jepler/axtls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: jepler:master
Branches Tags
jepler:master
jepler:sanitize-undefined-fixes
jepler:micropython-2.1.3
jepler:ssl_eagain
jepler:micropython
jepler:v1.8.2
..
compare: jepler:micropython
Branches Tags
jepler:sanitize-undefined-fixes
jepler:micropython-2.1.3
jepler:ssl_eagain
jepler:master
jepler:micropython
jepler:v1.8.2

32 commits
master ... micropytho

Author SHA1 Message Date
Paul Sokolovsky
3c6b62b718 crypto/rsa.c: RSA_decrypt: Always support both decrypt and sig-verify. 
Signature verification need actually comes from yaota8266 project, that's
why it's untied from certificate verification.
 2016-11-05 08:29:22 +03:00
Paul Sokolovsky
67d27df4b5 crypto/crypto_misc.c: RNG_initialize(): Don't do anything for esp8266. 
It's tentative RNG is already setup when axTLS runs.
 2016-07-11 16:49:43 +03:00
Paul Sokolovsky
9776795d9f ssl/Makefile: Make archive index when creating libaxtls.a. 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
7e9e9a7812 tls1.h: Allow to override RT_MAX_PLAIN_LENGTH and RT_EXTRA. 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
d044bf6ccf bigint.c: bi_mod_power(): esp8266: Process pending events. 
To avoid watchdog reset/wifi disconnect during long operations.
 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
a0025d321e makefile.conf: Accept CFLAGS_EXTRA. 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
54b2a4f5e2 crypto_misc.h: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
3c6e252720 crypto_misc.h: Don't ifdef in headers. 2016-07-10 23:17:17 +03:00
Paul Sokolovsky
60ec24b6db crypto_misc.c: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:17 +03:00
Paul Sokolovsky
f11093627a crypto_misc.c: print_blob(): Use snprintf() for MicroPython compatibility. 2016-07-10 23:17:17 +03:00
Paul Sokolovsky
3984fdd4fb os_int.h, os_port_micropython.h: Changes for esp8266 compatibility. 2016-07-10 23:17:17 +03:00
Paul Sokolovsky
b2325e5895 upyconfig: Enable server support. 2016-07-10 23:17:16 +03:00
Paul Sokolovsky
aadca9280b upyconfig.client: Client-only config. 2016-07-10 23:17:16 +03:00
Paul Sokolovsky
d8283d74ff os_port_micropython.h: Add ifdef'ed POSIX defines to ease testing. 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
a4e0f106f3 tls1_svr.c: CONFIG_SSL_ENABLE_SERVER 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
4fa4fb3461 tls1.c: CONFIG_SSL_ENABLE_SERVER 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
06602d26de crypto_misc.h: Don't ifdef declarations. 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
9cd22067ad tls1_svr.c: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
eab10ee5a7 tls1_clnt.c: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:14 +03:00
Paul Sokolovsky
9bf4489a9f tls1.c: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:14 +03:00
Paul Sokolovsky
22b2cc0965 loader.c: CONFIG_SSL_ENABLE_SERVER 2016-07-10 23:17:14 +03:00
Paul Sokolovsky
6f339f9b77 ssl/Config.in: Add explicit CONFIG_SSL_ENABLE_SERVER. 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
672fa268d5 crypto/crypto_misc: Add tentative random generation for esp8266. 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
e941743c1b Add namespace prefix to hmac_md5/hmac_sha1 functions. 
These are pretty common names and can easily clash with other libraries.
At least, add "ssl_" prefix, as many other axTLS functions have.
 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
7ab52e9d6d Add .gitignore . 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
3008b7474a Add config for MicroPython build. 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
463a64723a En-masse other changes to minimize size and make embeddable into uPy. 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
7e9e63023d os_port, tls1: Let port decide whether POSIX-style select() will be used. 
POSIX-style select() is unlikely a good fit for embedded socket
implementation. It actually needed only for non-blocking sockets,
so let ports just be able to skip it. Going forward, this need
to be refactored into direct-purpose function to wait for socket
to be writable to be implemented per port.
 2016-07-10 22:00:24 +03:00
Paul Sokolovsky
b5ba024a9f tls1: Abstract away getting last errno for a socket operation. 
For usage with embedded ports where socket library may have other way to
pass errors rather than via C errno variable.
 2016-07-10 22:00:24 +03:00
Paul Sokolovsky
c28cc4a6b7 hmac: hmac_md5(): Use single padding buffer. 
Saves 64 bytes of stack space.
 2016-07-10 22:00:23 +03:00
Paul Sokolovsky
b1f8b3b982 hmac: hmac_sha1(): Use single padding buffer. 
Saves 64 bytes of stack space.
 2016-07-10 22:00:23 +03:00
Paul Sokolovsky
8efa290751 md5: Optimize for size. 
Original version is 2528 bytes for x86, optimized - 1208.
 2016-07-10 22:00:22 +03:00
97 changed files with 1628 additions and 2940 deletions
Show stats Expand all files Collapse all files

11
.gitignore vendored Normal file
View file

@ -0,0 +1,11 @@
*.o
_stage
.depend
.config*
config/config.h
config/scripts/config/conf
config/scripts/config/lex.zconf.c
config/scripts/config/lkc_defs.h
config/scripts/config/zconf.tab.c
config/scripts/config/zconf.tab.h
ssl/version.h

1
Makefile
View file

@ -108,6 +108,7 @@ endif
install -m 644 ssl/*.h $(PREFIX)/include/axTLS
-rm $(PREFIX)/include/axTLS/cert.h
-rm $(PREFIX)/include/axTLS/private_key.h
-rm $(PREFIX)/include/axTLS/os_port.h
install -m 644 config/config.h $(PREFIX)/include/axTLS
installclean:

2
bindings/Config.in
View file

@ -55,7 +55,7 @@ depends on CONFIG_JAVA_BINDINGS
config CONFIG_JAVA_HOME
string "Location of JDK"
default "c:\\Program Files\\Java\\jdk1.5.0_06" if CONFIG_PLATFORM_WIN32 || CONFIG_PLATFORM_CYGWIN
default "/usr/lib/jvm/java-7-openjdk-amd64" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN
default "/usr/local/jdk142" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN
depends on CONFIG_JAVA_BINDINGS
help
The location of Sun's JDK.

6
bindings/csharp/axTLS.cs
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
* Copyright (c) 2007, Cameron Rich
*
* All rights reserved.
*
@ -89,8 +89,8 @@ namespace axTLS
* @return The cipher id which is one of:
* - SSL_AES128_SHA (0x2f)
* - SSL_AES256_SHA (0x35)
* - SSL_AES128_SHA256 (0x3c)
* - SSL_AES256_SHA256 (0x3d)
* - SSL_RC4_128_SHA (0x05)
* - SSL_RC4_128_MD5 (0x04)
*/
public byte GetCipherId()
{

3
bindings/generate_SWIG_interface.pl
View file

@ -126,7 +126,7 @@ my @raw_data;
if (not defined $ARGV[0])
{
die "Usage: $0 [-java | -perl | -lua]\n";
goto ouch;
}
if ($ARGV[0] eq "-java")
@ -149,6 +149,7 @@ elsif ($ARGV[0] eq "-lua")
}
else
{
ouch:
die "Usage: $0 [-java | -perl | -lua]\n";
}

6
bindings/java/SSL.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
* Copyright (c) 2007, Cameron Rich
*
* All rights reserved.
*
@ -89,8 +89,8 @@ public class SSL
* @return The cipher id which is one of:
* - SSL_AES128_SHA (0x2f)
* - SSL_AES256_SHA (0x35)
* - SSL_AES128_SHA256 (0x3c)
* - SSL_AES256_SHA256 (0x3d)
* - SSL_RC4_128_SHA (0x05)
* - SSL_RC4_128_MD5 (0x04)
*/
public byte getCipherId()
{

3
config/Rules.mak
View file

@ -174,7 +174,8 @@ ifeq ($(strip $(CONFIG_DEBUG)),y)
else
CFLAGS+=$(WARNINGS) $(OPTIMIZATIONS) -D_GNU_SOURCE -DNDEBUG
LDFLAGS += -Wl,-warn-common
STRIPCMD:=$(STRIP) -s --remove-section=.note --remove-section=.comment
STRIPCMD:=echo
#$(STRIP) -s --remove-section=.note --remove-section=.comment
endif
ifeq ($(strip $(CONFIG_STATIC)),y)
LDFLAGS += --static

14
config/makefile.conf
View file

@ -1,5 +1,5 @@
#
# Copyright (c) 2007-2016, Cameron Rich
# Copyright (c) 2007-2015, Cameron Rich
#
# All rights reserved.
#
@ -84,7 +84,7 @@ else # Not Win32
-include .depend
CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto
CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto $(CFLAGS_EXTRA)
LD=$(CC)
STRIP=$(CROSS)strip
@ -101,7 +101,7 @@ LDSHARED = -shared
# Linux
ifndef CONFIG_PLATFORM_CYGWIN
ifndef CONFIG_PLATFORM_NOMMU
CFLAGS += -fPIC
#CFLAGS += -fPIC
# Cygwin
else
@ -114,11 +114,15 @@ endif
ifdef CONFIG_DEBUG
CFLAGS += -g
else
LDFLAGS += -s
#-m32
# -pg
LDFLAGS += -g -Wl,--gc-sections,--print-gc-sections,-Map,map.lst -fno-unwind-tables -fno-asynchronous-unwind-tables
ifdef CONFIG_PLATFORM_SOLARIS
CFLAGS += -O
else
CFLAGS += -O3
#-m32
#-pg
CFLAGS += -g -Os -ffunction-sections -fdata-sections -fno-unwind-tables -fno-asynchronous-unwind-tables
endif
endif # CONFIG_DEBUG

117
config/upyconfig Normal file
View file

@ -0,0 +1,117 @@
#
# Automatically generated make config: don't edit
#
HAVE_DOT_CONFIG=y
CONFIG_PLATFORM_LINUX=y
# CONFIG_PLATFORM_CYGWIN is not set
# CONFIG_PLATFORM_WIN32 is not set
#
# General Configuration
#
PREFIX="/usr/local"
# CONFIG_DEBUG is not set
# CONFIG_STRIP_UNWANTED_SECTIONS is not set
# CONFIG_VISUAL_STUDIO_7_0 is not set
# CONFIG_VISUAL_STUDIO_8_0 is not set
# CONFIG_VISUAL_STUDIO_10_0 is not set
CONFIG_VISUAL_STUDIO_7_0_BASE=""
CONFIG_VISUAL_STUDIO_8_0_BASE=""
CONFIG_VISUAL_STUDIO_10_0_BASE=""
CONFIG_EXTRA_CFLAGS_OPTIONS=""
CONFIG_EXTRA_LDFLAGS_OPTIONS=""
#
# SSL Library
#
# CONFIG_SSL_SERVER_ONLY is not set
# CONFIG_SSL_CERT_VERIFICATION is not set
# CONFIG_SSL_FULL_MODE is not set
CONFIG_SSL_SKELETON_MODE=y
CONFIG_SSL_ENABLE_SERVER=y
CONFIG_SSL_ENABLE_CLIENT=y
# CONFIG_SSL_DIAGNOSTICS is not set
CONFIG_SSL_PROT_LOW=y
# CONFIG_SSL_PROT_MEDIUM is not set
# CONFIG_SSL_PROT_HIGH is not set
CONFIG_SSL_AES=y
CONFIG_SSL_USE_DEFAULT_KEY=y
CONFIG_SSL_PRIVATE_KEY_LOCATION=""
CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
CONFIG_SSL_X509_CERT_LOCATION=""
# CONFIG_SSL_GENERATE_X509_CERT is not set
CONFIG_SSL_X509_COMMON_NAME=""
CONFIG_SSL_X509_ORGANIZATION_NAME=""
CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
# CONFIG_SSL_ENABLE_V23_HANDSHAKE is not set
# CONFIG_SSL_HAS_PEM is not set
# CONFIG_SSL_USE_PKCS12 is not set
CONFIG_SSL_EXPIRY_TIME=0
CONFIG_X509_MAX_CA_CERTS=0
CONFIG_SSL_MAX_CERTS=3
# CONFIG_SSL_CTX_MUTEXING is not set
# CONFIG_USE_DEV_URANDOM is not set
# CONFIG_WIN32_USE_CRYPTO_LIB is not set
# CONFIG_OPENSSL_COMPATIBLE is not set
# CONFIG_PERFORMANCE_TESTING is not set
# CONFIG_SSL_TEST is not set
# CONFIG_AXTLSWRAP is not set
# CONFIG_AXHTTPD is not set
# CONFIG_HTTP_STATIC_BUILD is not set
CONFIG_HTTP_PORT=0
CONFIG_HTTP_HTTPS_PORT=0
CONFIG_HTTP_SESSION_CACHE_SIZE=0
CONFIG_HTTP_WEBROOT=""
CONFIG_HTTP_TIMEOUT=0
# CONFIG_HTTP_HAS_CGI is not set
CONFIG_HTTP_CGI_EXTENSIONS=""
# CONFIG_HTTP_ENABLE_LUA is not set
CONFIG_HTTP_LUA_PREFIX=""
# CONFIG_HTTP_BUILD_LUA is not set
CONFIG_HTTP_CGI_LAUNCHER=""
# CONFIG_HTTP_DIRECTORIES is not set
# CONFIG_HTTP_HAS_AUTHORIZATION is not set
# CONFIG_HTTP_HAS_IPV6 is not set
# CONFIG_HTTP_ENABLE_DIFFERENT_USER is not set
CONFIG_HTTP_USER=""
# CONFIG_HTTP_VERBOSE is not set
# CONFIG_HTTP_IS_DAEMON is not set
#
# Language Bindings
#
# CONFIG_BINDINGS is not set
# CONFIG_CSHARP_BINDINGS is not set
# CONFIG_VBNET_BINDINGS is not set
CONFIG_DOT_NET_FRAMEWORK_BASE=""
# CONFIG_JAVA_BINDINGS is not set
CONFIG_JAVA_HOME=""
# CONFIG_PERL_BINDINGS is not set
CONFIG_PERL_CORE=""
CONFIG_PERL_LIB=""
# CONFIG_LUA_BINDINGS is not set
CONFIG_LUA_CORE=""
#
# Samples
#
# CONFIG_SAMPLES is not set
# CONFIG_C_SAMPLES is not set
# CONFIG_CSHARP_SAMPLES is not set
# CONFIG_VBNET_SAMPLES is not set
# CONFIG_JAVA_SAMPLES is not set
# CONFIG_PERL_SAMPLES is not set
# CONFIG_LUA_SAMPLES is not set
# CONFIG_BIGINT_CLASSICAL is not set
# CONFIG_BIGINT_MONTGOMERY is not set
# CONFIG_BIGINT_BARRETT is not set
# CONFIG_BIGINT_CRT is not set
# CONFIG_BIGINT_KARATSUBA is not set
MUL_KARATSUBA_THRESH=0
SQU_KARATSUBA_THRESH=0
# CONFIG_BIGINT_SLIDING_WINDOW is not set
# CONFIG_BIGINT_SQUARE is not set
# CONFIG_BIGINT_CHECK_ON is not set
# CONFIG_INTEGER_32BIT is not set
# CONFIG_INTEGER_16BIT is not set
# CONFIG_INTEGER_8BIT is not set

116
config/upyconfig.client Normal file
View file

@ -0,0 +1,116 @@
#
# Automatically generated make config: don't edit
#
HAVE_DOT_CONFIG=y
CONFIG_PLATFORM_LINUX=y
# CONFIG_PLATFORM_CYGWIN is not set
# CONFIG_PLATFORM_WIN32 is not set
#
# General Configuration
#
PREFIX="/usr/local"
# CONFIG_DEBUG is not set
# CONFIG_STRIP_UNWANTED_SECTIONS is not set
# CONFIG_VISUAL_STUDIO_7_0 is not set
# CONFIG_VISUAL_STUDIO_8_0 is not set
# CONFIG_VISUAL_STUDIO_10_0 is not set
CONFIG_VISUAL_STUDIO_7_0_BASE=""
CONFIG_VISUAL_STUDIO_8_0_BASE=""
CONFIG_VISUAL_STUDIO_10_0_BASE=""
CONFIG_EXTRA_CFLAGS_OPTIONS=""
CONFIG_EXTRA_LDFLAGS_OPTIONS=""
#
# SSL Library
#
# CONFIG_SSL_SERVER_ONLY is not set
# CONFIG_SSL_CERT_VERIFICATION is not set
# CONFIG_SSL_FULL_MODE is not set
CONFIG_SSL_SKELETON_MODE=y
CONFIG_SSL_ENABLE_CLIENT=y
# CONFIG_SSL_DIAGNOSTICS is not set
CONFIG_SSL_PROT_LOW=y
# CONFIG_SSL_PROT_MEDIUM is not set
# CONFIG_SSL_PROT_HIGH is not set
CONFIG_SSL_AES=y
# CONFIG_SSL_USE_DEFAULT_KEY is not set
CONFIG_SSL_PRIVATE_KEY_LOCATION=""
CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
CONFIG_SSL_X509_CERT_LOCATION=""
# CONFIG_SSL_GENERATE_X509_CERT is not set
CONFIG_SSL_X509_COMMON_NAME=""
CONFIG_SSL_X509_ORGANIZATION_NAME=""
CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
# CONFIG_SSL_ENABLE_V23_HANDSHAKE is not set
# CONFIG_SSL_HAS_PEM is not set
# CONFIG_SSL_USE_PKCS12 is not set
CONFIG_SSL_EXPIRY_TIME=0
CONFIG_X509_MAX_CA_CERTS=0
CONFIG_SSL_MAX_CERTS=3
# CONFIG_SSL_CTX_MUTEXING is not set
# CONFIG_USE_DEV_URANDOM is not set
# CONFIG_WIN32_USE_CRYPTO_LIB is not set
# CONFIG_OPENSSL_COMPATIBLE is not set
# CONFIG_PERFORMANCE_TESTING is not set
# CONFIG_SSL_TEST is not set
# CONFIG_AXTLSWRAP is not set
# CONFIG_AXHTTPD is not set
# CONFIG_HTTP_STATIC_BUILD is not set
CONFIG_HTTP_PORT=0
CONFIG_HTTP_HTTPS_PORT=0
CONFIG_HTTP_SESSION_CACHE_SIZE=0
CONFIG_HTTP_WEBROOT=""
CONFIG_HTTP_TIMEOUT=0
# CONFIG_HTTP_HAS_CGI is not set
CONFIG_HTTP_CGI_EXTENSIONS=""
# CONFIG_HTTP_ENABLE_LUA is not set
CONFIG_HTTP_LUA_PREFIX=""
# CONFIG_HTTP_BUILD_LUA is not set
CONFIG_HTTP_CGI_LAUNCHER=""
# CONFIG_HTTP_DIRECTORIES is not set
# CONFIG_HTTP_HAS_AUTHORIZATION is not set
# CONFIG_HTTP_HAS_IPV6 is not set
# CONFIG_HTTP_ENABLE_DIFFERENT_USER is not set
CONFIG_HTTP_USER=""
# CONFIG_HTTP_VERBOSE is not set
# CONFIG_HTTP_IS_DAEMON is not set
#
# Language Bindings
#
# CONFIG_BINDINGS is not set
# CONFIG_CSHARP_BINDINGS is not set
# CONFIG_VBNET_BINDINGS is not set
CONFIG_DOT_NET_FRAMEWORK_BASE=""
# CONFIG_JAVA_BINDINGS is not set
CONFIG_JAVA_HOME=""
# CONFIG_PERL_BINDINGS is not set
CONFIG_PERL_CORE=""
CONFIG_PERL_LIB=""
# CONFIG_LUA_BINDINGS is not set
CONFIG_LUA_CORE=""
#
# Samples
#
# CONFIG_SAMPLES is not set
# CONFIG_C_SAMPLES is not set
# CONFIG_CSHARP_SAMPLES is not set
# CONFIG_VBNET_SAMPLES is not set
# CONFIG_JAVA_SAMPLES is not set
# CONFIG_PERL_SAMPLES is not set
# CONFIG_LUA_SAMPLES is not set
# CONFIG_BIGINT_CLASSICAL is not set
# CONFIG_BIGINT_MONTGOMERY is not set
# CONFIG_BIGINT_BARRETT is not set
# CONFIG_BIGINT_CRT is not set
# CONFIG_BIGINT_KARATSUBA is not set
MUL_KARATSUBA_THRESH=0
SQU_KARATSUBA_THRESH=0
# CONFIG_BIGINT_SLIDING_WINDOW is not set
# CONFIG_BIGINT_SQUARE is not set
# CONFIG_BIGINT_CHECK_ON is not set
# CONFIG_INTEGER_32BIT is not set
# CONFIG_INTEGER_16BIT is not set
# CONFIG_INTEGER_8BIT is not set

4
crypto/bigint.c
View file

@ -1379,6 +1379,10 @@ bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
* will reduce to standard left-to-right exponentiation */
do
{
#ifdef __ets__
void ets_loop_iter(void);
ets_loop_iter();
#endif
if (exp_bit_is_one(biexp, i))
{
int l = i-window_size+1;

15
crypto/crypto.h
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
@ -51,12 +51,14 @@ extern "C" {
/* enable features based on a 'super-set' capbaility. */
#if 0
#if defined(CONFIG_SSL_FULL_MODE)
#define CONFIG_SSL_ENABLE_CLIENT
#define CONFIG_SSL_CERT_VERIFICATION
#elif defined(CONFIG_SSL_ENABLE_CLIENT)
#define CONFIG_SSL_CERT_VERIFICATION
#endif
#endif
/**************************************************************************
* AES declarations
@ -196,11 +198,9 @@ EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
/**************************************************************************
* HMAC declarations
**************************************************************************/
void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
void ssl_hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key,
void ssl_hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
/**************************************************************************
@ -242,14 +242,15 @@ void RSA_free(RSA_CTX *ctx);
int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
int out_len, int is_decryption);
bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
// Don't bother to ifdef prototypes, let them be
//#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
bigint *modulus, bigint *pub_exp);
bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
uint8_t *out_data, int is_signing);
void RSA_print(const RSA_CTX *ctx);
#endif
//#endif
/**************************************************************************
* RNG declarations

18
crypto/crypto_misc.c
View file

@ -42,7 +42,7 @@
#include "wincrypt.h"
#endif
#ifndef WIN32
#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
static int rng_fd = -1;
#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
static HCRYPTPROV gCryptProv;
@ -120,7 +120,7 @@ EXP_FUNC void STDCALL RNG_initialize()
exit(1);
}
}
#else
#elif !defined(__ets__)
/* start of with a stack to copy across */
int i;
memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE);
@ -146,7 +146,7 @@ EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size)
*/
EXP_FUNC void STDCALL RNG_terminate(void)
{
#ifndef WIN32
#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
close(rng_fd);
#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
CryptReleaseContext(gCryptProv, 0);
@ -158,7 +158,13 @@ EXP_FUNC void STDCALL RNG_terminate(void)
*/
EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
{
#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
#ifdef __ets__
// see http://esp8266-re.foogod.com/wiki/Random_Number_Generator
#define WDEV_HWRNG ((volatile uint32_t*)0x3ff20e44)
while (num_rand_bytes--) {
*rand_data++ = *WDEV_HWRNG;
}
#elif !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
/* use the Linux default - read from /dev/urandom */
if (read(rng_fd, rand_data, num_rand_bytes) < 0)
return -1;
@ -223,7 +229,7 @@ int get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
/**
* Some useful diagnostic routines
*/
#if defined(CONFIG_SSL_FULL_MODE) || defined(CONFIG_DEBUG)
#if defined(CONFIG_SSL_DIAGNOSTICS) || defined(CONFIG_DEBUG)
int hex_finish;
int hex_index;
@ -276,7 +282,7 @@ EXP_FUNC void STDCALL print_blob(const char *format,
va_list(ap);
va_start(ap, size);
sprintf(tmp, "%s\n", format);
snprintf(tmp, sizeof(tmp), "%s\n", format);
vprintf(tmp, ap);
print_hex_init(size);
for (i = 0; i < size; i++)

94
crypto/hmac.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
* Copyright (c) 2007, Cameron Rich
*
* All rights reserved.
*
@ -42,31 +42,34 @@
* Perform HMAC-MD5
* NOTE: does not handle keys larger than the block size.
*/
void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
void ssl_hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest)
{
MD5_CTX context;
uint8_t k_ipad[64];
uint8_t k_opad[64];
uint8_t k_pad[64];
int i;
memset(k_ipad, 0, sizeof k_ipad);
memset(k_opad, 0, sizeof k_opad);
memcpy(k_ipad, key, key_len);
memcpy(k_opad, key, key_len);
for (i = 0; i < 64; i++)
memset(k_pad, 0, sizeof k_pad);
memcpy(k_pad, key, key_len);
for (i = 0; i < 64; i++)
{
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
k_pad[i] ^= 0x36;
}
MD5_Init(&context);
MD5_Update(&context, k_ipad, 64);
MD5_Update(&context, k_pad, 64);
MD5_Update(&context, msg, length);
MD5_Final(digest, &context);
memset(k_pad, 0, sizeof k_pad);
memcpy(k_pad, key, key_len);
for (i = 0; i < 64; i++)
{
k_pad[i] ^= 0x5c;
}
MD5_Init(&context);
MD5_Update(&context, k_opad, 64);
MD5_Update(&context, k_pad, 64);
MD5_Update(&context, digest, MD5_SIZE);
MD5_Final(digest, &context);
}
@ -75,65 +78,34 @@ void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
* Perform HMAC-SHA1
* NOTE: does not handle keys larger than the block size.
*/
void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
void ssl_hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest)
{
SHA1_CTX context;
uint8_t k_ipad[64];
uint8_t k_opad[64];
uint8_t k_pad[64];
int i;
memset(k_ipad, 0, sizeof k_ipad);
memset(k_opad, 0, sizeof k_opad);
memcpy(k_ipad, key, key_len);
memcpy(k_opad, key, key_len);
for (i = 0; i < 64; i++)
memset(k_pad, 0, sizeof k_pad);
memcpy(k_pad, key, key_len);
for (i = 0; i < 64; i++)
{
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
k_pad[i] ^= 0x36;
}
SHA1_Init(&context);
SHA1_Update(&context, k_ipad, 64);
SHA1_Update(&context, k_pad, 64);
SHA1_Update(&context, msg, length);
SHA1_Final(digest, &context);
memset(k_pad, 0, sizeof k_pad);
memcpy(k_pad, key, key_len);
for (i = 0; i < 64; i++)
{
k_pad[i] ^= 0x5c;
}
SHA1_Init(&context);
SHA1_Update(&context, k_opad, 64);
SHA1_Update(&context, k_pad, 64);
SHA1_Update(&context, digest, SHA1_SIZE);
SHA1_Final(digest, &context);
}
/**
* Perform HMAC-SHA256
* NOTE: does not handle keys larger than the block size.
*/
void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest)
{
SHA256_CTX context;
uint8_t k_ipad[64];
uint8_t k_opad[64];
int i;
memset(k_ipad, 0, sizeof k_ipad);
memset(k_opad, 0, sizeof k_opad);
memcpy(k_ipad, key, key_len);
memcpy(k_opad, key, key_len);
for (i = 0; i < 64; i++)
{
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
SHA256_Init(&context);
SHA256_Update(&context, k_ipad, 64);
SHA256_Update(&context, msg, length);
SHA256_Final(digest, &context);
SHA256_Init(&context);
SHA256_Update(&context, k_opad, 64);
SHA256_Update(&context, digest, SHA256_SIZE);
SHA256_Final(digest, &context);
}

139
crypto/md5.c
View file

@ -74,6 +74,13 @@ static const uint8_t PADDING[64] =
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z)))
/* Versions for size-optimized code. */
#define IDX(v) ((v) & 3)
#define F_(a, i) ((a[IDX(i + 1)] & a[IDX(i + 2)]) | (~a[IDX(i + 1)] & a[IDX(i + 3)]))
#define G_(a, i) ((a[IDX(i + 1)] & a[IDX(i + 3)]) | (a[IDX(i + 2)] & ~a[IDX(i + 3)]))
#define H_(a, i) (a[IDX(i + 1)] ^ a[IDX(i + 2)] ^ a[IDX(i + 3)])
#define I_(a, i) (a[IDX(i + 2)] ^ (a[IDX(i + 1)] | ~a[IDX(i + 3)]))
/* ROTATE_LEFT rotates x left n bits. */
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
@ -178,6 +185,8 @@ EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx)
/**
* MD5 basic transformation. Transforms state based on block.
*/
#if OPTIMIZE_FOR_SPEED
static void MD5Transform(uint32_t state[4], const uint8_t block[64])
{
uint32_t a = state[0], b = state[1], c = state[2],
@ -263,6 +272,136 @@ static void MD5Transform(uint32_t state[4], const uint8_t block[64])
state[3] += d;
}
#else
static void MD5Transform(uint32_t state[4], const uint8_t block[64])
{
uint32_t arr[4], x[MD5_SIZE];
memcpy(arr, state, sizeof(arr));
Decode(x, block, 64);
static const uint32_t round_ac[] = {
0xd76aa478, /* 1 */
0xe8c7b756, /* 2 */
0x242070db, /* 3 */
0xc1bdceee, /* 4 */
0xf57c0faf, /* 5 */
0x4787c62a, /* 6 */
0xa8304613, /* 7 */
0xfd469501, /* 8 */
0x698098d8, /* 9 */
0x8b44f7af, /* 10 */
0xffff5bb1, /* 11 */
0x895cd7be, /* 12 */
0x6b901122, /* 13 */
0xfd987193, /* 14 */
0xa679438e, /* 15 */
0x49b40821, /* 16 */
0xf61e2562, /* 17 */
0xc040b340, /* 18 */
0x265e5a51, /* 19 */
0xe9b6c7aa, /* 20 */
0xd62f105d, /* 21 */
0x2441453, /* 22 */
0xd8a1e681, /* 23 */
0xe7d3fbc8, /* 24 */
0x21e1cde6, /* 25 */
0xc33707d6, /* 26 */
0xf4d50d87, /* 27 */
0x455a14ed, /* 28 */
0xa9e3e905, /* 29 */
0xfcefa3f8, /* 30 */
0x676f02d9, /* 31 */
0x8d2a4c8a, /* 32 */
0xfffa3942, /* 33 */
0x8771f681, /* 34 */
0x6d9d6122, /* 35 */
0xfde5380c, /* 36 */
0xa4beea44, /* 37 */
0x4bdecfa9, /* 38 */
0xf6bb4b60, /* 39 */
0xbebfbc70, /* 40 */
0x289b7ec6, /* 41 */
0xeaa127fa, /* 42 */
0xd4ef3085, /* 43 */
0x4881d05, /* 44 */
0xd9d4d039, /* 45 */
0xe6db99e5, /* 46 */
0x1fa27cf8, /* 47 */
0xc4ac5665, /* 48 */
0xf4292244, /* 49 */
0x432aff97, /* 50 */
0xab9423a7, /* 51 */
0xfc93a039, /* 52 */
0x655b59c3, /* 53 */
0x8f0ccc92, /* 54 */
0xffeff47d, /* 55 */
0x85845dd1, /* 56 */
0x6fa87e4f, /* 57 */
0xfe2ce6e0, /* 58 */
0xa3014314, /* 59 */
0x4e0811a1, /* 60 */
0xf7537e82, /* 61 */
0xbd3af235, /* 62 */
0x2ad7d2bb, /* 63 */
0xeb86d391, /* 64 */
};
static const uint8_t round1_s[] = {
7, 12, 17, 22,
5, 9, 14, 20,
4, 11, 16, 23,
6, 10, 15, 21,
};
static const uint8_t round_order[] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,
5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,
0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,
};
unsigned i;
const uint8_t *round_s = round1_s - 4;
for (i = 0; i < 64; i++) {
int off = IDX(4 - i);
uint32_t v;
// Code size is bigger
//round_s = round1_s + (i >> 4) * 4;
if ((i & 15) == 0) {
round_s += 4;
}
if (i < 32) {
if (i < 16) {
v = F_(arr, off);
} else {
v = G_(arr, off);
}
} else {
if (i < 48) {
v = H_(arr, off);
} else {
v = I_(arr, off);
}
}
v += arr[off];
v += x[round_order[i]] + round_ac[i];
v = ROTATE_LEFT(v, round_s[i & 3]);
v += arr[IDX(off + 1)];
arr[off] = v;
}
state[0] += arr[0];
state[1] += arr[1];
state[2] += arr[2];
state[3] += arr[3];
}
#endif // OPTIMIZE_FOR_SPEED
/**
* Encodes input (uint32_t) into output (uint8_t). Assumes len is
* a multiple of 4.

