----BEGIN DSA PRIVATE KEY-----", sizeof(header));
XSTRNCPY(footer, "-----END DSA PRIVATE KEY-----", sizeof(footer));
headerEnd = XSTRSTR((char*)buff, header);
headerEnd = XSTRNSTR((char*)buff, header, sz);
}
if (!headerEnd)
return SSL_BAD_FILE;
@ -723,28 +788,28 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
{
/* remove encrypted header if there */
char encHeader[] = "Proc-Type";
char* line = XSTRSTR((char*)buff, encHeader);
char* line = XSTRNSTR((char*)buff, encHeader, PEM_LINE_LEN);
if (line) {
char* newline;
char* finish;
char* start = XSTRSTR(line, "DES");
char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN);
if (!start)
start = XSTRSTR(line, "AES");
start = XSTRNSTR(line, "AES", PEM_LINE_LEN);
if (!start) return SSL_BAD_FILE;
if (!info) return SSL_BAD_FILE;
finish = XSTRSTR(start, ",");
finish = XSTRNSTR(start, ",", PEM_LINE_LEN);
if (start && finish && (start < finish)) {
newline = XSTRSTR(finish, "\r");
newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
XMEMCPY(info->name, start, finish - start);
info->name[finish - start] = 0;
XMEMCPY(info->iv, finish + 1, sizeof(info->iv));
if (!newline) newline = XSTRSTR(finish, "\n");
if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
if (newline && (newline > finish)) {
info->ivSz = (word32)(newline - (finish + 1));
info->set = 1;
@ -764,7 +829,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
/* find footer */
footerEnd = XSTRSTR((char*)buff, footer);
footerEnd = XSTRNSTR((char*)buff, footer, sz);
if (!footerEnd) return SSL_BAD_FILE;
consumedEnd = footerEnd + XSTRLEN(footer);
@ -1085,9 +1150,9 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
case CTC_SHA384wECDSA:
case CTC_SHA512wECDSA:
CYASSL_MSG("ECDSA cert signature");
ctx->haveECDSA = 1;
ctx->haveECDSAsig = 1;
if (ssl)
ssl->options.haveECDSA = 1;
ssl->options.haveECDSAsig = 1;
break;
default:
CYASSL_MSG("Not ECDSA cert signature");
@ -1280,28 +1345,64 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
}
/* Verify the ceritficate, 1 for success, < 0 for error */
int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
int sz, int format)
{
int ret = 0;
int eccKey = 0; /* not used */
DecodedCert cert;
buffer der;
CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
der.buffer = NULL;
if (format == SSL_FILETYPE_PEM) {
EncryptedInfo info;
info.set = 0;
info.ctx = NULL;
info.consumed = 0;
ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey);
InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
}
else
InitDecodedCert(&cert, (byte*)buff, sz, cm->heap);
if (ret == 0)
ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
#ifdef HAVE_CRL
if (ret == 0 && cm->crlEnabled)
ret = CheckCertCRL(cm->crl, &cert);
#endif
FreeDecodedCert(&cert);
XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
return ret;
}
/* Verify the ceritficate, 1 for success, < 0 for error */
int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
int format)
{
int ret = SSL_FATAL_ERROR;
int eccKey = 0; /* not used */
DecodedCert cert;
int ret = SSL_FATAL_ERROR;
byte staticBuffer[FILE_BUFFER_SIZE];
byte* myBuffer = staticBuffer;
int dynamic = 0;
long sz = 0;
buffer der;
XFILE* file = XFOPEN(fname, "rb");
CYASSL_ENTER("CyaSSL_CertManagerVerify");
if (!file) return SSL_BAD_FILE;
XFSEEK(file, 0, XSEEK_END);
sz = XFTELL(file);
XREWIND(file);
der.buffer = NULL;
if (sz > (long)sizeof(staticBuffer)) {
CYASSL_MSG("Getting dynamic buffer");
myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
@ -1314,32 +1415,9 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
if ( (ret = XFREAD(myBuffer, sz, 1, file)) < 0)
ret = SSL_BAD_FILE;
else {
ret = 0; /* ok */
if (format == SSL_FILETYPE_PEM) {
EncryptedInfo info;
info.set = 0;
info.ctx = NULL;
info.consumed = 0;
ret = PemToDer(myBuffer, sz, CERT_TYPE, &der, cm->heap, &info,
&eccKey);
InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
else
ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
}
else
InitDecodedCert(&cert, myBuffer, sz, cm->heap);
if (ret == 0)
ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
#ifdef HAVE_CRL
if (ret == 0 && cm->crlEnabled)
ret = CheckCertCRL(cm->crl, &cert);
#endif
}
FreeDecodedCert(&cert);
XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
XFCLOSE(file);
if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
@ -1432,6 +1510,15 @@ int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm)
}
int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
{
/* TODO: check private against public for RSA match */
(void)ctx;
CYASSL_ENTER("SSL_CTX_check_private_key");
return SSL_SUCCESS;
}
#ifdef HAVE_CRL
@ -1474,7 +1561,7 @@ int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
{
CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
CYASSL_ENTER("CyaSSL_CertManagerSetCRL_Cb");
if (cm == NULL)
return BAD_FUNC_ARG;
@ -2050,8 +2137,8 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
#endif
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
ssl->options.haveNTRU, ssl->options.haveECDSA,
ssl->options.haveStaticECC, ssl->ctx->method->side);
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
ssl->options.haveStaticECC, ssl->options.side);
return SSL_SUCCESS;
}
@ -3074,8 +3161,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
ssl->options.client_psk_cb = cb;
InitSuites(&ssl->suites, ssl->version,TRUE,TRUE, ssl->options.haveNTRU,
ssl->options.haveECDSA, ssl->options.haveStaticECC,
ssl->ctx->method->side);
ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
ssl->options.side);
}
@ -3095,8 +3182,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
ssl->options.server_psk_cb = cb;
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, TRUE,
ssl->options.haveNTRU, ssl->options.haveECDSA,
ssl->options.haveStaticECC, ssl->ctx->method->side);
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
ssl->options.haveStaticECC, ssl->options.side);
}
@ -3244,15 +3331,6 @@ int CyaSSL_set_compression(CYASSL* ssl)
}
int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
{
/* TODO: check private against public for RSA match */
(void)ctx;
CYASSL_ENTER("SSL_CTX_check_private_key");
return SSL_SUCCESS;
}
void CyaSSL_set_bio(CYASSL* ssl, CYASSL_BIO* rd, CYASSL_BIO* wr)
{
CYASSL_ENTER("SSL_set_bio");
@ -3329,8 +3407,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
havePSK = ssl->options.havePSK;
#endif
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
ssl->options.haveNTRU, ssl->options.haveECDSA,
ssl->options.haveStaticECC, ssl->ctx->method->side);
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
ssl->options.haveStaticECC, ssl->options.side);
}
@ -3407,6 +3485,27 @@ int CyaSSL_set_compression(CYASSL* ssl)
}
/* return the next, if any, altname from the peer cert */
char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
{
char* ret = NULL;
CYASSL_ENTER("CyaSSL_X509_get_next_altname");
/* don't have any to work with */
if (cert == NULL || cert->altNames == NULL)
return NULL;
/* already went through them */
if (cert->altNamesNext == NULL)
return NULL;
ret = cert->altNamesNext->name;
cert->altNamesNext = cert->altNamesNext->next;
return ret;
}
CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
{
CYASSL_ENTER("X509_get_issuer_name");
@ -4942,6 +5041,23 @@ int CyaSSL_set_compression(CYASSL* ssl)
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
default:
return "NONE";
}
@ -4990,6 +5106,14 @@ int CyaSSL_set_compression(CYASSL* ssl)
return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_RSA_WITH_AES_128_GCM_SHA256";
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_RSA_WITH_AES_256_GCM_SHA384";
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
default:
return "NONE";
} /* switch */
@ -7695,25 +7819,34 @@ const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session)
#endif /* SESSION_CERTS */
#ifdef HAVE_OCSP
long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, long options)
{
CYASSL_ENTER("CyaSSL_CTX_OCSP_set_options");
#ifdef HAVE_OCSP
if (ctx != NULL) {
ctx->ocsp.enabled = (options && CYASSL_OCSP_ENABLE) != 0;
ctx->ocsp.useOverrideUrl = (options && CYASSL_OCSP_URL_OVERRIDE) != 0;
ctx->ocsp.enabled = (options & CYASSL_OCSP_ENABLE) != 0;
ctx->ocsp.useOverrideUrl = (options & CYASSL_OCSP_URL_OVERRIDE) != 0;
return 1;
}
return 0;
#else
(void)ctx;
(void)options;
return NOT_COMPILED_IN;
#endif
}
int CyaSSL_CTX_OCSP_set_override_url(CYASSL_CTX* ctx, const char* url)
{
CYASSL_ENTER("CyaSSL_CTX_OCSP_set_override_url");
#ifdef HAVE_OCSP
return CyaSSL_OCSP_set_override_url(&ctx->ocsp, url);
#else
(void)ctx;
(void)url;
return NOT_COMPILED_IN;
#endif
}
#endif

