rpi/domo
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move all to deprecated folder.

Browse Source
This commit is contained in:
NADAL Jean-Baptiste
2016-11-16 21:57:57 +01:00
parent 01738a7684
commit 05de7d6c04
9777 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

790
deprecated/3P/wolfssl/src/crl.c Normal file
View File

@@ -0,0 +1,790 @@
/* crl.c
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* Name change compatibility layer no longer needs included here */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_CRL
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#include <dirent.h>
#include <sys/stat.h>
#include <string.h>
#ifdef HAVE_CRL_MONITOR
static int StopMonitor(int mfd);
#endif
/* Initialze CRL members */
int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
{
WOLFSSL_ENTER("InitCRL");
crl->cm = cm;
crl->crlList = NULL;
crl->monitors[0].path = NULL;
crl->monitors[1].path = NULL;
#ifdef HAVE_CRL_MONITOR
crl->tid = 0;
crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */
#endif
if (InitMutex(&crl->crlLock) != 0)
return BAD_MUTEX_E;
return 0;
}
/* Initialze CRL Entry */
static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
{
WOLFSSL_ENTER("InitCRL_Entry");
XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE);
/* XMEMCPY(crle->crlHash, dcrl->crlHash, SHA_DIGEST_SIZE);
* copy the hash here if needed for optimized comparisons */
XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
crle->lastDateFormat = dcrl->lastDateFormat;
crle->nextDateFormat = dcrl->nextDateFormat;
crle->certs = dcrl->certs; /* take ownsership */
dcrl->certs = NULL;
crle->totalCerts = dcrl->totalCerts;
return 0;
}
/* Free all CRL Entry resources */
static void FreeCRL_Entry(CRL_Entry* crle)
{
RevokedCert* tmp = crle->certs;
WOLFSSL_ENTER("FreeCRL_Entry");
while(tmp) {
RevokedCert* next = tmp->next;
XFREE(tmp, NULL, DYNAMIC_TYPE_REVOKED);
tmp = next;
}
}
/* Free all CRL resources */
void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
{
CRL_Entry* tmp = crl->crlList;
WOLFSSL_ENTER("FreeCRL");
if (crl->monitors[0].path)
XFREE(crl->monitors[0].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
if (crl->monitors[1].path)
XFREE(crl->monitors[1].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
while(tmp) {
CRL_Entry* next = tmp->next;
FreeCRL_Entry(tmp);
XFREE(tmp, NULL, DYNAMIC_TYPE_CRL_ENTRY);
tmp = next;
}
#ifdef HAVE_CRL_MONITOR
if (crl->tid != 0) {
WOLFSSL_MSG("stopping monitor thread");
if (StopMonitor(crl->mfd) == 0)
pthread_join(crl->tid, NULL);
else {
WOLFSSL_MSG("stop monitor failed, cancel instead");
pthread_cancel(crl->tid);
}
}
#endif
FreeMutex(&crl->crlLock);
if (dynamic) /* free self */
XFREE(crl, NULL, DYNAMIC_TYPE_CRL);
}
/* Is the cert ok with CRL, return 0 on success */
int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
{
CRL_Entry* crle;
int foundEntry = 0;
int ret = 0;
WOLFSSL_ENTER("CheckCertCRL");
if (LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("LockMutex failed");
return BAD_MUTEX_E;
}
crle = crl->crlList;
while (crle) {
if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) {
WOLFSSL_MSG("Found CRL Entry on list");
WOLFSSL_MSG("Checking next date validity");
if (!ValidateDate(crle->nextDate, crle->nextDateFormat, AFTER)) {
WOLFSSL_MSG("CRL next date is no longer valid");
ret = ASN_AFTER_DATE_E;
}
else
foundEntry = 1;
break;
}
crle = crle->next;
}
if (foundEntry) {
RevokedCert* rc = crle->certs;
while (rc) {
if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
WOLFSSL_MSG("Cert revoked");
ret = CRL_CERT_REVOKED;
break;
}
rc = rc->next;