5
crypto/rc4.c
View file

@ -37,9 +37,6 @@
#include "os_port.h"
#include "crypto.h"
/* only used for PKCS12 now */
#ifdef CONFIG_SSL_USE_PKCS12
/**
* Get ready for an encrypt/decrypt operation
*/
@ -93,5 +90,3 @@ void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
ctx->x = x;
ctx->y = y;
}
#endif

6
crypto/rsa.c
View file

@ -157,7 +157,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
/* decrypt */
dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
#ifdef CONFIG_SSL_CERT_VERIFICATION
#if 1 //def CONFIG_SSL_CERT_VERIFICATION
decrypted_bi = is_decryption ? /* decrypt or verify? */
RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
#else /* always a decryption */
@ -170,7 +170,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
if (block[i++] != 0) /* leading 0? */
return -1;
#ifdef CONFIG_SSL_CERT_VERIFICATION
#if 1 //def CONFIG_SSL_CERT_VERIFICATION
if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
{
if (block[i++] != 0x01) /* BT correct? */
@ -231,7 +231,7 @@ void RSA_print(const RSA_CTX *rsa_ctx)
}
#endif
#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT) || (CONFIG_SSL_ENABLE_CLIENT)
/**
* Performs c = m^e mod n
*/

5
samples/c/Makefile
View file

@ -1,5 +1,5 @@
#
# Copyright (c) 2007-2016, Cameron Rich
# Copyright (c) 2007, Cameron Rich
#
# All rights reserved.
#
@ -59,8 +59,7 @@ include $(AXTLS_HOME)/config/makefile.post
ifndef CONFIG_PLATFORM_WIN32
$(TARGET): $(OBJ) $(LIBS)/libaxtls.a
$(LD) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)/libaxtls.a
# $(LD) $(LDFLAGS) -o $@ $(OBJ) -L$(LIBS) -laxtls (shared library)
$(LD) $(LDFLAGS) -o $@ $(OBJ) -L$(LIBS) -laxtls
ifdef CONFIG_STRIP_UNWANTED_SECTIONS
$(STRIP) --remove-section=.comment $(TARGET)
endif # use strip

43
samples/c/axssl.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
* Copyright (c) 2007, Cameron Rich
*
* All rights reserved.
*
@ -86,8 +86,8 @@ int main(int argc, char *argv[])
strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
print_options(argc > 1 ? argv[1] : "");
strcmp(argv[1], "s_server") ?
do_client(argc, argv) : do_server(argc, argv);
// strcmp(argv[1], "s_server") ?
do_client(argc, argv);// : do_server(argc, argv);
return 0;
}
@ -448,7 +448,6 @@ static void do_client(int argc, char *argv[])
uint8_t session_id[SSL_SESSION_ID_SIZE];
fd_set read_set;
const char *password = NULL;
SSL_EXTENSIONS *extensions = NULL;
FD_ZERO(&read_set);
sin_addr = inet_addr("127.0.0.1");
@ -535,16 +534,6 @@ static void do_client(int argc, char *argv[])
password = argv[++i];
}
else if (strcmp(argv[i], "-servername") == 0)
{
if (i >= argc-1)
{
print_client_options(argv[i]);
}
extensions = ssl_ext_new();
extensions->host_name = argv[++i];
}
#ifdef CONFIG_SSL_FULL_MODE
else if (strcmp(argv[i], "-debug") == 0)
{
@ -573,6 +562,7 @@ static void do_client(int argc, char *argv[])
exit(1);
}
#ifndef CONFIG_SSL_SKELETON_MODE
if (private_key_file)
{
int obj_type = SSL_OBJ_RSA_KEY;
@ -608,6 +598,7 @@ static void do_client(int argc, char *argv[])
exit(1);
}
}
#endif
free(cert);
free(ca_cert);
@ -641,7 +632,7 @@ static void do_client(int argc, char *argv[])
while (reconnect--)
{
ssl = ssl_client_new(ssl_ctx, client_fd, session_id,
sizeof(session_id), extensions);
sizeof(session_id));
if ((res = ssl_handshake_status(ssl)) != SSL_OK)
{
if (!quiet)
@ -669,7 +660,7 @@ static void do_client(int argc, char *argv[])
}
else
{
ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0, extensions);
ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0);
}
/* check the return status */
@ -685,6 +676,15 @@ static void do_client(int argc, char *argv[])
if (!quiet)
{
#ifndef CONFIG_SSL_SKELETON_MODE
const char *common_name = ssl_get_cert_dn(ssl,
SSL_X509_CERT_COMMON_NAME);
if (common_name)
{
printf("Common Name:\t\t\t%s\n", common_name);
}
#endif
display_session_id(ssl);
display_cipher(ssl);
}
@ -833,8 +833,7 @@ static void print_client_options(char *option)
printf(" -quiet\t\t- No client output\n");
printf(" -reconnect\t- Drop and re-make the connection "
"with the same Session-ID\n");
printf(" -pass\t\t- Private key file pass phrase source\n");
printf(" -servername\t- Set TLS extension servername in ClientHello\n");
printf(" -pass\t\t- private key file pass phrase source\n");
#ifdef CONFIG_SSL_FULL_MODE
printf(" -debug\t\t- Print more output\n");
printf(" -state\t\t- Show state messages\n");
@ -862,12 +861,12 @@ static void display_cipher(SSL *ssl)
printf("AES256-SHA");
break;
case SSL_AES128_SHA256:
printf("AES128-SHA256");
case SSL_RC4_128_SHA:
printf("RC4-SHA");
break;
case SSL_AES256_SHA256:
printf("AES256-SHA256");
case SSL_RC4_128_MD5:
printf("RC4-MD5");
break;
default:

10
samples/csharp/axssl.cs
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
* Copyright (c) 2007, Cameron Rich
*
* All rights reserved.
*
@ -723,12 +723,12 @@ public class axssl
Console.WriteLine("AES256-SHA");
break;
case axtls.SSL_AES128_SHA256:
Console.WriteLine("AES128-SHA256");
case axtls.SSL_RC4_128_SHA:
Console.WriteLine("RC4-SHA");
break;
case axtls.SSL_AES256_SHA256:
Console.WriteLine("AES128-SHA256");
case axtls.SSL_RC4_128_MD5:
Console.WriteLine("RC4-MD5");
break;
default:

2
samples/java/Makefile
View file

@ -1,5 +1,5 @@
#
# Copyright (c) 2007-2016, Cameron Rich
# Copyright (c) 2007, Cameron Rich
#
# All rights reserved.
#

10
samples/java/axssl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
* Copyright (c) 2007, Cameron Rich
*
* All rights reserved.
*
@ -714,10 +714,10 @@ public class axssl
System.out.println("AES128-SHA");
else if (ciph_id == axtlsj.SSL_AES256_SHA)
System.out.println("AES256-SHA");
else if (ciph_id == axtlsj.SSL_AES128_SHA256)
System.out.println("AES128-SHA256");
else if (ciph_id == axtlsj.SSL_AES256_SHA256)
System.out.println("AES256-SHA256");
else if (ciph_id == axtlsj.SSL_RC4_128_SHA)
System.out.println("RC4-SHA");
else if (ciph_id == axtlsj.SSL_RC4_128_MD5)
System.out.println("RC4-MD5");
else
System.out.println("Unknown - " + ssl.getCipherId());
}

10
samples/lua/axssl.lua
View file

@ -1,7 +1,7 @@
#!/usr/local/bin/lua
--
-- Copyright (c) 2007-2016, Cameron Rich
-- Copyright (c) 2007, Cameron Rich
--
-- All rights reserved.
--
@ -523,10 +523,10 @@ function display_cipher(ssl)
print("AES128-SHA")
elseif cipher_id == axtlsl.SSL_AES256_SHA then
print("AES256-SHA")
elseif axtlsl.SSL_AES128_SHA256 then
print("AES128-SHA256")
elseif axtlsl.SSL_AES256_SHA256 then
print("AES256-SHA256")
elseif axtlsl.SSL_RC4_128_SHA then
print("RC4-SHA")
elseif axtlsl.SSL_RC4_128_MD5 then
print("RC4-MD5")
else
print("Unknown - "..cipher_id)
end

10
samples/perl/axssl.pl
View file

@ -1,6 +1,6 @@
#!/usr/bin/perl -w
#
# Copyright (c) 2007-2016, Cameron Rich
# Copyright (c) 2007, Cameron Rich
#
# All rights reserved.
#
@ -602,13 +602,13 @@ sub display_cipher
{
printf("AES256-SHA");
}
elsif ($axtlsp::SSL_AES128_SHA256)
elsif ($axtlsp::SSL_RC4_128_SHA)
{
printf("AES128-SHA256");
printf("RC4-SHA");
}
elsif ($axtlsp::SSL_AES256_SHA256)
elsif ($axtlsp::SSL_RC4_128_MD5)
{
printf("AES256-SHA256");
printf("RC4-MD5");
}
else
{

10
samples/vbnet/axssl.vb
View file

@ -1,5 +1,5 @@
'
' Copyright (c) 2007-2016, Cameron Rich
' Copyright (c) 2007, Cameron Rich
'
' All rights reserved.
'
@ -534,11 +534,11 @@ Public Class axssl
Case axtls.SSL_AES256_SHA
Console.WriteLine("AES256-SHA")
Case axtls.SSL_AES128_SHA256
Console.WriteLine("AES128-SHA256")
Case axtls.SSL_RC4_128_SHA
Console.WriteLine("RC4-SHA")
Case axtls.SSL_AES256_SHA256
Console.WriteLine("AES256-SHA256")
Case axtls.SSL_RC4_128_MD5
Console.WriteLine("RC4-MD5")
Case Else
Console.WriteLine("Unknown - " & ssl.GetCipherId())

52
ssl/Config.in
View file

@ -34,16 +34,6 @@ config CONFIG_SSL_CERT_VERIFICATION
have an SSL server which requires client authentication (which is
uncommon in browser applications).
config CONFIG_SSL_ENABLE_CLIENT
bool "Client/Server enabled"
help
Enable client/server functionality (including peer authentication).
The axssl sample runs with the "s_client" option enabled.
This mode produces a library about 51kB in size. Use this mode if you
require axTLS to use SSL client functionality (the SSL server code
is always enabled).
config CONFIG_SSL_FULL_MODE
bool "Client/Server enabled with diagnostics"
@ -79,40 +69,64 @@ config CONFIG_SSL_SKELETON_MODE
endchoice
config CONFIG_SSL_ENABLE_SERVER
bool "Server enabled"
help
Enable server functionality.
config CONFIG_SSL_ENABLE_CLIENT
bool "Client enabled"
help
Enable client functionality.
The axssl sample runs with the "s_client" option enabled.
This mode produces a library about 51kB in size. Use this mode if you
require axTLS to use SSL client functionality (the SSL server code
is always enabled).
config CONFIG_SSL_DIAGNOSTICS
bool "Diagnostic messages"
help
Enable support for diagnostics of connection progress and state.
choice
prompt "Protocol Preference"
depends on !CONFIG_SSL_SKELETON_MODE
# depends on !CONFIG_SSL_SKELETON_MODE
default CONFIG_SSL_PROT_MEDIUM
config CONFIG_SSL_PROT_LOW
bool "Low"
help
Chooses the cipher in the order of AES128-SHA, AES128-SHA256,
AES256-SHA256.
Chooses the cipher in the order of RC4-SHA, AES128-SHA, AES256-SHA.
This will use the fastest cipher(s) but at the expense of security.
config CONFIG_SSL_PROT_MEDIUM
bool "Medium"
help
Chooses the cipher in the order of AES128-SHA256, AES256-SHA256,
AES128-SHA
Chooses the cipher in the order of AES128-SHA, AES256-SHA, RC4-SHA.
This mode is a balance between speed and security and is the default.
config CONFIG_SSL_PROT_HIGH
bool "High"
help
Chooses the cipher in the order of AES256-SHA256, AES128-SHA256,
AES128-SHA.
Chooses the cipher in the order of AES256-SHA, AES128-SHA, RC4-SHA.
This will use the strongest cipher(s) at the cost of speed.
endchoice
config CONFIG_SSL_AES
bool "Enable AES cipher"
default y
help
Enable/disable AES support.
config CONFIG_SSL_USE_DEFAULT_KEY
bool "Enable default key"
depends on !CONFIG_SSL_SKELETON_MODE
# depends on !CONFIG_SSL_SKELETON_MODE
default y
help
Some applications will not require the default private key/certificate
@ -241,7 +255,7 @@ config CONFIG_SSL_EXPIRY_TIME
config CONFIG_X509_MAX_CA_CERTS
int "Maximum number of certificate authorites"
default 150
depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
# depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
help
Determines the number of CA's allowed.

4
ssl/Makefile
View file

@ -62,7 +62,7 @@ STATIC_LIB=$(AXTLS_HOME)/$(STAGE)/axtls.static.lib
CRYPTO_PATH=$(AXTLS_HOME)\\crypto\\
endif
libs: $(TARGET1) $(TARGET2)
libs: $(TARGET1) #$(TARGET2)
CRYPTO_OBJ=\
$(CRYPTO_PATH)aes.o \
@ -94,7 +94,7 @@ include $(AXTLS_HOME)/config/makefile.post
ifndef CONFIG_PLATFORM_WIN32 # Linux/Unix/Cygwin
$(TARGET1) : $(CRYPTO_OBJ) $(OBJ)
$(AR) -r $@ $(CRYPTO_OBJ) $(OBJ)
$(AR) -rcs $@ $(CRYPTO_OBJ) $(OBJ)
$(TARGET2) : $(CRYPTO_OBJ) $(OBJ)
ifndef CONFIG_PLATFORM_CYGWIN

192
ssl/asn1.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
@ -80,18 +80,8 @@ static const uint8_t sig_subject_alt_name[] =
0x55, 0x1d, 0x11
};
static const uint8_t sig_basic_constraints[] =
{
0x55, 0x1d, 0x13
};
static const uint8_t sig_key_usage[] =
{
0x55, 0x1d, 0x0f
};
/* CN, O, OU, L, C, ST */
static const uint8_t g_dn_types[] = { 3, 10, 11, 7, 6, 8 };
/* CN, O, OU */
static const uint8_t g_dn_types[] = { 3, 10, 11 };
uint32_t get_asn1_length(const uint8_t *buf, int *offset)
{
@ -127,7 +117,6 @@ int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
{
if (buf[*offset] != obj_type)
return X509_NOT_OK;
(*offset)++;
return get_asn1_length(buf, offset);
}
@ -152,12 +141,12 @@ int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
* Read an integer value for ASN.1 data
* Note: This function allocates memory which must be freed by the user.
*/
int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object)
int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
{
int len;
if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
goto end_big_int;
goto end_int_array;
if (len > 1 && buf[*offset] == 0x00) /* ignore the negative byte */
{
@ -169,91 +158,10 @@ int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object)
memcpy(*object, &buf[*offset], len);
*offset += len;
end_big_int:
end_int_array:
return len;
}
/**
* Read an integer value for ASN.1 data
*/
int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val)
{
int res = X509_OK;
int len;
int i;
if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0 ||
len > sizeof(int32_t))
{
res = X509_NOT_OK;
goto end_int;
}
*val = 0;
for (i = 0; i < len; i++)
{
*val <<= 8;
*val |= buf[(*offset)++];
}
end_int:
return res;
}
/**
* Read an boolean value for ASN.1 data
*/
int asn1_get_bool(const uint8_t *buf, int *offset, bool *val)
{
int res = X509_OK;
if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) != 1)
{
res = X509_NOT_OK;
goto end_bool;
}
/* DER demands that "If the encoding represents the boolean value TRUE,
its single contents octet shall have all eight bits set to one."
Thus only 0 and 255 are valid encoded values. */
*val = buf[(*offset)++] == 0xFF;
end_bool:
return res;
}
/**
* Convert an ASN.1 bit string into a 32 bit integer. Used for key usage
*/
int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val)
{
int res = X509_OK;
int len, i;
if ((len = asn1_next_obj(buf, offset, ASN1_BIT_STRING)) < 0 || len > 5)
{
res = X509_NOT_OK;
goto end_bit_string_as_int;
}
/* number of bits left unused in the final byte of content */
(*offset)++;
len--;
*val = 0;
/* not sure why key usage doesn't used proper DER spec version */
for (i = len-1; i >= 0; --i)
{
*val <<= 8;
*val |= buf[(*offset) + i];
}
*offset += len;
end_bit_string_as_int:
return res;
}
/**
* Get all the RSA private key specifics from an ASN.1 encoded file
*/
@ -279,19 +187,19 @@ int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
/* Use the private key to mix up the RNG if possible. */
RNG_custom_init(buf, len);
mod_len = asn1_get_big_int(buf, &offset, &modulus);
pub_len = asn1_get_big_int(buf, &offset, &pub_exp);
priv_len = asn1_get_big_int(buf, &offset, &priv_exp);
mod_len = asn1_get_int(buf, &offset, &modulus);
pub_len = asn1_get_int(buf, &offset, &pub_exp);
priv_len = asn1_get_int(buf, &offset, &priv_exp);
if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
return X509_INVALID_PRIV_KEY;
#ifdef CONFIG_BIGINT_CRT
p_len = asn1_get_big_int(buf, &offset, &p);
q_len = asn1_get_big_int(buf, &offset, &q);
dP_len = asn1_get_big_int(buf, &offset, &dP);
dQ_len = asn1_get_big_int(buf, &offset, &dQ);
qInv_len = asn1_get_big_int(buf, &offset, &qInv);
p_len = asn1_get_int(buf, &offset, &p);
q_len = asn1_get_int(buf, &offset, &q);
dP_len = asn1_get_int(buf, &offset, &dP);
dQ_len = asn1_get_int(buf, &offset, &dQ);
qInv_len = asn1_get_int(buf, &offset, &qInv);
if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
return X509_INVALID_PRIV_KEY;
@ -335,16 +243,13 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
memset(&tm, 0, sizeof(struct tm));
tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
if (tm.tm_year < 50) /* 1951-2050 thing */
if (tm.tm_year <= 50) /* 1951-2050 thing */
{
tm.tm_year += 100;
}
tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
tm.tm_hour = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
tm.tm_min = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
tm.tm_sec = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
*t = mktime(&tm);
*offset += len;
ret = X509_OK;
@ -369,14 +274,13 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
}
else
{
tm.tm_year = abs_year - 1900;
tm.tm_mon = (buf[t_offset+4] - '0')*10 +
(buf[t_offset+5] - '0') - 1;
tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0');
*t = mktime(&tm);
tm.tm_year = abs_year - 1900;
tm.tm_mon = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0') - 1;
tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0');
*t = mktime(&tm);
}
*offset += len;
@ -387,12 +291,19 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
}
/**
* Get the version type of a certificate
* Get the version type of a certificate (which we don't actually care about)
*/
int asn1_version(const uint8_t *cert, int *offset, int *val)
int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{
int ret = X509_NOT_OK;
(*offset) += 2; /* get past explicit tag */
return asn1_get_int(cert, offset, val);
if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
goto end_version;
ret = X509_OK;
end_version:
return ret;
}
/**
@ -542,8 +453,8 @@ int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
goto end_pub_key;
mod_len = asn1_get_big_int(cert, offset, &modulus);
pub_len = asn1_get_big_int(cert, offset, &pub_exp);
mod_len = asn1_get_int(cert, offset, &modulus);
pub_len = asn1_get_int(cert, offset, &pub_exp);
RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
@ -663,7 +574,7 @@ int asn1_find_oid(const uint8_t* cert, int* offset,
return 0;
}
int asn1_is_subject_alt_name(const uint8_t *cert, int offset)
int asn1_find_subjectaltname(const uint8_t* cert, int offset)
{
if (asn1_find_oid(cert, &offset, sig_subject_alt_name,
sizeof(sig_subject_alt_name)))
@ -674,39 +585,6 @@ int asn1_is_subject_alt_name(const uint8_t *cert, int offset)
return 0;
}
int asn1_is_basic_constraints(const uint8_t *cert, int offset)
{
if (asn1_find_oid(cert, &offset, sig_basic_constraints,
sizeof(sig_basic_constraints)))
{
return offset;
}
return 0;
}
int asn1_is_key_usage(const uint8_t *cert, int offset)
{
if (asn1_find_oid(cert, &offset, sig_key_usage,
sizeof(sig_key_usage)))
{
return offset;
}
return 0;
}
bool asn1_is_critical_ext(const uint8_t *buf, int *offset)
{
/* critical is optional */
bool res = false;
if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) == 1)
res = buf[(*offset)++] == 0xFF;
return res;
}
#endif /* CONFIG_SSL_CERT_VERIFICATION */
/**

71
ssl/cert.h
View file

@ -1,54 +1,43 @@
unsigned char default_certificate[] = {
0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xa5,
0x2a, 0xc8, 0x78, 0x87, 0xf2, 0xe7, 0xc5, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xab,
0x08, 0x18, 0xa7, 0x03, 0x07, 0x27, 0xfd, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x32,
0x33, 0x30, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a, 0x17, 0x0d, 0x33,
0x30, 0x30, 0x39, 0x30, 0x38, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a,
0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x32,
0x32, 0x36, 0x32, 0x32, 0x33, 0x33, 0x33, 0x39, 0x5a, 0x17, 0x0d, 0x32,
0x34, 0x30, 0x39, 0x30, 0x33, 0x32, 0x32, 0x33, 0x33, 0x33, 0x39, 0x5a,
0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x81,
0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81,
0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
0x81, 0x81, 0x00, 0xbd, 0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa,
0xb9, 0x3a, 0x1f, 0x8b, 0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0,
0x11, 0x9a, 0x9c, 0xdc, 0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3,
0x05, 0x0e, 0x61, 0xc1, 0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a,
0xff, 0x9b, 0xb8, 0x7a, 0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99,
0xa5, 0xa2, 0x99, 0x53, 0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01,
0xe7, 0xdf, 0xe9, 0xec, 0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0,
0xc8, 0x6d, 0x41, 0x45, 0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28,
0xdf, 0x36, 0xe2, 0x73, 0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb,
0x0d, 0x9b, 0xef, 0xa8, 0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07,
0xa9, 0x86, 0x0d, 0x3f, 0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02,
0x81, 0x81, 0x00, 0xcd, 0xfd, 0x89, 0x48, 0xbe, 0x36, 0xb9, 0x95, 0x76,
0xd4, 0x13, 0x30, 0x0e, 0xbf, 0xb2, 0xed, 0x67, 0x0a, 0xc0, 0x16, 0x3f,
0x51, 0x09, 0x9d, 0x29, 0x2f, 0xb2, 0x6d, 0x3f, 0x3e, 0x6c, 0x2f, 0x90,
0x80, 0xa1, 0x71, 0xdf, 0xbe, 0x38, 0xc5, 0xcb, 0xa9, 0x9a, 0x40, 0x14,
0x90, 0x0a, 0xf9, 0xb7, 0x07, 0x0b, 0xe1, 0xda, 0xe7, 0x09, 0xbf, 0x0d,
0x57, 0x41, 0x86, 0x60, 0xa1, 0xc1, 0x27, 0x91, 0x5b, 0x0a, 0x98, 0x46,
0x1b, 0xf6, 0xa2, 0x84, 0xf8, 0x65, 0xc7, 0xce, 0x2d, 0x96, 0x17, 0xaa,
0x91, 0xf8, 0x61, 0x04, 0x50, 0x70, 0xeb, 0xb4, 0x43, 0xb7, 0xdc, 0x9a,
0xcc, 0x31, 0x01, 0x14, 0xd4, 0xcd, 0xcc, 0xc2, 0x37, 0x6d, 0x69, 0x82,
0xd6, 0xc6, 0xc4, 0xbe, 0xf2, 0x34, 0xa5, 0xc9, 0xa6, 0x19, 0x53, 0x32,
0x7a, 0x86, 0x0e, 0x91, 0x82, 0x0f, 0xa1, 0x42, 0x54, 0xaa, 0x01, 0x02,
0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
0x32, 0xe0, 0x3c, 0x6e, 0x21, 0xe6, 0xa6, 0xf4, 0xb8, 0x10, 0x9f, 0x8a,
0xe6, 0x0b, 0x84, 0x4e, 0x2c, 0xe5, 0x14, 0xca, 0x56, 0x81, 0x3f, 0xc0,
0x2c, 0xa3, 0x39, 0x89, 0x24, 0xce, 0xaf, 0x47, 0x2e, 0x19, 0x62, 0xb2,
0xe4, 0x76, 0x91, 0x25, 0xbc, 0xe1, 0xa8, 0xee, 0x6a, 0x68, 0x3a, 0x77,
0xb9, 0xb2, 0x62, 0x97, 0x0c, 0x25, 0x3c, 0x5e, 0x13, 0x48, 0x87, 0x80,
0xa3, 0x91, 0xd9, 0x2e, 0xe6, 0x92, 0x2b, 0x1c, 0x52, 0x24, 0xb1, 0x77,
0xc6, 0xf6, 0xde, 0xd8, 0x9b, 0xd9, 0x57, 0x37, 0x56, 0x68, 0x17, 0x32,
0x66, 0x01, 0x08, 0x38, 0x08, 0x9a, 0xc1, 0x8c, 0x5e, 0x3f, 0xe7, 0xc9,
0x44, 0xcb, 0x62, 0xb9, 0x48, 0xc7, 0x89, 0xa6, 0xff, 0x8e, 0x7d, 0x3d,
0xe1, 0x46, 0x32, 0x9c, 0x13, 0x06, 0x9a, 0xd1, 0x17, 0xab, 0x3f, 0xa9,
0x90, 0x04, 0x33, 0x2d, 0x3f, 0x81, 0x0a, 0xa5, 0x55, 0xce, 0xb6, 0x95,
0x54, 0xad, 0xf1, 0x4f, 0xa2, 0xca, 0xc3, 0xf6, 0x25, 0x7b, 0x71, 0xd2,
0x68, 0x85, 0xe9, 0x72, 0xb6, 0x99, 0x34, 0x6d, 0xe5, 0x5f, 0xf6, 0x74,
0x1c, 0xb9, 0xa2, 0xda, 0x2b, 0x04, 0xff, 0x82, 0xc5, 0x09, 0x04, 0xc4,
0xba, 0xbc, 0x82, 0x3e, 0xb4, 0x72, 0x18, 0x8e, 0x30, 0x68, 0x48, 0x4a,
0x0d, 0xa7, 0x3d, 0xb5, 0xf4, 0x42, 0x3a, 0x97, 0x60, 0x7d, 0xa8, 0x61,
0x8a, 0x9e, 0x98, 0xc4, 0x7e, 0x65, 0x99, 0xea, 0x7e, 0xca, 0x75, 0xe7,
0xdb, 0x21, 0x5d, 0xce, 0x7c, 0x66, 0x3d, 0x7e, 0xdc, 0x14, 0xfe, 0x55,
0x04, 0x97, 0xa8, 0x64, 0x12, 0xb4, 0xb5, 0x30, 0x48, 0x72, 0xbc, 0xdb,
0xeb, 0x5b, 0x4f, 0xa6, 0xfb, 0x87, 0x01, 0x41, 0x91, 0xec, 0x98, 0x98,
0xf1, 0x4b, 0x38, 0xa2, 0x40, 0xf1, 0x05, 0x90, 0xbb, 0x9b, 0x5d, 0x96,
0xb1, 0x22, 0x6b, 0x50
0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x40,
0xb4, 0x94, 0x9a, 0xa8, 0x89, 0x72, 0x1d, 0x07, 0xe5, 0xb3, 0x6b, 0x88,
0x21, 0xc2, 0x38, 0x36, 0x9e, 0x7a, 0x8c, 0x49, 0x48, 0x68, 0x0c, 0x06,
0xe8, 0xdb, 0x1f, 0x4e, 0x05, 0xe6, 0x31, 0xe3, 0xfd, 0xe6, 0x0d, 0x6b,
0xd8, 0x13, 0x17, 0xe0, 0x2d, 0x0d, 0xb8, 0x7e, 0xcb, 0x20, 0x6c, 0xa8,
0x73, 0xa7, 0xfd, 0xe3, 0xa7, 0xfa, 0xf3, 0x02, 0x60, 0x78, 0x1f, 0x13,
0x40, 0x45, 0xee, 0x75, 0xf5, 0x10, 0xfd, 0x8f, 0x68, 0x74, 0xd4, 0xac,
0xae, 0x04, 0x09, 0x55, 0x2c, 0xdb, 0xd8, 0x07, 0x07, 0x65, 0x69, 0x27,
0x6e, 0xbf, 0x5e, 0x61, 0x40, 0x56, 0x8b, 0xd7, 0x33, 0x3b, 0xff, 0x6e,
0x53, 0x7e, 0x9d, 0x3f, 0xc0, 0x40, 0x3a, 0xab, 0xa0, 0x50, 0x4e, 0x80,
0x47, 0x46, 0x0d, 0x1e, 0xdb, 0x4c, 0xf1, 0x1b, 0x5d, 0x3c, 0x2a, 0x54,
0xa7, 0x4d, 0xfa, 0x7b, 0x72, 0x66, 0xc5
};
unsigned int default_certificate_len = 604;
unsigned int default_certificate_len = 475;

68
ssl/crypto_misc.h
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2017, Cameron Rich
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
@ -39,7 +39,6 @@
extern "C" {
#endif
#include <stdbool.h>
#include "crypto.h"
#include "bigint.h"
@ -57,33 +56,14 @@ extern "C" {
#define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8
#define X509_INVALID_PRIV_KEY -9
#define X509_MAX_CERTS -10
#define X509_VFY_ERROR_BASIC_CONSTRAINT -11
/*
* The Distinguished Name
*/
#define X509_NUM_DN_TYPES 6
#define X509_NUM_DN_TYPES 3
#define X509_COMMON_NAME 0
#define X509_ORGANIZATION 1
#define X509_ORGANIZATIONAL_UNIT 2
#define X509_LOCATION 3
#define X509_COUNTRY 4
#define X509_STATE 5
/*
* Key Usage bits
*/
#define IS_SET_KEY_USAGE_FLAG(A, B) (A->key_usage & B)
#define KEY_USAGE_DIGITAL_SIGNATURE 0x0080
#define KEY_USAGE_NON_REPUDIATION 0x0040
#define KEY_USAGE_KEY_ENCIPHERMENT 0x0020
#define KEY_USAGE_DATA_ENCIPHERMENT 0x0010
#define KEY_USAGE_KEY_AGREEMENT 0x0008
#define KEY_USAGE_KEY_CERT_SIGN 0x0004
#define KEY_USAGE_CRL_SIGN 0x0002
#define KEY_USAGE_ENCIPHER_ONLY 0x0001
#define KEY_USAGE_DECIPHER_ONLY 0x8000
struct _x509_ctx
{
@ -93,46 +73,35 @@ struct _x509_ctx
time_t not_before;
time_t not_after;
uint8_t *signature;
RSA_CTX *rsa_ctx;
bigint *digest;
uint16_t sig_len;
uint8_t sig_type;
bool basic_constraint_present;
bool basic_constraint_is_critical;
bool key_usage_present;
bool key_usage_is_critical;
bool subject_alt_name_present;
bool subject_alt_name_is_critical;
bool basic_constraint_cA;
int basic_constraint_pathLenConstraint;
uint32_t key_usage;
RSA_CTX *rsa_ctx;
bigint *digest;
struct _x509_ctx *next;
};
typedef struct _x509_ctx X509_CTX;
#ifdef CONFIG_SSL_CERT_VERIFICATION
//#ifdef CONFIG_SSL_CERT_VERIFICATION
typedef struct
{
X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
} CA_CERT_CTX;
#endif
//#endif
int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
void x509_free(X509_CTX *x509_ctx);
#ifdef CONFIG_SSL_CERT_VERIFICATION
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
int *pathLenConstraint);
#endif
#ifdef CONFIG_SSL_FULL_MODE
//#ifdef CONFIG_SSL_CERT_VERIFICATION
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
//#endif
//#ifdef CONFIG_SSL_FULL_MODE
void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
const char * x509_display_error(int error);
#endif
//#endif
/**************************************************************************
* ASN1 declarations
**************************************************************************/
#define ASN1_BOOLEAN 0x01
#define ASN1_INTEGER 0x02
#define ASN1_BIT_STRING 0x03
#define ASN1_OCTET_STRING 0x04
@ -155,6 +124,7 @@ const char * x509_display_error(int error);
#define ASN1_EXPLICIT_TAG 0xa0
#define ASN1_V3_DATA 0xa3
#define SIG_TYPE_MD2 0x02
#define SIG_TYPE_MD5 0x04
#define SIG_TYPE_SHA1 0x05
#define SIG_TYPE_SHA256 0x0b
@ -165,21 +135,15 @@ uint32_t get_asn1_length(const uint8_t *buf, int *offset);
int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object);
int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val);
int asn1_get_bool(const uint8_t *buf, int *offset, bool *val);
int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val);
int asn1_version(const uint8_t *cert, int *offset, int *val);
int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
#ifdef CONFIG_SSL_CERT_VERIFICATION
int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
int asn1_find_subjectaltname(const uint8_t* cert, int offset);
int asn1_compare_dn(char * const dn1[], char * const dn2[]);
int asn1_is_subject_alt_name(const uint8_t *cert, int offset);
int asn1_is_basic_constraints(const uint8_t *cert, int offset);
int asn1_is_key_usage(const uint8_t *cert, int offset);
bool asn1_is_critical_ext(const uint8_t *buf, int *offset);
#endif /* CONFIG_SSL_CERT_VERIFICATION */
int asn1_signature_type(const uint8_t *cert,
int *offset, X509_CTX *x509_ctx);
@ -197,7 +161,7 @@ typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,
int get_file(const char *filename, uint8_t **buf);
#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
#if defined(CONFIG_SSL_DIAGNOSTICS) || defined(WIN32) || defined(CONFIG_DEBUG)
EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
#else
#define print_blob(...)