96
FreeRTOS-Plus/CyaSSL/src/tls.c
View file

@ -33,6 +33,16 @@
#ifndef NO_TLS
#ifndef min
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* min */
/* calculate XOR for TLSv1 PRF */
static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
{
@ -43,28 +53,51 @@ static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
}
#ifdef CYASSL_SHA384
#define PHASH_MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
#else
#define PHASH_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
#endif
/* compute p_hash for MD5, SHA-1, or SHA-256 for TLSv1 PRF */
/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
static void p_hash(byte* result, word32 resLen, const byte* secret,
word32 secLen, const byte* seed, word32 seedLen, int hash)
{
word32 len = hash == md5_mac ? MD5_DIGEST_SIZE : hash == sha_mac ?
SHA_DIGEST_SIZE : SHA256_DIGEST_SIZE;
word32 times = resLen / len;
word32 lastLen = resLen % len;
word32 len = MD5_DIGEST_SIZE;
word32 times;
word32 lastLen;
word32 lastTime;
word32 i;
word32 idx = 0;
byte previous[SHA256_DIGEST_SIZE]; /* max size */
byte current[SHA256_DIGEST_SIZE]; /* max size */
byte previous[PHASH_MAX_DIGEST_SIZE]; /* max size */
byte current[PHASH_MAX_DIGEST_SIZE]; /* max size */
Hmac hmac;
if (hash == md5_mac) {
hash = MD5;
}
else if (hash == sha_mac) {
len = SHA_DIGEST_SIZE;
hash = SHA;
} else if (hash == sha256_mac) {
len = SHA256_DIGEST_SIZE;
hash = SHA256;
}
#ifdef CYASSL_SHA384
else if (hash == sha384_mac)
{
len = SHA384_DIGEST_SIZE;
hash = SHA384;
}
#endif
times = resLen / len;
lastLen = resLen % len;
if (lastLen) times += 1;
lastTime = times - 1;
HmacSetKey(&hmac, hash == md5_mac ? MD5 : hash == sha_mac ? SHA : SHA256,
secret, secLen);
HmacSetKey(&hmac, hash, secret, secLen);
HmacUpdate(&hmac, seed, seedLen); /* A0 = seed */
HmacFinal(&hmac, previous); /* A1 */
@ -74,7 +107,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
HmacFinal(&hmac, current);
if ( (i == lastTime) && lastLen)
XMEMCPY(&result[idx], current, lastLen);
XMEMCPY(&result[idx], current, min(lastLen, sizeof(current)));
else {
XMEMCPY(&result[idx], current, len);
idx += len;
@ -89,7 +122,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
/* compute TLSv1 PRF (pseudo random function using HMAC) */
static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
const byte* label, word32 labLen, const byte* seed, word32 seedLen,
int useSha256)
int useAtLeastSha256, int hash_type)
{
word32 half = (secLen + 1) / 2;
@ -112,9 +145,13 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
XMEMCPY(labelSeed, label, labLen);
XMEMCPY(labelSeed + labLen, seed, seedLen);
if (useSha256) {
if (useAtLeastSha256) {
/* If a cipher suite wants an algorithm better than sha256, it
* should use better. */
if (hash_type < sha256_mac)
hash_type = sha256_mac;
p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen,
sha256_mac);
hash_type);
return;
}
@ -126,20 +163,35 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
}
#ifdef CYASSL_SHA384
#define HSHASH_SZ SHA384_DIGEST_SIZE
#else
#define HSHASH_SZ FINISHED_SZ
#endif
void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
{
const byte* side;
byte handshake_hash[FINISHED_SZ];
byte handshake_hash[HSHASH_SZ];
word32 hashSz = FINISHED_SZ;
Md5Final(&ssl->hashMd5, handshake_hash);
ShaFinal(&ssl->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
#ifndef NO_SHA256
if (IsAtLeastTLSv1_2(ssl)) {
Sha256Final(&ssl->hashSha256, handshake_hash);
hashSz = SHA256_DIGEST_SIZE;
}
#ifndef NO_SHA256
if (ssl->specs.mac_algorithm <= sha256_mac) {
Sha256Final(&ssl->hashSha256, handshake_hash);
hashSz = SHA256_DIGEST_SIZE;
}
#endif
#ifdef CYASSL_SHA384
if (ssl->specs.mac_algorithm == sha384_mac) {
Sha384Final(&ssl->hashSha384, handshake_hash);
hashSz = SHA384_DIGEST_SIZE;
}
#endif
}
if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
side = tls_client;
@ -147,7 +199,8 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
side = tls_server;
PRF(hashes->md5, TLS_FINISHED_SZ, ssl->arrays.masterSecret, SECRET_LEN,
side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl));
side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl),
ssl->specs.mac_algorithm);
}
@ -197,7 +250,8 @@ int DeriveTlsKeys(CYASSL* ssl)
XMEMCPY(&seed[RAN_LEN], ssl->arrays.clientRandom, RAN_LEN);
PRF(key_data, length, ssl->arrays.masterSecret, SECRET_LEN, key_label,
KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl));
KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl),
ssl->specs.mac_algorithm);
return StoreKeys(ssl, key_data);
}
@ -213,7 +267,7 @@ int MakeTlsMasterSecret(CYASSL* ssl)
PRF(ssl->arrays.masterSecret, SECRET_LEN,
ssl->arrays.preMasterSecret, ssl->arrays.preMasterSz,
master_label, MASTER_LABEL_SZ,
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl));
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
#ifdef SHOW_SECRETS
{

