jepler/axtls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: jepler:master
Branches Tags
jepler:master
jepler:sanitize-undefined-fixes
jepler:micropython-2.1.3
jepler:ssl_eagain
jepler:micropython
jepler:v1.8.2
..
compare: jepler:micropython
Branches Tags
jepler:sanitize-undefined-fixes
jepler:micropython-2.1.3
jepler:ssl_eagain
jepler:master
jepler:micropython
jepler:v1.8.2

32 commits
master ... micropytho

Author SHA1 Message Date
Paul Sokolovsky
3c6b62b718 crypto/rsa.c: RSA_decrypt: Always support both decrypt and sig-verify. 
Signature verification need actually comes from yaota8266 project, that's
why it's untied from certificate verification.
 2016-11-05 08:29:22 +03:00
Paul Sokolovsky
67d27df4b5 crypto/crypto_misc.c: RNG_initialize(): Don't do anything for esp8266. 
It's tentative RNG is already setup when axTLS runs.
 2016-07-11 16:49:43 +03:00
Paul Sokolovsky
9776795d9f ssl/Makefile: Make archive index when creating libaxtls.a. 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
7e9e9a7812 tls1.h: Allow to override RT_MAX_PLAIN_LENGTH and RT_EXTRA. 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
d044bf6ccf bigint.c: bi_mod_power(): esp8266: Process pending events. 
To avoid watchdog reset/wifi disconnect during long operations.
 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
a0025d321e makefile.conf: Accept CFLAGS_EXTRA. 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
54b2a4f5e2 crypto_misc.h: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
3c6e252720 crypto_misc.h: Don't ifdef in headers. 2016-07-10 23:17:17 +03:00
Paul Sokolovsky
60ec24b6db crypto_misc.c: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:17 +03:00
Paul Sokolovsky
f11093627a crypto_misc.c: print_blob(): Use snprintf() for MicroPython compatibility. 2016-07-10 23:17:17 +03:00
Paul Sokolovsky
3984fdd4fb os_int.h, os_port_micropython.h: Changes for esp8266 compatibility. 2016-07-10 23:17:17 +03:00
Paul Sokolovsky
b2325e5895 upyconfig: Enable server support. 2016-07-10 23:17:16 +03:00
Paul Sokolovsky
aadca9280b upyconfig.client: Client-only config. 2016-07-10 23:17:16 +03:00
Paul Sokolovsky
d8283d74ff os_port_micropython.h: Add ifdef'ed POSIX defines to ease testing. 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
a4e0f106f3 tls1_svr.c: CONFIG_SSL_ENABLE_SERVER 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
4fa4fb3461 tls1.c: CONFIG_SSL_ENABLE_SERVER 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
06602d26de crypto_misc.h: Don't ifdef declarations. 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
9cd22067ad tls1_svr.c: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
eab10ee5a7 tls1_clnt.c: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:14 +03:00
Paul Sokolovsky
9bf4489a9f tls1.c: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:14 +03:00
Paul Sokolovsky
22b2cc0965 loader.c: CONFIG_SSL_ENABLE_SERVER 2016-07-10 23:17:14 +03:00
Paul Sokolovsky
6f339f9b77 ssl/Config.in: Add explicit CONFIG_SSL_ENABLE_SERVER. 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
672fa268d5 crypto/crypto_misc: Add tentative random generation for esp8266. 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
e941743c1b Add namespace prefix to hmac_md5/hmac_sha1 functions. 
These are pretty common names and can easily clash with other libraries.
At least, add "ssl_" prefix, as many other axTLS functions have.
 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
7ab52e9d6d Add .gitignore . 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
3008b7474a Add config for MicroPython build. 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
463a64723a En-masse other changes to minimize size and make embeddable into uPy. 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
7e9e63023d os_port, tls1: Let port decide whether POSIX-style select() will be used. 
POSIX-style select() is unlikely a good fit for embedded socket
implementation. It actually needed only for non-blocking sockets,
so let ports just be able to skip it. Going forward, this need
to be refactored into direct-purpose function to wait for socket
to be writable to be implemented per port.
 2016-07-10 22:00:24 +03:00
Paul Sokolovsky
b5ba024a9f tls1: Abstract away getting last errno for a socket operation. 
For usage with embedded ports where socket library may have other way to
pass errors rather than via C errno variable.
 2016-07-10 22:00:24 +03:00
Paul Sokolovsky
c28cc4a6b7 hmac: hmac_md5(): Use single padding buffer. 
Saves 64 bytes of stack space.
 2016-07-10 22:00:23 +03:00
Paul Sokolovsky
b1f8b3b982 hmac: hmac_sha1(): Use single padding buffer. 
Saves 64 bytes of stack space.
 2016-07-10 22:00:23 +03:00
Paul Sokolovsky
8efa290751 md5: Optimize for size. 
Original version is 2528 bytes for x86, optimized - 1208.
 2016-07-10 22:00:22 +03:00
97 changed files with 1628 additions and 2940 deletions
Show stats Expand all files Collapse all files

11
.gitignore vendored Normal file
View file

@ -0,0 +1,11 @@
*.o
_stage
.depend
.config*
config/config.h
config/scripts/config/conf
config/scripts/config/lex.zconf.c
config/scripts/config/lkc_defs.h
config/scripts/config/zconf.tab.c
config/scripts/config/zconf.tab.h
ssl/version.h

1
Makefile
View file

@ -108,6 +108,7 @@ endif
install -m 644 ssl/*.h $(PREFIX)/include/axTLS install -m 644 ssl/*.h $(PREFIX)/include/axTLS
-rm $(PREFIX)/include/axTLS/cert.h -rm $(PREFIX)/include/axTLS/cert.h
-rm $(PREFIX)/include/axTLS/private_key.h -rm $(PREFIX)/include/axTLS/private_key.h
-rm $(PREFIX)/include/axTLS/os_port.h
install -m 644 config/config.h $(PREFIX)/include/axTLS install -m 644 config/config.h $(PREFIX)/include/axTLS
installclean: installclean:

2
bindings/Config.in
View file

@ -55,7 +55,7 @@ depends on CONFIG_JAVA_BINDINGS
config CONFIG_JAVA_HOME config CONFIG_JAVA_HOME
string "Location of JDK" string "Location of JDK"
default "c:\\Program Files\\Java\\jdk1.5.0_06" if CONFIG_PLATFORM_WIN32 || CONFIG_PLATFORM_CYGWIN default "c:\\Program Files\\Java\\jdk1.5.0_06" if CONFIG_PLATFORM_WIN32 || CONFIG_PLATFORM_CYGWIN
default "/usr/lib/jvm/java-7-openjdk-amd64" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN default "/usr/local/jdk142" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN
depends on CONFIG_JAVA_BINDINGS depends on CONFIG_JAVA_BINDINGS
help help
The location of Sun's JDK. The location of Sun's JDK.

6
bindings/csharp/axTLS.cs
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2016, Cameron Rich * Copyright (c) 2007, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -89,8 +89,8 @@ namespace axTLS
* @return The cipher id which is one of: * @return The cipher id which is one of:
* - SSL_AES128_SHA (0x2f) * - SSL_AES128_SHA (0x2f)
* - SSL_AES256_SHA (0x35) * - SSL_AES256_SHA (0x35)
* - SSL_AES128_SHA256 (0x3c) * - SSL_RC4_128_SHA (0x05)
* - SSL_AES256_SHA256 (0x3d) * - SSL_RC4_128_MD5 (0x04)
*/ */
public byte GetCipherId() public byte GetCipherId()
{ {

3
bindings/generate_SWIG_interface.pl
View file

@ -126,7 +126,7 @@ my @raw_data;
if (not defined $ARGV[0]) if (not defined $ARGV[0])
{ {
die "Usage: $0 [-java | -perl | -lua]\n"; goto ouch;
} }
if ($ARGV[0] eq "-java") if ($ARGV[0] eq "-java")
@ -149,6 +149,7 @@ elsif ($ARGV[0] eq "-lua")
} }
else else
{ {
ouch:
die "Usage: $0 [-java | -perl | -lua]\n"; die "Usage: $0 [-java | -perl | -lua]\n";
} }

6
bindings/java/SSL.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2016, Cameron Rich * Copyright (c) 2007, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -89,8 +89,8 @@ public class SSL
* @return The cipher id which is one of: * @return The cipher id which is one of:
* - SSL_AES128_SHA (0x2f) * - SSL_AES128_SHA (0x2f)
* - SSL_AES256_SHA (0x35) * - SSL_AES256_SHA (0x35)
* - SSL_AES128_SHA256 (0x3c) * - SSL_RC4_128_SHA (0x05)
* - SSL_AES256_SHA256 (0x3d) * - SSL_RC4_128_MD5 (0x04)
*/ */
public byte getCipherId() public byte getCipherId()
{ {

3
config/Rules.mak
View file

@ -174,7 +174,8 @@ ifeq ($(strip $(CONFIG_DEBUG)),y)
else else
CFLAGS+=$(WARNINGS) $(OPTIMIZATIONS) -D_GNU_SOURCE -DNDEBUG CFLAGS+=$(WARNINGS) $(OPTIMIZATIONS) -D_GNU_SOURCE -DNDEBUG
LDFLAGS += -Wl,-warn-common LDFLAGS += -Wl,-warn-common
STRIPCMD:=$(STRIP) -s --remove-section=.note --remove-section=.comment STRIPCMD:=echo
#$(STRIP) -s --remove-section=.note --remove-section=.comment
endif endif
ifeq ($(strip $(CONFIG_STATIC)),y) ifeq ($(strip $(CONFIG_STATIC)),y)
LDFLAGS += --static LDFLAGS += --static

14
config/makefile.conf
View file

@ -1,5 +1,5 @@
# #
# Copyright (c) 2007-2016, Cameron Rich # Copyright (c) 2007-2015, Cameron Rich
# #
# All rights reserved. # All rights reserved.
# #
@ -84,7 +84,7 @@ else # Not Win32
-include .depend -include .depend
CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto $(CFLAGS_EXTRA)
LD=$(CC) LD=$(CC)
STRIP=$(CROSS)strip STRIP=$(CROSS)strip
@ -101,7 +101,7 @@ LDSHARED = -shared
# Linux # Linux
ifndef CONFIG_PLATFORM_CYGWIN ifndef CONFIG_PLATFORM_CYGWIN
ifndef CONFIG_PLATFORM_NOMMU ifndef CONFIG_PLATFORM_NOMMU
CFLAGS += -fPIC #CFLAGS += -fPIC
# Cygwin # Cygwin
else else
@ -114,11 +114,15 @@ endif
ifdef CONFIG_DEBUG ifdef CONFIG_DEBUG
CFLAGS += -g CFLAGS += -g
else else
LDFLAGS += -s #-m32
# -pg
LDFLAGS += -g -Wl,--gc-sections,--print-gc-sections,-Map,map.lst -fno-unwind-tables -fno-asynchronous-unwind-tables
ifdef CONFIG_PLATFORM_SOLARIS ifdef CONFIG_PLATFORM_SOLARIS
CFLAGS += -O CFLAGS += -O
else else
CFLAGS += -O3 #-m32
#-pg
CFLAGS += -g -Os -ffunction-sections -fdata-sections -fno-unwind-tables -fno-asynchronous-unwind-tables
endif endif
endif # CONFIG_DEBUG endif # CONFIG_DEBUG

117
config/upyconfig Normal file
View file

@ -0,0 +1,117 @@
#
# Automatically generated make config: don't edit
#
HAVE_DOT_CONFIG=y
CONFIG_PLATFORM_LINUX=y
# CONFIG_PLATFORM_CYGWIN is not set
# CONFIG_PLATFORM_WIN32 is not set
#
# General Configuration
#
PREFIX="/usr/local"
# CONFIG_DEBUG is not set
# CONFIG_STRIP_UNWANTED_SECTIONS is not set
# CONFIG_VISUAL_STUDIO_7_0 is not set
# CONFIG_VISUAL_STUDIO_8_0 is not set
# CONFIG_VISUAL_STUDIO_10_0 is not set
CONFIG_VISUAL_STUDIO_7_0_BASE=""
CONFIG_VISUAL_STUDIO_8_0_BASE=""
CONFIG_VISUAL_STUDIO_10_0_BASE=""
CONFIG_EXTRA_CFLAGS_OPTIONS=""
CONFIG_EXTRA_LDFLAGS_OPTIONS=""
#
# SSL Library
#
# CONFIG_SSL_SERVER_ONLY is not set
# CONFIG_SSL_CERT_VERIFICATION is not set
# CONFIG_SSL_FULL_MODE is not set
CONFIG_SSL_SKELETON_MODE=y
CONFIG_SSL_ENABLE_SERVER=y
CONFIG_SSL_ENABLE_CLIENT=y
# CONFIG_SSL_DIAGNOSTICS is not set
CONFIG_SSL_PROT_LOW=y
# CONFIG_SSL_PROT_MEDIUM is not set
# CONFIG_SSL_PROT_HIGH is not set
CONFIG_SSL_AES=y
CONFIG_SSL_USE_DEFAULT_KEY=y
CONFIG_SSL_PRIVATE_KEY_LOCATION=""
CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
CONFIG_SSL_X509_CERT_LOCATION=""
# CONFIG_SSL_GENERATE_X509_CERT is not set
CONFIG_SSL_X509_COMMON_NAME=""
CONFIG_SSL_X509_ORGANIZATION_NAME=""
CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
# CONFIG_SSL_ENABLE_V23_HANDSHAKE is not set
# CONFIG_SSL_HAS_PEM is not set
# CONFIG_SSL_USE_PKCS12 is not set
CONFIG_SSL_EXPIRY_TIME=0
CONFIG_X509_MAX_CA_CERTS=0
CONFIG_SSL_MAX_CERTS=3
# CONFIG_SSL_CTX_MUTEXING is not set
# CONFIG_USE_DEV_URANDOM is not set
# CONFIG_WIN32_USE_CRYPTO_LIB is not set
# CONFIG_OPENSSL_COMPATIBLE is not set
# CONFIG_PERFORMANCE_TESTING is not set
# CONFIG_SSL_TEST is not set
# CONFIG_AXTLSWRAP is not set
# CONFIG_AXHTTPD is not set
# CONFIG_HTTP_STATIC_BUILD is not set
CONFIG_HTTP_PORT=0
CONFIG_HTTP_HTTPS_PORT=0
CONFIG_HTTP_SESSION_CACHE_SIZE=0
CONFIG_HTTP_WEBROOT=""
CONFIG_HTTP_TIMEOUT=0
# CONFIG_HTTP_HAS_CGI is not set
CONFIG_HTTP_CGI_EXTENSIONS=""
# CONFIG_HTTP_ENABLE_LUA is not set
CONFIG_HTTP_LUA_PREFIX=""
# CONFIG_HTTP_BUILD_LUA is not set
CONFIG_HTTP_CGI_LAUNCHER=""
# CONFIG_HTTP_DIRECTORIES is not set
# CONFIG_HTTP_HAS_AUTHORIZATION is not set
# CONFIG_HTTP_HAS_IPV6 is not set
# CONFIG_HTTP_ENABLE_DIFFERENT_USER is not set
CONFIG_HTTP_USER=""
# CONFIG_HTTP_VERBOSE is not set
# CONFIG_HTTP_IS_DAEMON is not set
#
# Language Bindings
#
# CONFIG_BINDINGS is not set
# CONFIG_CSHARP_BINDINGS is not set
# CONFIG_VBNET_BINDINGS is not set
CONFIG_DOT_NET_FRAMEWORK_BASE=""
# CONFIG_JAVA_BINDINGS is not set
CONFIG_JAVA_HOME=""
# CONFIG_PERL_BINDINGS is not set
CONFIG_PERL_CORE=""
CONFIG_PERL_LIB=""
# CONFIG_LUA_BINDINGS is not set
CONFIG_LUA_CORE=""
#
# Samples
#
# CONFIG_SAMPLES is not set
# CONFIG_C_SAMPLES is not set
# CONFIG_CSHARP_SAMPLES is not set
# CONFIG_VBNET_SAMPLES is not set
# CONFIG_JAVA_SAMPLES is not set
# CONFIG_PERL_SAMPLES is not set
# CONFIG_LUA_SAMPLES is not set
# CONFIG_BIGINT_CLASSICAL is not set
# CONFIG_BIGINT_MONTGOMERY is not set
# CONFIG_BIGINT_BARRETT is not set
# CONFIG_BIGINT_CRT is not set
# CONFIG_BIGINT_KARATSUBA is not set
MUL_KARATSUBA_THRESH=0
SQU_KARATSUBA_THRESH=0
# CONFIG_BIGINT_SLIDING_WINDOW is not set
# CONFIG_BIGINT_SQUARE is not set
# CONFIG_BIGINT_CHECK_ON is not set
# CONFIG_INTEGER_32BIT is not set
# CONFIG_INTEGER_16BIT is not set
# CONFIG_INTEGER_8BIT is not set