5
ssl/loader.c
View file

@ -44,6 +44,8 @@
#include "os_port.h"
#include "ssl.h"
#if CONFIG_SSL_ENABLE_SERVER
static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
SSLObjLoader *ssl_obj, const char *password);
#ifdef CONFIG_SSL_HAS_PEM
@ -468,6 +470,7 @@ int load_key_certs(SSL_CTX *ssl_ctx)
else if (!(options & SSL_NO_DEFAULT_KEY))
{
#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
static const /* saves a few bytes and RAM */
#include "cert.h"
ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT,
default_certificate, default_certificate_len, NULL);
@ -486,3 +489,5 @@ error:
return ret;
}
#endif

92
ssl/os_port.c
View file

@ -1,92 +0,0 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the axTLS project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file os_port.c
*
* OS specific functions.
*/
#include <time.h>
#include <stdlib.h>
#include <errno.h>
#include <stdarg.h>
#include "os_port.h"
#ifdef WIN32
/**
* gettimeofday() not in Win32
*/
EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
{
#if defined(_WIN32_WCE)
t->tv_sec = time(NULL);
t->tv_usec = 0; /* 1sec precision only */
#else
struct _timeb timebuffer;
_ftime(&timebuffer);
t->tv_sec = (long)timebuffer.time;
t->tv_usec = 1000 * timebuffer.millitm; /* 1ms precision */
#endif
}
/**
* strcasecmp() not in Win32
*/
EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
{
while (tolower(*s1) == tolower(*s2++))
{
if (*s1++ == '\0')
{
return 0;
}
}
return *(unsigned char *)s1 - *(unsigned char *)(s2 - 1);
}
EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
{
HKEY hKey;
unsigned long datatype;
unsigned long bufferlength = buf_size;
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
TEXT("SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters"),
0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS)
return -1;
RegQueryValueEx(hKey, "Domain", NULL, &datatype, buf, &bufferlength);
RegCloseKey(hKey);
return 0;
}
#endif

188
ssl/os_port.h
View file

@ -1,188 +0,0 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the axTLS project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file os_port.h
*
* Some stuff to minimise the differences between windows and linux/unix
*/
#ifndef HEADER_OS_PORT_H
#define HEADER_OS_PORT_H
#ifdef __cplusplus
extern "C" {
#endif
#include "os_int.h"
#include "config.h"
#include <stdio.h>
#if defined(WIN32)
#define STDCALL __stdcall
#define EXP_FUNC __declspec(dllexport)
#else
#define STDCALL
#define EXP_FUNC
#endif
#if defined(_WIN32_WCE)
#undef WIN32
#define WIN32
#endif
#ifdef WIN32
/* Windows CE stuff */
#if defined(_WIN32_WCE)
#include <basetsd.h>
#define abort() exit(1)
#else
#include <io.h>
#include <process.h>
#include <sys/timeb.h>
#include <fcntl.h>
#endif /* _WIN32_WCE */
#include <winsock.h>
#include <direct.h>
#undef getpid
#undef open
#undef close
#undef sleep
#undef gettimeofday
#undef dup2
#undef unlink
#define SOCKET_READ(A,B,C) recv(A,B,C,0)
#define SOCKET_WRITE(A,B,C) send(A,B,C,0)
#define SOCKET_CLOSE(A) closesocket(A)
#define srandom(A) srand(A)
#define random() rand()
#define getpid() _getpid()
#define snprintf _snprintf
#define open(A,B) _open(A,B)
#define dup2(A,B) _dup2(A,B)
#define unlink(A) _unlink(A)
#define close(A) _close(A)
#define read(A,B,C) _read(A,B,C)
#define write(A,B,C) _write(A,B,C)
#define sleep(A) Sleep(A*1000)
#define usleep(A) Sleep(A/1000)
#define strdup(A) _strdup(A)
#define chroot(A) _chdir(A)
#define chdir(A) _chdir(A)
#define alloca(A) _alloca(A)
#ifndef lseek
#define lseek(A,B,C) _lseek(A,B,C)
#endif
/* This fix gets around a problem where a win32 application on a cygwin xterm
doesn't display regular output (until a certain buffer limit) - but it works
fine under a normal DOS window. This is a hack to get around the issue -
see http://www.khngai.com/emacs/tty.php */
#define TTY_FLUSH() if (!_isatty(_fileno(stdout))) fflush(stdout);
/*
* automatically build some library dependencies.
*/
#pragma comment(lib, "WS2_32.lib")
#pragma comment(lib, "AdvAPI32.lib")
typedef int socklen_t;
EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
#else /* Not Win32 */
#include <unistd.h>
#include <pwd.h>
#include <netdb.h>
#include <dirent.h>
#include <fcntl.h>
#include <errno.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <asm/byteorder.h>
#define SOCKET_READ(A,B,C) read(A,B,C)
#define SOCKET_WRITE(A,B,C) write(A,B,C)
#define SOCKET_CLOSE(A) if (A >= 0) close(A)
#define TTY_FLUSH()
#ifndef be64toh
#define be64toh(x) __be64_to_cpu(x)
#endif
#endif /* Not Win32 */
/* some functions to mutate the way these work */
EXP_FUNC int STDCALL ax_open(const char *pathname, int flags);
#ifdef CONFIG_PLATFORM_LINUX
void exit_now(const char *format, ...) __attribute((noreturn));
#else
void exit_now(const char *format, ...);
#endif
/* Mutexing definitions */
#if defined(CONFIG_SSL_CTX_MUTEXING)
#if defined(WIN32)
#define SSL_CTX_MUTEX_TYPE HANDLE
#define SSL_CTX_MUTEX_INIT(A) A=CreateMutex(0, FALSE, 0)
#define SSL_CTX_MUTEX_DESTROY(A) CloseHandle(A)
#define SSL_CTX_LOCK(A) WaitForSingleObject(A, INFINITE)
#define SSL_CTX_UNLOCK(A) ReleaseMutex(A)
#else
#include <pthread.h>
#define SSL_CTX_MUTEX_TYPE pthread_mutex_t
#define SSL_CTX_MUTEX_INIT(A) pthread_mutex_init(&A, NULL)
#define SSL_CTX_MUTEX_DESTROY(A) pthread_mutex_destroy(&A)
#define SSL_CTX_LOCK(A) pthread_mutex_lock(&A)
#define SSL_CTX_UNLOCK(A) pthread_mutex_unlock(&A)
#endif
#else /* no mutexing */
#define SSL_CTX_MUTEX_INIT(A)
#define SSL_CTX_MUTEX_DESTROY(A)
#define SSL_CTX_LOCK(A)
#define SSL_CTX_UNLOCK(A)
#endif
#ifdef __cplusplus
}
#endif
#endif

1
ssl/os_port.h Symbolic link
View file

@ -0,0 +1 @@
os_port_micropython.h

78
ssl/os_port_micropython.h Normal file
View file

@ -0,0 +1,78 @@
/*
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the axTLS project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file os_port.h
*
* Some stuff to minimise the differences between windows and linux/unix
*/
#ifndef HEADER_OS_PORT_H
#define HEADER_OS_PORT_H
#include "os_int.h"
#include <errno.h>
#include <sys/types.h>
#ifndef __ets__
#include <arpa/inet.h>
#endif
#include <sys/time.h>
#include "config.h"
ssize_t mp_stream_posix_write(void *sock_obj, const void *buf, size_t len);
ssize_t mp_stream_posix_read(void *sock_obj, void *buf, size_t len);
extern int mp_stream_errno;
#if 1
#define SOCKET_READ(A,B,C) mp_stream_posix_read((void*)A,B,C)
#define SOCKET_WRITE(A,B,C) mp_stream_posix_write((void*)A,B,C)
#define SOCKET_CLOSE(A) NOT_USED_IN_LIB_CODE
#define SOCKET_ERRNO() mp_stream_errno
#else
#define SOCKET_READ(A,B,C) read(A,B,C)
#define SOCKET_WRITE(A,B,C) write(A,B,C)
#define SOCKET_CLOSE(A) if (A >= 0) close(A)
#define SOCKET_ERRNO() errno
#endif
#define ax_calloc(x, y) calloc(x, y)
#define ax_open(x, y) open(x, y)
#ifndef be64toh
#define be64toh(x) __be64_to_cpu(x)
#endif
#define SSL_CTX_MUTEX_INIT(A)
#define SSL_CTX_MUTEX_DESTROY(A)
#define SSL_CTX_LOCK(A)
#define SSL_CTX_UNLOCK(A)
#define TTY_FLUSH()
#endif

8
ssl/p12.c
View file

@ -105,7 +105,7 @@ int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
}
/* unencrypted key? */
if (asn1_get_big_int(buf, &offset, &version) > 0 && *version == 0)
if (asn1_get_int(buf, &offset, &version) > 0 && *version == 0)
{
ret = p8_add_key(ssl_ctx, buf);
goto error;
@ -257,7 +257,7 @@ int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
goto error;
}
if (asn1_get_big_int(buf, &offset, &version) < 0 || *version != 3)
if (asn1_get_int(buf, &offset, &version) < 0 || *version != 3)
{
ret = SSL_ERROR_INVALID_VERSION;
goto error;
@ -409,7 +409,7 @@ int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
key, SHA1_SIZE, PKCS12_MAC_ID)) < 0)
goto error;
hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac);
ssl_hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac);
if (memcmp(mac, orig_mac, SHA1_SIZE))
{
@ -463,7 +463,7 @@ static int get_pbe_params(uint8_t *buf, int *offset,
*salt = &buf[*offset];
*offset += len;
if ((len = asn1_get_big_int(buf, offset, &iter)) < 0)
if ((len = asn1_get_int(buf, offset, &iter)) < 0)
goto error;
*iterations = 0;

102
ssl/private_key.h
View file

@ -1,54 +1,54 @@
unsigned char default_private_key[] = {
0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbd,
0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa, 0xb9, 0x3a, 0x1f, 0x8b,
0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0, 0x11, 0x9a, 0x9c, 0xdc,
0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3, 0x05, 0x0e, 0x61, 0xc1,
0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a, 0xff, 0x9b, 0xb8, 0x7a,
0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99, 0xa5, 0xa2, 0x99, 0x53,
0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01, 0xe7, 0xdf, 0xe9, 0xec,
0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0, 0xc8, 0x6d, 0x41, 0x45,
0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28, 0xdf, 0x36, 0xe2, 0x73,
0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb, 0x0d, 0x9b, 0xef, 0xa8,
0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07, 0xa9, 0x86, 0x0d, 0x3f,
0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02, 0x03, 0x01, 0x00, 0x01,
0x02, 0x81, 0x80, 0x26, 0x3f, 0xec, 0x96, 0xab, 0xd4, 0x1f, 0x89, 0x0e,
0x9d, 0x38, 0xd8, 0x27, 0x05, 0xe5, 0xb6, 0x14, 0x08, 0xd7, 0xff, 0x69,
0x78, 0x16, 0x4a, 0xc4, 0x06, 0x16, 0x55, 0xb7, 0x3a, 0x55, 0x9f, 0xbe,
0x86, 0xf8, 0x58, 0xe8, 0xc5, 0x46, 0xa8, 0xf0, 0xed, 0xda, 0xd6, 0xbf,
0x88, 0x55, 0x2d, 0xe6, 0x72, 0x29, 0x2c, 0x64, 0xc9, 0x5d, 0x1d, 0x9b,
0x24, 0x3a, 0x98, 0x40, 0xa1, 0xd2, 0xaf, 0x5c, 0xab, 0x23, 0xe4, 0x33,
0xd0, 0xea, 0x60, 0x52, 0xe7, 0x7a, 0x9e, 0x73, 0x5f, 0x2e, 0x80, 0xd1,
0xdc, 0x6f, 0x47, 0x0f, 0x97, 0x80, 0x36, 0xd2, 0x30, 0x07, 0xdd, 0xd6,
0xd7, 0x15, 0x89, 0x2b, 0x74, 0xd5, 0x7e, 0x8a, 0xbc, 0x63, 0x42, 0x0a,
0xf2, 0x31, 0x29, 0xbf, 0xf9, 0xf9, 0xf0, 0x88, 0x8f, 0x8a, 0xc2, 0x22,
0x6e, 0x15, 0x26, 0xb7, 0x5e, 0x5b, 0x58, 0x44, 0x1c, 0x3b, 0x79, 0x02,
0x41, 0x00, 0xe1, 0xf1, 0xb2, 0xe5, 0xc8, 0x80, 0x93, 0x40, 0x50, 0x74,
0x14, 0xdd, 0xb2, 0xf2, 0x27, 0x5c, 0x0c, 0x3d, 0xc0, 0x5f, 0xee, 0x9c,
0x45, 0x6c, 0x13, 0x00, 0xdf, 0xd0, 0xd9, 0x83, 0xfa, 0x90, 0x2c, 0x84,
0xf2, 0xaa, 0xc2, 0xdd, 0xfb, 0xcf, 0x03, 0x41, 0x88, 0x10, 0xc6, 0xbb,
0x5e, 0xb7, 0xb6, 0x2e, 0xa6, 0x1d, 0xaa, 0xba, 0xfb, 0x4a, 0x72, 0xd8,
0x9a, 0xad, 0x88, 0x0d, 0x6a, 0x15, 0x02, 0x41, 0x00, 0xd6, 0x36, 0x23,
0xf3, 0x5d, 0x77, 0xc8, 0xd3, 0x49, 0xc1, 0x93, 0xfe, 0xca, 0x0d, 0xeb,
0x9b, 0xda, 0xbd, 0x47, 0x28, 0x73, 0x97, 0xa0, 0x50, 0xd7, 0x4c, 0x24,
0xdf, 0x9b, 0x0b, 0x37, 0xae, 0xc3, 0x31, 0xb5, 0x4f, 0x62, 0x08, 0xca,
0xe5, 0xef, 0x97, 0x7b, 0x43, 0xa0, 0xda, 0x2b, 0x1f, 0xbf, 0xa8, 0x08,
0x93, 0xd2, 0x16, 0x1c, 0x89, 0x99, 0xf1, 0xdf, 0x26, 0xd1, 0x42, 0x99,
0x93, 0x02, 0x41, 0x00, 0xb1, 0x41, 0xe4, 0x7e, 0xdf, 0x20, 0xf7, 0xe4,
0xf1, 0xf9, 0x4f, 0xd1, 0x6a, 0x2d, 0x0d, 0xf1, 0xe9, 0xec, 0x9c, 0x3a,
0xe6, 0xc0, 0x94, 0xba, 0x27, 0xe2, 0x7c, 0xb4, 0xa5, 0xa1, 0x23, 0xf6,
0xed, 0xe6, 0x53, 0x56, 0xe2, 0x50, 0x32, 0xd8, 0x02, 0x8e, 0xeb, 0xc7,
0x75, 0x91, 0xd3, 0xca, 0x3e, 0xd4, 0x34, 0x20, 0x7c, 0x2b, 0xfb, 0x2f,
0x3a, 0x10, 0x72, 0xb1, 0x07, 0x56, 0xb6, 0xcd, 0x02, 0x40, 0x1e, 0x3b,
0xf2, 0x03, 0x0d, 0x74, 0x34, 0xb2, 0x2d, 0xbc, 0xd6, 0xc8, 0xa5, 0x78,
0x25, 0x83, 0x0f, 0xf2, 0x9b, 0x32, 0x88, 0x6e, 0x24, 0x40, 0x84, 0xc2,
0xc8, 0x89, 0x8e, 0xf6, 0x9c, 0x5b, 0x5c, 0x4d, 0x8d, 0xcb, 0xb0, 0x88,
0x91, 0x2a, 0xb7, 0x10, 0x68, 0x63, 0x79, 0x36, 0x91, 0xd3, 0x9f, 0x57,
0x76, 0x2e, 0x76, 0xfe, 0x8b, 0xf4, 0x97, 0xf7, 0xdd, 0x89, 0x3b, 0x0b,
0xed, 0x65, 0x02, 0x41, 0x00, 0xb9, 0xaf, 0xbf, 0x09, 0xc9, 0x90, 0x26,
0xf3, 0x72, 0x8b, 0xbf, 0xb3, 0x7c, 0xe7, 0x6f, 0x6f, 0x5b, 0xa3, 0x95,
0xb8, 0x9e, 0x03, 0xb9, 0xcf, 0xa0, 0x53, 0xba, 0x32, 0xc1, 0xd3, 0xad,
0x85, 0xbb, 0x79, 0x48, 0x09, 0xd6, 0x3f, 0x9c, 0xd9, 0x37, 0x91, 0x11,
0x0d, 0x04, 0xd5, 0x3b, 0xca, 0x74, 0x5d, 0x1c, 0x91, 0x8d, 0x3d, 0xf1,
0xf8, 0xf9, 0xbe, 0x35, 0xd7, 0xb2, 0x53, 0x50, 0x1d
0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xcd,
0xfd, 0x89, 0x48, 0xbe, 0x36, 0xb9, 0x95, 0x76, 0xd4, 0x13, 0x30, 0x0e,
0xbf, 0xb2, 0xed, 0x67, 0x0a, 0xc0, 0x16, 0x3f, 0x51, 0x09, 0x9d, 0x29,
0x2f, 0xb2, 0x6d, 0x3f, 0x3e, 0x6c, 0x2f, 0x90, 0x80, 0xa1, 0x71, 0xdf,
0xbe, 0x38, 0xc5, 0xcb, 0xa9, 0x9a, 0x40, 0x14, 0x90, 0x0a, 0xf9, 0xb7,
0x07, 0x0b, 0xe1, 0xda, 0xe7, 0x09, 0xbf, 0x0d, 0x57, 0x41, 0x86, 0x60,
0xa1, 0xc1, 0x27, 0x91, 0x5b, 0x0a, 0x98, 0x46, 0x1b, 0xf6, 0xa2, 0x84,
0xf8, 0x65, 0xc7, 0xce, 0x2d, 0x96, 0x17, 0xaa, 0x91, 0xf8, 0x61, 0x04,
0x50, 0x70, 0xeb, 0xb4, 0x43, 0xb7, 0xdc, 0x9a, 0xcc, 0x31, 0x01, 0x14,
0xd4, 0xcd, 0xcc, 0xc2, 0x37, 0x6d, 0x69, 0x82, 0xd6, 0xc6, 0xc4, 0xbe,
0xf2, 0x34, 0xa5, 0xc9, 0xa6, 0x19, 0x53, 0x32, 0x7a, 0x86, 0x0e, 0x91,
0x82, 0x0f, 0xa1, 0x42, 0x54, 0xaa, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01,
0x02, 0x81, 0x81, 0x00, 0x95, 0xaa, 0x6e, 0x11, 0xf5, 0x6a, 0x8b, 0xa2,
0xc6, 0x48, 0xc6, 0x7c, 0x37, 0x6b, 0x1f, 0x55, 0x10, 0x76, 0x26, 0x24,
0xc3, 0xf2, 0x5c, 0x5a, 0xdd, 0x2e, 0xf3, 0xa4, 0x1e, 0xbc, 0x7b, 0x1c,
0x80, 0x10, 0x85, 0xbc, 0xd8, 0x45, 0x3c, 0xb8, 0xb2, 0x06, 0x53, 0xb5,
0xd5, 0x7a, 0xe7, 0x0e, 0x92, 0xe6, 0x42, 0xc2, 0xe2, 0x2a, 0xd5, 0xd1,
0x03, 0x9f, 0x6f, 0x53, 0x74, 0x68, 0x72, 0x8e, 0xbf, 0x03, 0xbb, 0xab,
0xbd, 0xa1, 0xf9, 0x81, 0x7d, 0x12, 0xd4, 0x9d, 0xb6, 0xae, 0x4c, 0xad,
0xca, 0xa8, 0xc9, 0x80, 0x8d, 0x0d, 0xd5, 0xd0, 0xa1, 0xbf, 0xec, 0x60,
0x48, 0x49, 0xed, 0x97, 0x0f, 0x5e, 0xed, 0xfc, 0x39, 0x15, 0x96, 0x9e,
0x5d, 0xe2, 0xb4, 0x5d, 0x2e, 0x04, 0xdc, 0x08, 0xa2, 0x65, 0x29, 0x2d,
0x37, 0xfb, 0x62, 0x90, 0x1b, 0x7b, 0xe5, 0x3a, 0x58, 0x05, 0x55, 0xc1,
0x02, 0x41, 0x00, 0xfc, 0x69, 0x28, 0xc9, 0xa8, 0xc4, 0x5c, 0xe3, 0xd0,
0x5e, 0xaa, 0xda, 0xde, 0x87, 0x74, 0xdb, 0xcb, 0x40, 0x78, 0x8e, 0x1d,
0x12, 0x96, 0x16, 0x61, 0x3f, 0xb3, 0x3e, 0xa3, 0x0d, 0xdc, 0x49, 0xa5,
0x25, 0x87, 0xc5, 0x97, 0x85, 0x9d, 0xbb, 0xb4, 0xf0, 0x44, 0xfd, 0x6c,
0xe8, 0xd2, 0x8c, 0xec, 0x33, 0x81, 0x46, 0x1e, 0x10, 0x12, 0x33, 0x16,
0x95, 0x00, 0x4f, 0x75, 0xb4, 0xe5, 0x79, 0x02, 0x41, 0x00, 0xd0, 0xeb,
0x65, 0x07, 0x10, 0x3b, 0xd9, 0x03, 0xeb, 0xdc, 0x6f, 0x4b, 0x8f, 0xc3,
0x87, 0xce, 0x76, 0xd6, 0xc5, 0x14, 0x21, 0x4e, 0xe7, 0x4f, 0x1b, 0xe8,
0x05, 0xf8, 0x84, 0x1a, 0xe0, 0xc5, 0xd6, 0xe3, 0x08, 0xb3, 0x54, 0x57,
0x02, 0x1f, 0xd4, 0xd9, 0xfb, 0xff, 0x40, 0xb1, 0x56, 0x1c, 0x60, 0xf7,
0xac, 0x91, 0xf3, 0xd3, 0xc6, 0x7f, 0x84, 0xfd, 0x84, 0x9d, 0xea, 0x26,
0xee, 0xc9, 0x02, 0x41, 0x00, 0xa6, 0xcf, 0x1c, 0x6c, 0x81, 0x03, 0x1c,
0x5c, 0x56, 0x05, 0x6a, 0x26, 0x70, 0xef, 0xd6, 0x13, 0xb7, 0x74, 0x28,
0xf7, 0xca, 0x50, 0xd1, 0x2d, 0x83, 0x21, 0x64, 0xe4, 0xdd, 0x3f, 0x38,
0xb8, 0xd6, 0xd2, 0x41, 0xb3, 0x1c, 0x9a, 0xea, 0x0d, 0xf5, 0xda, 0xdf,
0xcd, 0x17, 0x9f, 0x9a, 0x1e, 0x15, 0xaf, 0x48, 0x1c, 0xbd, 0x9b, 0x63,
0x5b, 0xad, 0xed, 0xd4, 0xa1, 0xae, 0xa9, 0x59, 0x09, 0x02, 0x40, 0x4e,
0x08, 0xce, 0xa8, 0x8f, 0xc0, 0xba, 0xf3, 0x83, 0x02, 0xc8, 0x33, 0x62,
0x14, 0x77, 0xc2, 0x7f, 0x93, 0x02, 0xf3, 0xdc, 0xe9, 0x1a, 0xee, 0xea,
0x8e, 0x84, 0xc4, 0x69, 0x9b, 0x9c, 0x7f, 0x69, 0x1f, 0x4e, 0x1d, 0xa5,
0x90, 0x06, 0x44, 0x1b, 0x7d, 0xfc, 0x69, 0x40, 0x21, 0xbc, 0xf7, 0x46,
0xa4, 0xdc, 0x39, 0x7b, 0xe8, 0x8b, 0x49, 0x10, 0x44, 0x9d, 0x67, 0x5a,
0x91, 0x86, 0x39, 0x02, 0x40, 0x41, 0x2c, 0x4e, 0xfe, 0xd9, 0x90, 0x89,
0x00, 0x5c, 0x94, 0x0a, 0x4a, 0x7e, 0x1b, 0x1a, 0x80, 0x06, 0x01, 0x37,
0xda, 0x50, 0x61, 0x9d, 0x9c, 0xfe, 0x25, 0x7f, 0xd8, 0xd4, 0xc4, 0x9e,
0x81, 0xf2, 0x0c, 0x1e, 0x38, 0x21, 0x1e, 0x90, 0x3f, 0xd4, 0xba, 0x6c,
0x53, 0xcb, 0xf0, 0x77, 0x79, 0x9b, 0xf1, 0xfa, 0x3f, 0x81, 0xdc, 0xf3,
0x21, 0x02, 0x6d, 0xb7, 0x95, 0xc3, 0x2e, 0xce, 0xd5
};
unsigned int default_private_key_len = 609;

61
ssl/ssl.h
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
* Copyright (c) 2007, Cameron Rich
*
* All rights reserved.
*
@ -90,16 +90,13 @@ extern "C" {
#define SSL_ERROR_DEAD -2
#define SSL_CLOSE_NOTIFY -3
#define SSL_ERROR_CONN_LOST -256
#define SSL_ERROR_RECORD_OVERFLOW -257
#define SSL_ERROR_SOCK_SETUP_FAILURE -258
#define SSL_ERROR_INVALID_HANDSHAKE -260
#define SSL_ERROR_INVALID_PROT_MSG -261
#define SSL_ERROR_INVALID_HMAC -262
#define SSL_ERROR_INVALID_VERSION -263
#define SSL_ERROR_UNSUPPORTED_EXTENSION -264
#define SSL_ERROR_INVALID_SESSION -265
#define SSL_ERROR_NO_CIPHER -266
#define SSL_ERROR_INVALID_CERT_HASH_ALG -267
#define SSL_ERROR_BAD_CERTIFICATE -268
#define SSL_ERROR_INVALID_KEY -269
#define SSL_ERROR_FINISHED_INVALID -271
@ -117,25 +114,19 @@ extern "C" {
#define SSL_ALERT_CLOSE_NOTIFY 0
#define SSL_ALERT_UNEXPECTED_MESSAGE 10
#define SSL_ALERT_BAD_RECORD_MAC 20
#define SSL_ALERT_RECORD_OVERFLOW 22
#define SSL_ALERT_HANDSHAKE_FAILURE 40
#define SSL_ALERT_BAD_CERTIFICATE 42
#define SSL_ALERT_UNSUPPORTED_CERTIFICATE 43
#define SSL_ALERT_CERTIFICATE_EXPIRED 45
#define SSL_ALERT_CERTIFICATE_UNKNOWN 46
#define SSL_ALERT_ILLEGAL_PARAMETER 47
#define SSL_ALERT_UNKNOWN_CA 48
#define SSL_ALERT_DECODE_ERROR 50
#define SSL_ALERT_DECRYPT_ERROR 51
#define SSL_ALERT_INVALID_VERSION 70
#define SSL_ALERT_NO_RENEGOTIATION 100
#define SSL_ALERT_UNSUPPORTED_EXTENSION 110
/* The ciphers that are supported */
#define SSL_AES128_SHA 0x2f
#define SSL_AES256_SHA 0x35
#define SSL_AES128_SHA256 0x3c
#define SSL_AES256_SHA256 0x3d
#define SSL_RC4_128_SHA 0x05
#define SSL_RC4_128_MD5 0x04
/* build mode ids' */
#define SSL_BUILD_SKELETON_MODE 0x01
@ -158,15 +149,9 @@ extern "C" {
#define SSL_X509_CERT_COMMON_NAME 0
#define SSL_X509_CERT_ORGANIZATION 1
#define SSL_X509_CERT_ORGANIZATIONAL_NAME 2
#define SSL_X509_CERT_LOCATION 3
#define SSL_X509_CERT_COUNTRY 4
#define SSL_X509_CERT_STATE 5
#define SSL_X509_CA_CERT_COMMON_NAME 6
#define SSL_X509_CA_CERT_ORGANIZATION 7
#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME 8
#define SSL_X509_CA_CERT_LOCATION 9
#define SSL_X509_CA_CERT_COUNTRY 10
#define SSL_X509_CA_CERT_STATE 11
#define SSL_X509_CA_CERT_COMMON_NAME 3
#define SSL_X509_CA_CERT_ORGANIZATION 4
#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME 5
/* SSL object loader types */
#define SSL_OBJ_X509_CERT 1
@ -230,22 +215,6 @@ EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
*/
EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
/**
* @brief Allocates new SSL extensions structure and returns pointer to it
*
* @return ssl_ext Pointer to SSL_EXTENSIONS structure
*
*/
EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new(void);
/**
* @brief Frees SSL extensions structure
*
* @param ssl_ext [in] Pointer to SSL_EXTENSION structure
*
*/
EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext);
/**
* @brief (server only) Establish a new SSL connection to an SSL client.
*
@ -255,7 +224,7 @@ EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext);
* @param client_fd [in] The client's file descriptor.
* @return An SSL object reference.
*/
EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, long client_fd);
/**
* @brief (client only) Establish a new SSL connection to an SSL server.
@ -272,12 +241,10 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
* can be null if no session resumption is being used or required. This option
* is not used in skeleton mode.
* @param sess_id_size The size of the session id (max 32)
* @param ssl_ext pointer to a structure with the activated SSL extensions
* and their values
* @return An SSL object reference. Use ssl_handshake_status() to check
* if a handshake succeeded.
*/
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext);
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, long client_fd, const uint8_t *session_id, uint8_t sess_id_size);
/**
* @brief Free any used resources on this connection.
@ -328,7 +295,7 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
* @return A reference to the SSL object. Returns null if the object could not
* be found.
*/
EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, long client_fd);
/**
* @brief Get the session id for a handshake.
@ -356,8 +323,8 @@ EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
* @return The cipher id. This will be one of the following:
* - SSL_AES128_SHA (0x2f)
* - SSL_AES256_SHA (0x35)
* - SSL_AES128_SHA256 (0x3c)
* - SSL_AES256_SHA256 (0x3d)
* - SSL_RC4_128_SHA (0x05)
* - SSL_RC4_128_MD5 (0x04)
*/
EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
@ -418,15 +385,9 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
* - SSL_X509_CERT_COMMON_NAME
* - SSL_X509_CERT_ORGANIZATION
* - SSL_X509_CERT_ORGANIZATIONAL_NAME
* - SSL_X509_CERT_LOCATION
* - SSL_X509_CERT_COUNTRY
* - SSL_X509_CERT_STATE
* - SSL_X509_CA_CERT_COMMON_NAME
* - SSL_X509_CA_CERT_ORGANIZATION
* - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
* - SSL_X509_CA_CERT_LOCATION
* - SSL_X509_CA_CERT_COUNTRY
* - SSL_X509_CA_CERT_STATE
* @return The appropriate string (or null if not defined)
* @note Verification build mode must be enabled.
*/

38
ssl/test/axTLS.ca_key.pem
View file

@ -1,27 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAsSMwkpYHlwIsi1oxllJLjAPjjycx9t6Q3BOzXBSoZHc1wA+r
QVuKHarpe8tYOKlNP8b79ejbCv/1U3NlVkMJJtLZUPtDwTEwUZNEG17ixS438mGI
1AbHXvwhPaoT24UymEOcbJxAZuClDfzKpN7Cl6OzN7Ox44gHmBCBSnUhRAnJYxD6
x8wBLw8HdH0bMdoc2+H4KyW31uMGva7C9YlUCPVQGPJsTP1DLRskqy+zO1NERUTO
XytHeYLlh/X/o+NYVvUf7WKu6qC3I4HK+OZ5OW3E+EaE73oYRmUVDaVavL7bRKEf
2NSbzowU+VsFEnyXIF7YnRFp0D1yrMzaC49bDQIDAQABAoIBAQCwOrNLUunwKaCJ
b00gIXW5sfDGbhc+ZUU3Pn5V4NN7SEJ4dt5JYrnxNCWgHLkDfiQ1jFEF4QlzUx0O
TiMGhCDpuCGueJx66uYIcnvywx7XT1kn0jNfxfK6JBsqDzg8ULL6W2GXiIhmEZ8E
YHh3OIvec2WMyED1flMXzWvj2M4ksfMgZH290T9BSxzlEj9X7dZu55K4sFtu0XNi
7uJDB0vF8KfW5gLpwj6pd7i32Cm/Pgpl+7lcqMNpDHo0U2dMyWeH1EmWinS4rHxd
mGDm0N0qK4BOYAJdasq7HwRjzDZkAPuNqcH0gOzSq3aYCI2tP2E6IvprM/vbqA4I
ooo+GDJhAoGBAORiphxweuGBRTpSqoi9qEICM2WMC2NZW8bpFyWn79CuALGzvvc+
Buw8W3LVElByUyTVWBnBQQ1iXZGe9f1x2P9q8R1Bdl0rpePg3J9ff9674VRLrcov
M85/NUHkj1fJ+2CkCx7KG5BFm3GaAb74e+7MceEW/eErMmCqtNgkR2Z5AoGBAMaO
O9SnVNd4wgnJAjVgN4fqaXWNzZz6NYWtnFVIcTTO7vU1P9t5NjgcsdF9+SnLA/jV
Ylo5Pl0fLPKg5QtIvlooZjXB8hgKVjrVGRLFt9TN0tJMeJ//11Bo88MNMOf0OQPg
i2OMWI3w/oRFJthmpeYWOgXNlLOcoSW1LsnWR0Q1AoGBALAXi+KTq3tiM+FzSb/j
E+/JSJ28bC9u/7+Pi2RiZxrsfuaFI/H4ZlgRdaVFujhC3e6hfKtnAWRzepfEDAEd
neXaLAyVo9DUzbS1dQaBGNPA400eiOJCoNxP4t1qgEd9GhB6i4Ry6uvDb8YYq832
Q4BtLEUUeC38I3y7QnMBDfhpAoGAZ13InA54xqvhKELy2WK7xhAs0rv93MkNcAhP
qL5L4RgRoqoUEmfp6BBYKh2Qx0cfTD2aNCo04znFppJIazV1k24Qt8+9/vHyrjIe
GX3BFBIKvNx+t5zzNLNOo66MVVT5EaGmLy7zMwHRHn75mBLoLv5HOpop3c+evQiz
0POyqjkCgYA2+ql0jS7Qbk7EPyFXftQhHcD/Ld8TKjonShkASoudSEHKwuQGBuit
ftPsg/E5YfhlRpQB6p00kXb4vZsdpFV38eXkyLuLwg0kbpaLedahIujIENNvWP1w
89T/ueiafWPqvwu3M7sAkkd/ReAQ0LcPwrsBHlOk0uujq+WV+b+Xfw==
MIICXQIBAAKBgQCfxX6VHEhZNsMIqPPxt53h1UpfX1jU7ctqwBR4dpWRj3H6cCBN
EK8xj7IVcBTJq6vcMRDwrAUrElSIZl8Kv6+ZqhTss2j+E2tfzkzehP9LcAdAR+UM
JPBsYXic/+vmH5JCMO7CXLUsDJmO2q2Z1TjTtchu2DgAueTo0hWRtMvbMwIDAQAB
AoGARYOF+ZZenAJJhSENUiPTm4hTXX98hNgZYw7DWU4u8S/6JT5Xr3AM6YFduBoV
0VDR63GlrzEI5p6JDPeNbn3MBl14ZNZVOOkzenxsCsymCHKhickxR8VlRoN26Xpb
OcMxsnEOJ8zh0F97Re8bsE7OQhk4Z7KtArby2jY1bpSqkRECQQDQ0D9lIq0oINaS
Uezmj/eSlmRjUwF+Vx8t16Yu8mD8CJZUVBEhDn/Xo2GWlkFgbWUoAPanr8zAwKJX
6gImgMVPAkEAw+AxIgMqxs0GmsiesQMPe3Rf5kRId7ApFdhCq15J4URGOTdnyIUj
LBzJpGSiQFb/Fkt5dGrsDzawFd7hlBCa3QJAcWJCqiX0JDAAkx8NJfzSj7Q9+njd
/L5N3dSVFjTiWLhI+K1VR7/ZxzueB+i6wyNjpB8xz8fzxE5VWKtmU4XknQJBAKW+
K/UK1wR3cnJA9j70RwKA27D98JAOaQWKBAf79en+mqlJn7EGL1fhWCKZ4M0ukBSu
cqw22V6aOO+YtCpUzqUCQQCapy9lw3tDuCAljW8H3p9ce/+wuK1FTnF0TCalgHQp
kn4btRLmj0josAj4lRrzi2uaYfwq39h9OIuy7ES7YKcv
-----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.ca_x509.cer
View file

Binary file not shown.