}
}
UnLockMutex(&crl->crlLock);
if (foundEntry == 0) {
WOLFSSL_MSG("Couldn't find CRL for status check");
ret = CRL_MISSING;
if (crl->cm->cbMissingCRL) {
char url[256];
WOLFSSL_MSG("Issuing missing CRL callback");
url[0] = '\0';
if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
url[cert->extCrlInfoSz] = '\0';
}
else {
WOLFSSL_MSG("CRL url too long");
}
crl->cm->cbMissingCRL(url);
}
}
return ret;
}
/* Add Decoded CRL, 0 on success */
static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl)
{
CRL_Entry* crle;
WOLFSSL_ENTER("AddCRL");
crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY);
if (crle == NULL) {
WOLFSSL_MSG("alloc CRL Entry failed");
return -1;
}
if (InitCRL_Entry(crle, dcrl) < 0) {
WOLFSSL_MSG("Init CRL Entry failed");
XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
return -1;
}
if (LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("LockMutex failed");
FreeCRL_Entry(crle);
XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
return BAD_MUTEX_E;
}
crle->next = crl->crlList;
crl->crlList = crle;
UnLockMutex(&crl->crlLock);
return 0;
}
/* Load CRL File of type, SSL_SUCCESS on ok */
int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type)
{
int ret = SSL_SUCCESS;
const byte* myBuffer = buff; /* if DER ok, otherwise switch */
buffer der;
#ifdef WOLFSSL_SMALL_STACK
DecodedCRL* dcrl;
#else
DecodedCRL dcrl[1];
#endif
der.buffer = NULL;
WOLFSSL_ENTER("BufferLoadCRL");
if (crl == NULL || buff == NULL || sz == 0)
return BAD_FUNC_ARG;
if (type == SSL_FILETYPE_PEM) {
int eccKey = 0; /* not used */
EncryptedInfo info;
info.ctx = NULL;
ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey);
if (ret == 0) {
myBuffer = der.buffer;
sz = der.length;
}
else {
WOLFSSL_MSG("Pem to Der failed");
return -1;
}
}
#ifdef WOLFSSL_SMALL_STACK
dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (dcrl == NULL) {
if (der.buffer)
XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
return MEMORY_E;
}
#endif
InitDecodedCRL(dcrl);
ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm);
if (ret != 0) {
WOLFSSL_MSG("ParseCRL error");
}
else {
ret = AddCRL(crl, dcrl);
if (ret != 0) {
WOLFSSL_MSG("AddCRL error");
}
}
FreeDecodedCRL(dcrl);
#ifdef WOLFSSL_SMALL_STACK
XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (der.buffer)
XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
return ret ? ret : SSL_SUCCESS; /* convert 0 to SSL_SUCCESS */
}
#ifdef HAVE_CRL_MONITOR
/* read in new CRL entries and save new list */
static int SwapLists(WOLFSSL_CRL* crl)
{
int ret;
CRL_Entry* newList;
#ifdef WOLFSSL_SMALL_STACK
WOLFSSL_CRL* tmp;
#else
WOLFSSL_CRL tmp[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
tmp = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
return MEMORY_E;
#endif
if (InitCRL(tmp, crl->cm) < 0) {
WOLFSSL_MSG("Init tmp CRL failed");
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return -1;
}
if (crl->monitors[0].path) {
ret = LoadCRL(tmp, crl->monitors[0].path, SSL_FILETYPE_PEM, 0);
if (ret != SSL_SUCCESS) {
WOLFSSL_MSG("PEM LoadCRL on dir change failed");
FreeCRL(tmp, 0);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return -1;
}
}
if (crl->monitors[1].path) {
ret = LoadCRL(tmp, crl->monitors[1].path, SSL_FILETYPE_ASN1, 0);
if (ret != SSL_SUCCESS) {
WOLFSSL_MSG("DER LoadCRL on dir change failed");
FreeCRL(tmp, 0);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return -1;
}
}
if (LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("LockMutex failed");
FreeCRL(tmp, 0);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return -1;
}
newList = tmp->crlList;