116
config/upyconfig.client Normal file
View file

@ -0,0 +1,116 @@
#
# Automatically generated make config: don't edit
#
HAVE_DOT_CONFIG=y
CONFIG_PLATFORM_LINUX=y
# CONFIG_PLATFORM_CYGWIN is not set
# CONFIG_PLATFORM_WIN32 is not set
#
# General Configuration
#
PREFIX="/usr/local"
# CONFIG_DEBUG is not set
# CONFIG_STRIP_UNWANTED_SECTIONS is not set
# CONFIG_VISUAL_STUDIO_7_0 is not set
# CONFIG_VISUAL_STUDIO_8_0 is not set
# CONFIG_VISUAL_STUDIO_10_0 is not set
CONFIG_VISUAL_STUDIO_7_0_BASE=""
CONFIG_VISUAL_STUDIO_8_0_BASE=""
CONFIG_VISUAL_STUDIO_10_0_BASE=""
CONFIG_EXTRA_CFLAGS_OPTIONS=""
CONFIG_EXTRA_LDFLAGS_OPTIONS=""
#
# SSL Library
#
# CONFIG_SSL_SERVER_ONLY is not set
# CONFIG_SSL_CERT_VERIFICATION is not set
# CONFIG_SSL_FULL_MODE is not set
CONFIG_SSL_SKELETON_MODE=y
CONFIG_SSL_ENABLE_CLIENT=y
# CONFIG_SSL_DIAGNOSTICS is not set
CONFIG_SSL_PROT_LOW=y
# CONFIG_SSL_PROT_MEDIUM is not set
# CONFIG_SSL_PROT_HIGH is not set
CONFIG_SSL_AES=y
# CONFIG_SSL_USE_DEFAULT_KEY is not set
CONFIG_SSL_PRIVATE_KEY_LOCATION=""
CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
CONFIG_SSL_X509_CERT_LOCATION=""
# CONFIG_SSL_GENERATE_X509_CERT is not set
CONFIG_SSL_X509_COMMON_NAME=""
CONFIG_SSL_X509_ORGANIZATION_NAME=""
CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
# CONFIG_SSL_ENABLE_V23_HANDSHAKE is not set
# CONFIG_SSL_HAS_PEM is not set
# CONFIG_SSL_USE_PKCS12 is not set
CONFIG_SSL_EXPIRY_TIME=0
CONFIG_X509_MAX_CA_CERTS=0
CONFIG_SSL_MAX_CERTS=3
# CONFIG_SSL_CTX_MUTEXING is not set
# CONFIG_USE_DEV_URANDOM is not set
# CONFIG_WIN32_USE_CRYPTO_LIB is not set
# CONFIG_OPENSSL_COMPATIBLE is not set
# CONFIG_PERFORMANCE_TESTING is not set
# CONFIG_SSL_TEST is not set
# CONFIG_AXTLSWRAP is not set
# CONFIG_AXHTTPD is not set
# CONFIG_HTTP_STATIC_BUILD is not set
CONFIG_HTTP_PORT=0
CONFIG_HTTP_HTTPS_PORT=0
CONFIG_HTTP_SESSION_CACHE_SIZE=0
CONFIG_HTTP_WEBROOT=""
CONFIG_HTTP_TIMEOUT=0
# CONFIG_HTTP_HAS_CGI is not set
CONFIG_HTTP_CGI_EXTENSIONS=""
# CONFIG_HTTP_ENABLE_LUA is not set
CONFIG_HTTP_LUA_PREFIX=""
# CONFIG_HTTP_BUILD_LUA is not set
CONFIG_HTTP_CGI_LAUNCHER=""
# CONFIG_HTTP_DIRECTORIES is not set
# CONFIG_HTTP_HAS_AUTHORIZATION is not set
# CONFIG_HTTP_HAS_IPV6 is not set
# CONFIG_HTTP_ENABLE_DIFFERENT_USER is not set
CONFIG_HTTP_USER=""
# CONFIG_HTTP_VERBOSE is not set
# CONFIG_HTTP_IS_DAEMON is not set
#
# Language Bindings
#
# CONFIG_BINDINGS is not set
# CONFIG_CSHARP_BINDINGS is not set
# CONFIG_VBNET_BINDINGS is not set
CONFIG_DOT_NET_FRAMEWORK_BASE=""
# CONFIG_JAVA_BINDINGS is not set
CONFIG_JAVA_HOME=""
# CONFIG_PERL_BINDINGS is not set
CONFIG_PERL_CORE=""
CONFIG_PERL_LIB=""
# CONFIG_LUA_BINDINGS is not set
CONFIG_LUA_CORE=""
#
# Samples
#
# CONFIG_SAMPLES is not set
# CONFIG_C_SAMPLES is not set
# CONFIG_CSHARP_SAMPLES is not set
# CONFIG_VBNET_SAMPLES is not set
# CONFIG_JAVA_SAMPLES is not set
# CONFIG_PERL_SAMPLES is not set
# CONFIG_LUA_SAMPLES is not set
# CONFIG_BIGINT_CLASSICAL is not set
# CONFIG_BIGINT_MONTGOMERY is not set
# CONFIG_BIGINT_BARRETT is not set
# CONFIG_BIGINT_CRT is not set
# CONFIG_BIGINT_KARATSUBA is not set
MUL_KARATSUBA_THRESH=0
SQU_KARATSUBA_THRESH=0
# CONFIG_BIGINT_SLIDING_WINDOW is not set
# CONFIG_BIGINT_SQUARE is not set
# CONFIG_BIGINT_CHECK_ON is not set
# CONFIG_INTEGER_32BIT is not set
# CONFIG_INTEGER_16BIT is not set
# CONFIG_INTEGER_8BIT is not set

4
crypto/bigint.c
View file

@ -1379,6 +1379,10 @@ bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
* will reduce to standard left-to-right exponentiation */ * will reduce to standard left-to-right exponentiation */
do do
{ {
#ifdef __ets__
void ets_loop_iter(void);
ets_loop_iter();
#endif
if (exp_bit_is_one(biexp, i)) if (exp_bit_is_one(biexp, i))
{ {
int l = i-window_size+1; int l = i-window_size+1;

15
crypto/crypto.h
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2016, Cameron Rich * Copyright (c) 2007-2015, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -51,12 +51,14 @@ extern "C" {
/* enable features based on a 'super-set' capbaility. */ /* enable features based on a 'super-set' capbaility. */
#if 0
#if defined(CONFIG_SSL_FULL_MODE) #if defined(CONFIG_SSL_FULL_MODE)
#define CONFIG_SSL_ENABLE_CLIENT #define CONFIG_SSL_ENABLE_CLIENT
#define CONFIG_SSL_CERT_VERIFICATION #define CONFIG_SSL_CERT_VERIFICATION
#elif defined(CONFIG_SSL_ENABLE_CLIENT) #elif defined(CONFIG_SSL_ENABLE_CLIENT)
#define CONFIG_SSL_CERT_VERIFICATION #define CONFIG_SSL_CERT_VERIFICATION
#endif #endif
#endif
/************************************************************************** /**************************************************************************
* AES declarations * AES declarations
@ -196,11 +198,9 @@ EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
/************************************************************************** /**************************************************************************
* HMAC declarations * HMAC declarations
**************************************************************************/ **************************************************************************/
void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, void ssl_hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest); int key_len, uint8_t *digest);
void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, void ssl_hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest); int key_len, uint8_t *digest);
/************************************************************************** /**************************************************************************
@ -242,14 +242,15 @@ void RSA_free(RSA_CTX *ctx);
int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data, int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
int out_len, int is_decryption); int out_len, int is_decryption);
bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg); bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT) // Don't bother to ifdef prototypes, let them be
//#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len, bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
bigint *modulus, bigint *pub_exp); bigint *modulus, bigint *pub_exp);
bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg); bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
uint8_t *out_data, int is_signing); uint8_t *out_data, int is_signing);
void RSA_print(const RSA_CTX *ctx); void RSA_print(const RSA_CTX *ctx);
#endif //#endif
/************************************************************************** /**************************************************************************
* RNG declarations * RNG declarations

18
crypto/crypto_misc.c
View file

@ -42,7 +42,7 @@
#include "wincrypt.h" #include "wincrypt.h"
#endif #endif
#ifndef WIN32 #if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
static int rng_fd = -1; static int rng_fd = -1;
#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB) #elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
static HCRYPTPROV gCryptProv; static HCRYPTPROV gCryptProv;
@ -120,7 +120,7 @@ EXP_FUNC void STDCALL RNG_initialize()
exit(1); exit(1);
} }
} }
#else #elif !defined(__ets__)
/* start of with a stack to copy across */ /* start of with a stack to copy across */
int i; int i;
memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE); memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE);
@ -146,7 +146,7 @@ EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size)
*/ */
EXP_FUNC void STDCALL RNG_terminate(void) EXP_FUNC void STDCALL RNG_terminate(void)
{ {
#ifndef WIN32 #if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
close(rng_fd); close(rng_fd);
#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB) #elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
CryptReleaseContext(gCryptProv, 0); CryptReleaseContext(gCryptProv, 0);
@ -158,7 +158,13 @@ EXP_FUNC void STDCALL RNG_terminate(void)
*/ */
EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data) EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
{ {
#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM) #ifdef __ets__
// see http://esp8266-re.foogod.com/wiki/Random_Number_Generator
#define WDEV_HWRNG ((volatile uint32_t*)0x3ff20e44)
while (num_rand_bytes--) {
*rand_data++ = *WDEV_HWRNG;
}
#elif !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
/* use the Linux default - read from /dev/urandom */ /* use the Linux default - read from /dev/urandom */
if (read(rng_fd, rand_data, num_rand_bytes) < 0) if (read(rng_fd, rand_data, num_rand_bytes) < 0)
return -1; return -1;
@ -223,7 +229,7 @@ int get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
/** /**
* Some useful diagnostic routines * Some useful diagnostic routines
*/ */
#if defined(CONFIG_SSL_FULL_MODE) || defined(CONFIG_DEBUG) #if defined(CONFIG_SSL_DIAGNOSTICS) || defined(CONFIG_DEBUG)
int hex_finish; int hex_finish;
int hex_index; int hex_index;
@ -276,7 +282,7 @@ EXP_FUNC void STDCALL print_blob(const char *format,
va_list(ap); va_list(ap);
va_start(ap, size); va_start(ap, size);
sprintf(tmp, "%s\n", format); snprintf(tmp, sizeof(tmp), "%s\n", format);
vprintf(tmp, ap); vprintf(tmp, ap);
print_hex_init(size); print_hex_init(size);
for (i = 0; i < size; i++) for (i = 0; i < size; i++)

90
crypto/hmac.c
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2016, Cameron Rich * Copyright (c) 2007, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -42,31 +42,34 @@
* Perform HMAC-MD5 * Perform HMAC-MD5
* NOTE: does not handle keys larger than the block size. * NOTE: does not handle keys larger than the block size.
*/ */
void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, void ssl_hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest) int key_len, uint8_t *digest)
{ {
MD5_CTX context; MD5_CTX context;
uint8_t k_ipad[64]; uint8_t k_pad[64];
uint8_t k_opad[64];
int i; int i;
memset(k_ipad, 0, sizeof k_ipad); memset(k_pad, 0, sizeof k_pad);
memset(k_opad, 0, sizeof k_opad); memcpy(k_pad, key, key_len);
memcpy(k_ipad, key, key_len);
memcpy(k_opad, key, key_len);
for (i = 0; i < 64; i++) for (i = 0; i < 64; i++)
{ {
k_ipad[i] ^= 0x36; k_pad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
} }
MD5_Init(&context); MD5_Init(&context);
MD5_Update(&context, k_ipad, 64); MD5_Update(&context, k_pad, 64);
MD5_Update(&context, msg, length); MD5_Update(&context, msg, length);
MD5_Final(digest, &context); MD5_Final(digest, &context);
memset(k_pad, 0, sizeof k_pad);
memcpy(k_pad, key, key_len);
for (i = 0; i < 64; i++)
{
k_pad[i] ^= 0x5c;
}
MD5_Init(&context); MD5_Init(&context);
MD5_Update(&context, k_opad, 64); MD5_Update(&context, k_pad, 64);
MD5_Update(&context, digest, MD5_SIZE); MD5_Update(&context, digest, MD5_SIZE);
MD5_Final(digest, &context); MD5_Final(digest, &context);
} }
@ -75,65 +78,34 @@ void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
* Perform HMAC-SHA1 * Perform HMAC-SHA1
* NOTE: does not handle keys larger than the block size. * NOTE: does not handle keys larger than the block size.
*/ */
void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, void ssl_hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest) int key_len, uint8_t *digest)
{ {
SHA1_CTX context; SHA1_CTX context;
uint8_t k_ipad[64]; uint8_t k_pad[64];
uint8_t k_opad[64];
int i; int i;
memset(k_ipad, 0, sizeof k_ipad); memset(k_pad, 0, sizeof k_pad);
memset(k_opad, 0, sizeof k_opad); memcpy(k_pad, key, key_len);
memcpy(k_ipad, key, key_len);
memcpy(k_opad, key, key_len);
for (i = 0; i < 64; i++) for (i = 0; i < 64; i++)
{ {
k_ipad[i] ^= 0x36; k_pad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
} }
SHA1_Init(&context); SHA1_Init(&context);
SHA1_Update(&context, k_ipad, 64); SHA1_Update(&context, k_pad, 64);
SHA1_Update(&context, msg, length); SHA1_Update(&context, msg, length);
SHA1_Final(digest, &context); SHA1_Final(digest, &context);
memset(k_pad, 0, sizeof k_pad);
memcpy(k_pad, key, key_len);
for (i = 0; i < 64; i++)
{
k_pad[i] ^= 0x5c;
}
SHA1_Init(&context); SHA1_Init(&context);
SHA1_Update(&context, k_opad, 64); SHA1_Update(&context, k_pad, 64);
SHA1_Update(&context, digest, SHA1_SIZE); SHA1_Update(&context, digest, SHA1_SIZE);
SHA1_Final(digest, &context); SHA1_Final(digest, &context);
} }
/**
* Perform HMAC-SHA256
* NOTE: does not handle keys larger than the block size.
*/
void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest)
{
SHA256_CTX context;
uint8_t k_ipad[64];
uint8_t k_opad[64];
int i;
memset(k_ipad, 0, sizeof k_ipad);
memset(k_opad, 0, sizeof k_opad);
memcpy(k_ipad, key, key_len);
memcpy(k_opad, key, key_len);
for (i = 0; i < 64; i++)
{
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
SHA256_Init(&context);
SHA256_Update(&context, k_ipad, 64);
SHA256_Update(&context, msg, length);
SHA256_Final(digest, &context);
SHA256_Init(&context);
SHA256_Update(&context, k_opad, 64);
SHA256_Update(&context, digest, SHA256_SIZE);
SHA256_Final(digest, &context);
}