166
FreeRTOS-Plus/CyaSSL/sslSniffer/sslSnifferTest/snifftest.c
View file

@ -49,6 +49,7 @@ int main()
#include <pcap/pcap.h> /* pcap stuff */
#include <stdio.h> /* printf */
#include <stdlib.h> /* EXIT_SUCCESS */
#include <string.h> /* strcmp */
#include <signal.h> /* signal */
#include <cyassl/sniffer.h>
@ -62,7 +63,7 @@ typedef unsigned char byte;
enum {
ETHER_IF_FRAME_LEN = 14, /* ethernet interface frame length */
LOCAL_IF_FRAME_LEN = 4, /* localhost interface frame length */
NULL_IF_FRAME_LEN = 4, /* no link interface frame length */
};
@ -71,7 +72,7 @@ pcap_if_t *alldevs;
static void sig_handler(const int sig)
{
printf("SIGINT handled.\n");
printf("SIGINT handled = %d.\n", sig);
if (pcap)
pcap_close(pcap);
pcap_freealldevs(alldevs);
@ -82,7 +83,7 @@ static void sig_handler(const int sig)
}
void err_sys(const char* msg)
static void err_sys(const char* msg)
{
fprintf(stderr, "%s\n", msg);
exit(EXIT_FAILURE);
@ -96,7 +97,7 @@ void err_sys(const char* msg)
#endif
char* iptos(unsigned int addr)
static char* iptos(unsigned int addr)
{
static char output[32];
byte *p = (byte*)&addr;
@ -112,11 +113,12 @@ int main(int argc, char** argv)
int ret;
int inum;
int port;
int saveFile = 0;
int i = 0;
int frame = ETHER_IF_FRAME_LEN;
char err[PCAP_ERRBUF_SIZE];
char filter[32];
char loopback = 0;
char *server = NULL;
const char *server = NULL;
struct bpf_program fp;
pcap_if_t *d;
pcap_addr_t *a;
@ -124,87 +126,124 @@ int main(int argc, char** argv)
signal(SIGINT, sig_handler);
#ifndef _WIN32
ssl_InitSniffer();
ssl_InitSniffer(); /* dll load on Windows */
#endif
ssl_Trace("./tracefile.txt", err);
if (pcap_findalldevs(&alldevs, err) == -1)
err_sys("Error in pcap_findalldevs");
if (argc == 1) {
/* normal case, user chooses device and port */
for (d = alldevs; d; d=d->next) {
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if (pcap_findalldevs(&alldevs, err) == -1)
err_sys("Error in pcap_findalldevs");
if (i == 0)
err_sys("No interfaces found! Make sure pcap or WinPcap is installed "
"correctly and you have sufficient permissions");
for (d = alldevs; d; d=d->next) {
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
printf("Enter the interface number (1-%d): ", i);
scanf("%d", &inum);
if (i == 0)
err_sys("No interfaces found! Make sure pcap or WinPcap is"
" installed correctly and you have sufficient permissions");
if (inum < 1 || inum > i)
err_sys("Interface number out of range");
printf("Enter the interface number (1-%d): ", i);
scanf("%d", &inum);
/* Jump to the selected adapter */
for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
if (inum < 1 || inum > i)
err_sys("Interface number out of range");
pcap = pcap_create(d->name, err);
/* Jump to the selected adapter */
for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
if (pcap == NULL) printf("pcap_create failed %s\n", err);
pcap = pcap_create(d->name, err);
if (d->flags & PCAP_IF_LOOPBACK)
loopback = 1;
if (pcap == NULL) printf("pcap_create failed %s\n", err);
/* get an IPv4 address */
for (a = d->addresses; a; a = a->next) {
switch(a->addr->sa_family)
{
case AF_INET:
server =iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr);
printf("server = %s\n", server);
break;
}
}
if (server == NULL)
err_sys("Unable to get device IPv4 address");
/* get an IPv4 address */
for (a = d->addresses; a; a = a->next) {
switch(a->addr->sa_family)
{
case AF_INET:
server =
iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr);
printf("server = %s\n", server);
break;
ret = pcap_set_snaplen(pcap, 65536);
if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
default:
break;
}
}
if (server == NULL)
err_sys("Unable to get device IPv4 address");
ret = pcap_set_timeout(pcap, 1000);
if (ret != 0) printf("pcap_set_timeout failed %s\n", pcap_geterr(pcap));
ret = pcap_set_snaplen(pcap, 65536);
if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
ret = pcap_set_buffer_size(pcap, 1000000);
if (ret != 0)
printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap));
ret = pcap_set_timeout(pcap, 1000);
if (ret != 0) printf("pcap_set_timeout failed %s\n", pcap_geterr(pcap));
ret = pcap_set_promisc(pcap, 1);
if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap));
ret = pcap_set_buffer_size(pcap, 1000000);
if (ret != 0)
printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap));
ret = pcap_set_promisc(pcap, 1);
if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap));
ret = pcap_activate(pcap);
if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap));
ret = pcap_activate(pcap);
if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap));
printf("Enter the port to scan: ");
scanf("%d", &port);
printf("Enter the port to scan: ");
scanf("%d", &port);
SNPRINTF(filter, sizeof(filter), "tcp and port %d", port);
SNPRINTF(filter, sizeof(filter), "tcp and port %d", port);
ret = pcap_compile(pcap, &fp, filter, 0, 0);
if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap));
ret = pcap_compile(pcap, &fp, filter, 0, 0);
if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap));
ret = pcap_setfilter(pcap, &fp);
if (ret != 0) printf("pcap_setfilter failed %s\n", pcap_geterr(pcap));
ret = pcap_setfilter(pcap, &fp);
if (ret != 0) printf("pcap_setfilter failed %s\n", pcap_geterr(pcap));
ret = ssl_SetPrivateKey(server, port, "../../certs/server-key.pem",
FILETYPE_PEM, NULL, err);
}
else if (argc >= 3) {
saveFile = 1;
pcap = pcap_open_offline(argv[1], err);
if (pcap == NULL) {
printf("pcap_open_offline failed %s\n", err);
ret = -1;
}
else {
/* defaults for server and port */
port = 443;
server = "127.0.0.1";
if (argc >= 4)
server = argv[3];
if (argc >= 5)
port = atoi(argv[4]);
ret = ssl_SetPrivateKey(server, port, argv[2],
FILETYPE_PEM, NULL, err);
}
}
else {
/* usage error */
printf(
"usage: ./snifftest or ./snifftest dump pemKey [server] [port]\n");
exit(EXIT_FAILURE);
}
ret = ssl_SetPrivateKey(server, port, "../../certs/server-key.pem",
FILETYPE_PEM, NULL, err);
if (ret != 0)
err_sys(err);
if (pcap_datalink(pcap) == DLT_NULL)
frame = NULL_IF_FRAME_LEN;
while (1) {
struct pcap_pkthdr header;
const unsigned char* packet = pcap_next(pcap, &header);
@ -213,9 +252,6 @@ int main(int argc, char** argv)
byte data[65535];
if (header.caplen > 40) { /* min ip(20) + min tcp(20) */
int frame = ETHER_IF_FRAME_LEN;
if (loopback)
frame = LOCAL_IF_FRAME_LEN;
packet += frame;
header.caplen -= frame;
}
@ -230,6 +266,8 @@ int main(int argc, char** argv)
printf("SSL App Data:%s\n", data);
}
}
else if (saveFile)
break; /* we're done reading file */
}
return EXIT_SUCCESS;