28
ssl/test/axTLS.ca_x509.pem
View file

@ -1,19 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB
AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
b5kxOvfGlM4E6v+lMSw/HDrI
MIIB3zCCAUgCCQD76Ccq3Co3qjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
MjYyMjMzMzdaFw0yNDA5MDMyMjMzMzdaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQCfxX6VHEhZNsMIqPPxt53h1UpfX1jU7ctqwBR4dpWRj3H6cCBN
EK8xj7IVcBTJq6vcMRDwrAUrElSIZl8Kv6+ZqhTss2j+E2tfzkzehP9LcAdAR+UM
JPBsYXic/+vmH5JCMO7CXLUsDJmO2q2Z1TjTtchu2DgAueTo0hWRtMvbMwIDAQAB
MA0GCSqGSIb3DQEBBQUAA4GBABoJU0aQMTocVLNbcY4tbfqLck2oAn/OVjG0p/8p
GIJzlVKOtZ76ZkqHIbcXNKNlgjXy+4S3R+6+mkYcn0JVbVg7eN0tsDlMB04YyFaD
95D47KEzmDky4Yj2nqI4SmvVTf2lyYxV1zknrFUXND+WvjGxge3gpJxtMoTGE5E0
Jc3F
-----END CERTIFICATE-----

19
ssl/test/axTLS.ca_x509_sha256.pem
View file

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDDjCCAfagAwIBAgIJAJRCXZlKhZeHMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IB
AQAm3qU+APMkgTRCWhw0m4+06gc2iGaf7l+3i/Kg6EvDB9js4cI1sqzRpSdqdjTZ
BwVlIURlB6BnEMCB3hP69IF/oSnqrnIxx2KIeVJt4CCwW1mXKsBwxNMXwHYD3A02
08eFTRkP0ofn+YBRfUYFkDFebqba4V3NBZtBW497YtQk/ssKAL1xaI0V26M4E/VH
jkJtk99mcMjfuD8HPoqjTeVBGtY2h0A3j2LQPmOJNdSxv30SJuVjvpG7vejQripq
9MW0kPMBIRKhBpUBLIthLLxm/2VBe0IHU34kpe60YpQdJqebbldtOG1Uxe4F2JpN
LfUXs2/UCNpEHS60Xl8UDJXA
-----END CERTIFICATE-----

BIN
ssl/test/axTLS.device_key Normal file
View file

Binary file not shown.

15
ssl/test/axTLS.device_key.pem Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDH2LDa/QrOXOLHsqLCayRYs74qlWlk9yLTtIJVxumBJNo40TwG
8g+Sq6LhtZBAD7tZaM9XjgIi1iFjc1eKALFaEKpzT5pS9HM0mK48bgwO4DV0gbvC
t1LlwfEC1EkXgoMDumZwF0bpoKldLK9ayp6sXOYe7dcBc8CVjOiqzVCDowIDAQAB
AoGAZ2ap0xS8I5wRxouaBQgUrUSK71ORTalFPs6V5TXfGW/s7RrteRaDkjr2MtyT
f2HkaNV++mlCl629ZsyGDaRgHjPI6skemqbwws4l+QMglXkLQ2ST6xuMqrNlCaKN
Ys0l291VftlS6Bi/C/LD3bwMf6HTGThufchmQ87OvXYtNQkCQQD1jC5jypbk+Ilc
X4aGXaOSsyzrf3QblhPFTsXTIHwV56JNap5D1405LUeH9XvAca+EZyYAg0N/pOXB
rkSXww3PAkEA0Fp8+/zDI00liFOEud2hQ0A/VCqg0+SyCVGvA7AFnuXEURPbMkSB
ktk/x4BBn5DZUJMfOOal/ewbgPNqbClV7QJAPMw31EeeMxWC1VdltLFMxg8NSUYm
looDXTBS9SKu9rGC005Z34xokEaw1m4m9RBxGAR+OVRHCzzmEp22qCkIqwJAWSDM
ZHMs+rXuv1GS7nuLl5wtOxD9OYeUTX4+0uIClYWOpGxNEUTS9QGwUeRgriSlgd1d
ttab3XKaFWCLfvdzxQJBANuWeyBMYnNDBi3j++/NmmKEg9Reiby0dT3wSPe6oJKf
ux9foG8SpLGGnHuJQerD1IkACP+GuaGxWUxsVzPxtns=
-----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.encrypted.p8
View file

Binary file not shown.

23
ssl/test/axTLS.encrypted_pem.p8
View file

@ -1,17 +1,10 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICnTAcBgoqhkiG9w0BDAEBMA4ECLZOmsNEeDZnAgIIAASCAnu22JX3BRRr9cTr
j4x62+iDbrqcwmhQkybM1xShFgWObY3/OQf1NJfH4DO4zGQN45ZN0X9zSUVRu8Dd
ycHls5qsROJ96PYQ8d1xnuh1C9TWmFiLieM0qUyn35raHcKPQiBl8PYHtNr3+m0K
bsql6T23hE5ZjVhbRtcRdRd9MsQeTZ6n4mdWPEhzN1+rmSPV8ybCbrtJl3/Dh1v8
LnswXB92T6WcmHRyRiNsbAXR9SQkOaXFZ/1RUXDNqoRYZjlWPBWdcQf48mzgaDjq
3RXF1mjbOlX2x4/V4qVwH1qZADlT38fSRk/iVdRfureS+wfOuJgJ/g9Riwa0o41K
2q+sOEcTOv4rShXRGp/0ckeuwhARDdSMymlSBhgBWdf14qdgxCx0rAXYlRAc/4Ze
Zl9ErfydwdUfDJoPK+QlGZMF//hFRF+vdO/wJHleLsels4KaqN9v/sB+BrGWaeUC
ScKMISixquCwfWi2qGiqLQGsxHn0d6ejiMblZR4kTf7dcuWVWGXdf5VZqxLNP8Xg
zzjjeP59OxHRVH0ytGBUejTehcxWDKq+6ESAuujzVXa0v1+5QzZXsJ8rPyZOINzj
bdpN4Cr3tZj9ALrNzoC2oG62+OO45U7lg54cV1nyrQ2QiI4XFnt0WA06K1G1JrRW
a/y6nZkntGybbCpuuIBiWl2FfdcTepctiXcJ0vCYqVNOTT4L2Y1RwajDzALhgb7e
wOy0eA8gmOmMLNozSlMV7siL0LeE1WlotLwK+AHMU1lmPMqS7jK9nycXtZyg4IKl
eBAnW052fnKZhT4zNlfJkZqpcp6YWpCU16PWx6L+/FDzFPzswluHyfB72oVqRniI
2A==
MIIBezAcBgoqhkiG9w0BDAEBMA4ECEHizqvZwHfYAgIIAASCAVkWuzUFR3hk3vXG
BoX1ULCIr+Om40+UkD0T/Vxl8zo6Vuvl13vAYqo2eDSNd75yKpYle0gSHn+aVeWZ
gKYrmpSqXF14CDeBXAd2GRwun9EIAwgkv9AMMPGzCXVTVFM/pLyuLexj283qvZf5
/7Fe/cizYx/DxtiRw9QUsNWYckt3RAM6i87PTBw8uI7NqEMEkstHT51l5TR85JjL
F8ZYSuqv9LH/jkWhoedgID35r+ffjeYV06clebuRJAIcS78LG8833D1SyINlnj4y
Ts2NYf2R4CtR0rDJeDCcucDBnzPPIBv4JqsbUGDTMrlFIGJvmL4RuNP3TNIAk9tZ
FHw2QEBrcv6XNQa8DJwk/162CdDxQG5uWc/Ye4hF5OXzAd6gxKz8u6C3wCq0q3+b
PDc9wulGEejbL/lecZ7qT76CqYLupNmCBFAa8idGjAhU3LDwv4ooGF1aWFiGgG4=
-----END ENCRYPTED PRIVATE KEY-----

BIN
ssl/test/axTLS.key_1024
View file

Binary file not shown.

26
ssl/test/axTLS.key_1024.pem
View file

@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC9D9RCqHSHVKq5Oh+Lzr23ZftAPdARmpzcgnzqqBfhdPMFDmHB
wXiKsroVIlr/m7h6Lg+It3TeBJmloplTi614WjHtvAHn3+nsL6BdU/bmiqDIbUFF
YyOzz05QHyjfNuJz39ahs0ZPbrsNm++o+UylcaGI3Qephg0/zZkjooR3DwIDAQAB
AoGAJj/slqvUH4kOnTjYJwXlthQI1/9peBZKxAYWVbc6VZ++hvhY6MVGqPDt2ta/
iFUt5nIpLGTJXR2bJDqYQKHSr1yrI+Qz0OpgUud6nnNfLoDR3G9HD5eANtIwB93W
1xWJK3TVfoq8Y0IK8jEpv/n58IiPisIibhUmt15bWEQcO3kCQQDh8bLlyICTQFB0
FN2y8idcDD3AX+6cRWwTAN/Q2YP6kCyE8qrC3fvPA0GIEMa7Xre2LqYdqrr7SnLY
mq2IDWoVAkEA1jYj8113yNNJwZP+yg3rm9q9Ryhzl6BQ10wk35sLN67DMbVPYgjK
5e+Xe0Og2isfv6gIk9IWHImZ8d8m0UKZkwJBALFB5H7fIPfk8flP0WotDfHp7Jw6
5sCUuififLSloSP27eZTVuJQMtgCjuvHdZHTyj7UNCB8K/svOhBysQdWts0CQB47
8gMNdDSyLbzWyKV4JYMP8psyiG4kQITCyImO9pxbXE2Ny7CIkSq3EGhjeTaR059X
di52/ov0l/fdiTsL7WUCQQC5r78JyZAm83KLv7N8529vW6OVuJ4Duc+gU7oywdOt
hbt5SAnWP5zZN5ERDQTVO8p0XRyRjT3x+Pm+NdeyU1Ad
MIICXQIBAAKBgQDN/YlIvja5lXbUEzAOv7LtZwrAFj9RCZ0pL7JtPz5sL5CAoXHf
vjjFy6maQBSQCvm3Bwvh2ucJvw1XQYZgocEnkVsKmEYb9qKE+GXHzi2WF6qR+GEE
UHDrtEO33JrMMQEU1M3MwjdtaYLWxsS+8jSlyaYZUzJ6hg6Rgg+hQlSqAQIDAQAB
AoGBAJWqbhH1aouixkjGfDdrH1UQdiYkw/JcWt0u86QevHscgBCFvNhFPLiyBlO1
1XrnDpLmQsLiKtXRA59vU3Roco6/A7urvaH5gX0S1J22rkytyqjJgI0N1dChv+xg
SEntlw9e7fw5FZaeXeK0XS4E3AiiZSktN/tikBt75TpYBVXBAkEA/GkoyajEXOPQ
Xqra3od028tAeI4dEpYWYT+zPqMN3EmlJYfFl4Wdu7TwRP1s6NKM7DOBRh4QEjMW
lQBPdbTleQJBANDrZQcQO9kD69xvS4/Dh8521sUUIU7nTxvoBfiEGuDF1uMIs1RX
Ah/U2fv/QLFWHGD3rJHz08Z/hP2Eneom7skCQQCmzxxsgQMcXFYFaiZw79YTt3Qo
98pQ0S2DIWTk3T84uNbSQbMcmuoN9drfzRefmh4Vr0gcvZtjW63t1KGuqVkJAkBO
CM6oj8C684MCyDNiFHfCf5MC89zpGu7qjoTEaZucf2kfTh2lkAZEG338aUAhvPdG
pNw5e+iLSRBEnWdakYY5AkBBLE7+2ZCJAFyUCkp+GxqABgE32lBhnZz+JX/Y1MSe
gfIMHjghHpA/1LpsU8vwd3mb8fo/gdzzIQJtt5XDLs7V
-----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.key_1042 Normal file
View file

Binary file not shown.

15
ssl/test/axTLS.key_1042.pem Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICZwIBAAKBgwNRhe0y5s4OG7KtaFgPt+iYXplAx2O9BJhAgQTN0/Q2xmrprfAz
WTp0wHWGYywZtPmM196fcl2EvazwBDiuKjockPdEJ6A4qv1G3avrYy9YVIx+Vzpf
hsf5sXGychWNboP4UtJ5U95XGkHQFUhC/apIU2tMOVhspT9G0YPH5N+AzfnhAgMB
AAECgYMBqUlbwxTK6UMygx9unofaOJV7MXPgWZs4QWqVphlK9DUHBu9eBcbQvewv
qdRyGniASeMz/yy45qAyOIJUgdR//RU9oaW/J+HZOM4LJRqP12BPmSjujuVd10h4
xRmEt3xCW5JwEIcBWhrMqhlU0QoiX/kT+tv5esBeCglE0yeynOqjtQJCAfUa/zZV
ReqIEH7NaYWHMZ6NOhS35gB15Ka8JDR9avQFJVq0D2NpF1ysohGqorvB0Z19IhHW
9HfYZ4kBOAf856pDAkIBsf8PJGBnBema7096ZLFmykGaTiECDOJH52wLlqnWVr/W
UmlNzC/Dh+WFDwxH5csW7iLciLkNwhFTLltOMEw7owsCQgHOjbgNIFOkdSq80cHY
5v2PfI+jdklSHYENw9eruCWU0Hc1rcYSnnxZKGWF5zvGEtf6Bvr++qu5QMH5fm2J
OhNiXwJCANlis/f5ncEVaTjzq4/iWGV5BMybtgY0FeYydX+LJMShJL505rYfOqbI
baTC9wSAfMTdi2+kmeKagPrYW0rP9JNPAkEwMQ3d0gOzgT6nxG1BCTXOABZKg4Gl
Q7OOtmo+ZZEyjE8q/jfs5YsQi2TTFCpwwgS++LqrFAuXHzJZC3X4hrUNuw==
-----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.key_2048
View file

Binary file not shown.

50
ssl/test/axTLS.key_2048.pem
View file

@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA+Vp2PKclcZoKZ3OicQZNA4XpGZbD96Gasb5E66voMPub7l+y
ln6A9CYveBna0i/cQHRCwpYuzzbHQgOjAAw7rcveiIqm8nJMxA8BFNMJCHv0knDl
RT3H28xoTt08Z/MCfCYyOXoVsJOS6BSOSdFVyzhfU6nAie5iskYnmKecmhYaFm94
S8WWJMNgEvwzPyhdmE4rpqUBHRSu3zPgHUnRRIOfui5KdZGzKpaC+i1Gn58MOC4W
L8kguEMDCEkQD6zxFq0PX5GBgu+zVqCFByX7soxZB027FsmJUN6WNoo3hR/H1QV8
RdXvgMbT00yymEnYVfn9ZL7nXShKI70Pi5Y11QIDAQABAoIBAQDQQBrrgPUmsW3r
BIowNwDu5lHNizrTf+ZAeBX7dbEP57NNHCN8yN5OCe4vMfis/kfGlNKEzQT/DlLP
8VWa3pyhA9kw1AumBIvUWmuexrmOmmeiPiNc9sIJ8edTpjWi4zO6F/RuSGYA+N8C
cNh9EhXDCaujpewlxjArj6fWOHXzwMewghiGCm/fW0rWri5HCQ7ec+WuHPC2KQGQ
mRDpkXUsxWzTIMIsMKe3M2jYD+pk4xkJqN1+OV/APmQfLyshkGD4EN/qG1dieMQ0
e85HxxCxbFETOzip0+pHXMbtxY/ok25/SCdtBXkBUJK1KqAysEZdHtOWmmk4HDaz
Dx2PBbKpAoGBAP+BT/WXeVgtOv1idyv9RG34kOJCDaROtVk3g5MNLfj9mIklcwEd
SylhpFxvvrFQAWQIDFPzFkukMs8aIuC0Gm4zxH+8RF45lwhgcXlXP87IiIyW6Bqu
aglmWAM9UHol3/b2AD1UdpqGe0nvWo0rIqs4pdtGTA5BSSUYeaZXhzFDAoGBAPnW
GWqDarzSbZM4TWcrx6O+cjLnstxDW+cgSCIrm9iVq2ys+Hn5O03aN9SsklyGxXgo
ygdGvbYnnPl3ugT139KEiIeUSCBU15WP/NZejpHmtUHduDw1Y6SlBJ9T+p5CSDE+
2kJoZu1zG7W3eBprZsyqNWtw3Dwc2N+emrF+NF8HAoGBANzErAVFq6if9E+KK/SL
cvwegXmun0DwbUu4ZuzBv45b+NfPzu4QlKgd4TmpqDhnK7x2I8jJyuLy7p/6Mla7
5/Z+rnO8hcpwsmqfgozY8Z5HsYzgu46KU77penTaHtZcMYefCZf0ikJ8nrzEnxZJ
RjxxxwWPWRocGQp/emVbTconAoGAUClmFkr8YIGULvyNuWDOubdNpQ+6z/m87zfo
bS5Y3vGHA2OshlZ1tNEjwNVuUMndamSMDjGghWXIdDL6OMU7f6yOshHd4qHWWmLM
2WuVizLfTbb6ejcXNajNBuJHM6hIyaRFG7Gr9NxOM8weeTukzF6ArWyU/aSz4Wxe
bjz0SNkCgYBVC0xdMPauqO1Ie/Gp6SPrIx9+bDDlwEvnDki/2RN7z5IkmBnRFxPy
6wqBiMFRxJXI4q3SSSbicb+7TQlK2/Vq/bL6QfjjQM8ZEzpPenYpP/wyMQXdVxfh
1GFDTzeiAhXTvBsZVj8R64VNhNaNn4naMlC4hqxaZ2KA0wrjTRKR0g==
MIIEpAIBAAKCAQEApaC6WCGcPJ25ATSgSfk+BSqhb+CccHwPzd26bJBT4po1RCGa
RxfXrDqNm3/UhBqol3l0bIa3/NHqv2lm3ngM1esJnwmBWTnyBOippSE02hEh5SJi
P+xyo/elmIFiNU8z6OXVGKsi21LX3UmiKoWGvg52Q6Q8TBXUUvKHuze/04cChLyb
dTdxsPjm1lTAsQVKAQqwExhSsTTeLpGPAcrWw0ZsnUnC/p5aUYupieUYjVOChmvH
lJ5n/ZGKLWNcq/ZOIoutK5J75aXB5tIra7z+xGJDwXoVkja9W3ZLoWMcuBk+KOO6
zFvpdGW/4Cx+ZHqTfGeYpFWCoi++Xg8yVRaLLQIDAQABAoIBAQCUcALxn1W1oak/
olmRUnY6DSXX7ZZm3VkQqIo+Z+82I/xfDjqFQqIA8g0dcqgUqQu1jZ1A8lAMnllj
qOQPt8nRIi9iQBOT0vHLYnU/0A3c7gPRpkolfhSUTQs1LafFnTEppmmgDShVJd7e
rPJQZ5EF3lIxdwyvJ9U9ba0lpeYefO02GBVobeF/sERK1gOEo+V8H82/6p/X91Ro
jZezh0ATKJd27jhX5f0+PRop9lM16op48biJMAVDyS8+9fcb6V7zpOsbJhL2C91Q
CZe6vMpCcp4t5fby1vx9CttnWYEewWyfVkdMuCf4E5hLuqMCYocmQYx9wOebE2b5
eoI194XFAoGBAM6O6mcvpzlTRjKsNG2eKbEkqHBvINWkYUuo7GowLHlXvDoTnrep
qJ5jtIZ0DIFAYmwoXOcDb0icrGL1gb9KZxW9HPKT+HXGlPf1YSWKY6aKEA/nxach
Pcb8iAYeVf9BsYiK2xBOH21eEdG/kDCcjpX3fzlZxqGmZpd+TaM9FKmLAoGBAM1F
wXym78pmw8+qp4035j6ZcH0SPbS3Dbj9v+MHuvevZlLhX1kUT/JrNV8ouac4qHjZ
765QNoRfHEsO3uYqS5E8lss5YuEB9/X+2msWxQS9EvYio+v+rIZfhr/bFNqVafTx
oacsAXVGFiRBQsV9GtVykFfv4YP8K1UhyCRJAwUnAoGAJvpjE0uzw6aKNZ+3WQQi
m/Ht8yGVUZtuXMeorTUf/1nmBBOVvNTAI/tuonydq3pJ2F0ZguJsCoi+IwJvFHjm
0PxZzRDNLvRlQhFE3r+ppFCjTU0QSESGktkulfD9i2iLJtgFFKOZXJsGw8zhWbsB
UR1eHaVqTTDIZUgJQIeTMZcCgYEAyXkhw3sF+B6NKhJRiaXH8sEfS2LP9cOFUICe
CfLYa6pYQBi8QO5S2ZioNdH/BkXx9UvSl8BbAeloF7Nsy3PP36kcSDL2/em0ull9
f4ZFsbTyG2s8gLDiHLE9zKj2+uOTr7pJ846Zj8VOjh8Prk5wO/fJ/MWRDr4+ubwC
eLrAoBkCgYBHwbHMfgouSHD8OEYkSTOd4DVNE8zpUBKiN8mlm8+vmmPEKfuNMlpK
ZbhhsKpLi4eo3qEr28Z2jVfdnclRGtuN9B5qICj4la8TuoI9AQ5kNP9c3By3swAx
ltt7aGTVYI9kuDJ65hkmSdi8IFdCTQY3REsBwvrLd14pWuHcU34XRg==
-----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.key_4096
View file

Binary file not shown.

98
ssl/test/axTLS.key_4096.pem
View file

@ -1,51 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEAwApOo9f0syXI8DmEkP88eHCgZZ8FumcICcqcFe0OywR9UsXU
dQhMqKfMLi8Wlco+rNqFcDfsNyAllCDiq89dp/aNj3inCVAoXnaJuiZQ6dX9UtBR
VEW9cr/z6RjgrZQ9+MkbOx+MXVd44I8jEWVuW2oK1eQzU+FUb12dj45mTaLpL6Bx
XcXGC7e2KSeO75iWwitMyGmJQirV8fttUNa6VfKu7isxESz5jaUmuSsMZIl6Hjm/
KxmZxkBuFv1Zm2KkKqItV/WqQYCrngil1I5zJLjHWFNjA634U63yWZo5LWQY8pp5
wy0stC87yJD70rsszjm3zejtXAVipm27+GWe1bKI6UAVfyG3y+bEAKOGc9b6UpUJ
7iRPd32DrZCJ1xubVW3Lx+gK5YILsf7fQARPAbc1KbuJ2GJ2v9ihINzkqyT6N6FJ
ns/BcZnHAXk+KorS03xDMgI/CMKEjoc5YjFY9ioOUvvtpeg2kb0VUqvAHOm4i+DU
f5pQ82uH16tHVk2YyZqNWNVu8cbYsLAKFYPtyur9EO2TeKhCI+vAjl5FNw3TQAjy
1N4P7olDpJh1Vkx5q2fbaQvIq1HMovSmGKKvObXjjAoqlwVaiCukkr/djV1Teu1J
T50aP7tqCOOrBYBaWHO1IOB6xFOSfpAkuZVf4gqHsl2jTiLY6zDhkafJgoECAwEA
AQKCAgAlKVlyZzXY/PTXV6oJjPqcq96+C3nGSm3Jx0VREOCN9L5zqAim5QZAlMf0
H/SU4+Ag/uBXiNrTCAt9kKeMa8JJ4HIgU06vhK1rKjEYrpV1yo0M23cBgcVZUT/X
2ZKQxGEBpZj5Ze95mJWxjsFQenpSgkC6h0BPeQkny8vTndC6MU5Cgx+s77qVReWg
LSGBx9tUk6B2H8YJ4dQo0Wij/gls3FtxhzYlhrh76nuF1Yi+Y8QX2UDfDEMvlAQ5
uqj+YqY2AdAYd1eM+WM8X5wHd9FcR817kBdW/PFS8BQ3tppd6ELTn4T0eedurr04
4KV6b/IJri2dUPetmPUwE4gOV0vW5LP1DSNS+sBD1OrsQ+Ytovht868GLMQ/d6M+
82IDz2at0lDQ+6JLGBrY2rOXYi22fqGgSg2ErDENgYU1dft1Yc8sAzCTl5WC/Bhg
IxbfUChsYqURvq7faaqVfb50FcMYUcj/rAXVSLOuix2HUgLsQSj2MTtvuR7+BUgh
2KEmiCaMJy6CQyIgtOTjhmPqMr5Se/JYi1SRG0SxZpsYhGRPfjC8jg1k/VmRoAmS
pvqfhqgUMB0vAjfynoxFOZGNZIVrSR+yuC3xaORBW5UAPGvZHS1XzuxdybjpPm74
0NB1JIc3ylAWcJEWdpnpk8OzZCAhifx0Farrq6Xauk6/ZLtd4QKCAQEA4a0DaHcp
OqFTudM8kC/N21FuE9U5MRLtJ2HP42iTEAfMi1bpZjO35giqYhfxNJiyTPnWDbkS
HVvNuSLAG58/Xs0KTuXCEgWuALBFtgg39BrPTT9Kw2CdqCgIpx5ArBwF+3lDfGIH
lIeoOhR7OKnN8a1/6l7KVOHxV4FMX9aVmom8FKKqjZYcObY86MgLObMtt50v0cKY
GgNZCy1HLoXHRGJ+3pypZEV0qxbOt2jGAhEpDf/LdX9Ez4AIYK16/a5AvUnNJlvN
d28LPgTCvPK8Mhz/m+7ms8IfZ2j0hJgm2j9jiMTK0QvyhWq57TfrU+8HWCKzsUfH
M1Riwt0z8u9HpQKCAQEA2dhE79/lyaGe3lxqJmzxdLG3Khp3wAk4/SM6CP9elN9J
4kg7UFGIE1AUs73HPwlXmoOyE1r+g6W2CaNMds5qqJKOIIS/89mrGZs68hpTLbdR
rTrNNeTLlOQcF/txNfawYEtPwAedjIxUFATKDibbDwfe0p3mRZSm/ji0N3n5ehJl
yDwfaSVsZsoHWm0GUfhMVGwu1OZjAGGpGZIf/tcjMNQ3cKAmqAvRpRrlc51eUw5M
+Z+POgRY2mnrKgTUREFzaLG62umaTVTGC6dn++QLPmFgoFuloSUJNUbRRvIg9d+a
aatn2eiusBILVarQcHGWdysuMFqxUJ9VHQqCNqI4rQKCAQBjPcZF5kEHO3KqQS5c
6ejJDaIurpGb9wq7StQ02QPzBLr6e5ngC9ZPHnhu8sBrtMqT9zoehshkiL6LL7Dz
dLBVbC2gTIFvk3fVba76Qdr5SeDnw3GJQa+TByfm9fLSvPAUilsXE7TpqE5eXCtj
26hpIzchRdYMRd/v7zg63Q6lCvTezjnaUazP5EgcxfvJv/XWzRT+VWi158r8k0i+
OK5McFQCaTpEkhagNkNpfHW26vz23woF/ZWw+ki02xU/AaYOl6nTuIM+hmKXP1iz
5rrD/uSZGhHx8ugEfa8psA9F4qJOvtvB2lMoQKrKmtCt9GtyYrBKwZnkBLP5pXT2
3CrRAoIBABiIz/LIH6QezLq0Y8wiFuuSnFNkmboKD94Kmp2qzSctIrAWfH+mPxIV
wc8gf5Es5y3iySp+5A1Fm4PoXVNAGikUIGevK8M175w5rGDZ8CZE8DD3X2dDdl41
dqiIzA5M0z51HO0+rlLG9y0uAOepHqDJvSGxYN7TSB93mWxqE1vZOJddlhgMe/Hz
rPJVNxICSe50JK4bqGjBlv7nQy07Y547OGc50kC43AqhRdhIj/gAs1Cl1Mau+KbY
qQCZfKKXUH0pDydaieNNueRUHVT0MQP8iZpl1/iXKDtU13sLCAVJAqYGBPM4znvL
/HTQgRs4375aIaCWhkPTPg3AQjwO9x0CggEANIoxDPtty49prkkd8xQQceySEbnf
CeTljNd1uUEqki5DSJMfXajwuSkUrhZAnSevT7k9BjsAzqHM9sWqo3C3PQpFA2Q/
seTA7lSIxyKvQ4bt/ZaMMeryCzC/WKH81+F35IoQ616nzJz+A7khHX/+l6ZdS9Ud
LYmYUEB1PQVd0PFQQ67dnNCJ265Hi54XLez9rzuYbuNFIb+wg4FsjV8NHUQSMow3
LQLLMO16nqs9lQA17WdTlhyR6fYrovh6h7puGzONesSF0s9uLSyiOQ9UDKenNPPb
nBdM3Bwq5M72o11IKwTPvq95e09o2eFY0SlqwqLdqeD9lrbh/HWfO9VpWA==
MIIJKAIBAAKCAgEAo5gChsj+wQBrSNjdaeHZQFNBsrMsgQXT8+5U56Gq2ddnVP7s
s9O6SzyKNab45c3+68uDRhlAOk62O63smiDpfc8OvV+cYJkH0HLNSpUMILc61jdW
WnxrHRvHQm5Drlkc/s+VCf7YMNybOzKaigddZ1qMI5vtNd1kK3jx9q718T/Wmnj5
nSwpSK5uV3+KGbkiBubBJtFatsfNkncxq8wIcwrAK8JQMxTWzhV6T4PFm1rcCko8
HlpCtb1+6k1PTVcQmRAGOk7ybzM+txdBYpTSbZiWP7spehs3D5i4WChlGEksR1Ro
Y39FRVSmN1NnwDqsKq6I4yDVJpWbWkI/jMOTbBiuSV8dIz8j0JnEGiLFYSZhxU0D
FERyblAuYtaG8Tw9Mvkyg6GRo4Cffs0W3OqN9IehMwyZfOoWNXW0pkmy1D7+9zrU
gqnkJwp7q89l9kf+3tnH2H/uuBBCbBh8NFu/QYgrBPAUjmHEf1eKk9ClLQK85T9J
6aGpJVj0x1Vm2/vlars5qBx3TSrC+BKg2FVQoTKbbN5ySS3a6RyWWiGkuvkfvFFK
WTW9d8lpeH1ivXPGvUVZ5LOW/2W7pUAV3tFX76LR+P30WeOBYwVQe99dUTEJL6Oc
PVXN+pYdzVquKRJnULU5pMvd4QPILRHI99HAIVaTiidRtpRsmAR6CTVRCQECAwEA
AQKCAgBIbWlY8S3QlvXop5LHaOU9VF721dqzOLhQ+8h9UJcKoRIvkDmNmASXgLMT
89uoKl5dWJnC9DT6W5TUsTjaOA4H1B8LeoQKRFYwVFNNXNWkulqDMra5kvH9TioW
4Ch4zR1INvEeHsTqRRE40TuYNpCEzJLUxRjtSxopIP/HHkjmyUOi2kJw8ndIpWlW
tbGXl95Xvdvv6qpF2AnMeZb1H3zyKeVQulO1edlsHhgrkgRvtndK2vjo2z9DpSTG
aPneHNjNW0nWkNNGpiJy/wnEsmzDdtW2W4+ObvQepJeg+Clh6it/XQBmZJdvjX2V
awi5E4Db2K/kFsonrf68pC3sjT373RfHAEjiNY2Kspr7fgUNsFVOfyaORuWcqbzo
TMBG9vryGOfhsADISSWtJFN8FW4rjoIJ9Y0Oac95MCoMOFI82sr8VuEibwtbnhAz
2r6aB85XoSarJdfy6ejMTp6LHorJu7zcw7alNpEjiRxbMFTxRGeZoif2TKUmElxs
oaN76hZm3fOScvo3YhoZokz0MlSg0KzJzdpKlWvkoEhSr5RLHY+qlpd5sYAtf4bJ
EIH0vVrP5/B42Hnf/9g2wwP7wP+UfjzWCNPeniLOrfWyP//q2pdYjVX9U+pIVPOZ
cdNbOtH+GO3VHBAAG8QR7L85I+r+8L6w0ugWZp2cznQexDwO0QKCAQEA2bBmFxEV
8BUSnaFAvTipo5uKixVWpkV1EUWCE//2R1c0U0blW3KocefURIFHGYmu+XdmnI2H
MTDB9Nh0I6oqceXiRKeyvTppudIASrJER04ZEskw2YQEtDsRTZlBk4fK84ZtNAcs
RJX0nIIP1yFaSWoZWktiZB3RBDPBzfNU647Rw1wlsa7d1h0n4SGVfkq2NB+85Uqu
y2xAR1d61S5SxZAD2H3yNAwJBbEeJm3uiryDQKnDHuiGq9yngkGpyM5lWJ4q07Jw
sbdRW++c9xM0OmwUAZPjOXG3yOW/9/+X5/gYUh8HntCuq66DVjyEPbQH97rhB6rp
JroahvRzkpPinQKCAQEAwGJxZvJCCAaPnBvy4KcJ2ko5M12l7I91x5UDylAahexY
u4TyxeRSm+UcaYoV0BRG2usW2ImioxP1FNr+GSp0M3bOxE/dAebi061rpiMdS76j
ddH/uczVGZgKn3O8iZLyWquhCaxyAt5SdIVHfJ11IpMN4A6SxotQdAk6sjKjYXRQ
WgR8a+OG9vgrcADHV3GaBcQBZ3NRgkU1YddFyauTx5QPaWJSFmJcWn6HyNN2v3hG
HeskNeOyWgiT2roBO8mJvpM7lRQiFdWRKAeSMaJBpR0aLhEdwNn4HNjrQRgrWLWR
I3tU48+H8nmf/Br6xbF2IRRg7+26X5bPA7P3F3gQtQKCAQEAoVq4AUb/zMnB16cL
tnXGf+etpHP3mx0GrfuodCyYnr6LoWJ+ZO8y3eMpmnF8gvhkArM3ErlwyMxMJ7E9
PKZH+c6cjakDunEOptZ6suM56uR/f0YzeDb7yZ+yrqL3UWQo0aMFVLgwXtIL0uow
1ZP6OUp0alJQJsdXA1ddwssnWcatwrGNmwtzkN5hjeT3yvmT3kTcHdTihRPC/V5h
RJyma5vYzeJk4aE+GsLzByca1iju3MI4R7OxBrhyTQFg2N/rjOkH84xjLcckfhG4
dgb9AoTTu2uj1BNvV3C8fxUrwpxJYq1vV490uPqMjSIkHxxPf5c8bxOG59awDPIq
rC4DnQKCAQAE03Nczb7yTJfVpq3VDNumai49J6A96utdclOCA7hmm6MuMQuWA0A/
QOQRkbEyYw/T9gnArNMznBCN0WCGaRY5JEXTjt1QauZNwQ/uPvtBJysajYYItyax
WasKjPCx0snZlGyZvYWupL0UxzMf4SNLFr1GXZc4+82s235pcfO/Qhex6mLkofSE
xXzxdlOJ0gO3GU+ftLjat7m7Fpddk7xFSWWJkznT7eu7KWlmlEdqTi4UGg3yfB/B
Om3bEsdtJIUcDr1z4+lm+tCFXItCS3uyFKTPewZwDAe5UYe1PlH4C7X0WeerP019
u6dTv6mCxAzej5BO9Hu0YigXQ7BzGkPxAoIBAB8nbMVXC8yNlp617XQJkciLiN7h
oLI/zM2QcScGmgsqnhWLZjXAOd/pq/v5V6wJHcRjMzyxdnWSsPSkr7aux6JS8ffN
J7pW9VBit38UW3fRrWRMX+PCtILT+MWjb8q0NYDbBhKphDtHbKk/fJuzBVW5TwoA
TXsihp5wxO4JXXMXaw8BFtXt2BFv3d+Dr3Ua7wcCTFXrnEdFor/k3OPwJ0rqKahD
PaidQ+zu64aZF1MjDEWUHXumDli/vVCu6dmgQAGAlRMKd60oZUzxonx2SZ85cQo0
TdXq1LOweaGRYe1RqUWGdcLX2BZI0EZ9L+aNzzFnSVbhnHx0sMKpOp8SlAM=
-----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.key_512 Normal file
View file

Binary file not shown.