139
crypto/md5.c
View file

@ -74,6 +74,13 @@ static const uint8_t PADDING[64] =
#define H(x, y, z) ((x) ^ (y) ^ (z)) #define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z))) #define I(x, y, z) ((y) ^ ((x) | (~z)))
/* Versions for size-optimized code. */
#define IDX(v) ((v) & 3)
#define F_(a, i) ((a[IDX(i + 1)] & a[IDX(i + 2)]) | (~a[IDX(i + 1)] & a[IDX(i + 3)]))
#define G_(a, i) ((a[IDX(i + 1)] & a[IDX(i + 3)]) | (a[IDX(i + 2)] & ~a[IDX(i + 3)]))
#define H_(a, i) (a[IDX(i + 1)] ^ a[IDX(i + 2)] ^ a[IDX(i + 3)])
#define I_(a, i) (a[IDX(i + 2)] ^ (a[IDX(i + 1)] | ~a[IDX(i + 3)]))
/* ROTATE_LEFT rotates x left n bits. */ /* ROTATE_LEFT rotates x left n bits. */
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
@ -178,6 +185,8 @@ EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx)
/** /**
* MD5 basic transformation. Transforms state based on block. * MD5 basic transformation. Transforms state based on block.
*/ */
#if OPTIMIZE_FOR_SPEED
static void MD5Transform(uint32_t state[4], const uint8_t block[64]) static void MD5Transform(uint32_t state[4], const uint8_t block[64])
{ {
uint32_t a = state[0], b = state[1], c = state[2], uint32_t a = state[0], b = state[1], c = state[2],
@ -263,6 +272,136 @@ static void MD5Transform(uint32_t state[4], const uint8_t block[64])
state[3] += d; state[3] += d;
} }
#else
static void MD5Transform(uint32_t state[4], const uint8_t block[64])
{
uint32_t arr[4], x[MD5_SIZE];
memcpy(arr, state, sizeof(arr));
Decode(x, block, 64);
static const uint32_t round_ac[] = {
0xd76aa478, /* 1 */
0xe8c7b756, /* 2 */
0x242070db, /* 3 */
0xc1bdceee, /* 4 */
0xf57c0faf, /* 5 */
0x4787c62a, /* 6 */
0xa8304613, /* 7 */
0xfd469501, /* 8 */
0x698098d8, /* 9 */
0x8b44f7af, /* 10 */
0xffff5bb1, /* 11 */
0x895cd7be, /* 12 */
0x6b901122, /* 13 */
0xfd987193, /* 14 */
0xa679438e, /* 15 */
0x49b40821, /* 16 */
0xf61e2562, /* 17 */
0xc040b340, /* 18 */
0x265e5a51, /* 19 */
0xe9b6c7aa, /* 20 */
0xd62f105d, /* 21 */
0x2441453, /* 22 */
0xd8a1e681, /* 23 */
0xe7d3fbc8, /* 24 */
0x21e1cde6, /* 25 */
0xc33707d6, /* 26 */
0xf4d50d87, /* 27 */
0x455a14ed, /* 28 */
0xa9e3e905, /* 29 */
0xfcefa3f8, /* 30 */
0x676f02d9, /* 31 */
0x8d2a4c8a, /* 32 */
0xfffa3942, /* 33 */
0x8771f681, /* 34 */
0x6d9d6122, /* 35 */
0xfde5380c, /* 36 */
0xa4beea44, /* 37 */
0x4bdecfa9, /* 38 */
0xf6bb4b60, /* 39 */
0xbebfbc70, /* 40 */
0x289b7ec6, /* 41 */
0xeaa127fa, /* 42 */
0xd4ef3085, /* 43 */
0x4881d05, /* 44 */
0xd9d4d039, /* 45 */
0xe6db99e5, /* 46 */
0x1fa27cf8, /* 47 */
0xc4ac5665, /* 48 */
0xf4292244, /* 49 */
0x432aff97, /* 50 */
0xab9423a7, /* 51 */
0xfc93a039, /* 52 */
0x655b59c3, /* 53 */
0x8f0ccc92, /* 54 */
0xffeff47d, /* 55 */
0x85845dd1, /* 56 */
0x6fa87e4f, /* 57 */
0xfe2ce6e0, /* 58 */
0xa3014314, /* 59 */
0x4e0811a1, /* 60 */
0xf7537e82, /* 61 */
0xbd3af235, /* 62 */
0x2ad7d2bb, /* 63 */
0xeb86d391, /* 64 */
};
static const uint8_t round1_s[] = {
7, 12, 17, 22,
5, 9, 14, 20,
4, 11, 16, 23,
6, 10, 15, 21,
};
static const uint8_t round_order[] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,
5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,
0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,
};
unsigned i;
const uint8_t *round_s = round1_s - 4;
for (i = 0; i < 64; i++) {
int off = IDX(4 - i);
uint32_t v;
// Code size is bigger
//round_s = round1_s + (i >> 4) * 4;
if ((i & 15) == 0) {
round_s += 4;
}
if (i < 32) {
if (i < 16) {
v = F_(arr, off);
} else {
v = G_(arr, off);
}
} else {
if (i < 48) {
v = H_(arr, off);
} else {
v = I_(arr, off);
}
}
v += arr[off];
v += x[round_order[i]] + round_ac[i];
v = ROTATE_LEFT(v, round_s[i & 3]);
v += arr[IDX(off + 1)];
arr[off] = v;
}
state[0] += arr[0];
state[1] += arr[1];
state[2] += arr[2];
state[3] += arr[3];
}
#endif // OPTIMIZE_FOR_SPEED
/** /**
* Encodes input (uint32_t) into output (uint8_t). Assumes len is * Encodes input (uint32_t) into output (uint8_t). Assumes len is
* a multiple of 4. * a multiple of 4.

5
crypto/rc4.c
View file

@ -37,9 +37,6 @@
#include "os_port.h" #include "os_port.h"
#include "crypto.h" #include "crypto.h"
/* only used for PKCS12 now */
#ifdef CONFIG_SSL_USE_PKCS12
/** /**
* Get ready for an encrypt/decrypt operation * Get ready for an encrypt/decrypt operation
*/ */
@ -93,5 +90,3 @@ void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
ctx->x = x; ctx->x = x;
ctx->y = y; ctx->y = y;
} }
#endif

6
crypto/rsa.c
View file

@ -157,7 +157,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
/* decrypt */ /* decrypt */
dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size); dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
#ifdef CONFIG_SSL_CERT_VERIFICATION #if 1 //def CONFIG_SSL_CERT_VERIFICATION
decrypted_bi = is_decryption ? /* decrypt or verify? */ decrypted_bi = is_decryption ? /* decrypt or verify? */
RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi); RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
#else /* always a decryption */ #else /* always a decryption */
@ -170,7 +170,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
if (block[i++] != 0) /* leading 0? */ if (block[i++] != 0) /* leading 0? */
return -1; return -1;
#ifdef CONFIG_SSL_CERT_VERIFICATION #if 1 //def CONFIG_SSL_CERT_VERIFICATION
if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */ if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
{ {
if (block[i++] != 0x01) /* BT correct? */ if (block[i++] != 0x01) /* BT correct? */
@ -231,7 +231,7 @@ void RSA_print(const RSA_CTX *rsa_ctx)
} }
#endif #endif
#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT) #if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT) || (CONFIG_SSL_ENABLE_CLIENT)
/** /**
* Performs c = m^e mod n * Performs c = m^e mod n
*/ */

5
samples/c/Makefile
View file

@ -1,5 +1,5 @@
# #
# Copyright (c) 2007-2016, Cameron Rich # Copyright (c) 2007, Cameron Rich
# #
# All rights reserved. # All rights reserved.
# #
@ -59,8 +59,7 @@ include $(AXTLS_HOME)/config/makefile.post
ifndef CONFIG_PLATFORM_WIN32 ifndef CONFIG_PLATFORM_WIN32
$(TARGET): $(OBJ) $(LIBS)/libaxtls.a $(TARGET): $(OBJ) $(LIBS)/libaxtls.a
$(LD) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)/libaxtls.a $(LD) $(LDFLAGS) -o $@ $(OBJ) -L$(LIBS) -laxtls
# $(LD) $(LDFLAGS) -o $@ $(OBJ) -L$(LIBS) -laxtls (shared library)
ifdef CONFIG_STRIP_UNWANTED_SECTIONS ifdef CONFIG_STRIP_UNWANTED_SECTIONS
$(STRIP) --remove-section=.comment $(TARGET) $(STRIP) --remove-section=.comment $(TARGET)
endif # use strip endif # use strip

43
samples/c/axssl.c
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2016, Cameron Rich * Copyright (c) 2007, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -86,8 +86,8 @@ int main(int argc, char *argv[])
strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client"))) strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
print_options(argc > 1 ? argv[1] : ""); print_options(argc > 1 ? argv[1] : "");
strcmp(argv[1], "s_server") ? // strcmp(argv[1], "s_server") ?
do_client(argc, argv) : do_server(argc, argv); do_client(argc, argv);// : do_server(argc, argv);
return 0; return 0;
} }
@ -448,7 +448,6 @@ static void do_client(int argc, char *argv[])
uint8_t session_id[SSL_SESSION_ID_SIZE]; uint8_t session_id[SSL_SESSION_ID_SIZE];
fd_set read_set; fd_set read_set;
const char *password = NULL; const char *password = NULL;
SSL_EXTENSIONS *extensions = NULL;
FD_ZERO(&read_set); FD_ZERO(&read_set);
sin_addr = inet_addr("127.0.0.1"); sin_addr = inet_addr("127.0.0.1");
@ -535,16 +534,6 @@ static void do_client(int argc, char *argv[])
password = argv[++i]; password = argv[++i];
} }
else if (strcmp(argv[i], "-servername") == 0)
{
if (i >= argc-1)
{
print_client_options(argv[i]);
}
extensions = ssl_ext_new();
extensions->host_name = argv[++i];
}
#ifdef CONFIG_SSL_FULL_MODE #ifdef CONFIG_SSL_FULL_MODE
else if (strcmp(argv[i], "-debug") == 0) else if (strcmp(argv[i], "-debug") == 0)
{ {
@ -573,6 +562,7 @@ static void do_client(int argc, char *argv[])
exit(1); exit(1);
} }
#ifndef CONFIG_SSL_SKELETON_MODE
if (private_key_file) if (private_key_file)
{ {
int obj_type = SSL_OBJ_RSA_KEY; int obj_type = SSL_OBJ_RSA_KEY;
@ -608,6 +598,7 @@ static void do_client(int argc, char *argv[])
exit(1); exit(1);
} }
} }
#endif
free(cert); free(cert);
free(ca_cert); free(ca_cert);
@ -641,7 +632,7 @@ static void do_client(int argc, char *argv[])
while (reconnect--) while (reconnect--)
{ {
ssl = ssl_client_new(ssl_ctx, client_fd, session_id, ssl = ssl_client_new(ssl_ctx, client_fd, session_id,
sizeof(session_id), extensions); sizeof(session_id));
if ((res = ssl_handshake_status(ssl)) != SSL_OK) if ((res = ssl_handshake_status(ssl)) != SSL_OK)
{ {
if (!quiet) if (!quiet)
@ -669,7 +660,7 @@ static void do_client(int argc, char *argv[])
} }
else else
{ {
ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0, extensions); ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0);
} }
/* check the return status */ /* check the return status */
@ -685,6 +676,15 @@ static void do_client(int argc, char *argv[])
if (!quiet) if (!quiet)
{ {
#ifndef CONFIG_SSL_SKELETON_MODE
const char *common_name = ssl_get_cert_dn(ssl,
SSL_X509_CERT_COMMON_NAME);
if (common_name)
{
printf("Common Name:\t\t\t%s\n", common_name);
}
#endif
display_session_id(ssl); display_session_id(ssl);
display_cipher(ssl); display_cipher(ssl);
} }
@ -833,8 +833,7 @@ static void print_client_options(char *option)
printf(" -quiet\t\t- No client output\n"); printf(" -quiet\t\t- No client output\n");
printf(" -reconnect\t- Drop and re-make the connection " printf(" -reconnect\t- Drop and re-make the connection "
"with the same Session-ID\n"); "with the same Session-ID\n");
printf(" -pass\t\t- Private key file pass phrase source\n"); printf(" -pass\t\t- private key file pass phrase source\n");
printf(" -servername\t- Set TLS extension servername in ClientHello\n");
#ifdef CONFIG_SSL_FULL_MODE #ifdef CONFIG_SSL_FULL_MODE
printf(" -debug\t\t- Print more output\n"); printf(" -debug\t\t- Print more output\n");
printf(" -state\t\t- Show state messages\n"); printf(" -state\t\t- Show state messages\n");
@ -862,12 +861,12 @@ static void display_cipher(SSL *ssl)
printf("AES256-SHA"); printf("AES256-SHA");
break; break;
case SSL_AES128_SHA256: case SSL_RC4_128_SHA:
printf("AES128-SHA256"); printf("RC4-SHA");
break; break;
case SSL_AES256_SHA256: case SSL_RC4_128_MD5:
printf("AES256-SHA256"); printf("RC4-MD5");
break; break;
default: default:

10
samples/csharp/axssl.cs
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2016, Cameron Rich * Copyright (c) 2007, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -723,12 +723,12 @@ public class axssl
Console.WriteLine("AES256-SHA"); Console.WriteLine("AES256-SHA");
break; break;
case axtls.SSL_AES128_SHA256: case axtls.SSL_RC4_128_SHA:
Console.WriteLine("AES128-SHA256"); Console.WriteLine("RC4-SHA");
break; break;
case axtls.SSL_AES256_SHA256: case axtls.SSL_RC4_128_MD5:
Console.WriteLine("AES128-SHA256"); Console.WriteLine("RC4-MD5");
break; break;
default: default:

2
samples/java/Makefile
View file

@ -1,5 +1,5 @@
# #
# Copyright (c) 2007-2016, Cameron Rich # Copyright (c) 2007, Cameron Rich
# #
# All rights reserved. # All rights reserved.
# #

10
samples/java/axssl.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2016, Cameron Rich * Copyright (c) 2007, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -714,10 +714,10 @@ public class axssl
System.out.println("AES128-SHA"); System.out.println("AES128-SHA");
else if (ciph_id == axtlsj.SSL_AES256_SHA) else if (ciph_id == axtlsj.SSL_AES256_SHA)
System.out.println("AES256-SHA"); System.out.println("AES256-SHA");
else if (ciph_id == axtlsj.SSL_AES128_SHA256) else if (ciph_id == axtlsj.SSL_RC4_128_SHA)
System.out.println("AES128-SHA256"); System.out.println("RC4-SHA");
else if (ciph_id == axtlsj.SSL_AES256_SHA256) else if (ciph_id == axtlsj.SSL_RC4_128_MD5)
System.out.println("AES256-SHA256"); System.out.println("RC4-MD5");
else else
System.out.println("Unknown - " + ssl.getCipherId()); System.out.println("Unknown - " + ssl.getCipherId());
} }

10
samples/lua/axssl.lua
View file

@ -1,7 +1,7 @@
#!/usr/local/bin/lua #!/usr/local/bin/lua
-- --
-- Copyright (c) 2007-2016, Cameron Rich -- Copyright (c) 2007, Cameron Rich
-- --
-- All rights reserved. -- All rights reserved.
-- --
@ -523,10 +523,10 @@ function display_cipher(ssl)
print("AES128-SHA") print("AES128-SHA")
elseif cipher_id == axtlsl.SSL_AES256_SHA then elseif cipher_id == axtlsl.SSL_AES256_SHA then
print("AES256-SHA") print("AES256-SHA")
elseif axtlsl.SSL_AES128_SHA256 then elseif axtlsl.SSL_RC4_128_SHA then
print("AES128-SHA256") print("RC4-SHA")
elseif axtlsl.SSL_AES256_SHA256 then elseif axtlsl.SSL_RC4_128_MD5 then
print("AES256-SHA256") print("RC4-MD5")
else else
print("Unknown - "..cipher_id) print("Unknown - "..cipher_id)
end end

10
samples/perl/axssl.pl
View file

@ -1,6 +1,6 @@
#!/usr/bin/perl -w #!/usr/bin/perl -w
# #
# Copyright (c) 2007-2016, Cameron Rich # Copyright (c) 2007, Cameron Rich
# #
# All rights reserved. # All rights reserved.
# #
@ -602,13 +602,13 @@ sub display_cipher
{ {
printf("AES256-SHA"); printf("AES256-SHA");
} }
elsif ($axtlsp::SSL_AES128_SHA256) elsif ($axtlsp::SSL_RC4_128_SHA)
{ {
printf("AES128-SHA256"); printf("RC4-SHA");
} }
elsif ($axtlsp::SSL_AES256_SHA256) elsif ($axtlsp::SSL_RC4_128_MD5)
{ {
printf("AES256-SHA256"); printf("RC4-MD5");
} }
else else
{ {

10
samples/vbnet/axssl.vb
View file

@ -1,5 +1,5 @@
' '
' Copyright (c) 2007-2016, Cameron Rich ' Copyright (c) 2007, Cameron Rich
' '
' All rights reserved. ' All rights reserved.
' '
@ -534,11 +534,11 @@ Public Class axssl
Case axtls.SSL_AES256_SHA Case axtls.SSL_AES256_SHA
Console.WriteLine("AES256-SHA") Console.WriteLine("AES256-SHA")
Case axtls.SSL_AES128_SHA256 Case axtls.SSL_RC4_128_SHA
Console.WriteLine("AES128-SHA256") Console.WriteLine("RC4-SHA")
Case axtls.SSL_AES256_SHA256 Case axtls.SSL_RC4_128_MD5
Console.WriteLine("AES256-SHA256") Console.WriteLine("RC4-MD5")
Case Else Case Else
Console.WriteLine("Unknown - " & ssl.GetCipherId()) Console.WriteLine("Unknown - " & ssl.GetCipherId())