64
FreeRTOS-Plus/CyaSSL/tests/api.c
View file

@ -21,9 +21,8 @@
#include <stdlib.h>
#include <cyassl/ssl.h>
#define NO_MAIN_DRIVER
#include <cyassl/test.h>
#include "unit.h"
#include <tests/unit.h>
#define TEST_FAIL (-1)
#define TEST_SUCCESS (0)
@ -54,7 +53,6 @@ static int test_lvl(CYASSL_CTX *ctx, const char* file, const char* path,
THREAD_RETURN CYASSL_THREAD test_server_nofail(void*);
void test_client_nofail(void*);
void wait_tcp_ready(func_args*);
#endif
static const char* bogusFile = "/dev/null";
@ -603,10 +601,8 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
return 0;
}
ssl = CyaSSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args);
#ifndef CYASSL_DTLS
tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0);
CloseSocket(sockfd);
#endif
CyaSSL_set_fd(ssl, clientfd);
@ -691,7 +687,7 @@ void test_client_nofail(void* args)
return;
}
tcp_connect(&sockfd, yasslIP, yasslPort);
tcp_connect(&sockfd, yasslIP, yasslPort, 0);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
@ -723,61 +719,7 @@ void test_client_nofail(void* args)
void wait_tcp_ready(func_args* args)
{
#ifdef _POSIX_THREADS
pthread_mutex_lock(&args->signal->mutex);
if (!args->signal->ready)
pthread_cond_wait(&args->signal->cond, &args->signal->mutex);
args->signal->ready = 0; /* reset */
pthread_mutex_unlock(&args->signal->mutex);
#endif
}
void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
{
#ifdef _POSIX_THREADS
pthread_create(thread, 0, fun, args);
return;
#else
*thread = (THREAD_TYPE)_beginthreadex(0, 0, fun, args, 0, 0);
#endif
}
void join_thread(THREAD_TYPE thread)
{
#ifdef _POSIX_THREADS
pthread_join(thread, 0);
#else
int res = WaitForSingleObject(thread, INFINITE);
assert(res == WAIT_OBJECT_0);
res = CloseHandle(thread);
assert(res);
#endif
}
void InitTcpReady(tcp_ready* ready)
{
ready->ready = 0;
#ifdef _POSIX_THREADS
pthread_mutex_init(&ready->mutex, 0);
pthread_cond_init(&ready->cond, 0);
#endif
}
void FreeTcpReady(tcp_ready* ready)
{
#ifdef _POSIX_THREADS
pthread_mutex_destroy(&ready->mutex);
pthread_cond_destroy(&ready->cond);
#endif
}
#endif /* NO_FILESYSTEM */

6
FreeRTOS-Plus/CyaSSL/tests/hash.c
View file

@ -33,7 +33,7 @@
#include <cyassl/ctaocrypt/ripemd.h>
#include <cyassl/ctaocrypt/hmac.h>
#include "unit.h"
#include <tests/unit.h>
typedef struct testVector {
char* input;
@ -55,6 +55,8 @@ int HashTest(void)
{
int ret = 0;
printf(" Begin HASH Tests\n");
#ifndef NO_MD4
if ( (ret = md4_test()) ) {
printf( " MD4 test failed!\n");
@ -114,6 +116,8 @@ int HashTest(void)
} else
printf( " HMAC test passed!\n");
#endif
printf(" End HASH Tests\n");
return 0;
}

18
FreeRTOS-Plus/CyaSSL/tests/include.am
View file

@ -9,8 +9,20 @@ tests_unit_SOURCES = \
tests/unit.c \
tests/api.c \
tests/suites.c \
tests/hash.c
tests_unit_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
tests/hash.c \
examples/client/client.c \
examples/server/server.c
tests_unit_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(PTHREAD_CFLAGS)
tests_unit_LDADD = src/libcyassl.la $(PTHREAD_LIBS)
tests_unit_DEPENDENCIES = src/libcyassl.la
EXTRA_DIST+=tests/unit.h
EXTRA_DIST += tests/unit.h
EXTRA_DIST += tests/test.conf \
tests/test-openssl.conf \
tests/test-hc128.conf \
tests/test-psk.conf \
tests/test-ntru.conf \
tests/test-ecc.conf \
tests/test-aesgcm.conf \
tests/test-aesgcm-ecc.conf \
tests/test-aesgcm-openssl.conf \
tests/test-dtls.conf

344
FreeRTOS-Plus/CyaSSL/tests/suites.c
View file

@ -1 +1,343 @@
/* suites.c cipher suite unit tests */
/* suites.c
*
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <stdlib.h>
#include <stdio.h>
#include <cyassl/ssl.h>
#include <tests/unit.h>
#define MAX_ARGS 40
#define MAX_COMMAND_SZ 240
void client_test(void*);
THREAD_RETURN CYASSL_THREAD server_test(void*);
static void execute_test_case(int svr_argc, char** svr_argv,
int cli_argc, char** cli_argv)
{
func_args cliArgs = {cli_argc, cli_argv, 0, NULL};
func_args svrArgs = {svr_argc, svr_argv, 0, NULL};
tcp_ready ready;
THREAD_TYPE serverThread;
char commandLine[MAX_COMMAND_SZ];
int i;
static int tests = 1;
commandLine[0] = '\0';
for (i = 0; i < svr_argc; i++) {
strcat(commandLine, svr_argv[i]);
strcat(commandLine, " ");
}
printf("trying server command line[%d]: %s\n", tests, commandLine);
commandLine[0] = '\0';
for (i = 0; i < cli_argc; i++) {
strcat(commandLine, cli_argv[i]);
strcat(commandLine, " ");
}
printf("trying client command line[%d]: %s\n", tests++, commandLine);
InitTcpReady(&ready);
/* start server */
svrArgs.signal = &ready;
start_thread(server_test, &svrArgs, &serverThread);
wait_tcp_ready(&svrArgs);
/* start client */
client_test(&cliArgs);
/* verify results */
if (cliArgs.return_code != 0) {
printf("client_test failed\n");
exit(EXIT_FAILURE);
}
join_thread(serverThread);
if (svrArgs.return_code != 0) {
printf("server_test failed\n");
exit(EXIT_FAILURE);
}
FreeTcpReady(&ready);
}
void test_harness(void* vargs)
{
func_args* args = (func_args*)vargs;
char* script;
long sz, len;
int cliMode = 0; /* server or client command flag, server first */
FILE* file;
char* svrArgs[MAX_ARGS];
int svrArgsSz;
char* cliArgs[MAX_ARGS];
int cliArgsSz;
char* cursor;
char* comment;
char* fname = "tests/test.conf";
if (args->argc == 1) {
printf("notice: using default file %s\n", fname);
}
else if(args->argc != 2) {
printf("usage: harness [FILE]\n");
args->return_code = 1;
return;
}
else {
fname = args->argv[1];
}
file = fopen(fname, "r");
if (file == NULL) {
fprintf(stderr, "unable to open %s\n", fname);
args->return_code = 1;
return;
}
fseek(file, 0, SEEK_END);
sz = ftell(file);
rewind(file);
if (sz == 0) {
fprintf(stderr, "%s is empty\n", fname);
fclose(file);
args->return_code = 1;
return;
}
script = (char*)malloc(sz+1);
if (script == 0) {
fprintf(stderr, "unable to allocte script buffer\n");
fclose(file);
args->return_code = 1;
return;
}
len = fread(script, 1, sz, file);
if (len != sz) {
fprintf(stderr, "read error\n");
fclose(file);
args->return_code = 1;
return;
}
fclose(file);
script[sz] = 0;
cursor = script;
svrArgsSz = 1;
svrArgs[0] = args->argv[0];
cliArgsSz = 1;
cliArgs[0] = args->argv[0];
while (*cursor != 0) {
int do_it = 0;
switch (*cursor) {
case '\n':
/* A blank line triggers test case execution or switches
to client mode if we don't have the client command yet */
if (cliMode == 0)
cliMode = 1; /* switch to client mode processing */
else
do_it = 1; /* Do It, we have server and client */
cursor++;
break;
case '#':
/* Ignore lines that start with a #. */
comment = strsep(&cursor, "\n");
printf("%s\n", comment);
break;
case '-':
/* Parameters start with a -. They end in either a newline
* or a space. Capture until either, save in Args list. */
if (cliMode)
cliArgs[cliArgsSz++] = strsep(&cursor, " \n");
else
svrArgs[svrArgsSz++] = strsep(&cursor, " \n");
break;
default:
/* Anything from cursor until end of line that isn't the above
* is data for a paramter. Just up until the next newline in
* the Args list. */
if (cliMode)
cliArgs[cliArgsSz++] = strsep(&cursor, "\n");
else
svrArgs[svrArgsSz++] = strsep(&cursor, "\n");
if (*cursor == 0) /* eof */
do_it = 1;
}
if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
fprintf(stderr, "too many arguments, forcing test run\n");
do_it = 1;
}
if (do_it) {
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs);
svrArgsSz = 1;
cliArgsSz = 1;
cliMode = 0;
}
}
free(script);
args->return_code = 0;
}
int SuiteTest(void)
{
func_args args;
char argv0[2][32];
char* myArgv[2];
printf(" Begin Cipher Suite Tests\n");
/* setup */
myArgv[0] = argv0[0];
myArgv[1] = argv0[1];
args.argv = myArgv;
strcpy(argv0[0], "SuiteTest");
/* default case */
args.argc = 1;
printf("starting default cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
/* any extra cases will need another argument */
args.argc = 2;
#ifdef OPENSSL_EXTRA
/* add openssl extra suites */
strcpy(argv0[1], "tests/test-openssl.conf");
printf("starting openssl extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_HC128
/* add hc128 extra suites */
strcpy(argv0[1], "tests/test-hc128.conf");
printf("starting hc128 extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifndef NO_PSK
/* add psk extra suites */
strcpy(argv0[1], "tests/test-psk.conf");
printf("starting psk extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_NTRU
/* add ntru extra suites */
strcpy(argv0[1], "tests/test-ntru.conf");
printf("starting ntru extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_ECC
/* add ecc extra suites */
strcpy(argv0[1], "tests/test-ecc.conf");
printf("starting ecc extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_AESGCM
/* add aesgcm extra suites */
strcpy(argv0[1], "tests/test-aesgcm.conf");
printf("starting aesgcm extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#if defined(HAVE_AESGCM) && defined(OPENSSL_EXTRA)
/* add aesgcm openssl extra suites */
strcpy(argv0[1], "tests/test-aesgcm-openssl.conf");
printf("starting aesgcm openssl extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#if defined(HAVE_AESGCM) && defined(HAVE_ECC)
/* add aesgcm ecc extra suites */
strcpy(argv0[1], "tests/test-aesgcm-ecc.conf");
printf("starting aesgcm ecc extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef CYASSL_DTLS
/* add dtls extra suites */
strcpy(argv0[1], "tests/test-dtls.conf");
printf("starting dtls extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
printf(" End Cipher Suite Tests\n");
return args.return_code;
}