9
ssl/test/axTLS.key_512.pem Normal file
View file

@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAMjKXU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB
3vGQ4n/U47F7yXVTIpDJ0Zxv2hm/0LfudBcCAwEAAQJAJDnee8YCQVqxm2W8jvBB
RmjEfvG6s7QFjh2T9AK9T4mPsva55HuPnRee1WgkIVFLCB2wy+xeKqYUatT/Lcy1
AQIhAO4vmcbILievlsnHew3SZcs+mjJTMlgt0/0yUz03w+FJAiEA187GrlzN0yFB
5HnYap/rzz6AR6zaHSJOSU/WXLTpCl8CIDkzj0+w5Xy8a48b7A5+t9meuDNbzZxl
rSKCgoESMmWZAiEAsPzQTOenlePMmoijSK7nQgxMQHwuVX5xHgbwEw/7n5kCIQDp
i1Gb2CDHu79/fL6kcQ9DEfGMT9i9lQ+bNiggYoL4uw==
-----END RSA PRIVATE KEY-----

22
ssl/test/axTLS.key_aes128.pem
View file

@ -1,18 +1,12 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,7BFA0887B7740C1BBA458D0362E75F89
DEK-Info: AES-128-CBC,ECA1836F07770828A77072CB8E75B461
aBIhF2zVGRMFZAWg8s11WnxoTQhGabdzchHBxPltnipEgvwOM9FGmYnVIDsFPvyb
hSA2HgmN972SPeRG4hITzrIXiRZMBOd6Lchz9p2Ui/mqkR6RUfnUBkUtkgxGymSa
oD7WAmbpNG73+7KX4gV36tevC1dM9lQzbClhhXQL9FH9LFh11cS7ZFa9L/esWHbb
sxgicR8zG919UEA+XvhLPVXpYD3AVHTcyEHbPWiGY49SIEI+GOcLi6rvxQizcXKY
pFtmlk/jM06OdZWur5/qLg3HqGP/o8GUjjA6KuAe5SIWVrmlkHCYHj6c1KFLVQJZ
7qAUNvjVaELXOc3+SE64Fl4OMP/4MiUA5WJ+gcdIKFtX/qksjywzF7goNTsxB1ZX
8g9JP6m5BF2VS/Woz+9ypekzk7DEKST4Knh8cYBNdz6yYwX73FBb93jk1aPMXv2K
SzhupTSHyAt7ddvXm+QYXBrklpZgUcuvinrkb7TNYEDcc2h3iDkLMHhI2VW0fiSF
JcL2DZWLu1UChg+Nkc43+9f8Ao76tjJHdV+IkWfINlKz8cpKthIfOiUSQWYK4Czr
0E3dyUrljIqFyKmZGokQ2QH+kdMmcm2/R+8NwL4s0Y4k1ylB0mZ5+A55t0ESaUVC
8NJtoIMrLz2pyhf2ohXMVepcjvR/Id8vNxSlLFResmIwSo4orTZOnsHBlQqm5hJl
9dr8G0o7n7WVfGbHLlpuPHoKegn1OK5xLbDbAi14HnZIi7/lUnbQHMbFFBjyS5EE
v+SMbI7JU+5zeJc34WLUTm1zll1ZNpFH/76vlP7tUWxYqVUZfKYHOndqS4b1rAs2
IEKSJV5xp91M43nqeO3tWV42uXhRuQq1QYlwHNTJoJ+P/+Pw2g6DODFU2xcWoM89
/QHcZIjC+Er4GM/IcRWI307XWexpxd3SSsvDd1D08HU6DyPts7Yb9zy0bwzDfS1g
wDhifACXUEYnpiTCAbO8Pni+4TMV4tQ25Iugis8IfUiBtqfsEAo/tOHbTIRTWUNN
yh7LS+7TKU0GuvEUP6uoxn0i1tDXtP9vaqgkO+DNFgi8A/Pm98qdTvLtp8mNHlJx
kX+U3+9yxm+HlwtjhU2DgHxBXq8eAtBW3rZj/pM7bFubSNeqbsD086hlxvom7ISa
Rpm7QhoPcrbFYy3rjs2JyQBoRvIAPXX2tYCuKh+Iylq5KztPspGIXXd3Sxv4g1tB
bQRVfmSwLNKo8rEP5vWa/DCVZl1GJoJTIR7vmQvGGkc=
-----END RSA PRIVATE KEY-----

22
ssl/test/axTLS.key_aes256.pem
View file

@ -1,18 +1,12 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,5AA67B48694516B66EECE19E0F3BB048
DEK-Info: AES-256-CBC,22B407B6BE071AC8FEADA8834A3C0FBB
eXbuyN1kJR84JMhFruS9yeJ/WnyD0V6h9w/6fhEcPfxW0HmFqgIk35IE4c4QYazZ
aMC0J1S19Yb4kKnRd7j0+92IDBw3B7zeJKjPDrcRDSo8R8K7O7+6MYwcmJJ/DZlC
yqcaHr3cJEiS4I8NS3EdffffFA37Uf2O4C26b96ewg899YZXmPtai6uOvKbF1A90
aRV4PdCpJdJq0q69VfoSeQ5p//Wokb4RfDGWTNxpgclYr0SK2F8qfITjCNDbqR+E
r+6tRsy9VcHVRjswuewU19HOQNQzaPlIiNaoGBGvOVRHLdE0s8b1Czyh3oeuRAZi
EK/SPEdZ5JMWbtxpKi+rdqFZhW3sGE5T9QItYqAWezScOCcuZw7ivVITWj0HuAJl
YZnkL4CS2qMKfQ7oz/YBAuShDvfl/W1M2YXt8caoYIox8NWnGaifHbk+eP7sQRE3
UMA/71gfz4AOUSKOWTNCen+qeAImyRi++6kFOVyAZnmvGAj1INv76xh6tHP9aDN+
0ROlEMeL+4EyqEeTeRL5+i9xEGtA247hMjtwB6i8SDl2N9RZkIzGOj6GmJpWQhHK
qRSu+PvoDfSHqfHYXof0rtvCuKj6pAhYgKeL5Ycfc0FtJX6gTvErlKWENUrsJxgV
RJNcRbltxcOylmdYP2tUe/PxQCSFcYIzFbQbXJDoZ9hMgJRv086fzn/QWiZEx59o
9r8kKQrYhKjS34Aq13ghFBf/Mr+GKrB8JtO5DnlC4N9AnapVlDgeZn2NmXyVZygA
mcIq5MTJcZzCdX6PdzNVBsttRfYeItN9M8aP5q5YodBfuLXPOvFhV2J7wc5Bgt4i
a9LRlNUJ0oatOOxS4eMMNd3mJLre6llYU8JXnJVFyuNzmh99sgdAFao2xDOoszYj
ZcBUDD5OcZxDIVRNnbsCC7iDXsOdIrBseDmC/qiRouNZ8i2a6Dh7IMTrpToPxNQ6
rfDC1pEf2yUtbK8fefzIKzkXz84igCGrqLCIz1aqW+xjOOoTfXXIZj/LoYueLzag
i8/nasxFQqDFEFskH38dEOMTwiKs1xZh6cUA0sQo8l4IYiwjAsAqPMiNiOdBA6sD
9322LCQwPqqU7ZelTXl8NCWvxX5S5yxV7KYmEV7VeSiPj4/ZlI8t13TTw+2Lu5j0
35Rh18I5iUPsDUV8VaU3df81wQHnWamKFGUAY2imS8X7z1uUiUiycuJipZNSoAHx
3QvISza1zXCqbzs8lI8JQqja+Onope0CeeCBKBo9fuUirI8NsG6EPrnp5IxACPXl
-----END RSA PRIVATE KEY-----

27
ssl/test/axTLS.key_device.pem
View file

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvV0Pomdmpxx7s19ue0itPlPusWrTSwofoWEU141dp7cS9eXc
SnQV5pfvYvvw21HsZHy+xW2cupjQBzvqPtrrqAz4p2E9VHTMuzvDSScj6GU0BUD+
GQ3qthLkXMfh7pJZFN5DYtVqzSE+ufZlYlfBqsT1BON9eRs2fTf6OnMFApx0ANjJ
yFElu2cEf3iif/3Z6PF0iUNtKaDNDVvVBoiRa9mUuj4vxnyH4HmyzThp2bXDLMUO
Viz/WWZs9Nl/QoJduyJZGEii1UM5VS81qQnu2dT1g/E0yPXwtOQUnVgjSMPfW+CA
yJ1XTdSwVDSsyXApyxxtSEYbM81t3GGvmmCf+QIDAQABAoIBAFFO4COvmlgu1r6S
P3IYJqsYhukPIWKbGjHE6ZoUTR5ycWW8KPafGbhFjLhHzYeeiY4sMg27nwxQCSLS
CyaqAX3K9AmKqzbUYAQVCSkj8TscGVYYLgK8Awfi3MMp4Ez78dwQA4cwdAdYOwLG
VYoAfFvC7iIHPB0AHklt+7eVI5WWsYlOIf9aS6+PDVii86GVoCpBE0eNZjE3JJo7
hC0ctcjOqSVZRPC4p5KLFI8QkwyEK3vstyIiQOKSCFbZIn5Wi0+d6A9K96WhwssM
OpmenLv3xgz4zrUkRDbv0cPAU+/e7ZVPCiIbL/Y78qk3lBjUuyztX6fwQ/eDFadw
BS6LcvECgYEA+Nlwgi1Kzcd46xKG7xryI0mYjHO4cbZMsTcB4FQK5xXkGlg6j+WD
NAi/LKDJhaKcBKIYDhYi8tY1ye7JSDmyrPfZ0WvQF8K4yprUAqidNIuwOPMASjTW
CEBgTfMwCATNYNiaQ8eRuTLyknF4I2lrc4Ifby7cYEZrJ6aLGyolvdcCgYEAws4J
rGQS8W1DmzrL9mIDlSUtMFkTWqhx7nvG4lCYWVGpMByiQwf4DRvcqmXhwPr0syaj
qE6nu8G3iuOywSx2qrPX1a6NzeoZZybOSL7poaVmnpxgtS1xXyo1Bdc5ZPPOom1T
apb1QXHIPFVFKsuKsrQvyXfYLFGlQbYh3TGrtq8CgYEAmDqT+95vI0ECNHNp/f0y
4OlVm53y2AUYF1S6Hhvra3/VwVP1xy80uvEa2dcmUEywOplaM8vQ51KpJvWfRkKd
jfg01Eqqys5AsxhR16qEOK+3Rq9InxyBThzrjOPWnyEo7jSy8gG0oGGNSI6HWspT
hB620hINmAub426bLCv1WJMCgYEAkdfBZEAT8o30BH5TfyVIO1v25fB6TfA4Q+yF
LKBcPtqlSPDXBkosClxmq2fVSS5ZDtsJwZMJfsb8C86G4JrSSOCV4VNqtNPjqtdh
rxLHRQ7YsjyvJlVcQHwP8Ex+mrbxZ6djwTQ9b36pA4pvWyfBsiK2eCXyQNPrXjPm
THzIat8CgYAXN7CO+EUKtBil/r3PTj8FpWxvfZiKMbmktiHKD9ntcN3te2hrOWVs
1SmrIzr8/eBIsh7OGS3LUZTb4wKGtY29N6fTHuoA8pYILeRcJALGZnmrsTyFDzGH
iXBSkZ94EXpywxWHAEglow028nQ9UNugKk9SIkpg42u4vrqhRitMqw==
-----END RSA PRIVATE KEY-----

27
ssl/test/axTLS.key_end_chain.pem
View file

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqe
DyUTpdwtzBt8H8/axNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3Y
uRN4Y0i8sn8A1Fbe69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+aj
TB2TnO7UTsjKRrXPv16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzl
I8eTDHZqZJiw8gPg7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOe
DU6wo4/e0Ta5bdZe7apqOBfdDnq3EUnHO1ZQbQIDAQABAoIBADbu47Yse4L7YQ0/
rRfWUfTpMsQgYd0far4P+Cqpeh1r32/Qp4OctFuVkeqaZ3w7PFSjQj1aPMh/ZoGJ
ShxkBus/0dSA1yXNBix1wYNcEb9Mn25GU1I1R4vA2y6DK98FrSl2xwgickhiFQ4W
yiD3huiphq8AcIQLqR679KIL63IF+lMnHmYTrm9/rkGvO/wiW55OMhLvhuR4w7/n
5g+PMBLF4vEqtN6wEpb5f3Q8ugNCG35ykpgBMFWI6FGGmcZkYgux+xnTweZ9+Xol
tBQRrq9cY3/ouIrRX4K30e/EcaJN0eA0Cx9WerEHfYO45BWUJGySsxPab9vk6Qep
uxRnHoECgYEA+uv054HQKGQOZPjgZ9lCqfPB4wQ98T4hNSLgNwAkd85D7UtF6Wb9
GMsEecJ5aPIQjDN6dTT6Nb45AV4e0XWtQFtxHFXP6SKfyIlf0Zcl0cd8Fvt7CX/e
ghZF6ndUxHaWtAltALVwo+Fi6LOgEN7+dsBjkAZf994cZNfqrr6B1s0CgYEA8eqY
u2p/QE7YNfw7naMUKDqgqGzo41IjF915rznYOyuO4hu+zGrL2D+7EeZnLWfSCSxl
t0uowOzDOKkm6XeungMyJFH0DnzhYEgh6K9AXMi3QF0zfgGrh7hhK5wFEt+a4nOY
hIAnqhANqISRhOOd0iT2VIt+igQhEQv8XLjAICECgYAVvkKfmQkfpuP0bfiMJzB2
p6/Ca0iu0fJwt0/0lCeU1iPeuSoaupjuABGoN2jr5iX28DMJWwjfhVdNPgmvnuHf
dM0NZoY4ro5oAzdxYwac8gtXtn0H6rOuVB3E3ohS6e/PNA3lBNP473vxrDcPnzMv
uSYngdXpFa8iMe+dKtb3dQKBgQCAzse56q+Mvy5yODZJ7f4amXTXmP27pA1ZdKyI
90TB5KR0kg9aanbVUsG5ezNuwrvb9I7INPnKl4Yu0ioM35PTQKJfIl/PowChsmaT
rVSY0qp4E+gJ7Lu3TR44CR/Od87RSnln+5CjBV8wXj3ZQxTSQqoCRDABLseoevhJ
Knnp4QKBgEHHHpegaCXl7+kaPzD/qD38iN6AmoAya9ZUxCUH55bDmkTFu1ZGgA6S
87fuXQ2tzwFyOtaxAftPuOkSKMpZYRPJY92SalHA4WyN1pl0MhWMZQiyKOh0QQ7A
yaHjrLn5wPrhHhkpmYu2L1ZNiN+NIFDuD/j+APCX+wqb9otfbfxk
-----END RSA PRIVATE KEY-----

27
ssl/test/axTLS.key_intermediate_ca.pem
View file

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAzhdv9CgZ895+JuF4J5ttgKS8HDKL5uCAYOS2B+o1OkGzYRkS
I+vA41BpPfE8D8P9lgjcbzAOrOvgYHPZneE3Ix1mhlyPwbnXesC48AahbWXeHFJL
u3Hr3EfjIVngptIHF0/FXmLtOjcxLpP/mXyUTX7bm0NMhgEvxAX34fPfgM4r6AwP
YLwxJGl0c4rrb9choDmXp7+72NnjiO/pXzrUkI0VL+fV6U/cT9ro6p6wJYewvfXA
zqV01B76xf+QhYGp6h/HSZQntTQfA2KIp3H7jhaVXgC/CyyZ/fvx1QUAVCy8pMck
Fs7YuLtVuhAOZ1KpeZzaQotwRjTEeRkF99iCxwIDAQABAoIBAFNxi+O4hOGHuV42
tjabKNgIWx2znY+KYJBaqhVET+7ZgS6UPxMKNlwTR7lLvjzH5xnjVpUySQ7cpkmH
Ppo9AN0X31YRjicq/sL12ytcE+o+b5LaA03Oz2euN5leUaZZrYNTyh7wQQrsI96v
D7NujIFgFryjoA0118gvfnEfE+SLW5q4m+n7D4cZ2D1nolDnOo2noLhKhMVWT9jp
UVoa5sO+9/Ap71ElAaet2LawNsKbyjjRuI84544G09zQ+YUfcelADaqtXyYZpSJL
iWrmHasD1w8NfiHB84y2hWHySoiuTBfVBJFfTjg075TaxBwCtDbzzEe0ecDCVGnb
gZfkevECgYEA5+5cUFf9LXt7Cwqc/lnuIUYmX7pvTPVVZbdjEzd1MUvu12p01cRN
QYk4K41LZsQYwDrCk82TFn1+hDbVt27i5r4FPJ9GbkSh4AiqUFDkqpqE/U06ZiUX
JOosU6laI6MmguWbXAAQuv2OwK7xVA0575HdbsEK8LRP2bSTRUYNFjkCgYEA43qb
FaKixVC4KOm8dyNYFHB5oldZW0u4ieemum8B+a9wd2BEG8FdxFw6IuGnKyMQ1BWu
NVwN2wZsHbosmCYxGO7cX4OT37711hdCr4pCGQhQ3gf9eNls4ZjjykZp8EHWQnx8
SYl7sjQMQUjhfqePKwR396IGx4KSrc/l1rxKYP8CgYEAjYPPJ+bIQFw7s30CVeAh
gIQBHh/vkZGQTcQb27nW9AFU9nOqXlSsnvRPJaPNAiNcxs4Ts4OX3/0qmRmsRYSP
RiNjpp24p8eQzdX7tY3mOIKX6saYf4LaIFgSO+n1ahE+ilf296fCjZXw6HjWH2cC
lr710YJQXpZmsnuP8JDRo2ECgYBrasL+5WydZi+ASldPnuYByNb3HO46GTiMDlKB
6Ndy8zBVfqTKwnWnurFNNWc+DHHu5En+Mnjse0zkgLx8IFTA5FI13Ckg18i4jwVT
ZSMvNOkS340G2wz6PrsaEkQGSuCFRsld5Ej/7mn3DhZFO5R0iMipq94tqe/fmbN7
wjAROwKBgHLl/XNhPTI/ed76ZjmCpbCvQlKZeYLhNbTS4lHvKCuniHKQsPz4BxjB
fuVCUDH61yQT7WM31zIMfzQZjx9hTgFYYvnptRWj9zIBlIZJEieX3//flvEJ3Qmd
/tbSoADa/1y+Y58biKkgmM4f4qS9h0AkVe88OCbpm14Xs2u7/4Nu
-----END RSA PRIVATE KEY-----

27
ssl/test/axTLS.key_intermediate_ca2.pem
View file

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAqhp+ySEP4Oods+29nF39auqEmJ/qTUqQCz+9iWyOhp6NU5pJ
2LZiQNxVWIzasFHp9I1cvmf+4fnstMpaFl/TtdCpQnuV+eFIe7alEP6+Pc3YiFrO
zyO0XnqJcZwmmkpr5omvGcx9FbcrKflzfgmn4ZvGIdgtwkA+ZAj6WkpZHGGpzqLY
yAFz86fwANeT4I3a90aGwOEo/on+jvJA+O8KARsFx+yspxrfSZtNVTNWFfQfkIIt
7vOWnevZNAEkMnHxY8jDFq8EACNGDo3r0j+G5imRl8P0hdklpN261OS1hANVM3l2
t2INNN/UkZjJe3/T7RW30A0VZ3Wk/nz3IgKlDwIDAQABAoIBACV6FurrPNtZ2Vd2
DqtvzdCLgNE7klybC+dekLzBTRl9vzdnK9PyQu11XdxXlCr6sSfvKTrOIMrazHr8
hiKd1EAfi9sY7W8TYmvXTsDSz0lAm+9Wym+6txeFudhtBdhCg0lUll6BviFVrM3f
psFjETjUoC9+uH4ut1BE5huUe9OTmOXxupLWdETcHViMc2VrpnDsNKX/lFIMFSo7
3JDVojyTA/xdawJgkksCmQyHLICDvqJrIbLaDKxCfEiMKMyjVqgf9qwR33WAJ73e
ES8XMVtgIce2Zpzx6OITf+gNhS0ekqsxZJ56iiacOVHxpphNKk+BwSj1bBxHLRoo
narBebkCgYEA1BuLsbfr5lXAmGxE4JG1XrOZ7YtTqQNMYzy03s6fndoITqS+YpHk
dtPqM/lQ6qByqLbaPZFVEqecIb9EVRoG1m+9rIkAutiWf/vAWwr7w7yIbFID2YBH
50crmdtbK+1eoml/MkNx2grmgelqtMy5iOzwbPcFzmgXaTBzXvJvZEUCgYEAzU3F
f3QP0xgbrT0iK6138waegsuPaLoBdq+arlZ0LMzuN7T3KTKiNfkJKWbxoaECmu1p
PpJsQpG+0cQxyKU1PK9Pz+9qUXaPf/OsRKTcvpiS2kdBFXLPEgGi2JeSoPZxErYM
WuaqLIM8krYrV0JBRgGv38Pd0u0VaSbQvPx5u0MCgYEAidFoIE6IKf64CJH44w3q
EiGSt8Va06u/+48bWtZY4kEkOq1Sw0tWbltdhu3NRNaCCdvdzDldVKSxjz/vD3i8
zqKGVNAkOEO47mnO35kwY0tiPTfBJpbyoXUeAHeGMvGmFtODgU5PcMS6Z9kZq2aG
e1CxG6waCraZ15BStnPCKx0CgYA2n7Olhp7TPn3WqQZXcq8QdTlleX2tkpfjGTPh
oNUGOnxDTB3a00L/c0QxxNcTdwB3ciVnZZPyXk7UBwxr4zD39XkZzQyPoijqFU5H
cUneWD/yXbT+XO6lTtQiJqn3s7pADTnaUbcDYuOR8XA0pkcxti8yLS3u+e+Ra6ds
MQy+ewKBgDfHrvBhbxyYskxc/xHnSeAZjrKsKoFNmV3/n9XTmms3WAVoCYydIEou
Pm3p5kDiaiTTqLBpxoa4g2tuaEXBJpgLwxq79Jod4PA1bnip45ERRrk4kRROIaFg
eHV6U0+PQTrdFhiJkvK7CgNZVr+NLiS1V1pM3x7xI81nAV9Sv4c5
-----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.noname.p12
View file

Binary file not shown.

BIN
ssl/test/axTLS.unencrypted.p8
View file

Binary file not shown.

22
ssl/test/axTLS.unencrypted_pem.p8
View file

@ -1,16 +1,10 @@
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL0P1EKodIdUqrk6
H4vOvbdl+0A90BGanNyCfOqoF+F08wUOYcHBeIqyuhUiWv+buHouD4i3dN4EmaWi
mVOLrXhaMe28Aeff6ewvoF1T9uaKoMhtQUVjI7PPTlAfKN824nPf1qGzRk9uuw2b
76j5TKVxoYjdB6mGDT/NmSOihHcPAgMBAAECgYAmP+yWq9QfiQ6dONgnBeW2FAjX
/2l4FkrEBhZVtzpVn76G+FjoxUao8O3a1r+IVS3mciksZMldHZskOphAodKvXKsj
5DPQ6mBS53qec18ugNHcb0cPl4A20jAH3dbXFYkrdNV+irxjQgryMSm/+fnwiI+K
wiJuFSa3XltYRBw7eQJBAOHxsuXIgJNAUHQU3bLyJ1wMPcBf7pxFbBMA39DZg/qQ
LITyqsLd+88DQYgQxrtet7Yuph2quvtKctiarYgNahUCQQDWNiPzXXfI00nBk/7K
Deub2r1HKHOXoFDXTCTfmws3rsMxtU9iCMrl75d7Q6DaKx+/qAiT0hYciZnx3ybR
QpmTAkEAsUHkft8g9+Tx+U/Rai0N8ensnDrmwJS6J+J8tKWhI/bt5lNW4lAy2AKO
68d1kdPKPtQ0IHwr+y86EHKxB1a2zQJAHjvyAw10NLItvNbIpXglgw/ymzKIbiRA
hMLIiY72nFtcTY3LsIiRKrcQaGN5NpHTn1d2Lnb+i/SX992JOwvtZQJBALmvvwnJ
kCbzcou/s3znb29bo5W4ngO5z6BTujLB062Fu3lICdY/nNk3kRENBNU7ynRdHJGN
PfH4+b4117JTUB0=
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAyMpdTru2uDnqTsuE
bm/leGxROlUUjlk6lxq3+vLdaG0lLqreWcHe8ZDif9TjsXvJdVMikMnRnG/aGb/Q
t+50FwIDAQABAkAkOd57xgJBWrGbZbyO8EFGaMR+8bqztAWOHZP0Ar1PiY+y9rnk
e4+dF57VaCQhUUsIHbDL7F4qphRq1P8tzLUBAiEA7i+ZxsguJ6+Wycd7DdJlyz6a
MlMyWC3T/TJTPTfD4UkCIQDXzsauXM3TIUHkedhqn+vPPoBHrNodIk5JT9ZctOkK
XwIgOTOPT7DlfLxrjxvsDn632Z64M1vNnGWtIoKCgRIyZZkCIQCw/NBM56eV48ya
iKNIrudCDExAfC5VfnEeBvATD/ufmQIhAOmLUZvYIMe7v398vqRxD0MR8YxP2L2V
D5s2KCBigvi7
-----END PRIVATE KEY-----

BIN
ssl/test/axTLS.withCA.p12
View file

Binary file not shown.

BIN
ssl/test/axTLS.withoutCA.p12
View file

Binary file not shown.

BIN
ssl/test/axTLS.x509_1024.cer
View file

Binary file not shown.

23
ssl/test/axTLS.x509_1024.pem
View file

@ -1,15 +1,12 @@
-----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/LnxTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAMuA8biHmpvS4EJ+K5guETizlFMpWgT/ALKM5iSTOr0cuGWKy
5HaRJbzhqO5qaDp3ubJilwwlPF4TSIeAo5HZLuaSKxxSJLF3xvbe2JvZVzdWaBcy
ZgEIOAiawYxeP+fJRMtiuUjHiab/jn094UYynBMGmtEXqz+pkAQzLT+BCqVVzraV
VK3xT6LKw/Yle3HSaIXpcraZNG3lX/Z0HLmi2isE/4LFCQTEuryCPrRyGI4waEhK
Dac9tfRCOpdgfahhip6YxH5lmep+ynXn2yFdznxmPX7cFP5VBJeoZBK0tTBIcrzb
61tPpvuHAUGR7JiY8Us4okDxBZC7m12WsSJrUA==
MIIB1zCCAUACCQCrCBinAwcn/TANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
MjYyMjMzMzlaFw0yNDA5MDMyMjMzMzlaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAzf2JSL42uZV21BMwDr+y7WcKwBY/UQmdKS+ybT8+bC+QgKFx3744xcupmkAU
kAr5twcL4drnCb8NV0GGYKHBJ5FbCphGG/aihPhlx84tlheqkfhhBFBw67RDt9ya
zDEBFNTNzMI3bWmC1sbEvvI0pcmmGVMyeoYOkYIPoUJUqgECAwEAATANBgkqhkiG
9w0BAQUFAAOBgQBAtJSaqIlyHQfls2uIIcI4Np56jElIaAwG6NsfTgXmMeP95g1r
2BMX4C0NuH7LIGyoc6f946f68wJgeB8TQEXudfUQ/Y9odNSsrgQJVSzb2AcHZWkn
br9eYUBWi9czO/9uU36dP8BAOqugUE6AR0YNHttM8RtdPCpUp036e3JmxQ==
-----END CERTIFICATE-----

15
ssl/test/axTLS.x509_1024_sha256.pem
View file

@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/LnxjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
9w0BAQsFAAOCAQEAbpbFPGnc74yvFgxKiNGA8+9azns10+KionRirc6g/1X1zBnJ
7vBXW9aXwUr2y9G3jnmX82eut0YnaJ3xlU5rp2NbGSH43fQd/OvWC+6yDFBeHfJG
JqbyP9oBkrUSuaXO/svsGUr8z1YVnxvtN7A1NGt+xQmgTyNq2QWg3MSQQwVtNsQt
84mQqU0BmmyRyi14LOCi2dHxjduXFVgHIcM6XzVL8lxQ1oaabA1mP5u8dzH+n+sT
uVDMmn6ABDZsnnCo9i7WidPI8pfJ4k6xR5l0wUdcOQeY8ynwUmILBt7lhKhxtAIG
j9SHuiQYstmr5+6wIBv6LRwjuXNDEwcqdT+o1g==
-----END CERTIFICATE-----

15
ssl/test/axTLS.x509_1024_sha384.pem
View file

@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/LnxzANBgkqhkiG9w0BAQwFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
9w0BAQwFAAOCAQEAcVYgGWa/OFtWSpsH55h4iHan1Hj8WMzhvczirWDP8EaG3N1P
WVo7LQdfhs9OvQwLlacAym3eawwsMe7ODU6Iq2vsbajeKMuF0jb5teghb7dMIiIW
UIy3zRe9pmOZZpIcwJfuzTMTXMq+UksNfSzgB8mGqnIj+4D3UPXce5KYMvxzAjYU
HAAFR9+ZkTdpratH/qFlk14DJ4CKlH69/RUpekkXcn3lk1DutfQ15kaTnaFObTUs
HvGr2pX5PsofeR7DW4NStIMbOwMvTby6thCw8zImI2yyouCv+LkilGxmxEMAV85X
ZKu5dNZXbJwfOFjkmHEtDfmISsdl8NoQxyz55A==
-----END CERTIFICATE-----

15
ssl/test/axTLS.x509_1024_sha512.pem
View file

@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/LnyDANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
9w0BAQ0FAAOCAQEAbrG+mMdCorMaq6VHQC071CdXzqdUGFgXM/qpVjNo3tKjqUbD
73FJOYYoSgXO7aJPebraaZTdSpgHO2vdJrifUjrJg+2RKDwIzCP853fgi3Nm4n+R
7uDsd6K/cj4xvcnhIdmQZC3TPIJFujjbMy0Tw9EQ5Zoz5rNwR0Oy++HtWoULOjTe
xsVsagshFaGajLF6RXoH+caKHIi4HANlWwJvHCBpqQYUyhUCAHUm9Pdo0+h7Viuj
evzm3SPr5rOisE8xTDU4WPOhwel3lggZWfh6nbDG7+1sWmT4qTtAkv3V1m1o1h+8
4TeJUOV9QHm88a2UUqWIZocaLxPYB6NThoBNVg==
-----END CERTIFICATE-----

BIN
ssl/test/axTLS.x509_1042.cer Normal file
View file

Binary file not shown.