52
ssl/Config.in
View file

@ -34,16 +34,6 @@ config CONFIG_SSL_CERT_VERIFICATION
have an SSL server which requires client authentication (which is have an SSL server which requires client authentication (which is
uncommon in browser applications). uncommon in browser applications).
config CONFIG_SSL_ENABLE_CLIENT
bool "Client/Server enabled"
help
Enable client/server functionality (including peer authentication).
The axssl sample runs with the "s_client" option enabled.
This mode produces a library about 51kB in size. Use this mode if you
require axTLS to use SSL client functionality (the SSL server code
is always enabled).
config CONFIG_SSL_FULL_MODE config CONFIG_SSL_FULL_MODE
bool "Client/Server enabled with diagnostics" bool "Client/Server enabled with diagnostics"
@ -79,40 +69,64 @@ config CONFIG_SSL_SKELETON_MODE
endchoice endchoice
config CONFIG_SSL_ENABLE_SERVER
bool "Server enabled"
help
Enable server functionality.
config CONFIG_SSL_ENABLE_CLIENT
bool "Client enabled"
help
Enable client functionality.
The axssl sample runs with the "s_client" option enabled.
This mode produces a library about 51kB in size. Use this mode if you
require axTLS to use SSL client functionality (the SSL server code
is always enabled).
config CONFIG_SSL_DIAGNOSTICS
bool "Diagnostic messages"
help
Enable support for diagnostics of connection progress and state.
choice choice
prompt "Protocol Preference" prompt "Protocol Preference"
depends on !CONFIG_SSL_SKELETON_MODE # depends on !CONFIG_SSL_SKELETON_MODE
default CONFIG_SSL_PROT_MEDIUM default CONFIG_SSL_PROT_MEDIUM
config CONFIG_SSL_PROT_LOW config CONFIG_SSL_PROT_LOW
bool "Low" bool "Low"
help help
Chooses the cipher in the order of AES128-SHA, AES128-SHA256, Chooses the cipher in the order of RC4-SHA, AES128-SHA, AES256-SHA.
AES256-SHA256.
This will use the fastest cipher(s) but at the expense of security. This will use the fastest cipher(s) but at the expense of security.
config CONFIG_SSL_PROT_MEDIUM config CONFIG_SSL_PROT_MEDIUM
bool "Medium" bool "Medium"
help help
Chooses the cipher in the order of AES128-SHA256, AES256-SHA256, Chooses the cipher in the order of AES128-SHA, AES256-SHA, RC4-SHA.
AES128-SHA
This mode is a balance between speed and security and is the default. This mode is a balance between speed and security and is the default.
config CONFIG_SSL_PROT_HIGH config CONFIG_SSL_PROT_HIGH
bool "High" bool "High"
help help
Chooses the cipher in the order of AES256-SHA256, AES128-SHA256, Chooses the cipher in the order of AES256-SHA, AES128-SHA, RC4-SHA.
AES128-SHA.
This will use the strongest cipher(s) at the cost of speed. This will use the strongest cipher(s) at the cost of speed.
endchoice endchoice
config CONFIG_SSL_AES
bool "Enable AES cipher"
default y
help
Enable/disable AES support.
config CONFIG_SSL_USE_DEFAULT_KEY config CONFIG_SSL_USE_DEFAULT_KEY
bool "Enable default key" bool "Enable default key"
depends on !CONFIG_SSL_SKELETON_MODE # depends on !CONFIG_SSL_SKELETON_MODE
default y default y
help help
Some applications will not require the default private key/certificate Some applications will not require the default private key/certificate
@ -241,7 +255,7 @@ config CONFIG_SSL_EXPIRY_TIME
config CONFIG_X509_MAX_CA_CERTS config CONFIG_X509_MAX_CA_CERTS
int "Maximum number of certificate authorites" int "Maximum number of certificate authorites"
default 150 default 150
depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE # depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
help help
Determines the number of CA's allowed. Determines the number of CA's allowed.

4
ssl/Makefile
View file

@ -62,7 +62,7 @@ STATIC_LIB=$(AXTLS_HOME)/$(STAGE)/axtls.static.lib
CRYPTO_PATH=$(AXTLS_HOME)\\crypto\\ CRYPTO_PATH=$(AXTLS_HOME)\\crypto\\
endif endif
libs: $(TARGET1) $(TARGET2) libs: $(TARGET1) #$(TARGET2)
CRYPTO_OBJ=\ CRYPTO_OBJ=\
$(CRYPTO_PATH)aes.o \ $(CRYPTO_PATH)aes.o \
@ -94,7 +94,7 @@ include $(AXTLS_HOME)/config/makefile.post
ifndef CONFIG_PLATFORM_WIN32 # Linux/Unix/Cygwin ifndef CONFIG_PLATFORM_WIN32 # Linux/Unix/Cygwin
$(TARGET1) : $(CRYPTO_OBJ) $(OBJ) $(TARGET1) : $(CRYPTO_OBJ) $(OBJ)
$(AR) -r $@ $(CRYPTO_OBJ) $(OBJ) $(AR) -rcs $@ $(CRYPTO_OBJ) $(OBJ)
$(TARGET2) : $(CRYPTO_OBJ) $(OBJ) $(TARGET2) : $(CRYPTO_OBJ) $(OBJ)
ifndef CONFIG_PLATFORM_CYGWIN ifndef CONFIG_PLATFORM_CYGWIN

180
ssl/asn1.c
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2016, Cameron Rich * Copyright (c) 2007-2015, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -80,18 +80,8 @@ static const uint8_t sig_subject_alt_name[] =
0x55, 0x1d, 0x11 0x55, 0x1d, 0x11
}; };
static const uint8_t sig_basic_constraints[] = /* CN, O, OU */
{ static const uint8_t g_dn_types[] = { 3, 10, 11 };
0x55, 0x1d, 0x13
};
static const uint8_t sig_key_usage[] =
{
0x55, 0x1d, 0x0f
};
/* CN, O, OU, L, C, ST */
static const uint8_t g_dn_types[] = { 3, 10, 11, 7, 6, 8 };
uint32_t get_asn1_length(const uint8_t *buf, int *offset) uint32_t get_asn1_length(const uint8_t *buf, int *offset)
{ {
@ -127,7 +117,6 @@ int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
{ {
if (buf[*offset] != obj_type) if (buf[*offset] != obj_type)
return X509_NOT_OK; return X509_NOT_OK;
(*offset)++; (*offset)++;
return get_asn1_length(buf, offset); return get_asn1_length(buf, offset);
} }
@ -152,12 +141,12 @@ int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
* Read an integer value for ASN.1 data * Read an integer value for ASN.1 data
* Note: This function allocates memory which must be freed by the user. * Note: This function allocates memory which must be freed by the user.
*/ */
int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object) int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
{ {
int len; int len;
if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0) if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
goto end_big_int; goto end_int_array;
if (len > 1 && buf[*offset] == 0x00) /* ignore the negative byte */ if (len > 1 && buf[*offset] == 0x00) /* ignore the negative byte */
{ {
@ -169,91 +158,10 @@ int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object)
memcpy(*object, &buf[*offset], len); memcpy(*object, &buf[*offset], len);
*offset += len; *offset += len;
end_big_int: end_int_array:
return len; return len;
} }
/**
* Read an integer value for ASN.1 data
*/
int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val)
{
int res = X509_OK;
int len;
int i;
if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0 ||
len > sizeof(int32_t))
{
res = X509_NOT_OK;
goto end_int;
}
*val = 0;
for (i = 0; i < len; i++)
{
*val <<= 8;
*val |= buf[(*offset)++];
}
end_int:
return res;
}
/**
* Read an boolean value for ASN.1 data
*/
int asn1_get_bool(const uint8_t *buf, int *offset, bool *val)
{
int res = X509_OK;
if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) != 1)
{
res = X509_NOT_OK;
goto end_bool;
}
/* DER demands that "If the encoding represents the boolean value TRUE,
its single contents octet shall have all eight bits set to one."
Thus only 0 and 255 are valid encoded values. */
*val = buf[(*offset)++] == 0xFF;
end_bool:
return res;
}
/**
* Convert an ASN.1 bit string into a 32 bit integer. Used for key usage
*/
int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val)
{
int res = X509_OK;
int len, i;
if ((len = asn1_next_obj(buf, offset, ASN1_BIT_STRING)) < 0 || len > 5)
{
res = X509_NOT_OK;
goto end_bit_string_as_int;
}
/* number of bits left unused in the final byte of content */
(*offset)++;
len--;
*val = 0;
/* not sure why key usage doesn't used proper DER spec version */
for (i = len-1; i >= 0; --i)
{
*val <<= 8;
*val |= buf[(*offset) + i];
}
*offset += len;
end_bit_string_as_int:
return res;
}
/** /**
* Get all the RSA private key specifics from an ASN.1 encoded file * Get all the RSA private key specifics from an ASN.1 encoded file
*/ */
@ -279,19 +187,19 @@ int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
/* Use the private key to mix up the RNG if possible. */ /* Use the private key to mix up the RNG if possible. */
RNG_custom_init(buf, len); RNG_custom_init(buf, len);
mod_len = asn1_get_big_int(buf, &offset, &modulus); mod_len = asn1_get_int(buf, &offset, &modulus);
pub_len = asn1_get_big_int(buf, &offset, &pub_exp); pub_len = asn1_get_int(buf, &offset, &pub_exp);
priv_len = asn1_get_big_int(buf, &offset, &priv_exp); priv_len = asn1_get_int(buf, &offset, &priv_exp);
if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0) if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
return X509_INVALID_PRIV_KEY; return X509_INVALID_PRIV_KEY;
#ifdef CONFIG_BIGINT_CRT #ifdef CONFIG_BIGINT_CRT
p_len = asn1_get_big_int(buf, &offset, &p); p_len = asn1_get_int(buf, &offset, &p);
q_len = asn1_get_big_int(buf, &offset, &q); q_len = asn1_get_int(buf, &offset, &q);
dP_len = asn1_get_big_int(buf, &offset, &dP); dP_len = asn1_get_int(buf, &offset, &dP);
dQ_len = asn1_get_big_int(buf, &offset, &dQ); dQ_len = asn1_get_int(buf, &offset, &dQ);
qInv_len = asn1_get_big_int(buf, &offset, &qInv); qInv_len = asn1_get_int(buf, &offset, &qInv);
if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0) if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
return X509_INVALID_PRIV_KEY; return X509_INVALID_PRIV_KEY;
@ -335,16 +243,13 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
memset(&tm, 0, sizeof(struct tm)); memset(&tm, 0, sizeof(struct tm));
tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0'); tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
if (tm.tm_year < 50) /* 1951-2050 thing */ if (tm.tm_year <= 50) /* 1951-2050 thing */
{ {
tm.tm_year += 100; tm.tm_year += 100;
} }
tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1; tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0'); tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
tm.tm_hour = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
tm.tm_min = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
tm.tm_sec = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
*t = mktime(&tm); *t = mktime(&tm);
*offset += len; *offset += len;
ret = X509_OK; ret = X509_OK;
@ -370,8 +275,7 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
else else
{ {
tm.tm_year = abs_year - 1900; tm.tm_year = abs_year - 1900;
tm.tm_mon = (buf[t_offset+4] - '0')*10 + tm.tm_mon = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0') - 1;
(buf[t_offset+5] - '0') - 1;
tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0'); tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0'); tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0'); tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
@ -387,12 +291,19 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
} }
/** /**
* Get the version type of a certificate * Get the version type of a certificate (which we don't actually care about)
*/ */
int asn1_version(const uint8_t *cert, int *offset, int *val) int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{ {
int ret = X509_NOT_OK;
(*offset) += 2; /* get past explicit tag */ (*offset) += 2; /* get past explicit tag */
return asn1_get_int(cert, offset, val); if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
goto end_version;
ret = X509_OK;
end_version:
return ret;
} }
/** /**
@ -542,8 +453,8 @@ int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0) if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
goto end_pub_key; goto end_pub_key;
mod_len = asn1_get_big_int(cert, offset, &modulus); mod_len = asn1_get_int(cert, offset, &modulus);
pub_len = asn1_get_big_int(cert, offset, &pub_exp); pub_len = asn1_get_int(cert, offset, &pub_exp);
RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len); RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
@ -663,7 +574,7 @@ int asn1_find_oid(const uint8_t* cert, int* offset,
return 0; return 0;
} }
int asn1_is_subject_alt_name(const uint8_t *cert, int offset) int asn1_find_subjectaltname(const uint8_t* cert, int offset)
{ {
if (asn1_find_oid(cert, &offset, sig_subject_alt_name, if (asn1_find_oid(cert, &offset, sig_subject_alt_name,
sizeof(sig_subject_alt_name))) sizeof(sig_subject_alt_name)))
@ -674,39 +585,6 @@ int asn1_is_subject_alt_name(const uint8_t *cert, int offset)
return 0; return 0;
} }
int asn1_is_basic_constraints(const uint8_t *cert, int offset)
{
if (asn1_find_oid(cert, &offset, sig_basic_constraints,
sizeof(sig_basic_constraints)))
{
return offset;
}
return 0;
}
int asn1_is_key_usage(const uint8_t *cert, int offset)
{
if (asn1_find_oid(cert, &offset, sig_key_usage,
sizeof(sig_key_usage)))
{
return offset;
}
return 0;
}
bool asn1_is_critical_ext(const uint8_t *buf, int *offset)
{
/* critical is optional */
bool res = false;
if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) == 1)
res = buf[(*offset)++] == 0xFF;
return res;
}
#endif /* CONFIG_SSL_CERT_VERIFICATION */ #endif /* CONFIG_SSL_CERT_VERIFICATION */
/** /**