80
FreeRTOS-Plus/CyaSSL/tests/test-aesgcm-ecc.conf Normal file
View file

@ -0,0 +1,80 @@
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
-v 3
-l ECDH-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
# server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
-v 3
-l ECDH-RSA-AES256-GCM-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
-v 3
-l ECDH-RSA-AES256-GCM-SHA384

16
FreeRTOS-Plus/CyaSSL/tests/test-aesgcm-openssl.conf Normal file
View file

@ -0,0 +1,16 @@
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3
-l DHE-RSA-AES256-GCM-SHA384
# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
-v 3
-l DHE-RSA-AES256-GCM-SHA384

16
FreeRTOS-Plus/CyaSSL/tests/test-aesgcm.conf Normal file
View file

@ -0,0 +1,16 @@
# server TLSv1.2 RSA-AES128-GCM-SHA256
-v 3
-l AES128-GCM-SHA256
# client TLSv1.2 RSA-AES128-GCM-SHA256
-v 3
-l AES128-GCM-SHA256
# server TLSv1.2 RSA-AES256-GCM-SHA384
-v 3
-l AES256-GCM-SHA384
# client TLSv1.2 RSA-AES256-GCM-SHA384
-v 3
-l AES256-GCM-SHA384

64
FreeRTOS-Plus/CyaSSL/tests/test-dtls.conf Normal file
View file

@ -0,0 +1,64 @@
# server DTLSv1 RC4-SHA
-u
-l RC4-SHA
# client DTLSv1 RC4-SHA
-u
-l RC4-SHA
# server DTLSv1 RC4-MD5
-u
-l RC4-MD5
# client DTLSv1 RC4-MD5
-u
-l RC4-MD5
# server DTLSv1 DES-CBC3-SHA
-u
-l DES-CBC3-SHA
# client DTLSv1 DES-CBC3-SHA
-u
-l DES-CBC3-SHA
# server DTLSv1 AES128-SHA
-u
-l AES128-SHA
# client DTLSv1 AES128-SHA
-u
-l AES128-SHA
# server DTLSv1 AES256-SHA
-u
-l AES256-SHA
# client DTLSv1 AES256-SHA
-u
-l AES256-SHA
# server DTLSv1 AES128-SHA256
-u
-l AES128-SHA256
# client DTLSv1 AES128-SHA256
-u
-l AES128-SHA256
# server DTLSv1 AES256-SHA256
-u
-l AES256-SHA256
# client DTLSv1 AES256-SHA256
-u
-l AES256-SHA256
# server DTLSv1 RABBIT-SHA
-u
-l RABBIT-SHA
# client DTLSv1 RABBIT-SHA
-u
-l RABBIT-SHA