/* swap lists */
tmp->crlList = crl->crlList;
crl->crlList = newList;
UnLockMutex(&crl->crlLock);
FreeCRL(tmp, 0);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
}
#if (defined(__MACH__) || defined(__FreeBSD__))
#include <sys/types.h>
#include <sys/event.h>
#include <sys/time.h>
#include <fcntl.h>
#include <unistd.h>
#ifdef __MACH__
#define XEVENT_MODE O_EVTONLY
#elif defined(__FreeBSD__)
#define XEVENT_MODE EVFILT_VNODE
#endif
/* we need a unique kqueue user filter fd for crl in case user is doing custom
* events too */
#ifndef CRL_CUSTOM_FD
#define CRL_CUSTOM_FD 123456
#endif
/* shutdown monitor thread, 0 on success */
static int StopMonitor(int mfd)
{
struct kevent change;
/* trigger custom shutdown */
EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL);
if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) {
WOLFSSL_MSG("kevent trigger customer event failed");
return -1;
}
return 0;
}
/* OS X monitoring */
static void* DoMonitor(void* arg)
{
int fPEM, fDER;
struct kevent change;
WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
WOLFSSL_ENTER("DoMonitor");
crl->mfd = kqueue();
if (crl->mfd == -1) {
WOLFSSL_MSG("kqueue failed");
return NULL;
}
/* listen for custom shutdown event */
EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL);
if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) {
WOLFSSL_MSG("kevent monitor customer event failed");
close(crl->mfd);
return NULL;
}
fPEM = -1;
fDER = -1;
if (crl->monitors[0].path) {
fPEM = open(crl->monitors[0].path, XEVENT_MODE);
if (fPEM == -1) {
WOLFSSL_MSG("PEM event dir open failed");
close(crl->mfd);
return NULL;
}
}
if (crl->monitors[1].path) {
fDER = open(crl->monitors[1].path, XEVENT_MODE);
if (fDER == -1) {
WOLFSSL_MSG("DER event dir open failed");
close(crl->mfd);
return NULL;
}
}
if (fPEM != -1)
EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
if (fDER != -1)
EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
for (;;) {
struct kevent event;
int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL);
WOLFSSL_MSG("Got kevent");
if (numEvents == -1) {
WOLFSSL_MSG("kevent problem, continue");
continue;
}
if (event.filter == EVFILT_USER) {
WOLFSSL_MSG("Got user shutdown event, breaking out");
break;
}
if (SwapLists(crl) < 0) {
WOLFSSL_MSG("SwapLists problem, continue");
}
}
if (fPEM != -1)
close(fPEM);
if (fDER != -1)
close(fDER);
close(crl->mfd);
return NULL;
}
#elif defined(__linux__)
#include <sys/types.h>
#include <sys/inotify.h>
#include <sys/eventfd.h>
#include <unistd.h>
#ifndef max
static INLINE int max(int a, int b)
{
return a > b ? a : b;
}
#endif /* max */
/* shutdown monitor thread, 0 on success */
static int StopMonitor(int mfd)
{
word64 w64 = 1;
/* write to our custom event */
if (write(mfd, &w64, sizeof(w64)) < 0) {
WOLFSSL_MSG("StopMonitor write failed");
return -1;
}
return 0;
}
/* linux monitoring */
static void* DoMonitor(void* arg)
{
int notifyFd;
int wd = -1;
WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
#ifdef WOLFSSL_SMALL_STACK
char* buff;
#else
char buff[8192];
#endif
WOLFSSL_ENTER("DoMonitor");
crl->mfd = eventfd(0, 0); /* our custom shutdown event */
if (crl->mfd < 0) {
WOLFSSL_MSG("eventfd failed");
return NULL;
}
notifyFd = inotify_init();
if (notifyFd < 0) {
WOLFSSL_MSG("inotify failed");
close(crl->mfd);
return NULL;
}
if (crl->monitors[0].path) {
wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE |
IN_DELETE);
if (wd < 0) {
WOLFSSL_MSG("PEM notify add watch failed");
close(crl->mfd);
close(notifyFd);
return NULL;
}
}
if (crl->monitors[1].path) {
wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE |
IN_DELETE);
if (wd < 0) {
WOLFSSL_MSG("DER notify add watch failed");
close(crl->mfd);
close(notifyFd);
return NULL;
}
}
#ifdef WOLFSSL_SMALL_STACK
buff = (char*)XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (buff == NULL)
return NULL;
#endif
for (;;) {
fd_set readfds;
int result;
int length;
FD_ZERO(&readfds);
FD_SET(notifyFd, &readfds);
FD_SET(crl->mfd, &readfds);
result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL);
WOLFSSL_MSG("Got notify event");
if (result < 0) {
WOLFSSL_MSG("select problem, continue");
continue;
}
if (FD_ISSET(crl->mfd, &readfds)) {
WOLFSSL_MSG("got custom shutdown event, breaking out");
break;
}
length = read(notifyFd, buff, 8192);
if (length < 0) {
WOLFSSL_MSG("notify read problem, continue");
continue;
}
if (SwapLists(crl) < 0) {
WOLFSSL_MSG("SwapLists problem, continue");
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (wd > 0)
inotify_rm_watch(notifyFd, wd);
close(crl->mfd);
close(notifyFd);
return NULL;
}
#else
#error "CRL monitor only currently supported on linux or mach"
#endif /* MACH or linux */
/* Start Monitoring the CRL path(s) in a thread */
static int StartMonitorCRL(WOLFSSL_CRL* crl)
{
pthread_attr_t attr;
WOLFSSL_ENTER("StartMonitorCRL");
if (crl == NULL)
return BAD_FUNC_ARG;
if (crl->tid != 0) {
WOLFSSL_MSG("Monitor thread already running");
return MONITOR_RUNNING_E;
}
pthread_attr_init(&attr);
if (pthread_create(&crl->tid, &attr, DoMonitor, crl) != 0) {
WOLFSSL_MSG("Thread creation error");
return THREAD_CREATE_E;
}
return SSL_SUCCESS;
}
#else /* HAVE_CRL_MONITOR */
static int StartMonitorCRL(WOLFSSL_CRL* crl)
{
(void)crl;
WOLFSSL_ENTER("StartMonitorCRL");
WOLFSSL_MSG("Not compiled in");
return NOT_COMPILED_IN;
}
#endif /* HAVE_CRL_MONITOR */
/* Load CRL path files of type, SSL_SUCCESS on ok */
int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
{
struct dirent* entry;
DIR* dir;
int ret = SSL_SUCCESS;
#ifdef WOLFSSL_SMALL_STACK
char* name;
#else
char name[MAX_FILENAME_SZ];
#endif
WOLFSSL_ENTER("LoadCRL");
if (crl == NULL)
return BAD_FUNC_ARG;
dir = opendir(path);
if (dir == NULL) {
WOLFSSL_MSG("opendir path crl load failed");
return BAD_PATH_ERROR;
}
#ifdef WOLFSSL_SMALL_STACK
name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (name == NULL)
return MEMORY_E;
#endif
while ( (entry = readdir(dir)) != NULL) {
struct stat s;
XMEMSET(name, 0, MAX_FILENAME_SZ);
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
if (stat(name, &s) != 0) {
WOLFSSL_MSG("stat on name failed");
continue;
}
if (s.st_mode & S_IFREG) {
if (type == SSL_FILETYPE_PEM) {
if (strstr(entry->d_name, ".pem") == NULL) {
WOLFSSL_MSG("not .pem file, skipping");
continue;
}
}
else {
if (strstr(entry->d_name, ".der") == NULL &&
strstr(entry->d_name, ".crl") == NULL) {
WOLFSSL_MSG("not .der or .crl file, skipping");
continue;
}
}
if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
!= SSL_SUCCESS) {
WOLFSSL_MSG("CRL file load failed, continuing");
}
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (monitor & WOLFSSL_CRL_MONITOR) {
WOLFSSL_MSG("monitor path requested");
if (type == SSL_FILETYPE_PEM) {
crl->monitors[0].path = strdup(path);
crl->monitors[0].type = SSL_FILETYPE_PEM;
if (crl->monitors[0].path == NULL)
ret = MEMORY_E;
} else {
crl->monitors[1].path = strdup(path);
crl->monitors[1].type = SSL_FILETYPE_ASN1;
if (crl->monitors[1].path == NULL)
ret = MEMORY_E;
}
if (monitor & WOLFSSL_CRL_START_MON) {
WOLFSSL_MSG("start monitoring requested");
ret = StartMonitorCRL(crl);
}
}
closedir(dir);
return ret;
}
#endif /* HAVE_CRL */