12
ssl/test/axTLS.x509_1042.pem Normal file
View file

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIB2TCCAUICCQCrCBinAwcn/jANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
MjYyMjMzNDBaFw0yNDA5MDMyMjMzNDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsC
gYMDUYXtMubODhuyrWhYD7fomF6ZQMdjvQSYQIEEzdP0NsZq6a3wM1k6dMB1hmMs
GbT5jNfen3JdhL2s8AQ4rio6HJD3RCegOKr9Rt2r62MvWFSMflc6X4bH+bFxsnIV
jW6D+FLSeVPeVxpB0BVIQv2qSFNrTDlYbKU/RtGDx+TfgM354QIDAQABMA0GCSqG
SIb3DQEBBQUAA4GBAIEoXdKa4a2ThBYfcfAO8CCwnU4qUKOpAut3k3XSRdwOnQrG
epJ3UP1OpoMeoN2gtagcjcTzhXv/QPYbx5lRko5QfERFJwpNthy+Z8pa11JNY1dX
YugRs4Ad1BoKrCBYnm/QE7ZKVPEGFt2b/geFAW8HpndNWzn2PnTcdDQ/tC2X
-----END CERTIFICATE-----

BIN
ssl/test/axTLS.x509_2048.cer
View file

Binary file not shown.

29
ssl/test/axTLS.x509_2048.pem
View file

@ -1,18 +1,15 @@
-----BEGIN CERTIFICATE-----
MIIC3DCCAcQCCQClKsh4h/LnyTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAPladjynJXGaCmdzonEGTQOF6RmWw/ehmrG+ROur6DD7m+5fspZ+gPQm
L3gZ2tIv3EB0QsKWLs82x0IDowAMO63L3oiKpvJyTMQPARTTCQh79JJw5UU9x9vM
aE7dPGfzAnwmMjl6FbCTkugUjknRVcs4X1OpwInuYrJGJ5innJoWGhZveEvFliTD
YBL8Mz8oXZhOK6alAR0Urt8z4B1J0USDn7ouSnWRsyqWgvotRp+fDDguFi/JILhD
AwhJEA+s8RatD1+RgYLvs1aghQcl+7KMWQdNuxbJiVDeljaKN4Ufx9UFfEXV74DG
09NMsphJ2FX5/WS+510oSiO9D4uWNdUCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
HKqK24TYW7NvGoIifLaFyaSwAQV/OODpiZmTie3X5RBHR34v9fnBk5qnBf7EZEfC
uMg/mdMQm2Fst4uBzx9q8PltfcmCaX+/1M0F5nzhEszJ3cDevMBexNl7Q4nfYNTN
QShJyhSgr9cQ/K48k9IA64RRcRP9DWtSNzt0zzA4UCqlkBvKd6TdcC+rAzOigdhT
z0e1a9KVfKSxtXxyCAQZyKdsfWlhVyXPWd2urd8IfLfHdiFMKwyyreCCc4tCDjcA
QcJkv2bfL8Cb4cUd2vtI8kic9zUBFaOWyz9tOicGG2k3SBjN99iQfBAsqbHjtGnj
+dKbDCxXy4udsNINgfE3aA==
MIICWzCCAcQCCQCrCBinAwcn/zANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
MjYyMjMzNDBaFw0yNDA5MDMyMjMzNDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAKWgulghnDyduQE0oEn5PgUqoW/gnHB8D83dumyQU+KaNUQhmkcX16w6
jZt/1IQaqJd5dGyGt/zR6r9pZt54DNXrCZ8JgVk58gToqaUhNNoRIeUiYj/scqP3
pZiBYjVPM+jl1RirIttS191JoiqFhr4OdkOkPEwV1FLyh7s3v9OHAoS8m3U3cbD4
5tZUwLEFSgEKsBMYUrE03i6RjwHK1sNGbJ1Jwv6eWlGLqYnlGI1TgoZrx5SeZ/2R
ii1jXKv2TiKLrSuSe+WlwebSK2u8/sRiQ8F6FZI2vVt2S6FjHLgZPijjusxb6XRl
v+AsfmR6k3xnmKRVgqIvvl4PMlUWiy0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQAY
uw++Zz6+68dQvmd9MiHeYZxVsajDJ0RVEiV9V/TFLsGmJXmtHHX0vVjZJSpDomWJ
WKPZu/HvR6KrtOtz+HM2ap5FFfPcg5LA2Dqau2tvTub1KdvDSbfaTqRsh1cQ8FQI
222gV/DG5AZ8AlSuDzTgrMuIeWjKZ6hhkirZVIO+rg==
-----END CERTIFICATE-----

BIN
ssl/test/axTLS.x509_4096.cer
View file

Binary file not shown.

39
ssl/test/axTLS.x509_4096.pem
View file

@ -1,23 +1,20 @@
-----BEGIN CERTIFICATE-----
MIID3DCCAsQCCQClKsh4h/LnyjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
AgoCggIBAMAKTqPX9LMlyPA5hJD/PHhwoGWfBbpnCAnKnBXtDssEfVLF1HUITKin
zC4vFpXKPqzahXA37DcgJZQg4qvPXaf2jY94pwlQKF52ibomUOnV/VLQUVRFvXK/
8+kY4K2UPfjJGzsfjF1XeOCPIxFlbltqCtXkM1PhVG9dnY+OZk2i6S+gcV3Fxgu3
tiknju+YlsIrTMhpiUIq1fH7bVDWulXyru4rMREs+Y2lJrkrDGSJeh45vysZmcZA
bhb9WZtipCqiLVf1qkGAq54IpdSOcyS4x1hTYwOt+FOt8lmaOS1kGPKaecMtLLQv
O8iQ+9K7LM45t83o7VwFYqZtu/hlntWyiOlAFX8ht8vmxACjhnPW+lKVCe4kT3d9
g62Qidcbm1Vty8foCuWCC7H+30AETwG3NSm7idhidr/YoSDc5Ksk+jehSZ7PwXGZ
xwF5PiqK0tN8QzICPwjChI6HOWIxWPYqDlL77aXoNpG9FVKrwBzpuIvg1H+aUPNr
h9erR1ZNmMmajVjVbvHG2LCwChWD7crq/RDtk3ioQiPrwI5eRTcN00AI8tTeD+6J
Q6SYdVZMeatn22kLyKtRzKL0phiirzm144wKKpcFWogrpJK/3Y1dU3rtSU+dGj+7
agjjqwWAWlhztSDgesRTkn6QJLmVX+IKh7Jdo04i2Osw4ZGnyYKBAgMBAAEwDQYJ
KoZIhvcNAQEFBQADggEBABPkfLZVIJ5z5cIhmiN5yqjMKotzGMwi7ihiPx8YSgBc
2grI7Aqyojn/gPBTvKXGRYCGC7aXIBo69RlbnZy0VW1fLqoNo8y6+zLiryCtxsv6
3orQmHslh2WofzzhkNyazT3WoGvzV4qhzK5KU7vkrFpHcwiLFRglBMP4ruoOq8jY
4wKDrP3FpgaSpY4NOm7ro7LiYzmVcj6A9Gci6mm55er6ZGX0yI9O1FXOZCxABPJF
kDEAk4GQScbaEDBZWjFAhkmdwYnE3n6usPnURwp08vDRkd4bGdrMT2KtP5ASNigQ
vEaYj2pQJLS8Eljwc6nEBeGrZ14fGXXaVh+p9TKrpM8=
MIIDWzCCAsQCCQCrCBinAwcoADANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
MjYyMjMzNDFaFw0yNDA5MDMyMjMzNDFaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
AgoCggIBAKOYAobI/sEAa0jY3Wnh2UBTQbKzLIEF0/PuVOehqtnXZ1T+7LPTuks8
ijWm+OXN/uvLg0YZQDpOtjut7Jog6X3PDr1fnGCZB9ByzUqVDCC3OtY3Vlp8ax0b
x0JuQ65ZHP7PlQn+2DDcmzsymooHXWdajCOb7TXdZCt48fau9fE/1pp4+Z0sKUiu
bld/ihm5IgbmwSbRWrbHzZJ3MavMCHMKwCvCUDMU1s4Vek+DxZta3ApKPB5aQrW9
fupNT01XEJkQBjpO8m8zPrcXQWKU0m2Ylj+7KXobNw+YuFgoZRhJLEdUaGN/RUVU
pjdTZ8A6rCquiOMg1SaVm1pCP4zDk2wYrklfHSM/I9CZxBoixWEmYcVNAxREcm5Q
LmLWhvE8PTL5MoOhkaOAn37NFtzqjfSHoTMMmXzqFjV1tKZJstQ+/vc61IKp5CcK
e6vPZfZH/t7Zx9h/7rgQQmwYfDRbv0GIKwTwFI5hxH9XipPQpS0CvOU/SemhqSVY
9MdVZtv75Wq7Oagcd00qwvgSoNhVUKEym2zeckkt2ukcllohpLr5H7xRSlk1vXfJ
aXh9Yr1zxr1FWeSzlv9lu6VAFd7RV++i0fj99FnjgWMFUHvfXVExCS+jnD1VzfqW
Hc1arikSZ1C1OaTL3eEDyC0RyPfRwCFWk4onUbaUbJgEegk1UQkBAgMBAAEwDQYJ
KoZIhvcNAQEEBQADgYEAihEFhLAmC2H+wWMajxFOuGnKwIACS2XZiYX24/8wNUbJ
CvE/iTv170ZPnT16Asfrc+PJWdVPU3j72bllHjKHtihgBoSCGceK2rN5I/vgVzm6
EbMBJBZVch8FHLNHqR0GXEtge1k8B4mI6rL3f9ZjmCkYgG9Ii7b8o3s2NT1e4E4=
-----END CERTIFICATE-----

BIN
ssl/test/axTLS.x509_512.cer Normal file
View file

Binary file not shown.

11
ssl/test/axTLS.x509_512.pem Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBkjCB/AIJAKsIGKcDByf8MA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
NjIyMzMzOFoXDTI0MDkwMzIyMzMzOFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjK
XU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB3vGQ4n/U47F7yXVT
IpDJ0Zxv2hm/0LfudBcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAblnZaFNsGtBkI
K9rqJqB1HX4ty2lU8ALFvOfBdiUHXTjt0UAChirMdr96ELZutPic4P3Spe6oa7Ay
YEuqS9I6/TN3iEHeBkG7tYRpfmUeFuZl8EqzWbLmQsMhNj0CE86utPOnkygYRYIK
PRUw3ZLDlmePKJOZ3LC7kKBBNrKYgw==
-----END CERTIFICATE-----

22
ssl/test/axTLS.x509_aes128.pem
View file

@ -1,15 +1,11 @@
-----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/Ln0DANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEA8k4Lr67fner/JtPfbCJe9+RMyq4ErKmXDlxQnXDEcvn/7Mw/CcNQXDPDRTN2
/pw0Cwb45Pgv0bqTAFPK2sWhp68QMiuyl+lIUGSrgXX69nW7B2cAp4YSNW55M8SQ
EISL3QOkzl1oHW3iuxxGeuCGuVv0i4gRxhQ1XkHdoGOc4G0CAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAPbTh7YlIYA/XOKC1Laf0SQ0HQU4hC9rd1IowBIyKYT5YlKVM
VIrmqN7B3ytUZbP3eL9ZO63G5NHmGk/i+RpxF+O0oX09uhIPWHlupZ1LeEHDwsSG
5OjZ1scU0bbIX/aBNPDL8hU7/TSTtL7NY9939cHE5LVwdSuOqndXl5nPFKxyJjfB
npworzs+UUwXLAcJSRHTruyRf6fvSfl1NdMabWiR/L7+tzDV0842+HwUsJLUlWFv
osK0avS8ER8PrFMRnKqGIK416B38ZMjn65G/J5v1j/RSHDAWjp+SYAFHaxiU0gEk
WOAZlVmG1vVlFk/ubTJ/vd+RAk0QYI+THgwlbQ==
MIIBkjCB/AIJAKsIGKcDBygCMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
NjIyMzM0M1oXDTI0MDkwMzIyMzM0M1owLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALll
NkpkyLOhA5d2ys+edm5yNrkFg/vq++Uu6BXJEqvto7UabK624NzvI9APboEMbHVJ
gceP8Gc05uj6rnldy+sCAwEAATANBgkqhkiG9w0BAQUFAAOBgQApsgHtuktgEuwC
kWRG4e4wIRcWl6E1SN6tW0vtGU+KGXtAxXHikIfK/0krnfQMKfHGV4Rhj689X1j5
CoYYBZduyc/hJuCMhwwEqELrSQ60Rv33tZniYZ/iYDQEoE//q4cvwG/sK830w9wx
/5Dm3eR7kLXGtzHeVUnUWKGv4FILNw==
-----END CERTIFICATE-----

22
ssl/test/axTLS.x509_aes256.pem
View file

@ -1,15 +1,11 @@
-----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/Ln0TANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqn/ZBpw3WLD87W/rVp8rdvg2yoml5CSMfePkcXKCfbWMAkZOJJtMupPoMFC9
CbQ5EUmSV47BHGTh0xnQK/4s4bc6lPVtkK7dJtFfonCsiTErW0p6z0q7tQfWFEd3
NGNFv/qVIsB0hJDOJn8x30wYWCOY+gC+53KJzRVcRMoM75sCAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAqI4YkmyznQ9lE0+2cSkRX7ELJeKGedGFCCKJZaee5k9R4PBc
fg97WsEMARSl2WLzAkK3rjSQWslbRxb/u1NYhd2uBdrYGIMXgPyBIjV7sSoI0TkC
3muhke+W2yZsVp55DoJpfsX9dIfzbM0ICbaD509xuClfraIafO/6VLrw/+BzTTVM
DECTo1dCheYYXyOJPgdgdcABKKb3WkTLJPkV6SCK0D8xAHpTRR8AtT0xu60JDRoq
wcKZie02AXOgg3mEQPdvmVDb+cgOL2Cb/nyraS2OVKPRTZfQfvhve0mU3DN/TVDB
7N9bVd1WNst+bsNIE0SbnYiF/oSdnHGNQxaLGA==
MIIBkjCB/AIJAKsIGKcDBygDMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
NjIyMzM0M1oXDTI0MDkwMzIyMzM0M1owLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKwr
ugc8AhMAcq/BiZYLgyKL9mAWBHDJxuUGS/NHE2WDdMOVE1Tf1Ame4onsYVTorN0Y
/3Emj8/WBcBpqmRxHtUCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBr2uCTrm9d9x4B
MIak3R+RxRUb3920uhASV8PMZ0vYXW2qPnHKAol8ZK2p5ywTzPPRjlTQpF65y9aM
K3wFRR7hjBfbf9qzr5jwh3p658OoXSQ9hR0KxvgeDWvnLZRJAAebl/4FE1XV0HZ8
qhFk5fMnD5nabFdq4FK6pWQjUZjMmw==
-----END CERTIFICATE-----

22
ssl/test/axTLS.x509_bad_after.pem
View file

@ -1,15 +1,11 @@
-----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/Ln0zANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjhaFw0xNTEyMzEyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAqk3O/LBqyketDzFqMe7L8nqmM/crpmjZ93KEwhrc7uRKJgXm
CjfTSm7D43l4xbz/NbHnNvSFnblFoioAQP23opotJV/WutmrGCIjpidLc682GvcP
DvhlOTAqoVFFWmjL6gj2iKEtIUzxCMI7K/h/znQvk/NrsfvOF0uZtpMoLqqo4o3Y
V2vogbTEPpr77952JMpsLvJYatwiYo8G7Pc8qdl86mk3tx1Kqn/Pl9CgMgj8tgFi
tcBRFePe3WvAiK7vnSqz7H4NUXrcv0RTA7f/bUXNWoRUI98GbYKVpxgIY7uFmLF8
0jb92pWMlA9Ps0fAdMKs98c7dIaJi0buM5Mtuw==
MIIBkjCB/AIJAKsIGKcDBygFMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
NjIyMzM0NFoXDTA5MTIyNjIyMzM0NFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjK
XU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB3vGQ4n/U47F7yXVT
IpDJ0Zxv2hm/0LfudBcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCdnukuKxxoJB14
jBVwv4fZLffn3b/GT2LrjLCtk9/mQv9ECbHxOZ9ZOGtFCkkMIP6lnzrng/U/fTT4
hMdxCCEljxUA7zdCvvLjNgYYW4B4BiEwOokG33fIGM/6dpVrybxJ4Z225AvKAkU9
p8h6yItFqR4/SMYqZLzsr75PlCKyIw==
-----END CERTIFICATE-----

22
ssl/test/axTLS.x509_bad_before.pem
View file

@ -1,15 +1,11 @@
-----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/Ln0jANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDEy
MzExNDAwMDBaFw0yNTEyMzExNDAwMDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEALWtzVdl7s7NHPKslDc0NN2N/kqd8V5Ug93s9POLPQV6Cq7fH
WPzxdU/IcLwocngqDzYEADlKJL1prRIP7IEtclRW109kVf5ge4waL7BIFogX0iII
WzjSlLTdYFo6ZK/oxwg86+zVA9UbkWbvQwSGE60Hqr8GEaqon09CxYUpFTtOq7qZ
Ikjjf1Rz/t1AAGXoN2Yls1hm2ONYFuxQq+dBME0sSL7hdhwFoOi/u3Q0QXmg4Z1Y
xe0J3Pg1mt5nsh4cY0QDNZdSbZz1p4jVY5RxQsoYzgyVYQWBeDJGKs2RN8o1CFko
EMQ4Bq65fSUs5hPnYGl4iibWmQQgAWkasKZwaw==
MIIBkjCB/AIJAKsIGKcDBygEMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTIz
MTE0MDAwMFoXDTI1MTIzMTE0MDAwMFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjK
XU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB3vGQ4n/U47F7yXVT
IpDJ0Zxv2hm/0LfudBcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCMgBB+4M4ud6Zf
kZgxFB+upuKhRkXD+6Am2N+XGvJzsB8CsZ4jMxPczgZwrMTPKxm/bCbX7ftLwtps
77eyjihTCE3WzFZMEwT+mY28Cn0B7FkovrLvKEXQROfyDwkt7HWBGJEuSO6JAdAa
0mesxjwqjiLmmBoY5BLtfc1CGa8muw==
-----END CERTIFICATE-----

BIN
ssl/test/axTLS.x509_device.cer
View file

Binary file not shown.

50
ssl/test/axTLS.x509_device.pem
View file

@ -1,34 +1,24 @@
-----BEGIN CERTIFICATE-----
MIICUjCCAbsCCQClKsh4h/LnyzANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTYxMjMwMjEwNDI3
WhcNMzAwOTA4MjEwNDI3WjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
ZSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1d
D6JnZqcce7NfbntIrT5T7rFq00sKH6FhFNeNXae3EvXl3Ep0FeaX72L78NtR7GR8
vsVtnLqY0Ac76j7a66gM+KdhPVR0zLs7w0knI+hlNAVA/hkN6rYS5FzH4e6SWRTe
Q2LVas0hPrn2ZWJXwarE9QTjfXkbNn03+jpzBQKcdADYychRJbtnBH94on/92ejx
dIlDbSmgzQ1b1QaIkWvZlLo+L8Z8h+B5ss04adm1wyzFDlYs/1lmbPTZf0KCXbsi
WRhIotVDOVUvNakJ7tnU9YPxNMj18LTkFJ1YI0jD31vggMidV03UsFQ0rMlwKcsc
bUhGGzPNbdxhr5pgn/kCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBX+beg1jGMSqQd
6Q/d07mQCLuEwmXmmz7hc0lgp6IumjsxulO2xLiotXie7e3GIRAVgJsd6ysRJKim
IioOMxcwUMWw0CcqjcwqorczJjsqzW99dzCd3NcDiDxx+7Pye58D8qOLHGtafC9n
TjQELV6dNIUX5IfH/18jAkPEmFcOUg==
MIIBjTCCATcCCQCrCBinAwcoATANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwkxMjcuMC4wLjEwHhcNMTAxMjI2MjIzMzQy
WhcNMjQwOTAzMjIzMzQyWjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
ZSBDZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx9iw2v0K
zlzix7KiwmskWLO+KpVpZPci07SCVcbpgSTaONE8BvIPkqui4bWQQA+7WWjPV44C
ItYhY3NXigCxWhCqc0+aUvRzNJiuPG4MDuA1dIG7wrdS5cHxAtRJF4KDA7pmcBdG
6aCpXSyvWsqerFzmHu3XAXPAlYzoqs1Qg6MCAwEAATANBgkqhkiG9w0BAQUFAANB
ALx4Z9moVhA05QsUrMiyy/+NCiFhaOtZfe6kElJoAl4B1EcGQor8ozE3cFuLOLeQ
YuAX5YpbpxuafYbzw1AdAU8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB
AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
b5kxOvfGlM4E6v+lMSw/HDrI
MIIB3zCCAUgCCQD76Ccq3Co3qjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
MjYyMjMzMzdaFw0yNDA5MDMyMjMzMzdaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQCfxX6VHEhZNsMIqPPxt53h1UpfX1jU7ctqwBR4dpWRj3H6cCBN
EK8xj7IVcBTJq6vcMRDwrAUrElSIZl8Kv6+ZqhTss2j+E2tfzkzehP9LcAdAR+UM
JPBsYXic/+vmH5JCMO7CXLUsDJmO2q2Z1TjTtchu2DgAueTo0hWRtMvbMwIDAQAB
MA0GCSqGSIb3DQEBBQUAA4GBABoJU0aQMTocVLNbcY4tbfqLck2oAn/OVjG0p/8p
GIJzlVKOtZ76ZkqHIbcXNKNlgjXy+4S3R+6+mkYcn0JVbVg7eN0tsDlMB04YyFaD
95D47KEzmDky4Yj2nqI4SmvVTf2lyYxV1zknrFUXND+WvjGxge3gpJxtMoTGE5E0
Jc3F
-----END CERTIFICATE-----

19
ssl/test/axTLS.x509_end_chain.pem
View file

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDJDCCAgygAwIBAgIJAKUqyHiH8ufOMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
OFoXDTMwMDkwODIxMDQyOFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVjdDESMBAG
A1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqeDyUTpdwtzBt8H8/a
xNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3YuRN4Y0i8sn8A1Fbe
69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+ajTB2TnO7UTsjKRrXP
v16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzlI8eTDHZqZJiw8gPg
7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOeDU6wo4/e0Ta5bdZe
7apqOBfdDnq3EUnHO1ZQbQIDAQABo00wSzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
/wQEAwIF4DArBgNVHREEJDAigg93d3cuZXhhbXBsZS5uZXSCD3d3dy5leGFtcGxl
Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAbPQ1Y205Ricl1K2ByVa2RHJyYGP0Qj+H
5mWj4A92N1vAb6uOrliqFYOClYINGsKKC8YDZdyA4c8ZglCKZ2RePwOSdaWIw7wi
Efhysyq3WLSlo5jEcnkO7o5dV/7V7FX/+65UEXu35ZqaE8ZY++eotmLzccnInYP3
1e4oaF5hyZIHVNCXnywNvchSkXjN0HhvIpeLTyzC5MQkQMMEOi8EBOgTGAo4UvL9
eau3YhhpvfnCDlrRB6N79RcTLmJyOj5g1YO/9wn/du+EMwEkKUg5QJHzwUB2+ISp
57JjKh2BQt0g/XJfRugHQcNtjUu73Ziexpl0qaXjNjb8mvsuV9RX0g==
-----END CERTIFICATE-----

19
ssl/test/axTLS.x509_end_chain_bad.pem
View file

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDJjCCAg6gAwIBAgIJAKUqyHiH8ufPMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV
BAoTH2F4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIDIgQ0EwHhcNMTYxMjMwMjEw
NDI4WhcNMzAwOTA4MjEwNDI4WjAsMRYwFAYDVQQKEw1heFRMUyBQcm9qZWN0MRIw
EAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDtHhLvmPll+SevNuwC9SepL33sU2TnjmwajRitoNDsJ4lcap4PJROl3C3MG3wf
z9rE0/UEV2A0RacXULUddVuGpbGrXoiVqSpliRiV0ckw9CAVrdi5E3hjSLyyfwDU
Vt7r0P//nslmvXC36rEAlZafRqc8ZeZHQeU7QC3UAJCQoZIT5qNMHZOc7tROyMpG
tc+/XoV1ZNeQlNUdR1W4Czoh+AAqS9BDnMDwPoheCNaxOhZ0XOUjx5MMdmpkmLDy
A+DvEbSN6k30lTTklFzg127N5WP/RZPS12KU7SNA//7wWCKR054NTrCjj97RNrlt
1l7tqmo4F90OercRScc7VlBtAgMBAAGjTTBLMAwGA1UdEwEB/wQCMAAwDgYDVR0P
AQH/BAQDAgXgMCsGA1UdEQQkMCKCD3d3dy5leGFtcGxlLm5ldIIPd3d3LmV4YW1w
bGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBGJydzARx5fNYprptRG9c3pqecGKlX
ArxbLe+K+83wS427HnWONnuZ5LJKGkuXjIeh1G/2AfKYXJz/SMN0IPYY3ro5Lt1Z
GOPyn01qcj6OkfyiUPCDIsVFS9V0TVLTBLTMZFa1j6nMHs8Ajmm10Fkf/NQP/CVk
zEgoktjb+wLqw1iPUGqkVepVtp3wg7VQY6E07SliNp/06Q3ue6xLJnYlKqFhUQf7
064JyRIH9W/C2WnxWbKRBjsE4gCRnMvKQrCrfR64VohCr6XvygIIufwCG/CLJogn
4OJMqz1oDkABPgSgjNhOdwnt+3dvxbjQBiRy1ERfNAJLo+V6x6aO1Gqz
-----END CERTIFICATE-----

19
ssl/test/axTLS.x509_intermediate_ca.pem
View file

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
+innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
2L3MUIVn
-----END CERTIFICATE-----

37
ssl/test/axTLS.x509_intermediate_ca2.pem
View file

@ -1,37 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIC+TCCAeGgAwIBAgIJAKUqyHiH8ufNMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
N1oXDTMwMDkwODIxMDQyN1owKjEoMCYGA1UEChMfYXhUTFMgUHJvamVjdCBJbnRl
cm1lZGlhdGUgMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoa
fskhD+DqHbPtvZxd/WrqhJif6k1KkAs/vYlsjoaejVOaSdi2YkDcVViM2rBR6fSN
XL5n/uH57LTKWhZf07XQqUJ7lfnhSHu2pRD+vj3N2Ihazs8jtF56iXGcJppKa+aJ
rxnMfRW3Kyn5c34Jp+GbxiHYLcJAPmQI+lpKWRxhqc6i2MgBc/On8ADXk+CN2vdG
hsDhKP6J/o7yQPjvCgEbBcfsrKca30mbTVUzVhX0H5CCLe7zlp3r2TQBJDJx8WPI
wxavBAAjRg6N69I/huYpkZfD9IXZJaTdutTktYQDVTN5drdiDTTf1JGYyXt/0+0V
t9ANFWd1pP589yICpQ8CAwEAAaMkMCIwEgYDVR0TAQH/BAgwBgEB/wIBCjAMBgNV
HQ8EBQMDBwWAMA0GCSqGSIb3DQEBCwUAA4IBAQBNWDjqxlO0BwMdyxfUs1wDsLiq
4hOmUFwCv8TuTFsL9aNe7OIJRT8IF2pHw07qyvAxJVEWUCLK/KLq0HrRTzRZO/tK
eNroHMHS+fBwFuHFp+1RGMK2rHLajxVVB6X0aeLWKrNKrvUQZL+Tx+NZ3dEO62rq
rANnElCrnyI1bIBKwHdUbOMOHeZAECr7H0KfvaX8F67aln4IwPzCauQM3DFf9h9Z
FvmxUdVgjRZK4e5he9k4gT/Faom0z/ApnW4DJRF8rpCPWqN872aNpL8NPZuOFtiD
Gzg5O4wJYx7OWIPa/qcQ0hTbn5waPzC68X448tlJTPiwyeKsYT3JwWqLi6o5
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
+innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
2L3MUIVn
-----END CERTIFICATE-----