480
FreeRTOS-Plus/CyaSSL/tests/test-ecc.conf Normal file
View file

@ -0,0 +1,480 @@
# server TLSv1 ECDHE-RSA-RC4
-v 1
-l ECDHE-RSA-RC4-SHA
# client TLSv1 ECDHE-RSA-RC4
-v 1
-l ECDHE-RSA-RC4-SHA
# server TLSv1 ECDHE-RSA-DES3
-v 1
-l ECDHE-RSA-DES-CBC3-SHA
# client TLSv1 ECDHE-RSA-DES3
-v 1
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1 ECDHE-RSA-AES128
-v 1
-l ECDHE-RSA-AES128-SHA
# client TLSv1 ECDHE-RSA-AES128
-v 1
-l ECDHE-RSA-AES128-SHA
# server TLSv1 ECDHE-RSA-AES256
-v 1
-l ECDHE-RSA-AES256-SHA
# client TLSv1 ECDHE-RSA-AES256
-v 1
-l ECDHE-RSA-AES256-SHA
# server TLSv1.1 ECDHE-RSA-RC4
-v 2
-l ECDHE-RSA-RC4-SHA
# client TLSv1.1 ECDHE-RSA-RC4
-v 2
-l ECDHE-RSA-RC4-SHA
# server TLSv1.1 ECDHE-RSA-DES3
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# client TLSv1.1 ECDHE-RSA-DES3
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1.1 ECDHE-RSA-AES128
-v 2
-l ECDHE-RSA-AES128-SHA
# client TLSv1.1 ECDHE-RSA-AES128
-v 2
-l ECDHE-RSA-AES128-SHA
# server TLSv1.1 ECDHE-RSA-AES256
-v 2
-l ECDHE-RSA-AES256-SHA
# client TLSv1.1 ECDHE-RSA-AES256
-v 2
-l ECDHE-RSA-AES256-SHA
# server TLSv1.2 ECDHE-RSA-RC4
-v 3
-l ECDHE-RSA-RC4-SHA
# client TLSv1.2 ECDHE-RSA-RC4
-v 3
-l ECDHE-RSA-RC4-SHA
# server TLSv1.2 ECDHE-RSA-DES3
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# client TLSv1.2 ECDHE-RSA-DES3
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1.2 ECDHE-RSA-AES128
-v 3
-l ECDHE-RSA-AES128-SHA
# client TLSv1.2 ECDHE-RSA-AES128
-v 3
-l ECDHE-RSA-AES128-SHA
# server TLSv1.2 ECDHE-RSA-AES256
-v 3
-l ECDHE-RSA-AES256-SHA
# client TLSv1.2 ECDHE-RSA-AES256
-v 3
-l ECDHE-RSA-AES256-SHA
# server TLSv1 ECDHE-ECDSA-RC4
-v 1
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-RC4
-v 1
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDHE-ECDSA-DES3
-v 1
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-DES3
-v 1
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDHE-ECDSA-AES256
-v 1
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-AES256
-v 1
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDHE-EDCSA-RC4
-v 2
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-RC4
-v 2
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDHE-ECDSA-DES3
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-DES3
-v 2
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDHE-ECDSA-AES256
-v 2
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-AES256
-v 2
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-RC4
-v 3
-l ECDHE-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-RC4
-v 3
-l ECDHE-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-DES3
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-DES3
-v 3
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES256
-v 3
-l ECDHE-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES256
-v 3
-l ECDHE-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDH-RSA-RC4
-v 1
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-RSA-RC4
-v 1
-l ECDH-RSA-RC4-SHA
# server TLSv1 ECDH-RSA-DES3
-v 1
-l ECDH-RSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-RSA-DES3
-v 1
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1 ECDH-RSA-AES128
-v 1
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-RSA-AES128
-v 1
-l ECDH-RSA-AES128-SHA
# server TLSv1 ECDH-RSA-AES256
-v 1
-l ECDH-RSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-RSA-AES256
-v 1
-l ECDH-RSA-AES256-SHA
# server TLSv1.1 ECDH-RSA-RC4
-v 2
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-RSA-RC4
-v 2
-l ECDH-RSA-RC4-SHA
# server TLSv1.1 ECDH-RSA-DES3
-v 2
-l ECDH-RSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-RSA-DES3
-v 2
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1.1 ECDH-RSA-AES128
-v 2
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-RSA-AES128
-v 2
-l ECDH-RSA-AES128-SHA
# server TLSv1.1 ECDH-RSA-AES256
-v 2
-l ECDH-RSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-RSA-AES256
-v 2
-l ECDH-RSA-AES256-SHA
# server TLSv1.2 ECDH-RSA-RC4
-v 3
-l ECDH-RSA-RC4-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-RC4
-v 3
-l ECDH-RSA-RC4-SHA
# server TLSv1.2 ECDH-RSA-DES3
-v 3
-l ECDH-RSA-DES-CBC3-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-DES3
-v 3
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1.2 ECDH-RSA-AES128
-v 3
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES128
-v 3
-l ECDH-RSA-AES128-SHA
# server TLSv1.2 ECDH-RSA-AES256
-v 3
-l ECDH-RSA-AES256-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES256
-v 3
-l ECDH-RSA-AES256-SHA
# server TLSv1 ECDH-ECDSA-RC4
-v 1
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-ECDSA-RC4
-v 1
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDH-ECDSA-DES3
-v 1
-l ECDH-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-ECDSA-DES3
-v 1
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDH-ECDSA-AES128
-v 1
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-ECDSA-AES128
-v 1
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDH-ECDSA-AES256
-v 1
-l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-ECDSA-AES256
-v 1
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDH-EDCSA-RC4
-v 2
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-ECDSA-RC4
-v 2
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDH-ECDSA-DES3
-v 2
-l ECDH-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-ECDSA-DES3
-v 2
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDH-ECDSA-AES128
-v 2
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-ECDSA-AES128
-v 2
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDH-ECDSA-AES256
-v 2
-l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-ECDSA-AES256
-v 2
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-RC4
-v 3
-l ECDH-ECDSA-RC4-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-RC4
-v 3
-l ECDH-ECDSA-RC4-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-DES3
-v 3
-l ECDH-ECDSA-DES-CBC3-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-DES3
-v 3
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-AES128
-v 3
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES128
-v 3
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-AES256
-v 3
-l ECDH-ECDSA-AES256-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES256
-v 3
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem

48
FreeRTOS-Plus/CyaSSL/tests/test-hc128.conf Normal file
View file

@ -0,0 +1,48 @@
# server TLSv1 HC128-SHA
-v 1
-l HC128-SHA
# client TLSv1 HC128-SHA
-v 1
-l HC128-SHA
# server TLSv1 HC128-MD5
-v 1
-l HC128-MD5
# client TLSv1 HC128-MD5
-v 1
-l HC128-MD5
# server TLSv1.1 HC128-SHA
-v 2
-l HC128-SHA
# client TLSv1.1 HC128-SHA
-v 2
-l HC128-SHA
# server TLSv1.1 HC128-MD5
-v 2
-l HC128-MD5
# client TLSv1.1 HC128-MD5
-v 2
-l HC128-MD5
# server TLSv1.2 HC128-SHA
-v 3
-l HC128-SHA
# client TLSv1.2 HC128-SHA
-v 3
-l HC128-SHA
# server TLSv1.2 HC128-MD5
-v 3
-l HC128-MD5
# client TLSv1.2 HC128-MD5
-v 3
-l HC128-MD5

132
FreeRTOS-Plus/CyaSSL/tests/test-ntru.conf Normal file
View file

@ -0,0 +1,132 @@
# server TLSv1 NTRU_RC4
-v 1
-l NTRU-RC4-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_RC4
-v 1
-l NTRU-RC4-SHA
# server TLSv1 NTRU_DES3
-v 1
-l NTRU-DES-CBC3-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_DES3
-v 1
-l NTRU-DES-CBC3-SHA
# server TLSv1 NTRU_AES128
-v 1
-l NTRU-AES128-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_AES128
-v 1
-l NTRU-AES128-SHA
# server TLSv1 NTRU_AES256
-v 1
-l NTRU-AES256-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_AES256
-v 1
-l NTRU-AES256-SHA
# server TLSv1.1 NTRU_RC4
-v 2
-l NTRU-RC4-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_RC4
-v 2
-l NTRU-RC4-SHA
# server TLSv1.1 NTRU_DES3
-v 2
-l NTRU-DES-CBC3-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_DES3
-v 2
-l NTRU-DES-CBC3-SHA
# server TLSv1.1 NTRU_AES128
-v 2
-l NTRU-AES128-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_AES128
-v 2
-l NTRU-AES128-SHA
# server TLSv1.1 NTRU_AES256
-v 2
-l NTRU-AES256-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_AES256
-v 2
-l NTRU-AES256-SHA
# server TLSv1.2 NTRU_RC4
-v 3
-l NTRU-RC4-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_RC4
-v 3
-l NTRU-RC4-SHA
# server TLSv1.2 NTRU_DES3
-v 3
-l NTRU-DES-CBC3-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_DES3
-v 3
-l NTRU-DES-CBC3-SHA
# server TLSv1.2 NTRU_AES128
-v 3
-l NTRU-AES128-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_AES128
-v 3
-l NTRU-AES128-SHA
# server TLSv1.2 NTRU_AES256
-v 3
-l NTRU-AES256-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_AES256
-v 3
-l NTRU-AES256-SHA