71
ssl/cert.h
View file

@ -1,54 +1,43 @@
unsigned char default_certificate[] = { unsigned char default_certificate[] = {
0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xa5, 0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xab,
0x2a, 0xc8, 0x78, 0x87, 0xf2, 0xe7, 0xc5, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x08, 0x18, 0xa7, 0x03, 0x07, 0x27, 0xfd, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x32, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x32,
0x33, 0x30, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x36, 0x32, 0x32, 0x33, 0x33, 0x33, 0x39, 0x5a, 0x17, 0x0d, 0x32,
0x30, 0x30, 0x39, 0x30, 0x38, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a, 0x34, 0x30, 0x39, 0x30, 0x33, 0x32, 0x32, 0x33, 0x33, 0x33, 0x39, 0x5a,
0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x81, 0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81,
0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
0x81, 0x81, 0x00, 0xbd, 0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa, 0x81, 0x81, 0x00, 0xcd, 0xfd, 0x89, 0x48, 0xbe, 0x36, 0xb9, 0x95, 0x76,
0xb9, 0x3a, 0x1f, 0x8b, 0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0, 0xd4, 0x13, 0x30, 0x0e, 0xbf, 0xb2, 0xed, 0x67, 0x0a, 0xc0, 0x16, 0x3f,
0x11, 0x9a, 0x9c, 0xdc, 0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3, 0x51, 0x09, 0x9d, 0x29, 0x2f, 0xb2, 0x6d, 0x3f, 0x3e, 0x6c, 0x2f, 0x90,
0x05, 0x0e, 0x61, 0xc1, 0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a, 0x80, 0xa1, 0x71, 0xdf, 0xbe, 0x38, 0xc5, 0xcb, 0xa9, 0x9a, 0x40, 0x14,
0xff, 0x9b, 0xb8, 0x7a, 0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99, 0x90, 0x0a, 0xf9, 0xb7, 0x07, 0x0b, 0xe1, 0xda, 0xe7, 0x09, 0xbf, 0x0d,
0xa5, 0xa2, 0x99, 0x53, 0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01, 0x57, 0x41, 0x86, 0x60, 0xa1, 0xc1, 0x27, 0x91, 0x5b, 0x0a, 0x98, 0x46,
0xe7, 0xdf, 0xe9, 0xec, 0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0, 0x1b, 0xf6, 0xa2, 0x84, 0xf8, 0x65, 0xc7, 0xce, 0x2d, 0x96, 0x17, 0xaa,
0xc8, 0x6d, 0x41, 0x45, 0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28, 0x91, 0xf8, 0x61, 0x04, 0x50, 0x70, 0xeb, 0xb4, 0x43, 0xb7, 0xdc, 0x9a,
0xdf, 0x36, 0xe2, 0x73, 0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb, 0xcc, 0x31, 0x01, 0x14, 0xd4, 0xcd, 0xcc, 0xc2, 0x37, 0x6d, 0x69, 0x82,
0x0d, 0x9b, 0xef, 0xa8, 0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07, 0xd6, 0xc6, 0xc4, 0xbe, 0xf2, 0x34, 0xa5, 0xc9, 0xa6, 0x19, 0x53, 0x32,
0xa9, 0x86, 0x0d, 0x3f, 0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02, 0x7a, 0x86, 0x0e, 0x91, 0x82, 0x0f, 0xa1, 0x42, 0x54, 0xaa, 0x01, 0x02,
0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x40,
0x32, 0xe0, 0x3c, 0x6e, 0x21, 0xe6, 0xa6, 0xf4, 0xb8, 0x10, 0x9f, 0x8a, 0xb4, 0x94, 0x9a, 0xa8, 0x89, 0x72, 0x1d, 0x07, 0xe5, 0xb3, 0x6b, 0x88,
0xe6, 0x0b, 0x84, 0x4e, 0x2c, 0xe5, 0x14, 0xca, 0x56, 0x81, 0x3f, 0xc0, 0x21, 0xc2, 0x38, 0x36, 0x9e, 0x7a, 0x8c, 0x49, 0x48, 0x68, 0x0c, 0x06,
0x2c, 0xa3, 0x39, 0x89, 0x24, 0xce, 0xaf, 0x47, 0x2e, 0x19, 0x62, 0xb2, 0xe8, 0xdb, 0x1f, 0x4e, 0x05, 0xe6, 0x31, 0xe3, 0xfd, 0xe6, 0x0d, 0x6b,
0xe4, 0x76, 0x91, 0x25, 0xbc, 0xe1, 0xa8, 0xee, 0x6a, 0x68, 0x3a, 0x77, 0xd8, 0x13, 0x17, 0xe0, 0x2d, 0x0d, 0xb8, 0x7e, 0xcb, 0x20, 0x6c, 0xa8,
0xb9, 0xb2, 0x62, 0x97, 0x0c, 0x25, 0x3c, 0x5e, 0x13, 0x48, 0x87, 0x80, 0x73, 0xa7, 0xfd, 0xe3, 0xa7, 0xfa, 0xf3, 0x02, 0x60, 0x78, 0x1f, 0x13,
0xa3, 0x91, 0xd9, 0x2e, 0xe6, 0x92, 0x2b, 0x1c, 0x52, 0x24, 0xb1, 0x77, 0x40, 0x45, 0xee, 0x75, 0xf5, 0x10, 0xfd, 0x8f, 0x68, 0x74, 0xd4, 0xac,
0xc6, 0xf6, 0xde, 0xd8, 0x9b, 0xd9, 0x57, 0x37, 0x56, 0x68, 0x17, 0x32, 0xae, 0x04, 0x09, 0x55, 0x2c, 0xdb, 0xd8, 0x07, 0x07, 0x65, 0x69, 0x27,
0x66, 0x01, 0x08, 0x38, 0x08, 0x9a, 0xc1, 0x8c, 0x5e, 0x3f, 0xe7, 0xc9, 0x6e, 0xbf, 0x5e, 0x61, 0x40, 0x56, 0x8b, 0xd7, 0x33, 0x3b, 0xff, 0x6e,
0x44, 0xcb, 0x62, 0xb9, 0x48, 0xc7, 0x89, 0xa6, 0xff, 0x8e, 0x7d, 0x3d, 0x53, 0x7e, 0x9d, 0x3f, 0xc0, 0x40, 0x3a, 0xab, 0xa0, 0x50, 0x4e, 0x80,
0xe1, 0x46, 0x32, 0x9c, 0x13, 0x06, 0x9a, 0xd1, 0x17, 0xab, 0x3f, 0xa9, 0x47, 0x46, 0x0d, 0x1e, 0xdb, 0x4c, 0xf1, 0x1b, 0x5d, 0x3c, 0x2a, 0x54,
0x90, 0x04, 0x33, 0x2d, 0x3f, 0x81, 0x0a, 0xa5, 0x55, 0xce, 0xb6, 0x95, 0xa7, 0x4d, 0xfa, 0x7b, 0x72, 0x66, 0xc5
0x54, 0xad, 0xf1, 0x4f, 0xa2, 0xca, 0xc3, 0xf6, 0x25, 0x7b, 0x71, 0xd2,
0x68, 0x85, 0xe9, 0x72, 0xb6, 0x99, 0x34, 0x6d, 0xe5, 0x5f, 0xf6, 0x74,
0x1c, 0xb9, 0xa2, 0xda, 0x2b, 0x04, 0xff, 0x82, 0xc5, 0x09, 0x04, 0xc4,
0xba, 0xbc, 0x82, 0x3e, 0xb4, 0x72, 0x18, 0x8e, 0x30, 0x68, 0x48, 0x4a,
0x0d, 0xa7, 0x3d, 0xb5, 0xf4, 0x42, 0x3a, 0x97, 0x60, 0x7d, 0xa8, 0x61,
0x8a, 0x9e, 0x98, 0xc4, 0x7e, 0x65, 0x99, 0xea, 0x7e, 0xca, 0x75, 0xe7,
0xdb, 0x21, 0x5d, 0xce, 0x7c, 0x66, 0x3d, 0x7e, 0xdc, 0x14, 0xfe, 0x55,
0x04, 0x97, 0xa8, 0x64, 0x12, 0xb4, 0xb5, 0x30, 0x48, 0x72, 0xbc, 0xdb,
0xeb, 0x5b, 0x4f, 0xa6, 0xfb, 0x87, 0x01, 0x41, 0x91, 0xec, 0x98, 0x98,
0xf1, 0x4b, 0x38, 0xa2, 0x40, 0xf1, 0x05, 0x90, 0xbb, 0x9b, 0x5d, 0x96,
0xb1, 0x22, 0x6b, 0x50
}; };
unsigned int default_certificate_len = 604; unsigned int default_certificate_len = 475;

68
ssl/crypto_misc.h
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2017, Cameron Rich * Copyright (c) 2007-2015, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -39,7 +39,6 @@
extern "C" { extern "C" {
#endif #endif
#include <stdbool.h>
#include "crypto.h" #include "crypto.h"
#include "bigint.h" #include "bigint.h"
@ -57,33 +56,14 @@ extern "C" {
#define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8 #define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8
#define X509_INVALID_PRIV_KEY -9 #define X509_INVALID_PRIV_KEY -9
#define X509_MAX_CERTS -10 #define X509_MAX_CERTS -10
#define X509_VFY_ERROR_BASIC_CONSTRAINT -11
/* /*
* The Distinguished Name * The Distinguished Name
*/ */
#define X509_NUM_DN_TYPES 6 #define X509_NUM_DN_TYPES 3
#define X509_COMMON_NAME 0 #define X509_COMMON_NAME 0
#define X509_ORGANIZATION 1 #define X509_ORGANIZATION 1
#define X509_ORGANIZATIONAL_UNIT 2 #define X509_ORGANIZATIONAL_UNIT 2
#define X509_LOCATION 3
#define X509_COUNTRY 4
#define X509_STATE 5
/*
* Key Usage bits
*/
#define IS_SET_KEY_USAGE_FLAG(A, B) (A->key_usage & B)
#define KEY_USAGE_DIGITAL_SIGNATURE 0x0080
#define KEY_USAGE_NON_REPUDIATION 0x0040
#define KEY_USAGE_KEY_ENCIPHERMENT 0x0020
#define KEY_USAGE_DATA_ENCIPHERMENT 0x0010
#define KEY_USAGE_KEY_AGREEMENT 0x0008
#define KEY_USAGE_KEY_CERT_SIGN 0x0004
#define KEY_USAGE_CRL_SIGN 0x0002
#define KEY_USAGE_ENCIPHER_ONLY 0x0001
#define KEY_USAGE_DECIPHER_ONLY 0x8000
struct _x509_ctx struct _x509_ctx
{ {
@ -93,46 +73,35 @@ struct _x509_ctx
time_t not_before; time_t not_before;
time_t not_after; time_t not_after;
uint8_t *signature; uint8_t *signature;
RSA_CTX *rsa_ctx;
bigint *digest;
uint16_t sig_len; uint16_t sig_len;
uint8_t sig_type; uint8_t sig_type;
bool basic_constraint_present; RSA_CTX *rsa_ctx;
bool basic_constraint_is_critical; bigint *digest;
bool key_usage_present;
bool key_usage_is_critical;
bool subject_alt_name_present;
bool subject_alt_name_is_critical;
bool basic_constraint_cA;
int basic_constraint_pathLenConstraint;
uint32_t key_usage;
struct _x509_ctx *next; struct _x509_ctx *next;
}; };
typedef struct _x509_ctx X509_CTX; typedef struct _x509_ctx X509_CTX;
#ifdef CONFIG_SSL_CERT_VERIFICATION //#ifdef CONFIG_SSL_CERT_VERIFICATION
typedef struct typedef struct
{ {
X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS]; X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
} CA_CERT_CTX; } CA_CERT_CTX;
#endif //#endif
int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx); int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
void x509_free(X509_CTX *x509_ctx); void x509_free(X509_CTX *x509_ctx);
#ifdef CONFIG_SSL_CERT_VERIFICATION //#ifdef CONFIG_SSL_CERT_VERIFICATION
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
int *pathLenConstraint); //#endif
#endif //#ifdef CONFIG_SSL_FULL_MODE
#ifdef CONFIG_SSL_FULL_MODE
void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx); void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
const char * x509_display_error(int error); const char * x509_display_error(int error);
#endif //#endif
/************************************************************************** /**************************************************************************
* ASN1 declarations * ASN1 declarations
**************************************************************************/ **************************************************************************/
#define ASN1_BOOLEAN 0x01
#define ASN1_INTEGER 0x02 #define ASN1_INTEGER 0x02
#define ASN1_BIT_STRING 0x03 #define ASN1_BIT_STRING 0x03
#define ASN1_OCTET_STRING 0x04 #define ASN1_OCTET_STRING 0x04
@ -155,6 +124,7 @@ const char * x509_display_error(int error);
#define ASN1_EXPLICIT_TAG 0xa0 #define ASN1_EXPLICIT_TAG 0xa0
#define ASN1_V3_DATA 0xa3 #define ASN1_V3_DATA 0xa3
#define SIG_TYPE_MD2 0x02
#define SIG_TYPE_MD5 0x04 #define SIG_TYPE_MD5 0x04
#define SIG_TYPE_SHA1 0x05 #define SIG_TYPE_SHA1 0x05
#define SIG_TYPE_SHA256 0x0b #define SIG_TYPE_SHA256 0x0b
@ -165,21 +135,15 @@ uint32_t get_asn1_length(const uint8_t *buf, int *offset);
int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx); int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type); int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type); int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object); int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val); int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
int asn1_get_bool(const uint8_t *buf, int *offset, bool *val);
int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val);
int asn1_version(const uint8_t *cert, int *offset, int *val);
int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
int asn1_name(const uint8_t *cert, int *offset, char *dn[]); int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
#ifdef CONFIG_SSL_CERT_VERIFICATION #ifdef CONFIG_SSL_CERT_VERIFICATION
int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
int asn1_find_subjectaltname(const uint8_t* cert, int offset);
int asn1_compare_dn(char * const dn1[], char * const dn2[]); int asn1_compare_dn(char * const dn1[], char * const dn2[]);
int asn1_is_subject_alt_name(const uint8_t *cert, int offset);
int asn1_is_basic_constraints(const uint8_t *cert, int offset);
int asn1_is_key_usage(const uint8_t *cert, int offset);
bool asn1_is_critical_ext(const uint8_t *buf, int *offset);
#endif /* CONFIG_SSL_CERT_VERIFICATION */ #endif /* CONFIG_SSL_CERT_VERIFICATION */
int asn1_signature_type(const uint8_t *cert, int asn1_signature_type(const uint8_t *cert,
int *offset, X509_CTX *x509_ctx); int *offset, X509_CTX *x509_ctx);
@ -197,7 +161,7 @@ typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,
int get_file(const char *filename, uint8_t **buf); int get_file(const char *filename, uint8_t **buf);
#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG) #if defined(CONFIG_SSL_DIAGNOSTICS) || defined(WIN32) || defined(CONFIG_DEBUG)
EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...); EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
#else #else
#define print_blob(...) #define print_blob(...)

5
ssl/loader.c
View file

@ -44,6 +44,8 @@
#include "os_port.h" #include "os_port.h"
#include "ssl.h" #include "ssl.h"
#if CONFIG_SSL_ENABLE_SERVER
static int do_obj(SSL_CTX *ssl_ctx, int obj_type, static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
SSLObjLoader *ssl_obj, const char *password); SSLObjLoader *ssl_obj, const char *password);
#ifdef CONFIG_SSL_HAS_PEM #ifdef CONFIG_SSL_HAS_PEM
@ -468,6 +470,7 @@ int load_key_certs(SSL_CTX *ssl_ctx)
else if (!(options & SSL_NO_DEFAULT_KEY)) else if (!(options & SSL_NO_DEFAULT_KEY))
{ {
#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE) #if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
static const /* saves a few bytes and RAM */
#include "cert.h" #include "cert.h"
ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT,
default_certificate, default_certificate_len, NULL); default_certificate, default_certificate_len, NULL);
@ -486,3 +489,5 @@ error:
return ret; return ret;
} }
#endif

92
ssl/os_port.c
View file

@ -1,92 +0,0 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the axTLS project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file os_port.c
*
* OS specific functions.
*/
#include <time.h>
#include <stdlib.h>
#include <errno.h>
#include <stdarg.h>
#include "os_port.h"
#ifdef WIN32
/**
* gettimeofday() not in Win32
*/
EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
{
#if defined(_WIN32_WCE)
t->tv_sec = time(NULL);
t->tv_usec = 0; /* 1sec precision only */
#else
struct _timeb timebuffer;
_ftime(&timebuffer);
t->tv_sec = (long)timebuffer.time;
t->tv_usec = 1000 * timebuffer.millitm; /* 1ms precision */
#endif
}
/**
* strcasecmp() not in Win32
*/
EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
{
while (tolower(*s1) == tolower(*s2++))
{
if (*s1++ == '\0')
{
return 0;
}
}
return *(unsigned char *)s1 - *(unsigned char *)(s2 - 1);
}
EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
{
HKEY hKey;
unsigned long datatype;
unsigned long bufferlength = buf_size;
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
TEXT("SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters"),
0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS)
return -1;
RegQueryValueEx(hKey, "Domain", NULL, &datatype, buf, &bufferlength);
RegCloseKey(hKey);
return 0;
}
#endif