176
ssl/test/make_certs.sh
View file

@ -1,7 +1,7 @@
#!/bin/sh
#
# Copyright (c) 2007-2016, Cameron Rich
# Copyright (c) 2007, Cameron Rich
#
# All rights reserved.
#
@ -39,36 +39,21 @@ PROJECT_NAME="axTLS Project"
# Generate the openssl configuration files.
cat > ca_cert.conf << EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
req_extensions = v3_ca
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
O = $PROJECT_NAME Dodgy Certificate Authority
[ v3_ca ]
basicConstraints = critical, CA:true
keyUsage = critical, cRLSign, keyCertSign, digitalSignature
EOF
cat > certs.conf << EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
req_extensions = v3_usr_cert
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
O = $PROJECT_NAME
CN = localhost
[ v3_usr_cert ]
basicConstraints = critical, CA:false
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.example.net
DNS.2 = www.example.org
CN = 127.0.0.1
EOF
cat > device_cert.conf << EOF
@ -80,130 +65,72 @@ prompt = no
O = $PROJECT_NAME Device Certificate
EOF
cat > intermediate_ca.conf << EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
req_extensions = v3_intermediate_ca
[ req_distinguished_name ]
O = $PROJECT_NAME Intermediate CA
[ v3_intermediate_ca ]
basicConstraints = critical, CA:true, pathlen:0
keyUsage = cRLSign, keyCertSign, digitalSignature
EOF
cat > intermediate_ca2.conf << EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
req_extensions = v3_intermediate_ca2
[ req_distinguished_name ]
O = $PROJECT_NAME Intermediate 2 CA
[ v3_intermediate_ca2 ]
basicConstraints = critical, CA:true, pathlen:10
keyUsage = encipherOnly, keyCertSign, decipherOnly
EOF
# private key generation
openssl genrsa -out axTLS.ca_key.pem 2048
openssl genrsa -out axTLS.ca_key.pem 1024
openssl genrsa -out axTLS.key_512.pem 512
openssl genrsa -out axTLS.key_1024.pem 1024
openssl genrsa -out axTLS.key_1042.pem 1042
openssl genrsa -out axTLS.key_2048.pem 2048
openssl genrsa -out axTLS.key_4096.pem 4096
openssl genrsa -out axTLS.key_device.pem 2048
openssl genrsa -out axTLS.key_intermediate_ca.pem 2048
openssl genrsa -out axTLS.key_intermediate_ca2.pem 2048
openssl genrsa -out axTLS.key_end_chain.pem 2048
openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 1024
openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 1024
openssl genrsa -out axTLS.device_key.pem 1024
openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 512
# convert private keys into DER format
openssl rsa -in axTLS.key_512.pem -out axTLS.key_512 -outform DER
openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
openssl rsa -in axTLS.key_1042.pem -out axTLS.key_1042 -outform DER
openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER
# cert requests
openssl req -out axTLS.ca_x509.csr -key axTLS.ca_key.pem -new \
openssl req -out axTLS.ca_x509.req -key axTLS.ca_key.pem -new \
-config ./ca_cert.conf
openssl req -out axTLS.x509_1024.csr -key axTLS.key_1024.pem -new \
openssl req -out axTLS.x509_512.req -key axTLS.key_512.pem -new \
-config ./certs.conf
openssl req -out axTLS.x509_2048.csr -key axTLS.key_2048.pem -new \
openssl req -out axTLS.x509_1024.req -key axTLS.key_1024.pem -new \
-config ./certs.conf
openssl req -out axTLS.x509_4096.csr -key axTLS.key_4096.pem -new \
openssl req -out axTLS.x509_1042.req -key axTLS.key_1042.pem -new \
-config ./certs.conf
openssl req -out axTLS.x509_device.csr -key axTLS.key_device.pem -new \
openssl req -out axTLS.x509_2048.req -key axTLS.key_2048.pem -new \
-config ./certs.conf
openssl req -out axTLS.x509_4096.req -key axTLS.key_4096.pem -new \
-config ./certs.conf
openssl req -out axTLS.x509_device.req -key axTLS.device_key.pem -new \
-config ./device_cert.conf
openssl req -out axTLS.x509_intermediate_ca.csr \
-key axTLS.key_intermediate_ca.pem -new \
-config ./intermediate_ca.conf
openssl req -out axTLS.x509_intermediate_ca2.csr \
-key axTLS.key_intermediate_ca2.pem -new \
-config ./intermediate_ca2.conf
openssl req -out axTLS.x509_end_chain.csr -key axTLS.key_end_chain.pem -new \
-config ./certs.conf
openssl req -out axTLS.x509_aes128.csr -key axTLS.key_aes128.pem \
openssl req -out axTLS.x509_aes128.req -key axTLS.key_aes128.pem \
-new -config ./certs.conf -passin pass:abcd
openssl req -out axTLS.x509_aes256.csr -key axTLS.key_aes256.pem \
openssl req -out axTLS.x509_aes256.req -key axTLS.key_aes256.pem \
-new -config ./certs.conf -passin pass:abcd
# generate the actual certs.
openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509.pem \
-sha1 -days 5000 -signkey axTLS.ca_key.pem \
-CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca
openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509_sha256.pem \
-sha256 -days 5000 -signkey axTLS.ca_key.pem \
-CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024.pem \
openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509.pem \
-sha1 -days 5000 -signkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_512.pem \
-sha1 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha256.pem \
-sha256 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha384.pem \
-sha384 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha512.pem \
-sha512 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_2048.csr -out axTLS.x509_2048.pem \
openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024.pem \
-sha1 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_4096.csr -out axTLS.x509_4096.pem \
openssl x509 -req -in axTLS.x509_1042.req -out axTLS.x509_1042.pem \
-sha1 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_device.csr -out axTLS.x509_device.pem \
openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \
-md5 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \
-md5 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \
-sha1 -CAcreateserial -days 5000 \
-CA axTLS.x509_1024.pem -CAkey axTLS.key_1024.pem
openssl x509 -req -in axTLS.x509_intermediate_ca.csr -out axTLS.x509_intermediate_ca.pem \
-sha256 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem \
-extfile ./intermediate_ca.conf -extensions v3_intermediate_ca
openssl x509 -req -in axTLS.x509_intermediate_ca2.csr -out axTLS.x509_intermediate_ca2.pem \
-sha256 -CAcreateserial -days 5000 \
-CA axTLS.x509_intermediate_ca.pem \
-CAkey axTLS.key_intermediate_ca.pem \
-extfile ./intermediate_ca2.conf -extensions v3_intermediate_ca2
openssl x509 -req -in axTLS.x509_end_chain.csr -out axTLS.x509_end_chain.pem \
-sha256 -CAcreateserial -days 5000 \
-CA axTLS.x509_intermediate_ca.pem \
-CAkey axTLS.key_intermediate_ca.pem \
-extfile ./certs.conf -extensions v3_usr_cert
# basic constraint path len failure
openssl x509 -req -in axTLS.x509_end_chain.csr \
-out axTLS.x509_end_chain_bad.pem \
-sha256 -CAcreateserial -days 5000 \
-CA axTLS.x509_intermediate_ca2.pem \
-CAkey axTLS.key_intermediate_ca2.pem \
-extfile ./certs.conf -extensions v3_usr_cert
cat axTLS.x509_intermediate_ca.pem >> axTLS.x509_intermediate_ca2.pem
openssl x509 -req -in axTLS.x509_aes128.csr \
-CA axTLS.x509_512.pem -CAkey axTLS.key_512.pem
openssl x509 -req -in axTLS.x509_aes128.req \
-out axTLS.x509_aes128.pem \
-sha1 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_aes256.csr \
openssl x509 -req -in axTLS.x509_aes256.req \
-out axTLS.x509_aes256.pem \
-sha1 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
@ -211,32 +138,35 @@ openssl x509 -req -in axTLS.x509_aes256.csr \
# note: must be root to do this
DATE_NOW=`date`
if date -s "Jan 1 2025"; then
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_before.pem \
openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_before.pem \
-sha1 -CAcreateserial -days 365 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
date -s "$DATE_NOW"
touch axTLS.x509_bad_before.pem
fi
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_after.pem \
openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_after.pem \
-sha1 -CAcreateserial -days -365 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
# some cleanup
rm axTLS*.csr
rm *.srl
rm axTLS*.req
rm axTLS.srl
rm *.conf
# need this for the client tests
openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer
openssl x509 -in axTLS.x509_512.pem -outform DER -out axTLS.x509_512.cer
openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
openssl x509 -in axTLS.x509_1042.pem -outform DER -out axTLS.x509_1042.cer
openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
openssl x509 -in axTLS.x509_device.pem -outform DER -out axTLS.x509_device.cer
# generate pkcs8 files (use RC4-128 for encryption)
openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
# generate pkcs12 files (use RC4-128 for encryption)
openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd

523
ssl/test/ssltest.c
View file

@ -50,8 +50,8 @@
#include "os_port.h"
#include "ssl.h"
#define DEFAULT_CERT "../ssl/test/axTLS.x509_1024.cer"
#define DEFAULT_KEY "../ssl/test/axTLS.key_1024"
#define DEFAULT_CERT "../ssl/test/axTLS.x509_512.cer"
#define DEFAULT_KEY "../ssl/test/axTLS.key_512"
//#define DEFAULT_SVR_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
#define DEFAULT_SVR_OPTION 0
//#define DEFAULT_CLNT_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
@ -176,6 +176,78 @@ end:
return res;
}
/**************************************************************************
* RC4 tests
*
* ARC4 tests vectors from OpenSSL (crypto/rc4/rc4test.c)
**************************************************************************/
static const uint8_t keys[7][30]=
{
{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
{8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
{4,0xef,0x01,0x23,0x45},
{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
{4,0xef,0x01,0x23,0x45},
};
static const uint8_t data_len[7]={8,8,8,20,28,10};
static uint8_t data[7][30]=
{
{0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xff},
{0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
0x12,0x34,0x56,0x78,0xff},
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
{0},
};
static const uint8_t output[7][30]=
{
{0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
{0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
{0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
0x36,0xb6,0x78,0x58,0x00},
{0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
0x40,0x01,0x1e,0xcf,0x00},
{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
{0},
};
static int RC4_test(BI_CTX *bi_ctx)
{
int i, res = 1;
RC4_CTX s;
for (i = 0; i < 6; i++)
{
RC4_setup(&s, &keys[i][1], keys[i][0]);
RC4_crypt(&s, data[i], data[i], data_len[i]);
if (memcmp(data[i], output[i], data_len[i]))
{
printf("Error: RC4 CRYPT #%d failed\n", i);
goto end;
}
}
res = 0;
printf("All RC4 tests passed\n");
end:
return res;
}
/**************************************************************************
* SHA1 tests
*
@ -450,9 +522,9 @@ end:
**************************************************************************/
static int HMAC_test(BI_CTX *bi_ctx)
{
uint8_t key[SHA256_SIZE];
uint8_t ct[SHA256_SIZE];
uint8_t dgst[SHA256_SIZE];
uint8_t key[SHA1_SIZE];
uint8_t ct[SHA1_SIZE];
uint8_t dgst[SHA1_SIZE];
int res = 1;
const char *key_str;
@ -481,8 +553,8 @@ static int HMAC_test(BI_CTX *bi_ctx)
data_str = "Hi There";
key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
hmac_sha1((const uint8_t *)data_str, 8,
@ -498,78 +570,13 @@ static int HMAC_test(BI_CTX *bi_ctx)
ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 5, dgst);
if (memcmp(dgst, ct, SHA1_SIZE))
{
printf("HMAC SHA1 #2 failed\n");
goto end;
printf("HMAC SHA1 failed\n");
exit(1);
}
data_str = "Hi There";
key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
ct_bi = bi_str_import(bi_ctx,
"B0344C61D8DB38535CA8AFCEAF0BF12B881DC200C9833DA726E9376C2E32CFF7");
bi_export(bi_ctx, key_bi, key, 20);
bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
hmac_sha256((const uint8_t *)data_str, 8,
(const uint8_t *)key, 20, dgst);
if (memcmp(dgst, ct, SHA256_SIZE))
{
printf("HMAC SHA256 #1 failed\n");
goto end;
}
data_str = "what do ya want for nothing?";
key_str = "Jefe";
ct_bi = bi_str_import(bi_ctx,
"5BDCC146BF60754E6A042426089575C75A003F089D2739839DEC58B964EC3843");
bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
hmac_sha256((const uint8_t *)data_str, 28,
(const uint8_t *)key_str, 4, dgst);
if (memcmp(dgst, ct, SHA256_SIZE))
{
printf("HMAC SHA256 #2 failed\n");
goto end;
}
// other test
/*uint8_t secret[16];
key_str = "9BBE436BA940F017B17652849A71DB35";
ct_bi = bi_str_import(bi_ctx, key_str);
bi_export(bi_ctx, ct_bi, secret, 16);
uint8_t random[26];
data_str = "74657374206C6162656CA0BA9F936CDA311827A6F796FFD5198C";
ct_bi = bi_str_import(bi_ctx, data_str);
bi_export(bi_ctx, ct_bi, random, 26);
uint8_t output[256];
p_hash_sha256(secret, 16, random, 26, output, 100);
ct_bi = bi_import(bi_ctx, output, 100);
bi_print("RESULT", ct_bi);
*/
/*uint8_t secret[48];
uint8_t random[256];
uint8_t output[256];
key_str =
"8C6D256467157DAEC7BAEBC1371E6DABFF1AB686EFA7DCF6B65242AA6EEBFC0A7472A1E583C4F2B23F784F25A6DE05A6";
ct_bi = bi_str_import(bi_ctx, key_str);
bi_export(bi_ctx, ct_bi, secret, 48);
data_str =
"636C69656E742066696E697368656475F80B2E4375CFA44105D16694A5E2D232302FF27241BDF52BA681C13E2CDF9F";
ct_bi = bi_str_import(bi_ctx, data_str);
bi_export(bi_ctx, ct_bi, random, 47);
p_hash_sha256(secret, 48, random, 47, output, 12);
ct_bi = bi_import(bi_ctx, output, 12);
bi_print("RESULT1", ct_bi);*/
res = 0;
printf("All HMAC tests passed\n");
@ -962,32 +969,31 @@ static void do_client(client_t *clnt)
/* show the session ids in the reconnect test */
if (strcmp(clnt->testname, "Session Reuse") == 0)
{
sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
"-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"",
g_port, clnt->openssl_option);
}
else if (strstr(clnt->testname, "GNUTLS") == NULL)
{
sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
#ifdef WIN32
"-connect localhost:%d -quiet %s",
#else
"-connect localhost:%d -quiet %s > /dev/null 2>&1",
#endif
g_port, clnt->openssl_option);
g_port, clnt->openssl_option);
}
else /* gnutls */
{
sprintf(openssl_buf, "echo \"hello client\" | gnutls-cli "
#ifdef WIN32
"-p %d %s localhost",
"-p %d %s 127.0.0.1",
#else
"-p %d %s localhost > /dev/null 2>&1",
"-p %d %s 127.0.0.1 > /dev/null 2>&1",
#endif
g_port, clnt->openssl_option);
}
//printf("CLIENT %s\n", openssl_buf);
SYSTEM(openssl_buf);
}
@ -1139,60 +1145,21 @@ int SSL_server_tests(void)
/* Go through the algorithms */
/*
* TLS client hello
* TLS1 client hello
*/
/*
* AES128-SHA TLS1.2
* AES128-SHA
*/
if ((ret = SSL_server_test("AES128-SHA TLS1.2",
"-cipher AES128-SHA -tls1_2",
if ((ret = SSL_server_test("AES128-SHA", "-cipher AES128-SHA",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* AES256-SHA TLS1.2
* AES256-SHA
*/
if ((ret = SSL_server_test("AES256-SHA TLS1.2",
"-cipher AES256-SHA -tls1_2",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* AES128-SHA256 TLS1.2
*/
if ((ret = SSL_server_test("AES128-SHA256 TLS1.2",
"-cipher AES128-SHA256 -tls1_2",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* AES256-SHA256 TLS1.2
*/
if ((ret = SSL_server_test("AES256-SHA256 TLS1.2",
"-cipher AES256-SHA256 -tls1_2",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* AES128-SHA TLS1.1
*/
if ((ret = SSL_server_test("AES128-SHA TLS1.1",
"-cipher AES128-SHA -tls1_1",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* AES128-SHA TLS1.0
*/
if ((ret = SSL_server_test("AES128-SHA TLS1.0",
"-cipher AES128-SHA -tls1",
if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION)))
goto cleanup;
@ -1202,26 +1169,45 @@ int SSL_server_tests(void)
* all the session id's should match for session resumption.
*/
if ((ret = SSL_server_test("Session Reuse",
"-cipher AES128-SHA -reconnect -tls1_2",
"-cipher AES128-SHA -reconnect",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* 512 bit RSA key
*/
if ((ret = SSL_server_test("512 bit key",
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_512.cer", NULL,
"../ssl/test/axTLS.key_512",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* 1024 bit RSA key (check certificate chaining)
*/
if ((ret = SSL_server_test("1024 bit key",
"-cipher AES128-SHA -tls1_2",
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_1024.cer", NULL,
"../ssl/test/axTLS.key_1024",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* 1042 bit RSA key (check certificate chaining)
*/
if ((ret = SSL_server_test("1042 bit key",
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_1042.cer", NULL,
"../ssl/test/axTLS.key_1042",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* 2048 bit RSA key
*/
if ((ret = SSL_server_test("2048 bit key",
"-cipher AES128-SHA -tls1_2",
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_2048.cer", NULL,
"../ssl/test/axTLS.key_2048",
NULL, NULL, DEFAULT_SVR_OPTION)))
@ -1231,63 +1217,20 @@ int SSL_server_tests(void)
* 4096 bit RSA key
*/
if ((ret = SSL_server_test("4096 bit key",
"-cipher AES128-SHA -tls1_2",
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_4096.cer", NULL,
"../ssl/test/axTLS.key_4096",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* RSA1024/SHA256
*/
if ((ret = SSL_server_test("RSA1024/SHA256",
"-tls1_2",
"../ssl/test/axTLS.x509_1024_sha256.pem" , NULL,
"../ssl/test/axTLS.key_1024",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* RSA1024/SHA384
*/
if ((ret = SSL_server_test("RSA1024/SHA384",
"-tls1_2",
"../ssl/test/axTLS.x509_1024_sha384.pem" , NULL,
"../ssl/test/axTLS.key_1024",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* RSA1024/SHA512
*/
if ((ret = SSL_server_test("RSA1024/SHA512",
"-tls1_2",
"../ssl/test/axTLS.x509_1024_sha512.pem" , NULL,
"../ssl/test/axTLS.key_1024",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* Client Verification
*/
if ((ret = SSL_server_test("Client Verification TLS1.2",
"-cipher AES128-SHA -tls1_2 "
"-cert ../ssl/test/axTLS.x509_2048.pem "
"-key ../ssl/test/axTLS.key_2048.pem ",
NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
"../ssl/test/axTLS.ca_x509.cer", NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
goto cleanup;
if ((ret = SSL_server_test("Client Verification TLS1.1",
"-cipher AES128-SHA -tls1_1 "
if ((ret = SSL_server_test("Client Verification",
"-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_2048.pem "
"-key ../ssl/test/axTLS.key_2048.pem ",
NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
NULL, NULL, NULL,
"../ssl/test/axTLS.ca_x509.cer", NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
goto cleanup;
@ -1296,12 +1239,10 @@ int SSL_server_tests(void)
if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
{
if ((ret = SSL_server_test("Error: Bad Before Cert",
"-cipher AES128-SHA -tls1_2 "
"-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_bad_before.pem "
"-key ../ssl/test/axTLS.key_1024.pem ",
NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
"-key ../ssl/test/axTLS.key_512.pem ",
NULL, NULL, NULL,
"../ssl/test/axTLS.ca_x509.cer", NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
@ -1313,12 +1254,10 @@ int SSL_server_tests(void)
/* this test should fail */
if ((ret = SSL_server_test("Error: Bad After Cert",
"-cipher AES128-SHA -tls1_2 "
"-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_bad_after.pem "
"-key ../ssl/test/axTLS.key_1024.pem ",
NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
"-key ../ssl/test/axTLS.key_512.pem ",
NULL, NULL, NULL,
"../ssl/test/axTLS.ca_x509.cer", NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
@ -1331,12 +1270,10 @@ int SSL_server_tests(void)
* No trusted cert
*/
if ((ret = SSL_server_test("Error: No trusted certificate",
"-cipher AES128-SHA -tls1_2 "
"-cert ../ssl/test/axTLS.x509_1024.pem "
"-key ../ssl/test/axTLS.key_1024.pem ",
NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
"-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_512.pem "
"-key ../ssl/test/axTLS.key_512.pem ",
NULL, NULL, NULL,
NULL, NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
@ -1349,13 +1286,11 @@ int SSL_server_tests(void)
* Self-signed (from the server)
*/
if ((ret = SSL_server_test("Error: Self-signed certificate (from server)",
"-cipher AES128-SHA -tls1_2 "
"-cert ../ssl/test/axTLS.x509_1024.pem "
"-key ../ssl/test/axTLS.key_1024.pem "
"-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_512.pem "
"-key ../ssl/test/axTLS.key_512.pem "
"-CAfile ../ssl/test/axTLS.ca_x509.pem ",
NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
NULL, NULL, NULL,
NULL, NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
@ -1369,12 +1304,10 @@ int SSL_server_tests(void)
* Self-signed (from the client)
*/
if ((ret = SSL_server_test("Self-signed certificate (from client)",
"-cipher AES128-SHA -tls1_2 "
"-cert ../ssl/test/axTLS.x509_1024.pem "
"-key ../ssl/test/axTLS.key_1024.pem ",
NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
"-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_512.pem "
"-key ../ssl/test/axTLS.key_512.pem ",
NULL, NULL, NULL,
"../ssl/test/axTLS.ca_x509.cer",
NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
@ -1384,9 +1317,9 @@ int SSL_server_tests(void)
* Key in PEM format
*/
if ((ret = SSL_server_test("Key in PEM format",
"-cipher AES128-SHA -tls1_2",
"../ssl/test/axTLS.x509_1024.cer", NULL,
"../ssl/test/axTLS.key_1024.pem", NULL,
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_512.cer", NULL,
"../ssl/test/axTLS.key_512.pem", NULL,
NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
@ -1394,9 +1327,9 @@ int SSL_server_tests(void)
* Cert in PEM format
*/
if ((ret = SSL_server_test("Cert in PEM format",
"-cipher AES128-SHA -tls1_2",
"../ssl/test/axTLS.x509_1024.pem", NULL,
"../ssl/test/axTLS.key_1024.pem", NULL,
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_512.pem", NULL,
"../ssl/test/axTLS.key_512.pem", NULL,
NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
@ -1404,9 +1337,9 @@ int SSL_server_tests(void)
* Cert chain in PEM format
*/
if ((ret = SSL_server_test("Cert chain in PEM format",
"-cipher AES128-SHA -tls1_2",
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_device.pem",
NULL, "../ssl/test/axTLS.key_device.pem",
NULL, "../ssl/test/axTLS.device_key.pem",
"../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
@ -1414,7 +1347,7 @@ int SSL_server_tests(void)
* AES128 Encrypted key
*/
if ((ret = SSL_server_test("AES128 encrypted key",
"-cipher AES128-SHA -tls1_2",
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_aes128.pem", NULL,
"../ssl/test/axTLS.key_aes128.pem",
NULL, "abcd", DEFAULT_SVR_OPTION)))
@ -1424,7 +1357,7 @@ int SSL_server_tests(void)
* AES256 Encrypted key
*/
if ((ret = SSL_server_test("AES256 encrypted key",
"-cipher AES128-SHA -tls1_2",
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_aes256.pem", NULL,
"../ssl/test/axTLS.key_aes256.pem",
NULL, "abcd", DEFAULT_SVR_OPTION)))
@ -1434,7 +1367,7 @@ int SSL_server_tests(void)
* AES128 Encrypted invalid key
*/
if ((ret = SSL_server_test("AES128 encrypted invalid key",
"-cipher AES128-SHA -tls1_2",
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_aes128.pem", NULL,
"../ssl/test/axTLS.key_aes128.pem",
NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
@ -1446,8 +1379,7 @@ int SSL_server_tests(void)
/*
* PKCS#8 key (encrypted)
*/
if ((ret = SSL_server_test("pkcs#8 encrypted",
"-cipher AES128-SHA -tls1_2",
if ((ret = SSL_server_test("pkcs#8 encrypted", "-cipher AES128-SHA",
DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8",
NULL, "abcd", DEFAULT_SVR_OPTION)))
goto cleanup;
@ -1455,8 +1387,7 @@ int SSL_server_tests(void)
/*
* PKCS#8 key (unencrypted DER format)
*/
if ((ret = SSL_server_test("pkcs#8 DER unencrypted",
"-cipher AES128-SHA -tls1_2",
if ((ret = SSL_server_test("pkcs#8 DER unencrypted", "-cipher AES128-SHA",
DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
@ -1464,8 +1395,7 @@ int SSL_server_tests(void)
/*
* PKCS#8 key (unencrypted PEM format)
*/
if ((ret = SSL_server_test("pkcs#8 PEM unencrypted",
"-cipher AES128-SHA -tls1_2",
if ((ret = SSL_server_test("pkcs#8 PEM unencrypted", "-cipher AES128-SHA",
DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted_pem.p8",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
@ -1492,15 +1422,6 @@ int SSL_server_tests(void)
"../ssl/test/axTLS.key_1024",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
if ((ret = SSL_server_test("GNUTLS client with verify",
"--x509certfile ../ssl/test/axTLS.x509_1024.pem "
"--x509keyfile ../ssl/test/axTLS.key_1024.pem",
"../ssl/test/axTLS.x509_1024.cer", NULL,
"../ssl/test/axTLS.key_1024",
"../ssl/test/axTLS.ca_x509.cer", NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
goto cleanup;
ret = 0;
cleanup:
@ -1553,15 +1474,10 @@ static void do_server(server_t *svr)
}
else
{
sprintf(openssl_buf, "openssl s_server "
#ifdef WIN32
"-accept %d -quiet %s",
#else
"-accept %d -quiet %s > /dev/null",
#endif
g_port, svr->openssl_option);
sprintf(openssl_buf, "openssl s_server -tls1 "
"-accept %d -quiet %s ", g_port, svr->openssl_option);
}
//printf("SERVER %s\n", openssl_buf);
SYSTEM(openssl_buf);
}
@ -1663,8 +1579,7 @@ static int SSL_client_test(
goto client_test_exit;
}
ssl = ssl_client_new(*ssl_ctx, client_fd,
session_id, sizeof(session_id), NULL);
ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id));
/* check the return status */
if ((ret = ssl_handshake_status(ssl)))
@ -1754,11 +1669,10 @@ int SSL_client_tests(void)
sess_resume.start_server = 1;
printf("### starting client tests\n");
if ((ret = SSL_client_test("1024 bit key",
if ((ret = SSL_client_test("512 bit key",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_1024.pem "
"-key ../ssl/test/axTLS.key_1024.pem",
&sess_resume,
"-cert ../ssl/test/axTLS.x509_512.pem "
"-key ../ssl/test/axTLS.key_512.pem", &sess_resume,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup;
@ -1805,52 +1719,11 @@ int SSL_client_tests(void)
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup;
if ((ret = SSL_client_test("TLS 1.1",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_1024.pem "
"-key ../ssl/test/axTLS.key_1024.pem -tls1_1", NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup;
if ((ret = SSL_client_test("TLS 1.0",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_1024.pem "
"-key ../ssl/test/axTLS.key_1024.pem -tls1", NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup;
if ((ret = SSL_client_test("Basic Constraint - len OK",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_end_chain.pem -key "
"../ssl/test/axTLS.key_end_chain.pem -CAfile "
"../ssl/test/axTLS.x509_intermediate_ca.pem",
NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup;
if ((ret = SSL_client_test("Basic Constraint - len NOT OK",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_end_chain_bad.pem -key "
"../ssl/test/axTLS.key_end_chain.pem -CAfile "
"../ssl/test/axTLS.x509_intermediate_ca2.pem",
NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL))
!= SSL_X509_ERROR(X509_VFY_ERROR_BASIC_CONSTRAINT))
{
printf("*** Error: %d\n", ret);
if (ret == 0)
ret = SSL_NOT_OK;
goto cleanup;
}
printf("SSL server test \"%s\" passed\n", "Basic Constraint - len NOT OK");
if ((ret = SSL_client_test("Server cert chaining",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_device.pem "
"-key ../ssl/test/axTLS.key_device.pem "
"-CAfile ../ssl/test/axTLS.x509_1024.pem ", NULL,
"-key ../ssl/test/axTLS.device_key.pem "
"-CAfile ../ssl/test/axTLS.x509_512.pem ", NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup;
@ -1865,23 +1738,12 @@ int SSL_client_tests(void)
"../ssl/test/axTLS.x509_1024.cer")))
goto cleanup;
/* Check the server can verify the client */
if ((ret = SSL_client_test("Client peer authentication TLS1.1",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_2048.pem "
"-key ../ssl/test/axTLS.key_2048.pem "
"-CAfile ../ssl/test/axTLS.ca_x509.pem "
"-verify 1 -tls1_1", NULL, DEFAULT_CLNT_OPTION,
"../ssl/test/axTLS.key_1024", NULL,
"../ssl/test/axTLS.x509_1024.cer")))
goto cleanup;
/* Should get an "ERROR" from openssl (as the handshake fails as soon as
* the certificate verification fails) */
if ((ret = SSL_client_test("Error: Expired cert (verify now)",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_bad_after.pem "
"-key ../ssl/test/axTLS.key_1024.pem", NULL,
"-key ../ssl/test/axTLS.key_512.pem", NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) !=
SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
{
@ -1895,7 +1757,7 @@ int SSL_client_tests(void)
if ((ret = SSL_client_test("Error: Expired cert (verify later)",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_bad_after.pem "
"-key ../ssl/test/axTLS.key_1024.pem", NULL,
"-key ../ssl/test/axTLS.key_512.pem", NULL,
DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL,
NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
{
@ -1906,43 +1768,27 @@ int SSL_client_tests(void)
printf("SSL client test \"Expired cert (verify later)\" passed\n");
/* invalid cert type */
/*if ((ret = SSL_client_test("Error: Invalid certificate type",
if ((ret = SSL_client_test("Error: Invalid certificate type",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_2048.pem "
"-key ../ssl/test/axTLS.key_2048.pem "
"-CAfile ../ssl/test/axTLS.ca_x509.pem "
"-verify 1 ", NULL, DEFAULT_CLNT_OPTION,
"../ssl/test/axTLS.key_1024.pem", NULL,
"../ssl/test/axTLS.x509_1024.pem"))
"../ssl/test/axTLS.x509_1024.cer", NULL,
"../ssl/test/axTLS.x509_1024.cer"))
!= SSL_ERROR_INVALID_KEY)
{
if (ret == 0)
ret = SSL_NOT_OK;
printf("*** Error: %d\n", ret); TTY_FLUSH();
goto cleanup;
}
printf("SSL client test \"Invalid certificate type\" passed\n"); */
printf("SSL client test \"Invalid certificate type\" passed\n");
if ((ret = SSL_client_test("GNUTLS client",
&ssl_ctx,
"--x509certfile ../ssl/test/axTLS.x509_1024.pem "
"--x509keyfile ../ssl/test/axTLS.key_1024.pem -g", NULL,
DEFAULT_CLNT_OPTION,
"../ssl/test/axTLS.key_1024.pem", NULL,
"../ssl/test/axTLS.x509_1024.pem")))
goto cleanup;
ret = 0;
if ((ret = SSL_client_test("GNUTLS client with verify",
&ssl_ctx,
"--x509certfile ../ssl/test/axTLS.x509_1024.pem "
"--x509keyfile ../ssl/test/axTLS.key_1024.pem -r -g", NULL,
DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER,
"../ssl/test/axTLS.key_1024.pem", NULL,
"../ssl/test/axTLS.x509_1024.pem")))
"--x509keyfile ../ssl/test/axTLS.key_1024.pem -q", NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup;
ret = 0;
@ -1986,7 +1832,7 @@ static void do_basic(void)
"../ssl/test/axTLS.ca_x509.cer", NULL))
goto error;
ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
/* check the return status */
if (ssl_handshake_status(ssl_clnt) < 0)
@ -2023,13 +1869,7 @@ static int SSL_basic_test(void)
goto error;
ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT,
"../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
goto error;
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY,
"../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
goto error;
#ifndef WIN32
pthread_create(&thread, NULL,
(void *(*)(void *))do_basic, NULL);
@ -2116,7 +1956,7 @@ static void do_unblocked(void)
"../ssl/test/axTLS.ca_x509.cer", NULL))
goto error;
ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
while (ssl_handshake_status(ssl_clnt) != SSL_OK)
{
@ -2155,13 +1995,6 @@ static int SSL_unblocked_test(void)
goto error;
ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT,
"../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
goto error;
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY,
"../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
goto error;
#ifndef WIN32
pthread_create(&thread, NULL,
@ -2243,7 +2076,7 @@ void do_multi_clnt(multi_t *multi_data)
goto client_test_exit;
usleep(200000);
ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0, NULL);
ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
if ((res = ssl_handshake_status(ssl)))
{
@ -2313,14 +2146,7 @@ int multi_thread_test(void)
printf("Do multi-threading test (takes a minute)\n");
ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT,
"../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
goto error;
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY,
"../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
goto error;
ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
@ -2373,7 +2199,7 @@ int multi_thread_test(void)
printf("Multi-thread test passed (%d)\n", NUM_THREADS);
error:
ssl_ctx_free(ssl_svr_ctx);
ssl_ctx_free(ssl_server_ctx);
ssl_ctx_free(ssl_clnt_ctx);
SOCKET_CLOSE(server_fd);
return res;
@ -2480,6 +2306,13 @@ int main(int argc, char *argv[])
}
TTY_FLUSH();
if (RC4_test(bi_ctx))
{
printf("RC4 tests failed\n");
goto cleanup;
}
TTY_FLUSH();
if (MD5_test(bi_ctx))
{
printf("MD5 tests failed\n");