96
FreeRTOS-Plus/CyaSSL/tests/test-openssl.conf Normal file
View file

@ -0,0 +1,96 @@
# server TLSv1 DHE AES128
-v 1
-l DHE-RSA-AES128-SHA
# client TLSv1 DHE AES128
-v 1
-l DHE-RSA-AES128-SHA
# server TLSv1 DHE AES256
-v 1
-l DHE-RSA-AES256-SHA
# client TLSv1 DHE AES256
-v 1
-l DHE-RSA-AES256-SHA
# server TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# client TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# server TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# client TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE AES128
-v 2
-l DHE-RSA-AES128-SHA
# client TLSv1.1 DHE AES128
-v 2
-l DHE-RSA-AES128-SHA
# server TLSv1.1 DHE AES256
-v 2
-l DHE-RSA-AES256-SHA
# client TLSv1.1 DHE AES256
-v 2
-l DHE-RSA-AES256-SHA
# server TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# client TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# server TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# client TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# server TLSv1.2 DHE AES128
-v 3
-l DHE-RSA-AES128-SHA
# client TLSv1.2 DHE AES128
-v 3
-l DHE-RSA-AES128-SHA
# server TLSv1.2 DHE AES256
-v 3
-l DHE-RSA-AES256-SHA
# client TLSv1.2 DHE AES256
-v 3
-l DHE-RSA-AES256-SHA
# server TLSv1.2 DHE AES128-SHA256
-v 3
-l DHE-RSA-AES128-SHA256
# client TLSv1.2 DHE AES128-SHA256
-v 3
-l DHE-RSA-AES128-SHA256
# server TLSv1.2 DHE AES256-SHA256
-v 3
-l DHE-RSA-AES256-SHA256
# client TLSv1.2 DHE AES256-SHA256
-v 3
-l DHE-RSA-AES256-SHA256

60
FreeRTOS-Plus/CyaSSL/tests/test-psk.conf Normal file
View file

@ -0,0 +1,60 @@
# server TLSv1 PSK-AES128
-s
-v 1
-l PSK-AES128-CBC-SHA
# client TLSv1 PSK-AES128
-s
-v 1
-l PSK-AES128-CBC-SHA
# server TLSv1 PSK-AES256
-s
-v 1
-l PSK-AES256-CBC-SHA
# client TLSv1 PSK-AES256
-s
-v 1
-l PSK-AES256-CBC-SHA
# server TLSv1.1 PSK-AES128
-s
-v 2
-l PSK-AES128-CBC-SHA
# client TLSv1.1 PSK-AES128
-s
-v 2
-l PSK-AES128-CBC-SHA
# server TLSv1.1 PSK-AES256
-s
-v 2
-l PSK-AES256-CBC-SHA
# client TLSv1.1 PSK-AES256
-s
-v 2
-l PSK-AES256-CBC-SHA
# server TLSv1.2 PSK-AES128
-s
-v 3
-l PSK-AES128-CBC-SHA
# client TLSv1.2 PSK-AES128
-s
-v 3
-l PSK-AES128-CBC-SHA
# server TLSv1.2 PSK-AES256
-s
-v 3
-l PSK-AES256-CBC-SHA
# client TLSv1.2 PSK-AES256
-s
-v 3
-l PSK-AES256-CBC-SHA

216
FreeRTOS-Plus/CyaSSL/tests/test.conf Normal file
View file

@ -0,0 +1,216 @@
# server SSLv3 RC4-SHA
-v 0
-l RC4-SHA
# client SSLv3 RC4-SHA
-v 0
-l RC4-SHA
# server SSLv3 RC4-MD5
-v 0
-l RC4-MD5
# client SSLv3 RC4-MD5
-v 0
-l RC4-MD5
# server SSLv3 DES-CBC3-SHA
-v 0
-l DES-CBC3-SHA
# client SSLv3 DES-CBC3-SHA
-v 0
-l DES-CBC3-SHA
# server TLSv1 RC4-SHA
-v 1
-l RC4-SHA
# client TLSv1 RC4-SHA
-v 1
-l RC4-SHA
# server TLSv1 RC4-MD5
-v 1
-l RC4-MD5
# client TLSv1 RC4-MD5
-v 1
-l RC4-MD5
# server TLSv1 DES-CBC3-SHA
-v 1
-l DES-CBC3-SHA
# client TLSv1 DES-CBC3-SHA
-v 1
-l DES-CBC3-SHA
# server TLSv1 AES128-SHA
-v 1
-l AES128-SHA
# client TLSv1 AES128-SHA
-v 1
-l AES128-SHA
# server TLSv1 AES256-SHA
-v 1
-l AES256-SHA
# client TLSv1 AES256-SHA
-v 1
-l AES256-SHA
# server TLSv1 AES128-SHA256
-v 1
-l AES128-SHA256
# client TLSv1 AES128-SHA256
-v 1
-l AES128-SHA256
# server TLSv1 AES256-SHA256
-v 1
-l AES256-SHA256
# client TLSv1 AES256-SHA256
-v 1
-l AES256-SHA256
# server TLSv1 RABBIT-SHA
-v 1
-l RABBIT-SHA
# client TLSv1 RABBIT-SHA
-v 1
-l RABBIT-SHA
# server TLSv1.1 RC4-SHA
-v 2
-l RC4-SHA
# client TLSv1.1 RC4-SHA
-v 2
-l RC4-SHA
# server TLSv1.1 RC4-MD5
-v 2
-l RC4-MD5
# client TLSv1.1 RC4-MD5
-v 2
-l RC4-MD5
# server TLSv1.1 DES-CBC3-SHA
-v 2
-l DES-CBC3-SHA
# client TLSv1.1 DES-CBC3-SHA
-v 2
-l DES-CBC3-SHA
# server TLSv1.1 AES128-SHA
-v 2
-l AES128-SHA
# client TLSv1.1 AES128-SHA
-v 2
-l AES128-SHA
# server TLSv1.1 AES256-SHA
-v 2
-l AES256-SHA
# client TLSv1.1 AES256-SHA
-v 2
-l AES256-SHA
# server TLSv1.1 AES128-SHA256
-v 2
-l AES128-SHA256
# client TLSv1.1 AES128-SHA256
-v 2
-l AES128-SHA256
# server TLSv1.1 AES256-SHA256
-v 2
-l AES256-SHA256
# client TLSv1.1 AES256-SHA256
-v 2
-l AES256-SHA256
# server TLSv1.1 RABBIT-SHA
-v 2
-l RABBIT-SHA
# client TLSv1.1 RABBIT-SHA
-v 2
-l RABBIT-SHA
# server TLSv1.2 RC4-SHA
-v 3
-l RC4-SHA
# client TLSv1.2 RC4-SHA
-v 3
-l RC4-SHA
# server TLSv1.2 RC4-MD5
-v 3
-l RC4-MD5
# client TLSv1.2 RC4-MD5
-v 3
-l RC4-MD5
# server TLSv1.2 DES-CBC3-SHA
-v 3
-l DES-CBC3-SHA
# client TLSv1.2 DES-CBC3-SHA
-v 3
-l DES-CBC3-SHA
# server TLSv1.2 AES128-SHA
-v 3
-l AES128-SHA
# client TLSv1.2 AES128-SHA
-v 3
-l AES128-SHA
# server TLSv1.2 AES256-SHA
-v 3
-l AES256-SHA
# client TLSv1.2 AES256-SHA
-v 3
-l AES256-SHA
# server TLSv1.2 AES128-SHA256
-v 3
-l AES128-SHA256
# client TLSv1.2 AES128-SHA256
-v 3
-l AES128-SHA256
# server TLSv1.2 AES256-SHA256
-v 3
-l AES256-SHA256
# client TLSv1.2 AES256-SHA256
-v 3
-l AES256-SHA256
# server TLSv1.2 RABBIT-SHA
-v 3
-l RABBIT-SHA
# client TLSv1.2 RABBIT-SHA
-v 3
-l RABBIT-SHA