188
ssl/os_port.h
View file

@ -1,188 +0,0 @@
/*
* Copyright (c) 2007-2016, Cameron Rich
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the axTLS project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file os_port.h
*
* Some stuff to minimise the differences between windows and linux/unix
*/
#ifndef HEADER_OS_PORT_H
#define HEADER_OS_PORT_H
#ifdef __cplusplus
extern "C" {
#endif
#include "os_int.h"
#include "config.h"
#include <stdio.h>
#if defined(WIN32)
#define STDCALL __stdcall
#define EXP_FUNC __declspec(dllexport)
#else
#define STDCALL
#define EXP_FUNC
#endif
#if defined(_WIN32_WCE)
#undef WIN32
#define WIN32
#endif
#ifdef WIN32
/* Windows CE stuff */
#if defined(_WIN32_WCE)
#include <basetsd.h>
#define abort() exit(1)
#else
#include <io.h>
#include <process.h>
#include <sys/timeb.h>
#include <fcntl.h>
#endif /* _WIN32_WCE */
#include <winsock.h>
#include <direct.h>
#undef getpid
#undef open
#undef close
#undef sleep
#undef gettimeofday
#undef dup2
#undef unlink
#define SOCKET_READ(A,B,C) recv(A,B,C,0)
#define SOCKET_WRITE(A,B,C) send(A,B,C,0)
#define SOCKET_CLOSE(A) closesocket(A)
#define srandom(A) srand(A)
#define random() rand()
#define getpid() _getpid()
#define snprintf _snprintf
#define open(A,B) _open(A,B)
#define dup2(A,B) _dup2(A,B)
#define unlink(A) _unlink(A)
#define close(A) _close(A)
#define read(A,B,C) _read(A,B,C)
#define write(A,B,C) _write(A,B,C)
#define sleep(A) Sleep(A*1000)
#define usleep(A) Sleep(A/1000)
#define strdup(A) _strdup(A)
#define chroot(A) _chdir(A)
#define chdir(A) _chdir(A)
#define alloca(A) _alloca(A)
#ifndef lseek
#define lseek(A,B,C) _lseek(A,B,C)
#endif
/* This fix gets around a problem where a win32 application on a cygwin xterm
doesn't display regular output (until a certain buffer limit) - but it works
fine under a normal DOS window. This is a hack to get around the issue -
see http://www.khngai.com/emacs/tty.php */
#define TTY_FLUSH() if (!_isatty(_fileno(stdout))) fflush(stdout);
/*
* automatically build some library dependencies.
*/
#pragma comment(lib, "WS2_32.lib")
#pragma comment(lib, "AdvAPI32.lib")
typedef int socklen_t;
EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
#else /* Not Win32 */
#include <unistd.h>
#include <pwd.h>
#include <netdb.h>
#include <dirent.h>
#include <fcntl.h>
#include <errno.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <asm/byteorder.h>
#define SOCKET_READ(A,B,C) read(A,B,C)
#define SOCKET_WRITE(A,B,C) write(A,B,C)
#define SOCKET_CLOSE(A) if (A >= 0) close(A)
#define TTY_FLUSH()
#ifndef be64toh
#define be64toh(x) __be64_to_cpu(x)
#endif
#endif /* Not Win32 */
/* some functions to mutate the way these work */
EXP_FUNC int STDCALL ax_open(const char *pathname, int flags);
#ifdef CONFIG_PLATFORM_LINUX
void exit_now(const char *format, ...) __attribute((noreturn));
#else
void exit_now(const char *format, ...);
#endif
/* Mutexing definitions */
#if defined(CONFIG_SSL_CTX_MUTEXING)
#if defined(WIN32)
#define SSL_CTX_MUTEX_TYPE HANDLE
#define SSL_CTX_MUTEX_INIT(A) A=CreateMutex(0, FALSE, 0)
#define SSL_CTX_MUTEX_DESTROY(A) CloseHandle(A)
#define SSL_CTX_LOCK(A) WaitForSingleObject(A, INFINITE)
#define SSL_CTX_UNLOCK(A) ReleaseMutex(A)
#else
#include <pthread.h>
#define SSL_CTX_MUTEX_TYPE pthread_mutex_t
#define SSL_CTX_MUTEX_INIT(A) pthread_mutex_init(&A, NULL)
#define SSL_CTX_MUTEX_DESTROY(A) pthread_mutex_destroy(&A)
#define SSL_CTX_LOCK(A) pthread_mutex_lock(&A)
#define SSL_CTX_UNLOCK(A) pthread_mutex_unlock(&A)
#endif
#else /* no mutexing */
#define SSL_CTX_MUTEX_INIT(A)
#define SSL_CTX_MUTEX_DESTROY(A)
#define SSL_CTX_LOCK(A)
#define SSL_CTX_UNLOCK(A)
#endif
#ifdef __cplusplus
}
#endif
#endif

1
ssl/os_port.h Symbolic link
View file

@ -0,0 +1 @@
os_port_micropython.h

78
ssl/os_port_micropython.h Normal file
View file

@ -0,0 +1,78 @@
/*
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the axTLS project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file os_port.h
*
* Some stuff to minimise the differences between windows and linux/unix
*/
#ifndef HEADER_OS_PORT_H
#define HEADER_OS_PORT_H
#include "os_int.h"
#include <errno.h>
#include <sys/types.h>
#ifndef __ets__
#include <arpa/inet.h>
#endif
#include <sys/time.h>
#include "config.h"
ssize_t mp_stream_posix_write(void *sock_obj, const void *buf, size_t len);
ssize_t mp_stream_posix_read(void *sock_obj, void *buf, size_t len);
extern int mp_stream_errno;
#if 1
#define SOCKET_READ(A,B,C) mp_stream_posix_read((void*)A,B,C)
#define SOCKET_WRITE(A,B,C) mp_stream_posix_write((void*)A,B,C)
#define SOCKET_CLOSE(A) NOT_USED_IN_LIB_CODE
#define SOCKET_ERRNO() mp_stream_errno
#else
#define SOCKET_READ(A,B,C) read(A,B,C)
#define SOCKET_WRITE(A,B,C) write(A,B,C)
#define SOCKET_CLOSE(A) if (A >= 0) close(A)
#define SOCKET_ERRNO() errno
#endif
#define ax_calloc(x, y) calloc(x, y)
#define ax_open(x, y) open(x, y)
#ifndef be64toh
#define be64toh(x) __be64_to_cpu(x)
#endif
#define SSL_CTX_MUTEX_INIT(A)
#define SSL_CTX_MUTEX_DESTROY(A)
#define SSL_CTX_LOCK(A)
#define SSL_CTX_UNLOCK(A)
#define TTY_FLUSH()
#endif

8
ssl/p12.c
View file

@ -105,7 +105,7 @@ int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
} }
/* unencrypted key? */ /* unencrypted key? */
if (asn1_get_big_int(buf, &offset, &version) > 0 && *version == 0) if (asn1_get_int(buf, &offset, &version) > 0 && *version == 0)
{ {
ret = p8_add_key(ssl_ctx, buf); ret = p8_add_key(ssl_ctx, buf);
goto error; goto error;
@ -257,7 +257,7 @@ int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
goto error; goto error;
} }
if (asn1_get_big_int(buf, &offset, &version) < 0 || *version != 3) if (asn1_get_int(buf, &offset, &version) < 0 || *version != 3)
{ {
ret = SSL_ERROR_INVALID_VERSION; ret = SSL_ERROR_INVALID_VERSION;
goto error; goto error;
@ -409,7 +409,7 @@ int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
key, SHA1_SIZE, PKCS12_MAC_ID)) < 0) key, SHA1_SIZE, PKCS12_MAC_ID)) < 0)
goto error; goto error;
hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac); ssl_hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac);
if (memcmp(mac, orig_mac, SHA1_SIZE)) if (memcmp(mac, orig_mac, SHA1_SIZE))
{ {
@ -463,7 +463,7 @@ static int get_pbe_params(uint8_t *buf, int *offset,
*salt = &buf[*offset]; *salt = &buf[*offset];
*offset += len; *offset += len;
if ((len = asn1_get_big_int(buf, offset, &iter)) < 0) if ((len = asn1_get_int(buf, offset, &iter)) < 0)
goto error; goto error;
*iterations = 0; *iterations = 0;

102
ssl/private_key.h
View file

@ -1,54 +1,54 @@
unsigned char default_private_key[] = { unsigned char default_private_key[] = {
0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbd, 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xcd,
0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa, 0xb9, 0x3a, 0x1f, 0x8b, 0xfd, 0x89, 0x48, 0xbe, 0x36, 0xb9, 0x95, 0x76, 0xd4, 0x13, 0x30, 0x0e,
0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0, 0x11, 0x9a, 0x9c, 0xdc, 0xbf, 0xb2, 0xed, 0x67, 0x0a, 0xc0, 0x16, 0x3f, 0x51, 0x09, 0x9d, 0x29,
0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3, 0x05, 0x0e, 0x61, 0xc1, 0x2f, 0xb2, 0x6d, 0x3f, 0x3e, 0x6c, 0x2f, 0x90, 0x80, 0xa1, 0x71, 0xdf,
0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a, 0xff, 0x9b, 0xb8, 0x7a, 0xbe, 0x38, 0xc5, 0xcb, 0xa9, 0x9a, 0x40, 0x14, 0x90, 0x0a, 0xf9, 0xb7,
0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99, 0xa5, 0xa2, 0x99, 0x53, 0x07, 0x0b, 0xe1, 0xda, 0xe7, 0x09, 0xbf, 0x0d, 0x57, 0x41, 0x86, 0x60,
0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01, 0xe7, 0xdf, 0xe9, 0xec, 0xa1, 0xc1, 0x27, 0x91, 0x5b, 0x0a, 0x98, 0x46, 0x1b, 0xf6, 0xa2, 0x84,
0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0, 0xc8, 0x6d, 0x41, 0x45, 0xf8, 0x65, 0xc7, 0xce, 0x2d, 0x96, 0x17, 0xaa, 0x91, 0xf8, 0x61, 0x04,
0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28, 0xdf, 0x36, 0xe2, 0x73, 0x50, 0x70, 0xeb, 0xb4, 0x43, 0xb7, 0xdc, 0x9a, 0xcc, 0x31, 0x01, 0x14,
0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb, 0x0d, 0x9b, 0xef, 0xa8, 0xd4, 0xcd, 0xcc, 0xc2, 0x37, 0x6d, 0x69, 0x82, 0xd6, 0xc6, 0xc4, 0xbe,
0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07, 0xa9, 0x86, 0x0d, 0x3f, 0xf2, 0x34, 0xa5, 0xc9, 0xa6, 0x19, 0x53, 0x32, 0x7a, 0x86, 0x0e, 0x91,
0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x82, 0x0f, 0xa1, 0x42, 0x54, 0xaa, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01,
0x02, 0x81, 0x80, 0x26, 0x3f, 0xec, 0x96, 0xab, 0xd4, 0x1f, 0x89, 0x0e, 0x02, 0x81, 0x81, 0x00, 0x95, 0xaa, 0x6e, 0x11, 0xf5, 0x6a, 0x8b, 0xa2,
0x9d, 0x38, 0xd8, 0x27, 0x05, 0xe5, 0xb6, 0x14, 0x08, 0xd7, 0xff, 0x69, 0xc6, 0x48, 0xc6, 0x7c, 0x37, 0x6b, 0x1f, 0x55, 0x10, 0x76, 0x26, 0x24,
0x78, 0x16, 0x4a, 0xc4, 0x06, 0x16, 0x55, 0xb7, 0x3a, 0x55, 0x9f, 0xbe, 0xc3, 0xf2, 0x5c, 0x5a, 0xdd, 0x2e, 0xf3, 0xa4, 0x1e, 0xbc, 0x7b, 0x1c,
0x86, 0xf8, 0x58, 0xe8, 0xc5, 0x46, 0xa8, 0xf0, 0xed, 0xda, 0xd6, 0xbf, 0x80, 0x10, 0x85, 0xbc, 0xd8, 0x45, 0x3c, 0xb8, 0xb2, 0x06, 0x53, 0xb5,
0x88, 0x55, 0x2d, 0xe6, 0x72, 0x29, 0x2c, 0x64, 0xc9, 0x5d, 0x1d, 0x9b, 0xd5, 0x7a, 0xe7, 0x0e, 0x92, 0xe6, 0x42, 0xc2, 0xe2, 0x2a, 0xd5, 0xd1,
0x24, 0x3a, 0x98, 0x40, 0xa1, 0xd2, 0xaf, 0x5c, 0xab, 0x23, 0xe4, 0x33, 0x03, 0x9f, 0x6f, 0x53, 0x74, 0x68, 0x72, 0x8e, 0xbf, 0x03, 0xbb, 0xab,
0xd0, 0xea, 0x60, 0x52, 0xe7, 0x7a, 0x9e, 0x73, 0x5f, 0x2e, 0x80, 0xd1, 0xbd, 0xa1, 0xf9, 0x81, 0x7d, 0x12, 0xd4, 0x9d, 0xb6, 0xae, 0x4c, 0xad,
0xdc, 0x6f, 0x47, 0x0f, 0x97, 0x80, 0x36, 0xd2, 0x30, 0x07, 0xdd, 0xd6, 0xca, 0xa8, 0xc9, 0x80, 0x8d, 0x0d, 0xd5, 0xd0, 0xa1, 0xbf, 0xec, 0x60,
0xd7, 0x15, 0x89, 0x2b, 0x74, 0xd5, 0x7e, 0x8a, 0xbc, 0x63, 0x42, 0x0a, 0x48, 0x49, 0xed, 0x97, 0x0f, 0x5e, 0xed, 0xfc, 0x39, 0x15, 0x96, 0x9e,
0xf2, 0x31, 0x29, 0xbf, 0xf9, 0xf9, 0xf0, 0x88, 0x8f, 0x8a, 0xc2, 0x22, 0x5d, 0xe2, 0xb4, 0x5d, 0x2e, 0x04, 0xdc, 0x08, 0xa2, 0x65, 0x29, 0x2d,
0x6e, 0x15, 0x26, 0xb7, 0x5e, 0x5b, 0x58, 0x44, 0x1c, 0x3b, 0x79, 0x02, 0x37, 0xfb, 0x62, 0x90, 0x1b, 0x7b, 0xe5, 0x3a, 0x58, 0x05, 0x55, 0xc1,
0x41, 0x00, 0xe1, 0xf1, 0xb2, 0xe5, 0xc8, 0x80, 0x93, 0x40, 0x50, 0x74, 0x02, 0x41, 0x00, 0xfc, 0x69, 0x28, 0xc9, 0xa8, 0xc4, 0x5c, 0xe3, 0xd0,
0x14, 0xdd, 0xb2, 0xf2, 0x27, 0x5c, 0x0c, 0x3d, 0xc0, 0x5f, 0xee, 0x9c, 0x5e, 0xaa, 0xda, 0xde, 0x87, 0x74, 0xdb, 0xcb, 0x40, 0x78, 0x8e, 0x1d,
0x45, 0x6c, 0x13, 0x00, 0xdf, 0xd0, 0xd9, 0x83, 0xfa, 0x90, 0x2c, 0x84, 0x12, 0x96, 0x16, 0x61, 0x3f, 0xb3, 0x3e, 0xa3, 0x0d, 0xdc, 0x49, 0xa5,
0xf2, 0xaa, 0xc2, 0xdd, 0xfb, 0xcf, 0x03, 0x41, 0x88, 0x10, 0xc6, 0xbb, 0x25, 0x87, 0xc5, 0x97, 0x85, 0x9d, 0xbb, 0xb4, 0xf0, 0x44, 0xfd, 0x6c,
0x5e, 0xb7, 0xb6, 0x2e, 0xa6, 0x1d, 0xaa, 0xba, 0xfb, 0x4a, 0x72, 0xd8, 0xe8, 0xd2, 0x8c, 0xec, 0x33, 0x81, 0x46, 0x1e, 0x10, 0x12, 0x33, 0x16,
0x9a, 0xad, 0x88, 0x0d, 0x6a, 0x15, 0x02, 0x41, 0x00, 0xd6, 0x36, 0x23, 0x95, 0x00, 0x4f, 0x75, 0xb4, 0xe5, 0x79, 0x02, 0x41, 0x00, 0xd0, 0xeb,
0xf3, 0x5d, 0x77, 0xc8, 0xd3, 0x49, 0xc1, 0x93, 0xfe, 0xca, 0x0d, 0xeb, 0x65, 0x07, 0x10, 0x3b, 0xd9, 0x03, 0xeb, 0xdc, 0x6f, 0x4b, 0x8f, 0xc3,
0x9b, 0xda, 0xbd, 0x47, 0x28, 0x73, 0x97, 0xa0, 0x50, 0xd7, 0x4c, 0x24, 0x87, 0xce, 0x76, 0xd6, 0xc5, 0x14, 0x21, 0x4e, 0xe7, 0x4f, 0x1b, 0xe8,
0xdf, 0x9b, 0x0b, 0x37, 0xae, 0xc3, 0x31, 0xb5, 0x4f, 0x62, 0x08, 0xca, 0x05, 0xf8, 0x84, 0x1a, 0xe0, 0xc5, 0xd6, 0xe3, 0x08, 0xb3, 0x54, 0x57,
0xe5, 0xef, 0x97, 0x7b, 0x43, 0xa0, 0xda, 0x2b, 0x1f, 0xbf, 0xa8, 0x08, 0x02, 0x1f, 0xd4, 0xd9, 0xfb, 0xff, 0x40, 0xb1, 0x56, 0x1c, 0x60, 0xf7,
0x93, 0xd2, 0x16, 0x1c, 0x89, 0x99, 0xf1, 0xdf, 0x26, 0xd1, 0x42, 0x99, 0xac, 0x91, 0xf3, 0xd3, 0xc6, 0x7f, 0x84, 0xfd, 0x84, 0x9d, 0xea, 0x26,
0x93, 0x02, 0x41, 0x00, 0xb1, 0x41, 0xe4, 0x7e, 0xdf, 0x20, 0xf7, 0xe4, 0xee, 0xc9, 0x02, 0x41, 0x00, 0xa6, 0xcf, 0x1c, 0x6c, 0x81, 0x03, 0x1c,
0xf1, 0xf9, 0x4f, 0xd1, 0x6a, 0x2d, 0x0d, 0xf1, 0xe9, 0xec, 0x9c, 0x3a, 0x5c, 0x56, 0x05, 0x6a, 0x26, 0x70, 0xef, 0xd6, 0x13, 0xb7, 0x74, 0x28,
0xe6, 0xc0, 0x94, 0xba, 0x27, 0xe2, 0x7c, 0xb4, 0xa5, 0xa1, 0x23, 0xf6, 0xf7, 0xca, 0x50, 0xd1, 0x2d, 0x83, 0x21, 0x64, 0xe4, 0xdd, 0x3f, 0x38,
0xed, 0xe6, 0x53, 0x56, 0xe2, 0x50, 0x32, 0xd8, 0x02, 0x8e, 0xeb, 0xc7, 0xb8, 0xd6, 0xd2, 0x41, 0xb3, 0x1c, 0x9a, 0xea, 0x0d, 0xf5, 0xda, 0xdf,
0x75, 0x91, 0xd3, 0xca, 0x3e, 0xd4, 0x34, 0x20, 0x7c, 0x2b, 0xfb, 0x2f, 0xcd, 0x17, 0x9f, 0x9a, 0x1e, 0x15, 0xaf, 0x48, 0x1c, 0xbd, 0x9b, 0x63,
0x3a, 0x10, 0x72, 0xb1, 0x07, 0x56, 0xb6, 0xcd, 0x02, 0x40, 0x1e, 0x3b, 0x5b, 0xad, 0xed, 0xd4, 0xa1, 0xae, 0xa9, 0x59, 0x09, 0x02, 0x40, 0x4e,
0xf2, 0x03, 0x0d, 0x74, 0x34, 0xb2, 0x2d, 0xbc, 0xd6, 0xc8, 0xa5, 0x78, 0x08, 0xce, 0xa8, 0x8f, 0xc0, 0xba, 0xf3, 0x83, 0x02, 0xc8, 0x33, 0x62,
0x25, 0x83, 0x0f, 0xf2, 0x9b, 0x32, 0x88, 0x6e, 0x24, 0x40, 0x84, 0xc2, 0x14, 0x77, 0xc2, 0x7f, 0x93, 0x02, 0xf3, 0xdc, 0xe9, 0x1a, 0xee, 0xea,
0xc8, 0x89, 0x8e, 0xf6, 0x9c, 0x5b, 0x5c, 0x4d, 0x8d, 0xcb, 0xb0, 0x88, 0x8e, 0x84, 0xc4, 0x69, 0x9b, 0x9c, 0x7f, 0x69, 0x1f, 0x4e, 0x1d, 0xa5,
0x91, 0x2a, 0xb7, 0x10, 0x68, 0x63, 0x79, 0x36, 0x91, 0xd3, 0x9f, 0x57, 0x90, 0x06, 0x44, 0x1b, 0x7d, 0xfc, 0x69, 0x40, 0x21, 0xbc, 0xf7, 0x46,
0x76, 0x2e, 0x76, 0xfe, 0x8b, 0xf4, 0x97, 0xf7, 0xdd, 0x89, 0x3b, 0x0b, 0xa4, 0xdc, 0x39, 0x7b, 0xe8, 0x8b, 0x49, 0x10, 0x44, 0x9d, 0x67, 0x5a,
0xed, 0x65, 0x02, 0x41, 0x00, 0xb9, 0xaf, 0xbf, 0x09, 0xc9, 0x90, 0x26, 0x91, 0x86, 0x39, 0x02, 0x40, 0x41, 0x2c, 0x4e, 0xfe, 0xd9, 0x90, 0x89,
0xf3, 0x72, 0x8b, 0xbf, 0xb3, 0x7c, 0xe7, 0x6f, 0x6f, 0x5b, 0xa3, 0x95, 0x00, 0x5c, 0x94, 0x0a, 0x4a, 0x7e, 0x1b, 0x1a, 0x80, 0x06, 0x01, 0x37,
0xb8, 0x9e, 0x03, 0xb9, 0xcf, 0xa0, 0x53, 0xba, 0x32, 0xc1, 0xd3, 0xad, 0xda, 0x50, 0x61, 0x9d, 0x9c, 0xfe, 0x25, 0x7f, 0xd8, 0xd4, 0xc4, 0x9e,
0x85, 0xbb, 0x79, 0x48, 0x09, 0xd6, 0x3f, 0x9c, 0xd9, 0x37, 0x91, 0x11, 0x81, 0xf2, 0x0c, 0x1e, 0x38, 0x21, 0x1e, 0x90, 0x3f, 0xd4, 0xba, 0x6c,
0x0d, 0x04, 0xd5, 0x3b, 0xca, 0x74, 0x5d, 0x1c, 0x91, 0x8d, 0x3d, 0xf1, 0x53, 0xcb, 0xf0, 0x77, 0x79, 0x9b, 0xf1, 0xfa, 0x3f, 0x81, 0xdc, 0xf3,
0xf8, 0xf9, 0xbe, 0x35, 0xd7, 0xb2, 0x53, 0x50, 0x1d 0x21, 0x02, 0x6d, 0xb7, 0x95, 0xc3, 0x2e, 0xce, 0xd5
}; };
unsigned int default_private_key_len = 609; unsigned int default_private_key_len = 609;