576
ssl/tls1.c
View file

File diff suppressed because it is too large Load diff

73
ssl/tls1.h
View file

@ -48,9 +48,9 @@ extern "C" {
#include "crypto_misc.h"
#define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */
#define SSL_PROTOCOL_VERSION_MAX 0x33 /* TLS v1.3 */
#define SSL_PROTOCOL_VERSION_TLS1_1 0x32 /* TLS v1.1 */
#define SSL_PROTOCOL_VERSION_TLS1_2 0x33 /* TLS v1.2 */
#define SSL_PROTOCOL_MINOR_VERSION 0x02 /* TLS v1.1 */
#define SSL_PROTOCOL_VERSION_MAX 0x32 /* TLS v1.1 */
#define SSL_PROTOCOL_VERSION1_1 0x32 /* TLS v1.1 */
#define SSL_RANDOM_SIZE 32
#define SSL_SECRET_SIZE 48
#define SSL_FINISHED_HASH_SIZE 12
@ -76,18 +76,17 @@ extern "C" {
#define IS_SET_SSL_FLAG(A) (ssl->flag & A)
#define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */
/* On send, will send another SSL fragment if plaintext exceeds RT_MAX_PLAIN_LENGTH */
#ifndef RT_MAX_PLAIN_LENGTH
#define RT_MAX_PLAIN_LENGTH 16384
#endif
/* Total receive buffer is RT_MAX_PLAIN_LENGTH + RT_EXTRA */
#ifndef RT_EXTRA
#define RT_EXTRA 1024
#endif
#define BM_RECORD_OFFSET 5
#define NUM_PROTOCOLS 4
#define MAX_SIG_ALGORITHMS 4
#define SIG_ALG_SHA1 2
#define SIG_ALG_SHA256 4
#define SIG_ALG_SHA384 5
#define SIG_ALG_SHA512 6
#define SIG_ALG_RSA 1
#define NUM_PROTOCOLS 2
#define PARANOIA_CHECK(A, B) if (A < B) { \
ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
@ -116,22 +115,14 @@ enum
HS_FINISHED = 20
};
/* SSL extension types */
enum
{
SSL_EXT_SERVER_NAME = 0,
SSL_EXT_MAX_FRAGMENT_SIZE,
SSL_EXT_SIG_ALG = 0x0d,
};
typedef struct
{
uint8_t cipher;
uint8_t key_size;
uint8_t iv_size;
uint8_t key_block_size;
uint8_t padding_size;
uint8_t digest_size;
uint8_t key_block_size;
hmac_func hmac;
crypt_func encrypt;
crypt_func decrypt;
@ -156,31 +147,20 @@ typedef struct
{
uint8_t *buf;
int size;
uint8_t hash_alg;
} SSL_CERT;
typedef struct
{
MD5_CTX md5_ctx;
SHA1_CTX sha1_ctx;
SHA256_CTX sha256_ctx;
uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
uint8_t *key_block;
uint8_t master_secret[SSL_SECRET_SIZE];
uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
uint8_t final_finish_mac[128];
uint8_t master_secret[SSL_SECRET_SIZE];
uint8_t key_block[256];
uint16_t bm_proc_index;
uint8_t key_block_generated;
} DISPOSABLE_CTX;
typedef struct
{
char *host_name; /* Needed for the SNI support */
/* Needed for the Max Fragment Size Extension.
Allowed values: 2^9, 2^10 .. 2^14 */
uint16_t max_fragment_size;
} SSL_EXTENSIONS;
struct _SSL
{
uint32_t flag;
@ -194,7 +174,7 @@ struct _SSL
int16_t next_state;
int16_t hs_status;
DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */
int client_fd;
long client_fd;
const cipher_info_t *cipher_info;
void *encrypt_ctx;
void *decrypt_ctx;
@ -202,8 +182,6 @@ struct _SSL
uint8_t *bm_data;
uint16_t bm_index;
uint16_t bm_read_index;
uint8_t sig_algs[MAX_SIG_ALGORITHMS];
uint8_t num_sig_algs;
struct _SSL *next; /* doubly linked list */
struct _SSL *prev;
struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */
@ -211,17 +189,16 @@ struct _SSL
uint16_t session_index;
SSL_SESSION *session;
#endif
#ifdef CONFIG_SSL_CERT_VERIFICATION
#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_ENABLE_CLIENT)
X509_CTX *x509_ctx;
#endif
uint8_t session_id[SSL_SESSION_ID_SIZE];
uint8_t client_mac[SHA256_SIZE]; /* for HMAC verification */
uint8_t server_mac[SHA256_SIZE]; /* for HMAC verification */
uint8_t read_sequence[8]; /* 64 bit sequence number */
uint8_t write_sequence[8]; /* 64 bit sequence number */
uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */
uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */
uint8_t read_sequence[8]; /* 64 bit sequence number */
uint8_t write_sequence[8]; /* 64 bit sequence number */
uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
SSL_EXTENSIONS *extensions; /* Contains the SSL (client) extensions */
};
typedef struct _SSL SSL;
@ -256,7 +233,7 @@ typedef struct _SSL_CTX SSLCTX;
extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
SSL *ssl_new(SSL_CTX *ssl_ctx, long client_fd);
void disposable_new(SSL *ssl);
void disposable_free(SSL *ssl);
int send_packet(SSL *ssl, uint8_t protocol,
@ -270,7 +247,7 @@ int send_finished(SSL *ssl);
int send_certificate(SSL *ssl);
int basic_read(SSL *ssl, uint8_t **in_data);
int send_change_cipher_spec(SSL *ssl);
int finished_digest(SSL *ssl, const char *label, uint8_t *digest);
void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
void add_packet(SSL *ssl, const uint8_t *pkt, int len);
int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
@ -287,7 +264,7 @@ void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
int do_client_connect(SSL *ssl);
#endif
#ifdef CONFIG_SSL_FULL_MODE
#ifdef CONFIG_SSL_DIAGNOSTICS
void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
void DISPLAY_BYTES(SSL *ssl, const char *format,
const uint8_t *data, int size, ...);
@ -307,9 +284,9 @@ void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros
#endif
#endif
#ifdef CONFIG_SSL_CERT_VERIFICATION
//#ifdef CONFIG_SSL_CERT_VERIFICATION
int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
#endif
//#endif
SSL_SESSION *ssl_session_update(int max_sessions,
SSL_SESSION *ssl_sessions[], SSL *ssl,

182
ssl/tls1_clnt.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
* Copyright (c) 2007, Cameron Rich
*
* All rights reserved.
*
@ -37,22 +37,6 @@
#ifdef CONFIG_SSL_ENABLE_CLIENT /* all commented out if no client */
/* support sha512/384/256/1 RSA */
static const uint8_t g_sig_alg[] = {
0x00, SSL_EXT_SIG_ALG,
0x00, 0x0a, 0x00, 0x08,
SIG_ALG_SHA512, SIG_ALG_RSA,
SIG_ALG_SHA384, SIG_ALG_RSA,
SIG_ALG_SHA256, SIG_ALG_RSA,
SIG_ALG_SHA1, SIG_ALG_RSA
};
static const uint8_t g_asn1_sha256[] =
{
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
};
static int send_client_hello(SSL *ssl);
static int process_server_hello(SSL *ssl);
static int process_server_hello_done(SSL *ssl);
@ -63,12 +47,13 @@ static int send_cert_verify(SSL *ssl);
/*
* Establish a new SSL connection to an SSL server.
*/
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext)
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, long client_fd, const
uint8_t *session_id, uint8_t sess_id_size)
{
SSL *ssl = ssl_new(ssl_ctx, client_fd);
ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
#ifndef CONFIG_SSL_SKELETON_MODE
if (session_id && ssl_ctx->num_sessions)
{
if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
@ -81,8 +66,7 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
ssl->sess_id_size = sess_id_size;
SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */
}
ssl->extensions = ssl_ext;
#endif
SET_SSL_FLAG(SSL_IS_CLIENT);
do_client_connect(ssl);
@ -191,9 +175,7 @@ static int send_client_hello(SSL *ssl)
uint8_t *buf = ssl->bm_data;
time_t tm = time(NULL);
uint8_t *tm_ptr = &buf[6]; /* time will go here */
int i, offset, ext_offset;
int ext_len = 0;
int i, offset;
buf[0] = HS_CLIENT_HELLO;
buf[1] = 0;
@ -239,64 +221,8 @@ static int send_client_hello(SSL *ssl)
buf[offset++] = 1; /* no compression */
buf[offset++] = 0;
ext_offset = offset;
buf[offset++] = 0; /* total length of extensions */
buf[offset++] = 0;
/* send the signature algorithm extension for TLS 1.2+ */
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)
{
memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
offset += sizeof(g_sig_alg);
ext_len += sizeof(g_sig_alg);
}
if (ssl->extensions != NULL)
{
/* send the host name if specified */
if (ssl->extensions->host_name != NULL)
{
size_t host_len = strlen(ssl->extensions->host_name);
buf[offset++] = 0;
buf[offset++] = SSL_EXT_SERVER_NAME; /* server_name(0) (65535) */
buf[offset++] = 0;
buf[offset++] = host_len + 5; /* server_name length */
buf[offset++] = 0;
buf[offset++] = host_len + 3; /* server_list length */
buf[offset++] = 0; /* host_name(0) (255) */
buf[offset++] = 0;
buf[offset++] = host_len; /* host_name length */
strncpy((char*) &buf[offset], ssl->extensions->host_name, host_len);
offset += host_len;
ext_len += host_len + 9;
}
if (ssl->extensions->max_fragment_size)
{
buf[offset++] = 0;
buf[offset++] = SSL_EXT_MAX_FRAGMENT_SIZE;
buf[offset++] = 0; // size of data
buf[offset++] = 2;
buf[offset++] = (uint8_t)
((ssl->extensions->max_fragment_size >> 8) & 0xff);
buf[offset++] = (uint8_t)
(ssl->extensions->max_fragment_size & 0xff);
ext_len += 6;
}
}
if (ext_len > 0)
{
// update the extensions length value
buf[ext_offset] = (uint8_t) ((ext_len >> 8) & 0xff);
buf[ext_offset + 1] = (uint8_t) (ext_len & 0xff);
}
buf[3] = offset - 4; /* handshake size */
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
}
@ -307,7 +233,9 @@ static int process_server_hello(SSL *ssl)
{
uint8_t *buf = ssl->bm_data;
int pkt_size = ssl->bm_index;
#ifndef CONFIG_SSL_SKELETON_MODE
int num_sessions = ssl->ssl_ctx->num_sessions;
#endif
uint8_t sess_id_size;
int offset, ret = SSL_OK;
@ -320,7 +248,9 @@ static int process_server_hello(SSL *ssl)
else if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
{
ret = SSL_ERROR_INVALID_VERSION;
#ifdef CONFIG_SSL_DIAGNOSTICS
ssl_display_error(ret);
#endif
goto error;
}
@ -337,6 +267,7 @@ static int process_server_hello(SSL *ssl)
goto error;
}
#ifndef CONFIG_SSL_SKELETON_MODE
if (num_sessions)
{
ssl->session = ssl_session_update(num_sessions,
@ -350,23 +281,21 @@ static int process_server_hello(SSL *ssl)
SSL_SESSION_ID_SIZE-sess_id_size);
}
}
#endif
memcpy(ssl->session_id, &buf[offset], sess_id_size);
ssl->sess_id_size = sess_id_size;
offset += sess_id_size;
/* get the real cipher we are using - ignore MSB */
/* get the real cipher we are using */
ssl->cipher = buf[++offset];
ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ?
HS_FINISHED : HS_CERTIFICATE;
offset += 2; // ignore compression
offset++; // skip the compr
PARANOIA_CHECK(pkt_size, offset);
ssl->dc->bm_proc_index = offset+1;
ssl->dc->bm_proc_index = offset;
PARANOIA_CHECK(pkt_size, offset);
// no extensions
error:
return ret;
}
@ -392,10 +321,8 @@ static int send_client_key_xchg(SSL *ssl)
buf[0] = HS_CLIENT_KEY_XCHG;
buf[1] = 0;
// spec says client must use the what is initially negotiated -
// and this is our current version
premaster_secret[0] = 0x03;
premaster_secret[1] = SSL_PROTOCOL_VERSION_MAX & 0x0f;
premaster_secret[0] = 0x03; /* encode the version number */
premaster_secret[1] = SSL_PROTOCOL_MINOR_VERSION; /* must be TLS 1.1 */
if (get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]) < 0)
return SSL_NOT_OK;
@ -423,47 +350,14 @@ static int process_cert_req(SSL *ssl)
{
uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
int ret = SSL_OK;
int cert_req_size = (buf[2]<<8) + buf[3];
int offset = 4;
int offset = (buf[2] << 4) + buf[3];
int pkt_size = ssl->bm_index;
uint8_t cert_type_len, sig_alg_len;
PARANOIA_CHECK(pkt_size, offset + cert_req_size);
ssl->dc->bm_proc_index = cert_req_size;
/* don't do any processing - we will send back an RSA certificate anyway */
ssl->next_state = HS_SERVER_HELLO_DONE;
SET_SSL_FLAG(SSL_HAS_CERT_REQ);
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
{
// supported certificate types
cert_type_len = buf[offset++];
PARANOIA_CHECK(pkt_size, offset + cert_type_len);
offset += cert_type_len;
// supported signature algorithms
sig_alg_len = buf[offset++] << 8;
sig_alg_len += buf[offset++];
PARANOIA_CHECK(pkt_size, offset + sig_alg_len);
while (sig_alg_len > 0)
{
uint8_t hash_alg = buf[offset++];
uint8_t sig_alg = buf[offset++];
sig_alg_len -= 2;
if (sig_alg == SIG_ALG_RSA &&
(hash_alg == SIG_ALG_SHA1 ||
hash_alg == SIG_ALG_SHA256 ||
hash_alg == SIG_ALG_SHA384 ||
hash_alg == SIG_ALG_SHA512))
{
ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
}
}
}
ssl->dc->bm_proc_index += offset;
PARANOIA_CHECK(pkt_size, offset);
error:
return ret;
}
@ -474,11 +368,9 @@ error:
static int send_cert_verify(SSL *ssl)
{
uint8_t *buf = ssl->bm_data;
uint8_t dgst[SHA1_SIZE+MD5_SIZE+15];
uint8_t dgst[MD5_SIZE+SHA1_SIZE];
RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
int n = 0, ret;
int offset = 0;
int dgst_len;
if (rsa_ctx == NULL)
return SSL_OK;
@ -488,26 +380,13 @@ static int send_cert_verify(SSL *ssl)
buf[0] = HS_CERT_VERIFY;
buf[1] = 0;
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
{
buf[4] = SIG_ALG_SHA256;
buf[5] = SIG_ALG_RSA;
offset = 6;
memcpy(dgst, g_asn1_sha256, sizeof(g_asn1_sha256));
dgst_len = finished_digest(ssl, NULL, &dgst[sizeof(g_asn1_sha256)]) +
sizeof(g_asn1_sha256);
}
else
{
offset = 4;
dgst_len = finished_digest(ssl, NULL, dgst);
}
finished_digest(ssl, NULL, dgst); /* calculate the digest */
/* rsa_ctx->bi_ctx is not thread-safe */
if (rsa_ctx)
{
SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
n = RSA_encrypt(rsa_ctx, dgst, dgst_len, &buf[offset + 2], 1);
n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
if (n == 0)
@ -517,19 +396,12 @@ static int send_cert_verify(SSL *ssl)
}
}
buf[offset] = n >> 8; /* add the RSA size */
buf[offset+1] = n & 0xff;
buf[4] = n >> 8; /* add the RSA size (not officially documented) */
buf[5] = n & 0xff;
n += 2;
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
{
n += 2; // sig/alg
offset -= 2;
}
buf[2] = n >> 8;
buf[3] = n & 0xff;
ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n + offset);
ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n+4);
error:
return ret;

174
ssl/tls1_svr.c
View file

@ -27,19 +27,15 @@
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include "os_port.h"
#include "ssl.h"
#ifdef CONFIG_SSL_ENABLE_SERVER
static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
static const uint8_t g_asn1_sha256[] =
{
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
};
static int process_client_hello(SSL *ssl);
static int send_server_hello_sequence(SSL *ssl);
@ -54,14 +50,14 @@ static int process_cert_verify(SSL *ssl);
/*
* Establish a new SSL connection to an SSL client.
*/
EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, long client_fd)
{
SSL *ssl;
ssl = ssl_new(ssl_ctx, client_fd);
ssl->next_state = HS_CLIENT_HELLO;
#ifdef CONFIG_SSL_FULL_MODE
#ifdef CONFIG_SSL_DIAGNOSTICS
if (ssl_ctx->chain_length == 0)
printf("Warning - no server certificate defined\n"); TTY_FLUSH();
#endif
@ -92,10 +88,8 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
if (ret == SSL_OK) /* verify the cert */
{
int cert_res;
int pathLenConstraint = 0;
cert_res = x509_verify(ssl->ssl_ctx->ca_cert_ctx,
ssl->x509_ctx, &pathLenConstraint);
cert_res = x509_verify(
ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res);
}
break;
@ -139,7 +133,9 @@ static int process_client_hello(SSL *ssl)
else if (version < SSL_PROTOCOL_MIN_VERSION) /* old version supported? */
{
ret = SSL_ERROR_INVALID_VERSION;
#ifdef CONFIG_SSL_DIAGNOSTICS
ssl_display_error(ret);
#endif
goto error;
}
@ -161,7 +157,7 @@ static int process_client_hello(SSL *ssl)
cs_len = (buf[offset]<<8) + buf[offset+1];
offset += 3; /* add 1 due to all cipher suites being 8 bit */
PARANOIA_CHECK(pkt_size, offset + cs_len);
PARANOIA_CHECK(pkt_size, offset);
/* work out what cipher suite we are going to use - client defines
the preference */
@ -172,72 +168,15 @@ static int process_client_hello(SSL *ssl)
if (ssl_prot_prefs[j] == buf[offset+i]) /* got a match? */
{
ssl->cipher = ssl_prot_prefs[j];
goto do_compression;
goto do_state;
}
}
}
/* ouch! protocol is not supported */
return SSL_ERROR_NO_CIPHER;
/* completely ignore compression */
do_compression:
offset += cs_len;
id_len = buf[offset++];
offset += id_len;
PARANOIA_CHECK(pkt_size, offset + id_len);
if (offset == pkt_size)
{
/* no extensions */
goto error;
}
/* extension size */
id_len = buf[offset++] << 8;
id_len += buf[offset++];
PARANOIA_CHECK(pkt_size, offset + id_len);
// Check for extensions from the client - only the signature algorithm
// is supported
while (offset < pkt_size)
{
int ext = buf[offset++] << 8;
ext += buf[offset++];
int ext_len = buf[offset++] << 8;
ext_len += buf[offset++];
PARANOIA_CHECK(pkt_size, offset + ext_len);
if (ext == SSL_EXT_SIG_ALG)
{
while (ext_len > 0)
{
uint8_t hash_alg = buf[offset++];
uint8_t sig_alg = buf[offset++];
ext_len -= 2;
if (sig_alg == SIG_ALG_RSA &&
(hash_alg == SIG_ALG_SHA1 ||
hash_alg == SIG_ALG_SHA256 ||
hash_alg == SIG_ALG_SHA384 ||
hash_alg == SIG_ALG_SHA512))
{
ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
}
}
}
else
{
offset += ext_len;
}
}
/* default is RSA/SHA1 */
if (ssl->num_sig_algs == 0)
{
ssl->sig_algs[ssl->num_sig_algs++] = SIG_ALG_SHA1;
}
ret = SSL_ERROR_NO_CIPHER;
do_state:
error:
return ret;
}
@ -245,6 +184,7 @@ error:
/*
* Send the entire server hello sequence
*/
#if CONFIG_SSL_ENABLE_SERVER
static int send_server_hello_sequence(SSL *ssl)
{
int ret;
@ -343,7 +283,7 @@ static int send_server_hello(SSL *ssl)
buf[offset++] = 0; /* cipher we are using */
buf[offset++] = ssl->cipher;
buf[offset++] = 0; /* no compression and no extensions supported */
buf[offset++] = 0; /* no compression */
buf[3] = offset - 4; /* handshake size */
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
}
@ -356,6 +296,7 @@ static int send_server_hello_done(SSL *ssl)
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
g_hello_done, sizeof(g_hello_done));
}
#endif
/*
* Pull apart a client key exchange message. Decrypt the pre-master key (using
@ -402,6 +343,10 @@ static int process_client_key_xchg(SSL *ssl)
/* and continue - will die eventually when checking the mac */
}
#if 0
print_blob("pre-master", premaster_secret, SSL_SECRET_SIZE);
#endif
generate_master_secret(ssl, premaster_secret);
#ifdef CONFIG_SSL_CERT_VERIFICATION
@ -417,34 +362,15 @@ error:
}
#ifdef CONFIG_SSL_CERT_VERIFICATION
static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0,
0, 0x0e,
1, 1, // rsa sign
0x00, 0x08,
SIG_ALG_SHA256, SIG_ALG_RSA,
SIG_ALG_SHA512, SIG_ALG_RSA,
SIG_ALG_SHA384, SIG_ALG_RSA,
SIG_ALG_SHA1, SIG_ALG_RSA,
0, 0
};
static const uint8_t g_cert_request_v1[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
/*
* Send the certificate request message.
*/
static int send_certificate_request(SSL *ssl)
{
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
{
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
g_cert_request, sizeof(g_cert_request));
}
else
{
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
g_cert_request_v1, sizeof(g_cert_request_v1));
}
}
/*
@ -456,65 +382,29 @@ static int process_cert_verify(SSL *ssl)
uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
int pkt_size = ssl->bm_index;
uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
uint8_t dgst[MD5_SIZE + SHA1_SIZE];
uint8_t dgst[MD5_SIZE+SHA1_SIZE];
X509_CTX *x509_ctx = ssl->x509_ctx;
int ret = SSL_OK;
int offset = 6;
int rsa_len;
int n;
PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
{
// TODO: should really need to be able to handle other algorihms. An
// assumption is made on RSA/SHA256 and appears to be OK.
//uint8_t hash_alg = buf[4];
//uint8_t sig_alg = buf[5];
offset = 8;
rsa_len = (buf[6] << 8) + buf[7];
}
else
{
rsa_len = (buf[4] << 8) + buf[5];
}
PARANOIA_CHECK(pkt_size, offset + rsa_len);
/* rsa_ctx->bi_ctx is not thread-safe */
SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[offset], dgst_buf,
sizeof(dgst_buf), 0);
n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, sizeof(dgst_buf), 0);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
if (n != SHA1_SIZE + MD5_SIZE)
{
if (memcmp(dgst_buf, g_asn1_sha256, sizeof(g_asn1_sha256)))
{
ret = SSL_ERROR_INVALID_KEY;
goto error;
}
finished_digest(ssl, NULL, dgst); /* calculate the digest */
if (memcmp(&dgst_buf[sizeof(g_asn1_sha256)], dgst, SHA256_SIZE))
{
ret = SSL_ERROR_INVALID_KEY;
goto error;
}
ret = SSL_ERROR_INVALID_KEY;
goto end_cert_vfy;
}
else // TLS1.0/1.1
{
if (n != SHA1_SIZE + MD5_SIZE)
{
ret = SSL_ERROR_INVALID_KEY;
goto end_cert_vfy;
}
finished_digest(ssl, NULL, dgst); /* calculate the digest */
if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE))
{
ret = SSL_ERROR_INVALID_KEY;
}
finished_digest(ssl, NULL, dgst); /* calculate the digest */
if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE))
{
ret = SSL_ERROR_INVALID_KEY;
}
end_cert_vfy:
@ -524,3 +414,5 @@ error:
}
#endif
#endif

393
ssl/x509.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
@ -42,13 +42,6 @@
#include "crypto_misc.h"
#ifdef CONFIG_SSL_CERT_VERIFICATION
static int x509_v3_subject_alt_name(const uint8_t *cert, int offset,
X509_CTX *x509_ctx);
static int x509_v3_basic_constraints(const uint8_t *cert, int offset,
X509_CTX *x509_ctx);
static int x509_v3_key_usage(const uint8_t *cert, int offset,
X509_CTX *x509_ctx);
/**
* Retrieve the signature from a certificate.
*/
@ -80,11 +73,8 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
{
int begin_tbs, end_tbs;
int ret = X509_NOT_OK, offset = 0, cert_size = 0;
int version = 0;
X509_CTX *x509_ctx;
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
BI_CTX *bi_ctx;
#endif
*ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
x509_ctx = *ctx;
@ -102,10 +92,11 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
goto end_cert;
/* optional version */
if (cert[offset] == ASN1_EXPLICIT_TAG &&
asn1_version(cert, &offset, &version) == X509_NOT_OK)
goto end_cert;
if (cert[offset] == ASN1_EXPLICIT_TAG) /* optional version */
{
if (asn1_version(cert, &offset, x509_ctx))
goto end_cert;
}
if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */
asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
@ -126,9 +117,9 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
goto end_cert;
}
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
/* use the appropriate signature algorithm */
switch (x509_ctx->sig_type)
{
@ -188,11 +179,50 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
break;
}
if (version == 2 && asn1_next_obj(cert, &offset, ASN1_V3_DATA) > 0)
if (cert[offset] == ASN1_V3_DATA)
{
x509_v3_subject_alt_name(cert, offset, x509_ctx);
x509_v3_basic_constraints(cert, offset, x509_ctx);
x509_v3_key_usage(cert, offset, x509_ctx);
int suboffset;
++offset;
get_asn1_length(cert, &offset);
if ((suboffset = asn1_find_subjectaltname(cert, offset)) > 0)
{
if (asn1_next_obj(cert, &suboffset, ASN1_OCTET_STRING) > 0)
{
int altlen;
if ((altlen = asn1_next_obj(cert,
&suboffset, ASN1_SEQUENCE)) > 0)
{
int endalt = suboffset + altlen;
int totalnames = 0;
while (suboffset < endalt)
{
int type = cert[suboffset++];
int dnslen = get_asn1_length(cert, &suboffset);
if (type == ASN1_CONTEXT_DNSNAME)
{
x509_ctx->subject_alt_dnsnames = (char**)
realloc(x509_ctx->subject_alt_dnsnames,
(totalnames + 2) * sizeof(char*));
x509_ctx->subject_alt_dnsnames[totalnames] =
(char*)malloc(dnslen + 1);
x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
memcpy(x509_ctx->subject_alt_dnsnames[totalnames],
cert + suboffset, dnslen);
x509_ctx->subject_alt_dnsnames[
totalnames][dnslen] = 0;
++totalnames;
}
suboffset += dnslen;
}
}
}
}
}
offset = end_tbs; /* skip the rest of v3 data */
@ -220,106 +250,6 @@ end_cert:
return ret;
}
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
static int x509_v3_subject_alt_name(const uint8_t *cert, int offset,
X509_CTX *x509_ctx)
{
if ((offset = asn1_is_subject_alt_name(cert, offset)) > 0)
{
x509_ctx->subject_alt_name_present = true;
x509_ctx->subject_alt_name_is_critical =
asn1_is_critical_ext(cert, &offset);
if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) > 0)
{
int altlen;
if ((altlen = asn1_next_obj(cert, &offset, ASN1_SEQUENCE)) > 0)
{
int endalt = offset + altlen;
int totalnames = 0;
while (offset < endalt)
{
int type = cert[offset++];
int dnslen = get_asn1_length(cert, &offset);
if (type == ASN1_CONTEXT_DNSNAME)
{
x509_ctx->subject_alt_dnsnames = (char**)
realloc(x509_ctx->subject_alt_dnsnames,
(totalnames + 2) * sizeof(char*));
x509_ctx->subject_alt_dnsnames[totalnames] =
(char*)malloc(dnslen + 1);
x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
memcpy(x509_ctx->subject_alt_dnsnames[totalnames],
cert + offset, dnslen);
x509_ctx->subject_alt_dnsnames[totalnames][dnslen] = 0;
totalnames++;
}
offset += dnslen;
}
}
}
}
return X509_OK;
}
/**
* Basic constraints - see https://tools.ietf.org/html/rfc5280#page-39
*/
static int x509_v3_basic_constraints(const uint8_t *cert, int offset,
X509_CTX *x509_ctx)
{
int ret = X509_OK;
if ((offset = asn1_is_basic_constraints(cert, offset)) == 0)
goto end_contraints;
x509_ctx->basic_constraint_present = true;
x509_ctx->basic_constraint_is_critical =
asn1_is_critical_ext(cert, &offset);
if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
asn1_get_bool(cert, &offset, &x509_ctx->basic_constraint_cA) < 0 ||
asn1_get_int(cert, &offset,
&x509_ctx->basic_constraint_pathLenConstraint) < 0)
{
ret = X509_NOT_OK;
}
end_contraints:
return ret;
}
/*
* Key usage - see https://tools.ietf.org/html/rfc5280#section-4.2.1.3
*/
static int x509_v3_key_usage(const uint8_t *cert, int offset,
X509_CTX *x509_ctx)
{
int ret = X509_OK;
if ((offset = asn1_is_key_usage(cert, offset)) == 0)
goto end_key_usage;
x509_ctx->key_usage_present = true;
x509_ctx->key_usage_is_critical = asn1_is_critical_ext(cert, &offset);
if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
asn1_get_bit_string_as_int(cert, &offset, &x509_ctx->key_usage))
{
ret = X509_NOT_OK;
}
end_key_usage:
return ret;
}
#endif
/**
* Free an X.509 object's resources.
*/
@ -413,10 +343,8 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
* - That the certificate(s) are not self-signed.
* - The certificate chain is valid.
* - The signature of the certificate is valid.
* - Basic constraints
*/
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
int *pathLenConstraint)
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
{
int ret = X509_OK, i = 0;
bigint *cert_sig;
@ -459,33 +387,6 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
goto end_verify;
}
if (cert->basic_constraint_present)
{
/* If the cA boolean is not asserted,
then the keyCertSign bit in the key usage extension MUST NOT be
asserted. */
if (!cert->basic_constraint_cA &&
IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
{
ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
goto end_verify;
}
/* The pathLenConstraint field is meaningful only if the cA boolean is
asserted and the key usage extension, if present, asserts the
keyCertSign bit. In this case, it gives the maximum number of
non-self-issued intermediate certificates that may follow this
certificate in a valid certification path. */
if (cert->basic_constraint_cA &&
(!cert->key_usage_present ||
IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN)) &&
(cert->basic_constraint_pathLenConstraint+1) < *pathLenConstraint)
{
ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
goto end_verify;
}
}
next_cert = cert->next;
/* last cert in the chain - look for a trusted cert */
@ -493,26 +394,17 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
{
if (ca_cert_ctx != NULL)
{
/* go thru the CA store */
/* go thu the CA store */
while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
{
/* the extension is present but the cA boolean is not
asserted, then the certified public key MUST NOT be used
to verify certificate signatures. */
if (cert->basic_constraint_present &&
!ca_cert_ctx->cert[i]->basic_constraint_cA)
continue;
if (asn1_compare_dn(cert->ca_cert_dn,
ca_cert_ctx->cert[i]->cert_dn) == 0)
{
/* use this CA certificate for signature verification */
match_ca_cert = true;
match_ca_cert = 1;
ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx;
mod = ca_cert_ctx->cert[i]->rsa_ctx->m;
expn = ca_cert_ctx->cert[i]->rsa_ctx->e;
break;
}
@ -571,8 +463,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
/* go down the certificate chain using recursion. */
if (next_cert != NULL)
{
(*pathLenConstraint)++; /* don't include last certificate */
ret = x509_verify(ca_cert_ctx, next_cert, pathLenConstraint);
ret = x509_verify(ca_cert_ctx, next_cert);
}
end_verify:
@ -599,140 +490,9 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
printf("%s\n", cert->cert_dn[X509_ORGANIZATION] ?
cert->cert_dn[X509_ORGANIZATION] : not_part_of_cert);
if (cert->cert_dn[X509_ORGANIZATIONAL_UNIT])
{
printf("Organizational Unit (OU):\t");
printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT]);
}
if (cert->cert_dn[X509_LOCATION])
{
printf("Location (L):\t\t\t");
printf("%s\n", cert->cert_dn[X509_LOCATION]);
}
if (cert->cert_dn[X509_COUNTRY])
{
printf("Country (C):\t\t\t");
printf("%s\n", cert->cert_dn[X509_COUNTRY]);
}
if (cert->cert_dn[X509_STATE])
{
printf("State (ST):\t\t\t");
printf("%s\n", cert->cert_dn[X509_STATE]);
}
if (cert->basic_constraint_present)
{
printf("Basic Constraints:\t\t%sCA:%s, pathlen:%d\n",
cert->basic_constraint_is_critical ?
"critical, " : "",
cert->basic_constraint_cA? "TRUE" : "FALSE",
cert->basic_constraint_pathLenConstraint);
}
if (cert->key_usage_present)
{
printf("Key Usage:\t\t\t%s", cert->key_usage_is_critical ?
"critical, " : "");
bool has_started = false;
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DIGITAL_SIGNATURE))
{
printf("Digital Signature");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_NON_REPUDIATION))
{
if (has_started)
printf(", ");
printf("Non Repudiation");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_ENCIPHERMENT))
{
if (has_started)
printf(", ");
printf("Key Encipherment");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DATA_ENCIPHERMENT))
{
if (has_started)
printf(", ");
printf("Data Encipherment");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_AGREEMENT))
{
if (has_started)
printf(", ");
printf("Key Agreement");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
{
if (has_started)
printf(", ");
printf("Key Cert Sign");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_CRL_SIGN))
{
if (has_started)
printf(", ");
printf("CRL Sign");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_ENCIPHER_ONLY))
{
if (has_started)
printf(", ");
printf("Encipher Only");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DECIPHER_ONLY))
{
if (has_started)
printf(", ");
printf("Decipher Only");
has_started = true;
}
printf("\n");
}
if (cert->subject_alt_name_present)
{
printf("Subject Alt Name:\t\t%s", cert->subject_alt_name_is_critical
? "critical, " : "");
if (cert->subject_alt_dnsnames)
{
int i = 0;
while (cert->subject_alt_dnsnames[i])
printf("%s ", cert->subject_alt_dnsnames[i++]);
}
printf("\n");
}
printf("Organizational Unit (OU):\t");
printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT] ?
cert->cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
printf("=== CERTIFICATE ISSUED BY ===\n");
printf("Common Name (CN):\t\t");
@ -743,29 +503,9 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATION] ?
cert->ca_cert_dn[X509_ORGANIZATION] : not_part_of_cert);
if (cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT])
{
printf("Organizational Unit (OU):\t");
printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT]);
}
if (cert->ca_cert_dn[X509_LOCATION])
{
printf("Location (L):\t\t\t");
printf("%s\n", cert->ca_cert_dn[X509_LOCATION]);
}
if (cert->ca_cert_dn[X509_COUNTRY])
{
printf("Country (C):\t\t\t");
printf("%s\n", cert->ca_cert_dn[X509_COUNTRY]);
}
if (cert->ca_cert_dn[X509_STATE])
{
printf("State (ST):\t\t\t");
printf("%s\n", cert->ca_cert_dn[X509_STATE]);
}
printf("Organizational Unit (OU):\t");
printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] ?
cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
printf("Not Before:\t\t\t%s", ctime(&cert->not_before));
printf("Not After:\t\t\t%s", ctime(&cert->not_after));
@ -773,6 +513,9 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
printf("Sig Type:\t\t\t");
switch (cert->sig_type)
{
case SIG_TYPE_MD2:
printf("MD2\n");
break;
case SIG_TYPE_MD5:
printf("MD5\n");
break;
@ -795,10 +538,8 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
if (ca_cert_ctx)
{
int pathLenConstraint = 0;
printf("Verify:\t\t\t\t%s\n",
x509_display_error(x509_verify(ca_cert_ctx, cert,
&pathLenConstraint)));
x509_display_error(x509_verify(ca_cert_ctx, cert)));
}
#if 0
@ -814,6 +555,7 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
TTY_FLUSH();
}
#endif
const char * x509_display_error(int error)
{
@ -849,12 +591,9 @@ const char * x509_display_error(int error)
case X509_INVALID_PRIV_KEY:
return "Invalid private key";
case X509_VFY_ERROR_BASIC_CONSTRAINT:
return "Basic constraint invalid";
default:
return "Unknown";
}
}
#endif /* CONFIG_SSL_FULL_MODE */
//#endif /* CONFIG_SSL_FULL_MODE */

3
www/index.html
View file

File diff suppressed because one or more lines are too long