85
FreeRTOS-Plus/CyaSSL/tests/unit.c
View file

@ -1,16 +1,89 @@
/* unit.c unit tests driver */
#include <stdio.h>
#include "unit.h"
#include <tests/unit.h>
int myoptind = 0;
char* myoptarg = NULL;
int main(int argc, char** argv)
{
printf("hello unit tests\n");
int ret;
if (ApiTest() != 0)
printf("api test failed\n");
printf("staring unit tests...\n");
if (HashTest() != 0)
printf("hash test failed\n");
if ( (ret = ApiTest()) != 0) {
printf("api test failed with %d\n", ret);
return ret;
}
if ( (ret = HashTest()) != 0){
printf("hash test failed with %d\n", ret);
return ret;
}
if ( (ret = SuiteTest()) != 0){
printf("suite test failed with %d\n", ret);
return ret;
}
return 0;
}
void wait_tcp_ready(func_args* args)
{
#ifdef _POSIX_THREADS
pthread_mutex_lock(&args->signal->mutex);
if (!args->signal->ready)
pthread_cond_wait(&args->signal->cond, &args->signal->mutex);
args->signal->ready = 0; /* reset */
pthread_mutex_unlock(&args->signal->mutex);
#endif
}
void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
{
#ifdef _POSIX_THREADS
pthread_create(thread, 0, fun, args);
return;
#else
*thread = (THREAD_TYPE)_beginthreadex(0, 0, fun, args, 0, 0);
#endif
}
void join_thread(THREAD_TYPE thread)
{
#ifdef _POSIX_THREADS
pthread_join(thread, 0);
#else
int res = WaitForSingleObject(thread, INFINITE);
assert(res == WAIT_OBJECT_0);
res = CloseHandle(thread);
assert(res);
#endif
}
void InitTcpReady(tcp_ready* ready)
{
ready->ready = 0;
#ifdef _POSIX_THREADS
pthread_mutex_init(&ready->mutex, 0);
pthread_cond_init(&ready->cond, 0);
#endif
}
void FreeTcpReady(tcp_ready* ready)
{
#ifdef _POSIX_THREADS
pthread_mutex_destroy(&ready->mutex);
pthread_cond_destroy(&ready->cond);
#endif
}

7
FreeRTOS-Plus/CyaSSL/tests/unit.h
View file

@ -1,6 +1,13 @@
/* unit.h unit tests driver */
#ifndef CyaSSL_UNIT_H
#define CyaSSL_UNIT_H
#include <cyassl/test.h> /* thread and tcp stuff */
int ApiTest(void);
int SuiteTest(void);
int HashTest(void);
#endif /* CyaSSL_UNIT_H */

5
FreeRTOS-Plus/CyaSSL/testsuite/testsuite.c
View file

@ -32,7 +32,6 @@
and the examples/ individually
#endif
void wait_tcp_ready(func_args*);
void ctaocrypt_test(void*);
void client_test(void*);
@ -48,6 +47,10 @@ enum {
};
int myoptind = 0;
char* myoptarg = NULL;
int main(int argc, char** argv)
{
func_args args;

10
FreeRTOS-Plus/Demo_Projects_Using_FreeRTOS_Simulator/FreeRTOS_Plus_CLI_with_Trace/CLI-commands.c
View file

@ -108,7 +108,7 @@ static portBASE_TYPE prvStartStopTraceCommand( int8_t *pcWriteBuffer, size_t xWr
static const CLI_Command_Definition_t xRunTimeStats =
{
( const int8_t * const ) "run-time-stats", /* The command string to type. */
( const int8_t * const ) "run-time-stats: Displays a table showing how much processing time each FreeRTOS task has used\r\n",
( const int8_t * const ) "\r\nrun-time-stats:\r\n Displays a table showing how much processing time each FreeRTOS task has used\r\n\r\n",
prvRunTimeStatsCommand, /* The function to run. */
0 /* No parameters are expected. */
};
@ -117,7 +117,7 @@ static const CLI_Command_Definition_t xRunTimeStats =
static const CLI_Command_Definition_t xTaskStats =
{
( const int8_t * const ) "task-stats", /* The command string to type. */
( const int8_t * const ) "task-stats: Displays a table showing the state of each FreeRTOS task\r\n",
( const int8_t * const ) "\r\ntask-stats:\r\n Displays a table showing the state of each FreeRTOS task\r\n\r\n",
prvTaskStatsCommand, /* The function to run. */
0 /* No parameters are expected. */
};
@ -128,7 +128,7 @@ time. */
static const CLI_Command_Definition_t xThreeParameterEcho =
{
( const int8_t * const ) "echo_3_parameters",
( const int8_t * const ) "echo_3_parameters: <param1> <param2> <param3> Expects three parameters, echos each in turn\r\n",
( const int8_t * const ) "\r\necho_3_parameters <param1> <param2> <param3>:\r\n Expects three parameters, echos each in turn\r\n\r\n",
prvThreeParameterEchoCommand, /* The function to run. */
3 /* Three parameters are expected, which can take any value. */
};
@ -139,7 +139,7 @@ a time. */
static const CLI_Command_Definition_t xParameterEcho =
{
( const int8_t * const ) "echo_parameters",
( const int8_t * const ) "echo_parameters: <...> Take variable number of parameters, echos each in turn\r\n",
( const int8_t * const ) "\r\necho_parameters <...>:\r\n Take variable number of parameters, echos each in turn\r\n\r\n",
prvParameterEchoCommand, /* The function to run. */
-1 /* The user can enter any number of commands. */
};
@ -149,7 +149,7 @@ parameter, which can be either "start" or "stop". */
static const CLI_Command_Definition_t xStartTrace =
{
( const int8_t * const ) "trace",
( const int8_t * const ) "trace: [start | stop] Starts or stops a trace recording for viewing in FreeRTOS+Trace\r\n",
( const int8_t * const ) "\r\ntrace [start | stop]:\r\n Starts or stops a trace recording for viewing in FreeRTOS+Trace\r\n\r\n",
prvStartStopTraceCommand, /* The function to run. */
1 /* One parameter is expected. Valid values are "start" and "stop". */
};

2
FreeRTOS/Demo/ARM7_AT91FR40008_GCC/FreeRTOSConfig.h
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91FR40008_GCC/Makefile
View file

@ -1,5 +1,5 @@
#/*
# FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
# FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
#
#
# ***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91FR40008_GCC/ParTest/ParTest.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91FR40008_GCC/main.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91FR40008_GCC/serial/serial.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91FR40008_GCC/serial/serialISR.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/FreeRTOSConfig.h
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/ParTest/ParTest.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/USB/USBSample.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/main.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/serial/serial.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/FreeRTOSConfig.h
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/Makefile
View file

@ -1,5 +1,5 @@
#/*
# FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
# FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
#
#
# ***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/ParTest/ParTest.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/USB/USBSample.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/USB/USBSample.h
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/USB/USB_ISR.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/main.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/EMAC_ISR.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/SAM7_EMAC.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/SAM7_EMAC.h
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/uIP_Task.h
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_LPC2106_GCC/FreeRTOSConfig.h
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_LPC2106_GCC/Makefile
View file

@ -1,5 +1,5 @@
#/*
# FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
# FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
#
#
# ***************************************************************************

2
FreeRTOS/Demo/ARM7_LPC2106_GCC/ParTest/ParTest.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_LPC2106_GCC/main.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_LPC2106_GCC/serial/serial.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

2
FreeRTOS/Demo/ARM7_LPC2106_GCC/serial/serialISR.c
View file

@ -1,5 +1,5 @@
/*
FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
***************************************************************************

Some files were not shown because too many files have changed in this diff Show more