61
ssl/ssl.h
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2016, Cameron Rich * Copyright (c) 2007, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -90,16 +90,13 @@ extern "C" {
#define SSL_ERROR_DEAD -2 #define SSL_ERROR_DEAD -2
#define SSL_CLOSE_NOTIFY -3 #define SSL_CLOSE_NOTIFY -3
#define SSL_ERROR_CONN_LOST -256 #define SSL_ERROR_CONN_LOST -256
#define SSL_ERROR_RECORD_OVERFLOW -257
#define SSL_ERROR_SOCK_SETUP_FAILURE -258 #define SSL_ERROR_SOCK_SETUP_FAILURE -258
#define SSL_ERROR_INVALID_HANDSHAKE -260 #define SSL_ERROR_INVALID_HANDSHAKE -260
#define SSL_ERROR_INVALID_PROT_MSG -261 #define SSL_ERROR_INVALID_PROT_MSG -261
#define SSL_ERROR_INVALID_HMAC -262 #define SSL_ERROR_INVALID_HMAC -262
#define SSL_ERROR_INVALID_VERSION -263 #define SSL_ERROR_INVALID_VERSION -263
#define SSL_ERROR_UNSUPPORTED_EXTENSION -264
#define SSL_ERROR_INVALID_SESSION -265 #define SSL_ERROR_INVALID_SESSION -265
#define SSL_ERROR_NO_CIPHER -266 #define SSL_ERROR_NO_CIPHER -266
#define SSL_ERROR_INVALID_CERT_HASH_ALG -267
#define SSL_ERROR_BAD_CERTIFICATE -268 #define SSL_ERROR_BAD_CERTIFICATE -268
#define SSL_ERROR_INVALID_KEY -269 #define SSL_ERROR_INVALID_KEY -269
#define SSL_ERROR_FINISHED_INVALID -271 #define SSL_ERROR_FINISHED_INVALID -271
@ -117,25 +114,19 @@ extern "C" {
#define SSL_ALERT_CLOSE_NOTIFY 0 #define SSL_ALERT_CLOSE_NOTIFY 0
#define SSL_ALERT_UNEXPECTED_MESSAGE 10 #define SSL_ALERT_UNEXPECTED_MESSAGE 10
#define SSL_ALERT_BAD_RECORD_MAC 20 #define SSL_ALERT_BAD_RECORD_MAC 20
#define SSL_ALERT_RECORD_OVERFLOW 22
#define SSL_ALERT_HANDSHAKE_FAILURE 40 #define SSL_ALERT_HANDSHAKE_FAILURE 40
#define SSL_ALERT_BAD_CERTIFICATE 42 #define SSL_ALERT_BAD_CERTIFICATE 42
#define SSL_ALERT_UNSUPPORTED_CERTIFICATE 43
#define SSL_ALERT_CERTIFICATE_EXPIRED 45
#define SSL_ALERT_CERTIFICATE_UNKNOWN 46
#define SSL_ALERT_ILLEGAL_PARAMETER 47 #define SSL_ALERT_ILLEGAL_PARAMETER 47
#define SSL_ALERT_UNKNOWN_CA 48
#define SSL_ALERT_DECODE_ERROR 50 #define SSL_ALERT_DECODE_ERROR 50
#define SSL_ALERT_DECRYPT_ERROR 51 #define SSL_ALERT_DECRYPT_ERROR 51
#define SSL_ALERT_INVALID_VERSION 70 #define SSL_ALERT_INVALID_VERSION 70
#define SSL_ALERT_NO_RENEGOTIATION 100 #define SSL_ALERT_NO_RENEGOTIATION 100
#define SSL_ALERT_UNSUPPORTED_EXTENSION 110
/* The ciphers that are supported */ /* The ciphers that are supported */
#define SSL_AES128_SHA 0x2f #define SSL_AES128_SHA 0x2f
#define SSL_AES256_SHA 0x35 #define SSL_AES256_SHA 0x35
#define SSL_AES128_SHA256 0x3c #define SSL_RC4_128_SHA 0x05
#define SSL_AES256_SHA256 0x3d #define SSL_RC4_128_MD5 0x04
/* build mode ids' */ /* build mode ids' */
#define SSL_BUILD_SKELETON_MODE 0x01 #define SSL_BUILD_SKELETON_MODE 0x01
@ -158,15 +149,9 @@ extern "C" {
#define SSL_X509_CERT_COMMON_NAME 0 #define SSL_X509_CERT_COMMON_NAME 0
#define SSL_X509_CERT_ORGANIZATION 1 #define SSL_X509_CERT_ORGANIZATION 1
#define SSL_X509_CERT_ORGANIZATIONAL_NAME 2 #define SSL_X509_CERT_ORGANIZATIONAL_NAME 2
#define SSL_X509_CERT_LOCATION 3 #define SSL_X509_CA_CERT_COMMON_NAME 3
#define SSL_X509_CERT_COUNTRY 4 #define SSL_X509_CA_CERT_ORGANIZATION 4
#define SSL_X509_CERT_STATE 5 #define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME 5
#define SSL_X509_CA_CERT_COMMON_NAME 6
#define SSL_X509_CA_CERT_ORGANIZATION 7
#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME 8
#define SSL_X509_CA_CERT_LOCATION 9
#define SSL_X509_CA_CERT_COUNTRY 10
#define SSL_X509_CA_CERT_STATE 11
/* SSL object loader types */ /* SSL object loader types */
#define SSL_OBJ_X509_CERT 1 #define SSL_OBJ_X509_CERT 1
@ -230,22 +215,6 @@ EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
*/ */
EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx); EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
/**
* @brief Allocates new SSL extensions structure and returns pointer to it
*
* @return ssl_ext Pointer to SSL_EXTENSIONS structure
*
*/
EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new(void);
/**
* @brief Frees SSL extensions structure
*
* @param ssl_ext [in] Pointer to SSL_EXTENSION structure
*
*/
EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext);
/** /**
* @brief (server only) Establish a new SSL connection to an SSL client. * @brief (server only) Establish a new SSL connection to an SSL client.
* *
@ -255,7 +224,7 @@ EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext);
* @param client_fd [in] The client's file descriptor. * @param client_fd [in] The client's file descriptor.
* @return An SSL object reference. * @return An SSL object reference.
*/ */
EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd); EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, long client_fd);
/** /**
* @brief (client only) Establish a new SSL connection to an SSL server. * @brief (client only) Establish a new SSL connection to an SSL server.
@ -272,12 +241,10 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
* can be null if no session resumption is being used or required. This option * can be null if no session resumption is being used or required. This option
* is not used in skeleton mode. * is not used in skeleton mode.
* @param sess_id_size The size of the session id (max 32) * @param sess_id_size The size of the session id (max 32)
* @param ssl_ext pointer to a structure with the activated SSL extensions
* and their values
* @return An SSL object reference. Use ssl_handshake_status() to check * @return An SSL object reference. Use ssl_handshake_status() to check
* if a handshake succeeded. * if a handshake succeeded.
*/ */
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext); EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, long client_fd, const uint8_t *session_id, uint8_t sess_id_size);
/** /**
* @brief Free any used resources on this connection. * @brief Free any used resources on this connection.
@ -328,7 +295,7 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
* @return A reference to the SSL object. Returns null if the object could not * @return A reference to the SSL object. Returns null if the object could not
* be found. * be found.
*/ */
EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd); EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, long client_fd);
/** /**
* @brief Get the session id for a handshake. * @brief Get the session id for a handshake.
@ -356,8 +323,8 @@ EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
* @return The cipher id. This will be one of the following: * @return The cipher id. This will be one of the following:
* - SSL_AES128_SHA (0x2f) * - SSL_AES128_SHA (0x2f)
* - SSL_AES256_SHA (0x35) * - SSL_AES256_SHA (0x35)
* - SSL_AES128_SHA256 (0x3c) * - SSL_RC4_128_SHA (0x05)
* - SSL_AES256_SHA256 (0x3d) * - SSL_RC4_128_MD5 (0x04)
*/ */
EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl); EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
@ -418,15 +385,9 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
* - SSL_X509_CERT_COMMON_NAME * - SSL_X509_CERT_COMMON_NAME
* - SSL_X509_CERT_ORGANIZATION * - SSL_X509_CERT_ORGANIZATION
* - SSL_X509_CERT_ORGANIZATIONAL_NAME * - SSL_X509_CERT_ORGANIZATIONAL_NAME
* - SSL_X509_CERT_LOCATION
* - SSL_X509_CERT_COUNTRY
* - SSL_X509_CERT_STATE
* - SSL_X509_CA_CERT_COMMON_NAME * - SSL_X509_CA_CERT_COMMON_NAME
* - SSL_X509_CA_CERT_ORGANIZATION * - SSL_X509_CA_CERT_ORGANIZATION
* - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
* - SSL_X509_CA_CERT_LOCATION
* - SSL_X509_CA_CERT_COUNTRY
* - SSL_X509_CA_CERT_STATE
* @return The appropriate string (or null if not defined) * @return The appropriate string (or null if not defined)
* @note Verification build mode must be enabled. * @note Verification build mode must be enabled.
*/ */