199
deprecated/3P/wolfssl/src/include.am Normal file
View File

@@ -0,0 +1,199 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
lib_LTLIBRARIES+= src/libwolfssl.la
src_libwolfssl_la_SOURCES =
src_libwolfssl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${WOLFSSL_LIBRARY_VERSION}
src_libwolfssl_la_LIBADD = $(LIBM)
src_libwolfssl_la_CFLAGS = -DBUILDING_WOLFSSL $(AM_CFLAGS)
src_libwolfssl_la_CPPFLAGS = -DBUILDING_WOLFSSL $(AM_CPPFLAGS)
# fips first file
if BUILD_FIPS
src_libwolfssl_la_SOURCES += ctaocrypt/src/wolfcrypt_first.c
src_libwolfssl_la_SOURCES += \
ctaocrypt/src/hmac.c \
ctaocrypt/src/random.c \
ctaocrypt/src/sha256.c
if BUILD_RSA
src_libwolfssl_la_SOURCES += ctaocrypt/src/rsa.c
endif
if BUILD_AES
src_libwolfssl_la_SOURCES += ctaocrypt/src/aes.c
endif
if BUILD_DES3
src_libwolfssl_la_SOURCES += ctaocrypt/src/des3.c
endif
if BUILD_SHA
src_libwolfssl_la_SOURCES += ctaocrypt/src/sha.c
endif
if BUILD_SHA512
src_libwolfssl_la_SOURCES += ctaocrypt/src/sha512.c
endif
src_libwolfssl_la_SOURCES += ctaocrypt/src/fips.c
src_libwolfssl_la_SOURCES += ctaocrypt/src/fips_test.c
# fips last file
src_libwolfssl_la_SOURCES += ctaocrypt/src/wolfcrypt_last.c
endif
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/hmac.c \
wolfcrypt/src/random.c \
wolfcrypt/src/sha256.c
if BUILD_RSA
src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c
endif
if BUILD_AES
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
endif
if BUILD_DES3
src_libwolfssl_la_SOURCES += wolfcrypt/src/des3.c
endif
if BUILD_SHA
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha.c
endif
if BUILD_SHA512
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha512.c
endif
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/logging.c \
wolfcrypt/src/wc_port.c \
wolfcrypt/src/error.c
if BUILD_MEMORY
src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c
endif
if BUILD_DH
src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c
endif
if BUILD_ASN
src_libwolfssl_la_SOURCES += wolfcrypt/src/asn.c
endif
if BUILD_CODING
src_libwolfssl_la_SOURCES += wolfcrypt/src/coding.c
endif
if BUILD_POLY1305
src_libwolfssl_la_SOURCES += wolfcrypt/src/poly1305.c
endif
if BUILD_RC4
src_libwolfssl_la_SOURCES += wolfcrypt/src/arc4.c
endif
if BUILD_MD4
src_libwolfssl_la_SOURCES += wolfcrypt/src/md4.c
endif
if BUILD_MD5
src_libwolfssl_la_SOURCES += wolfcrypt/src/md5.c
endif
if BUILD_PWDBASED
src_libwolfssl_la_SOURCES += wolfcrypt/src/pwdbased.c
endif
if BUILD_DSA
src_libwolfssl_la_SOURCES += wolfcrypt/src/dsa.c
endif
if BUILD_AESNI
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.s
endif
if BUILD_CAMELLIA
src_libwolfssl_la_SOURCES += wolfcrypt/src/camellia.c
endif
if BUILD_MD2
src_libwolfssl_la_SOURCES += wolfcrypt/src/md2.c
endif
if BUILD_RIPEMD
src_libwolfssl_la_SOURCES += wolfcrypt/src/ripemd.c
endif
if BUILD_BLAKE2
src_libwolfssl_la_SOURCES += wolfcrypt/src/blake2b.c
endif
if BUILD_HC128
src_libwolfssl_la_SOURCES += wolfcrypt/src/hc128.c
endif
if BUILD_RABBIT
src_libwolfssl_la_SOURCES += wolfcrypt/src/rabbit.c
endif
if BUILD_CHACHA
src_libwolfssl_la_SOURCES += wolfcrypt/src/chacha.c
endif
if !BUILD_INLINE
src_libwolfssl_la_SOURCES += wolfcrypt/src/misc.c
endif
if BUILD_FASTMATH
src_libwolfssl_la_SOURCES += wolfcrypt/src/tfm.c
endif
if BUILD_SLOWMATH
src_libwolfssl_la_SOURCES += wolfcrypt/src/integer.c
endif
if BUILD_ECC
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
endif
if BUILD_ECC25519
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc25519.c
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc25519_fe.c
endif
if BUILD_LIBZ
src_libwolfssl_la_SOURCES += wolfcrypt/src/compress.c
endif
if BUILD_PKCS7
src_libwolfssl_la_SOURCES += wolfcrypt/src/pkcs7.c
endif
# ssl files
src_libwolfssl_la_SOURCES += \
src/internal.c \
src/io.c \
src/keys.c \
src/ssl.c \
src/tls.c
if BUILD_OCSP
src_libwolfssl_la_SOURCES += src/ocsp.c
endif
if BUILD_CRL
src_libwolfssl_la_SOURCES += src/crl.c
endif
if BUILD_SNIFFER
src_libwolfssl_la_SOURCES += src/sniffer.c
endif

13749
deprecated/3P/wolfssl/src/internal.c Normal file
View File

File diff suppressed because it is too large Load Diff

1141
deprecated/3P/wolfssl/src/io.c Normal file
View File

File diff suppressed because it is too large Load Diff

2713
deprecated/3P/wolfssl/src/keys.c Normal file
View File

File diff suppressed because it is too large Load Diff

303
deprecated/3P/wolfssl/src/ocsp.c Normal file
View File

@@ -0,0 +1,303 @@
/* ocsp.c
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* Name change compatibility layer no longer needs to be included here */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_OCSP
#include <wolfssl/error-ssl.h>
#include <wolfssl/ocsp.h>
#include <wolfssl/internal.h>
int InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm)
{
WOLFSSL_ENTER("InitOCSP");
XMEMSET(ocsp, 0, sizeof(*ocsp));
ocsp->cm = cm;
if (InitMutex(&ocsp->ocspLock) != 0)
return BAD_MUTEX_E;
return 0;
}
static int InitOCSP_Entry(OCSP_Entry* ocspe, DecodedCert* cert)
{
WOLFSSL_ENTER("InitOCSP_Entry");
XMEMSET(ocspe, 0, sizeof(*ocspe));
XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE);
XMEMCPY(ocspe->issuerKeyHash, cert->issuerKeyHash, SHA_DIGEST_SIZE);
return 0;
}
static void FreeOCSP_Entry(OCSP_Entry* ocspe)
{
CertStatus* tmp = ocspe->status;
WOLFSSL_ENTER("FreeOCSP_Entry");
while (tmp) {
CertStatus* next = tmp->next;
XFREE(tmp, NULL, DYNAMIC_TYPE_OCSP_STATUS);
tmp = next;
}
}
void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic)
{
OCSP_Entry* tmp = ocsp->ocspList;
WOLFSSL_ENTER("FreeOCSP");
while (tmp) {
OCSP_Entry* next = tmp->next;
FreeOCSP_Entry(tmp);
XFREE(tmp, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
tmp = next;
}
FreeMutex(&ocsp->ocspLock);
if (dynamic)
XFREE(ocsp, NULL, DYNAMIC_TYPE_OCSP);
}
static int xstat2err(int stat)
{
switch (stat) {
case CERT_GOOD:
return 0;
case CERT_REVOKED:
return OCSP_CERT_REVOKED;
default:
return OCSP_CERT_UNKNOWN;
}
}
int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert)
{
byte* ocspReqBuf = NULL;
int ocspReqSz = 2048;
byte* ocspRespBuf = NULL;
int result = -1;
OCSP_Entry* ocspe;
CertStatus* certStatus = NULL;
const char *url;
int urlSz;
#ifdef WOLFSSL_SMALL_STACK
CertStatus* newStatus;
OcspRequest* ocspRequest;
OcspResponse* ocspResponse;
#else
CertStatus newStatus[1];
OcspRequest ocspRequest[1];
OcspResponse ocspResponse[1];
#endif
WOLFSSL_ENTER("CheckCertOCSP");
if (LockMutex(&ocsp->ocspLock) != 0) {
WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
return BAD_MUTEX_E;
}
ocspe = ocsp->ocspList;
while (ocspe) {
if (XMEMCMP(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0
&& XMEMCMP(ocspe->issuerKeyHash, cert->issuerKeyHash,
SHA_DIGEST_SIZE) == 0)
break;
else
ocspe = ocspe->next;
}
if (ocspe == NULL) {
ocspe = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry),
NULL, DYNAMIC_TYPE_OCSP_ENTRY);
if (ocspe != NULL) {
InitOCSP_Entry(ocspe, cert);
ocspe->next = ocsp->ocspList;
ocsp->ocspList = ocspe;
}
else {
UnLockMutex(&ocsp->ocspLock);
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_ERROR;
}
}
else {
certStatus = ocspe->status;
while (certStatus) {
if (certStatus->serialSz == cert->serialSz &&
XMEMCMP(certStatus->serial, cert->serial, cert->serialSz) == 0)
break;
else
certStatus = certStatus->next;
}
}
if (certStatus != NULL) {
if (!ValidateDate(certStatus->thisDate,
certStatus->thisDateFormat, BEFORE) ||
(certStatus->nextDate[0] == 0) ||
!ValidateDate(certStatus->nextDate,
certStatus->nextDateFormat, AFTER)) {
WOLFSSL_MSG("\tinvalid status date, looking up cert");
}
else {
result = xstat2err(certStatus->status);
UnLockMutex(&ocsp->ocspLock);
WOLFSSL_LEAVE("CheckCertOCSP", result);
return result;
}
}
UnLockMutex(&ocsp->ocspLock);
if (ocsp->cm->ocspUseOverrideURL) {
url = ocsp->cm->ocspOverrideURL;
if (url != NULL && url[0] != '\0')
urlSz = (int)XSTRLEN(url);
else
return OCSP_NEED_URL;
}
else if (cert->extAuthInfoSz != 0 && cert->extAuthInfo != NULL) {
url = (const char *)cert->extAuthInfo;
urlSz = cert->extAuthInfoSz;
}
else {
/* cert doesn't have extAuthInfo, assuming CERT_GOOD */
return 0;
}
ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
if (ocspReqBuf == NULL) {
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_ERROR;
}
#ifdef WOLFSSL_SMALL_STACK
newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
ocspRequest = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (newStatus == NULL || ocspRequest == NULL || ocspResponse == NULL) {
if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ocspRequest) XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_E;
}
#endif
InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce,
ocspReqBuf, ocspReqSz);
ocspReqSz = EncodeOcspRequest(ocspRequest);
if (ocsp->cm->ocspIOCb)
result = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
ocspReqBuf, ocspReqSz, &ocspRespBuf);
if (result >= 0 && ocspRespBuf) {
XMEMSET(newStatus, 0, sizeof(CertStatus));
InitOcspResponse(ocspResponse, newStatus, ocspRespBuf, result);
OcspResponseDecode(ocspResponse);
if (ocspResponse->responseStatus != OCSP_SUCCESSFUL)
result = OCSP_LOOKUP_FAIL;
else {
if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) {
result = xstat2err(ocspResponse->status->status);
if (LockMutex(&ocsp->ocspLock) != 0)
result = BAD_MUTEX_E;
else {
if (certStatus != NULL)
/* Replace existing certificate entry with updated */
XMEMCPY(certStatus, newStatus, sizeof(CertStatus));
else {
/* Save new certificate entry */
certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus),
NULL, DYNAMIC_TYPE_OCSP_STATUS);
if (certStatus != NULL) {
XMEMCPY(certStatus, newStatus, sizeof(CertStatus));
certStatus->next = ocspe->status;
ocspe->status = certStatus;
ocspe->totalStatus++;
}
}
UnLockMutex(&ocsp->ocspLock);
}
}
else
result = OCSP_LOOKUP_FAIL;
}
}
else
result = OCSP_LOOKUP_FAIL;
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb)
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf);
WOLFSSL_LEAVE("CheckCertOCSP", result);
return result;
}
#else /* HAVE_OCSP */
#ifdef _MSC_VER
/* 4206 warning for blank file */
#pragma warning(disable: 4206)
#endif
#endif /* HAVE_OCSP */

2925
deprecated/3P/wolfssl/src/sniffer.c Normal file
View File

File diff suppressed because it is too large Load Diff

12419
deprecated/3P/wolfssl/src/ssl.c Normal file
View File

File diff suppressed because it is too large Load Diff

2389
deprecated/3P/wolfssl/src/tls.c Normal file
View File

File diff suppressed because it is too large Load Diff