38
ssl/test/axTLS.ca_key.pem
View file

@ -1,27 +1,15 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAsSMwkpYHlwIsi1oxllJLjAPjjycx9t6Q3BOzXBSoZHc1wA+r MIICXQIBAAKBgQCfxX6VHEhZNsMIqPPxt53h1UpfX1jU7ctqwBR4dpWRj3H6cCBN
QVuKHarpe8tYOKlNP8b79ejbCv/1U3NlVkMJJtLZUPtDwTEwUZNEG17ixS438mGI EK8xj7IVcBTJq6vcMRDwrAUrElSIZl8Kv6+ZqhTss2j+E2tfzkzehP9LcAdAR+UM
1AbHXvwhPaoT24UymEOcbJxAZuClDfzKpN7Cl6OzN7Ox44gHmBCBSnUhRAnJYxD6 JPBsYXic/+vmH5JCMO7CXLUsDJmO2q2Z1TjTtchu2DgAueTo0hWRtMvbMwIDAQAB
x8wBLw8HdH0bMdoc2+H4KyW31uMGva7C9YlUCPVQGPJsTP1DLRskqy+zO1NERUTO AoGARYOF+ZZenAJJhSENUiPTm4hTXX98hNgZYw7DWU4u8S/6JT5Xr3AM6YFduBoV
XytHeYLlh/X/o+NYVvUf7WKu6qC3I4HK+OZ5OW3E+EaE73oYRmUVDaVavL7bRKEf 0VDR63GlrzEI5p6JDPeNbn3MBl14ZNZVOOkzenxsCsymCHKhickxR8VlRoN26Xpb
2NSbzowU+VsFEnyXIF7YnRFp0D1yrMzaC49bDQIDAQABAoIBAQCwOrNLUunwKaCJ OcMxsnEOJ8zh0F97Re8bsE7OQhk4Z7KtArby2jY1bpSqkRECQQDQ0D9lIq0oINaS
b00gIXW5sfDGbhc+ZUU3Pn5V4NN7SEJ4dt5JYrnxNCWgHLkDfiQ1jFEF4QlzUx0O Uezmj/eSlmRjUwF+Vx8t16Yu8mD8CJZUVBEhDn/Xo2GWlkFgbWUoAPanr8zAwKJX
TiMGhCDpuCGueJx66uYIcnvywx7XT1kn0jNfxfK6JBsqDzg8ULL6W2GXiIhmEZ8E 6gImgMVPAkEAw+AxIgMqxs0GmsiesQMPe3Rf5kRId7ApFdhCq15J4URGOTdnyIUj
YHh3OIvec2WMyED1flMXzWvj2M4ksfMgZH290T9BSxzlEj9X7dZu55K4sFtu0XNi LBzJpGSiQFb/Fkt5dGrsDzawFd7hlBCa3QJAcWJCqiX0JDAAkx8NJfzSj7Q9+njd
7uJDB0vF8KfW5gLpwj6pd7i32Cm/Pgpl+7lcqMNpDHo0U2dMyWeH1EmWinS4rHxd /L5N3dSVFjTiWLhI+K1VR7/ZxzueB+i6wyNjpB8xz8fzxE5VWKtmU4XknQJBAKW+
mGDm0N0qK4BOYAJdasq7HwRjzDZkAPuNqcH0gOzSq3aYCI2tP2E6IvprM/vbqA4I K/UK1wR3cnJA9j70RwKA27D98JAOaQWKBAf79en+mqlJn7EGL1fhWCKZ4M0ukBSu
ooo+GDJhAoGBAORiphxweuGBRTpSqoi9qEICM2WMC2NZW8bpFyWn79CuALGzvvc+ cqw22V6aOO+YtCpUzqUCQQCapy9lw3tDuCAljW8H3p9ce/+wuK1FTnF0TCalgHQp
Buw8W3LVElByUyTVWBnBQQ1iXZGe9f1x2P9q8R1Bdl0rpePg3J9ff9674VRLrcov kn4btRLmj0josAj4lRrzi2uaYfwq39h9OIuy7ES7YKcv
M85/NUHkj1fJ+2CkCx7KG5BFm3GaAb74e+7MceEW/eErMmCqtNgkR2Z5AoGBAMaO
O9SnVNd4wgnJAjVgN4fqaXWNzZz6NYWtnFVIcTTO7vU1P9t5NjgcsdF9+SnLA/jV
Ylo5Pl0fLPKg5QtIvlooZjXB8hgKVjrVGRLFt9TN0tJMeJ//11Bo88MNMOf0OQPg
i2OMWI3w/oRFJthmpeYWOgXNlLOcoSW1LsnWR0Q1AoGBALAXi+KTq3tiM+FzSb/j
E+/JSJ28bC9u/7+Pi2RiZxrsfuaFI/H4ZlgRdaVFujhC3e6hfKtnAWRzepfEDAEd
neXaLAyVo9DUzbS1dQaBGNPA400eiOJCoNxP4t1qgEd9GhB6i4Ry6uvDb8YYq832
Q4BtLEUUeC38I3y7QnMBDfhpAoGAZ13InA54xqvhKELy2WK7xhAs0rv93MkNcAhP
qL5L4RgRoqoUEmfp6BBYKh2Qx0cfTD2aNCo04znFppJIazV1k24Qt8+9/vHyrjIe
GX3BFBIKvNx+t5zzNLNOo66MVVT5EaGmLy7zMwHRHn75mBLoLv5HOpop3c+evQiz
0POyqjkCgYA2+ql0jS7Qbk7EPyFXftQhHcD/Ld8TKjonShkASoudSEHKwuQGBuit
ftPsg/E5YfhlRpQB6p00kXb4vZsdpFV38eXkyLuLwg0kbpaLedahIujIENNvWP1w
89T/ueiafWPqvwu3M7sAkkd/ReAQ0LcPwrsBHlOk0uujq+WV+b+Xfw==
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.ca_x509.cer
View file

Binary file not shown.

28
ssl/test/axTLS.ca_x509.pem
View file

@ -1,19 +1,13 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV MIIB3zCCAUgCCQD76Ccq3Co3qjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg MjYyMjMzMzdaFw0yNDA5MDMyMjMzMzdaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc A4GNADCBiQKBgQCfxX6VHEhZNsMIqPPxt53h1UpfX1jU7ctqwBR4dpWRj3H6cCBN
FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb EK8xj7IVcBTJq6vcMRDwrAUrElSIZl8Kv6+ZqhTss2j+E2tfzkzehP9LcAdAR+UM
XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK JPBsYXic/+vmH5JCMO7CXLUsDJmO2q2Z1TjTtchu2DgAueTo0hWRtMvbMwIDAQAB
dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr MA0GCSqGSIb3DQEBBQUAA4GBABoJU0aQMTocVLNbcY4tbfqLck2oAn/OVjG0p/8p
L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN GIJzlVKOtZ76ZkqHIbcXNKNlgjXy+4S3R+6+mkYcn0JVbVg7eN0tsDlMB04YyFaD
pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G 95D47KEzmDky4Yj2nqI4SmvVTf2lyYxV1zknrFUXND+WvjGxge3gpJxtMoTGE5E0
A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB Jc3F
AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
b5kxOvfGlM4E6v+lMSw/HDrI
-----END CERTIFICATE----- -----END CERTIFICATE-----

19
ssl/test/axTLS.ca_x509_sha256.pem
View file

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDDjCCAfagAwIBAgIJAJRCXZlKhZeHMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IB
AQAm3qU+APMkgTRCWhw0m4+06gc2iGaf7l+3i/Kg6EvDB9js4cI1sqzRpSdqdjTZ
BwVlIURlB6BnEMCB3hP69IF/oSnqrnIxx2KIeVJt4CCwW1mXKsBwxNMXwHYD3A02
08eFTRkP0ofn+YBRfUYFkDFebqba4V3NBZtBW497YtQk/ssKAL1xaI0V26M4E/VH
jkJtk99mcMjfuD8HPoqjTeVBGtY2h0A3j2LQPmOJNdSxv30SJuVjvpG7vejQripq
9MW0kPMBIRKhBpUBLIthLLxm/2VBe0IHU34kpe60YpQdJqebbldtOG1Uxe4F2JpN
LfUXs2/UCNpEHS60Xl8UDJXA
-----END CERTIFICATE-----

BIN
ssl/test/axTLS.device_key Normal file
View file

Binary file not shown.

15
ssl/test/axTLS.device_key.pem Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDH2LDa/QrOXOLHsqLCayRYs74qlWlk9yLTtIJVxumBJNo40TwG
8g+Sq6LhtZBAD7tZaM9XjgIi1iFjc1eKALFaEKpzT5pS9HM0mK48bgwO4DV0gbvC
t1LlwfEC1EkXgoMDumZwF0bpoKldLK9ayp6sXOYe7dcBc8CVjOiqzVCDowIDAQAB
AoGAZ2ap0xS8I5wRxouaBQgUrUSK71ORTalFPs6V5TXfGW/s7RrteRaDkjr2MtyT
f2HkaNV++mlCl629ZsyGDaRgHjPI6skemqbwws4l+QMglXkLQ2ST6xuMqrNlCaKN
Ys0l291VftlS6Bi/C/LD3bwMf6HTGThufchmQ87OvXYtNQkCQQD1jC5jypbk+Ilc
X4aGXaOSsyzrf3QblhPFTsXTIHwV56JNap5D1405LUeH9XvAca+EZyYAg0N/pOXB
rkSXww3PAkEA0Fp8+/zDI00liFOEud2hQ0A/VCqg0+SyCVGvA7AFnuXEURPbMkSB
ktk/x4BBn5DZUJMfOOal/ewbgPNqbClV7QJAPMw31EeeMxWC1VdltLFMxg8NSUYm
looDXTBS9SKu9rGC005Z34xokEaw1m4m9RBxGAR+OVRHCzzmEp22qCkIqwJAWSDM
ZHMs+rXuv1GS7nuLl5wtOxD9OYeUTX4+0uIClYWOpGxNEUTS9QGwUeRgriSlgd1d
ttab3XKaFWCLfvdzxQJBANuWeyBMYnNDBi3j++/NmmKEg9Reiby0dT3wSPe6oJKf
ux9foG8SpLGGnHuJQerD1IkACP+GuaGxWUxsVzPxtns=
-----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.encrypted.p8
View file

Binary file not shown.

23
ssl/test/axTLS.encrypted_pem.p8
View file

@ -1,17 +1,10 @@
-----BEGIN ENCRYPTED PRIVATE KEY----- -----BEGIN ENCRYPTED PRIVATE KEY-----
MIICnTAcBgoqhkiG9w0BDAEBMA4ECLZOmsNEeDZnAgIIAASCAnu22JX3BRRr9cTr MIIBezAcBgoqhkiG9w0BDAEBMA4ECEHizqvZwHfYAgIIAASCAVkWuzUFR3hk3vXG
j4x62+iDbrqcwmhQkybM1xShFgWObY3/OQf1NJfH4DO4zGQN45ZN0X9zSUVRu8Dd BoX1ULCIr+Om40+UkD0T/Vxl8zo6Vuvl13vAYqo2eDSNd75yKpYle0gSHn+aVeWZ
ycHls5qsROJ96PYQ8d1xnuh1C9TWmFiLieM0qUyn35raHcKPQiBl8PYHtNr3+m0K gKYrmpSqXF14CDeBXAd2GRwun9EIAwgkv9AMMPGzCXVTVFM/pLyuLexj283qvZf5
bsql6T23hE5ZjVhbRtcRdRd9MsQeTZ6n4mdWPEhzN1+rmSPV8ybCbrtJl3/Dh1v8 /7Fe/cizYx/DxtiRw9QUsNWYckt3RAM6i87PTBw8uI7NqEMEkstHT51l5TR85JjL
LnswXB92T6WcmHRyRiNsbAXR9SQkOaXFZ/1RUXDNqoRYZjlWPBWdcQf48mzgaDjq F8ZYSuqv9LH/jkWhoedgID35r+ffjeYV06clebuRJAIcS78LG8833D1SyINlnj4y
3RXF1mjbOlX2x4/V4qVwH1qZADlT38fSRk/iVdRfureS+wfOuJgJ/g9Riwa0o41K Ts2NYf2R4CtR0rDJeDCcucDBnzPPIBv4JqsbUGDTMrlFIGJvmL4RuNP3TNIAk9tZ
2q+sOEcTOv4rShXRGp/0ckeuwhARDdSMymlSBhgBWdf14qdgxCx0rAXYlRAc/4Ze FHw2QEBrcv6XNQa8DJwk/162CdDxQG5uWc/Ye4hF5OXzAd6gxKz8u6C3wCq0q3+b
Zl9ErfydwdUfDJoPK+QlGZMF//hFRF+vdO/wJHleLsels4KaqN9v/sB+BrGWaeUC PDc9wulGEejbL/lecZ7qT76CqYLupNmCBFAa8idGjAhU3LDwv4ooGF1aWFiGgG4=
ScKMISixquCwfWi2qGiqLQGsxHn0d6ejiMblZR4kTf7dcuWVWGXdf5VZqxLNP8Xg
zzjjeP59OxHRVH0ytGBUejTehcxWDKq+6ESAuujzVXa0v1+5QzZXsJ8rPyZOINzj
bdpN4Cr3tZj9ALrNzoC2oG62+OO45U7lg54cV1nyrQ2QiI4XFnt0WA06K1G1JrRW
a/y6nZkntGybbCpuuIBiWl2FfdcTepctiXcJ0vCYqVNOTT4L2Y1RwajDzALhgb7e
wOy0eA8gmOmMLNozSlMV7siL0LeE1WlotLwK+AHMU1lmPMqS7jK9nycXtZyg4IKl
eBAnW052fnKZhT4zNlfJkZqpcp6YWpCU16PWx6L+/FDzFPzswluHyfB72oVqRniI
2A==
-----END ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY-----

BIN
ssl/test/axTLS.key_1024
View file

Binary file not shown.

26
ssl/test/axTLS.key_1024.pem
View file

@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC9D9RCqHSHVKq5Oh+Lzr23ZftAPdARmpzcgnzqqBfhdPMFDmHB MIICXQIBAAKBgQDN/YlIvja5lXbUEzAOv7LtZwrAFj9RCZ0pL7JtPz5sL5CAoXHf
wXiKsroVIlr/m7h6Lg+It3TeBJmloplTi614WjHtvAHn3+nsL6BdU/bmiqDIbUFF vjjFy6maQBSQCvm3Bwvh2ucJvw1XQYZgocEnkVsKmEYb9qKE+GXHzi2WF6qR+GEE
YyOzz05QHyjfNuJz39ahs0ZPbrsNm++o+UylcaGI3Qephg0/zZkjooR3DwIDAQAB UHDrtEO33JrMMQEU1M3MwjdtaYLWxsS+8jSlyaYZUzJ6hg6Rgg+hQlSqAQIDAQAB
AoGAJj/slqvUH4kOnTjYJwXlthQI1/9peBZKxAYWVbc6VZ++hvhY6MVGqPDt2ta/ AoGBAJWqbhH1aouixkjGfDdrH1UQdiYkw/JcWt0u86QevHscgBCFvNhFPLiyBlO1
iFUt5nIpLGTJXR2bJDqYQKHSr1yrI+Qz0OpgUud6nnNfLoDR3G9HD5eANtIwB93W 1XrnDpLmQsLiKtXRA59vU3Roco6/A7urvaH5gX0S1J22rkytyqjJgI0N1dChv+xg
1xWJK3TVfoq8Y0IK8jEpv/n58IiPisIibhUmt15bWEQcO3kCQQDh8bLlyICTQFB0 SEntlw9e7fw5FZaeXeK0XS4E3AiiZSktN/tikBt75TpYBVXBAkEA/GkoyajEXOPQ
FN2y8idcDD3AX+6cRWwTAN/Q2YP6kCyE8qrC3fvPA0GIEMa7Xre2LqYdqrr7SnLY Xqra3od028tAeI4dEpYWYT+zPqMN3EmlJYfFl4Wdu7TwRP1s6NKM7DOBRh4QEjMW
mq2IDWoVAkEA1jYj8113yNNJwZP+yg3rm9q9Ryhzl6BQ10wk35sLN67DMbVPYgjK lQBPdbTleQJBANDrZQcQO9kD69xvS4/Dh8521sUUIU7nTxvoBfiEGuDF1uMIs1RX
5e+Xe0Og2isfv6gIk9IWHImZ8d8m0UKZkwJBALFB5H7fIPfk8flP0WotDfHp7Jw6 Ah/U2fv/QLFWHGD3rJHz08Z/hP2Eneom7skCQQCmzxxsgQMcXFYFaiZw79YTt3Qo
5sCUuififLSloSP27eZTVuJQMtgCjuvHdZHTyj7UNCB8K/svOhBysQdWts0CQB47 98pQ0S2DIWTk3T84uNbSQbMcmuoN9drfzRefmh4Vr0gcvZtjW63t1KGuqVkJAkBO
8gMNdDSyLbzWyKV4JYMP8psyiG4kQITCyImO9pxbXE2Ny7CIkSq3EGhjeTaR059X CM6oj8C684MCyDNiFHfCf5MC89zpGu7qjoTEaZucf2kfTh2lkAZEG338aUAhvPdG
di52/ov0l/fdiTsL7WUCQQC5r78JyZAm83KLv7N8529vW6OVuJ4Duc+gU7oywdOt pNw5e+iLSRBEnWdakYY5AkBBLE7+2ZCJAFyUCkp+GxqABgE32lBhnZz+JX/Y1MSe
hbt5SAnWP5zZN5ERDQTVO8p0XRyRjT3x+Pm+NdeyU1Ad gfIMHjghHpA/1LpsU8vwd3mb8fo/gdzzIQJtt5XDLs7V
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.key_1042 Normal file
View file

Binary file not shown.

15
ssl/test/axTLS.key_1042.pem Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICZwIBAAKBgwNRhe0y5s4OG7KtaFgPt+iYXplAx2O9BJhAgQTN0/Q2xmrprfAz
WTp0wHWGYywZtPmM196fcl2EvazwBDiuKjockPdEJ6A4qv1G3avrYy9YVIx+Vzpf
hsf5sXGychWNboP4UtJ5U95XGkHQFUhC/apIU2tMOVhspT9G0YPH5N+AzfnhAgMB
AAECgYMBqUlbwxTK6UMygx9unofaOJV7MXPgWZs4QWqVphlK9DUHBu9eBcbQvewv
qdRyGniASeMz/yy45qAyOIJUgdR//RU9oaW/J+HZOM4LJRqP12BPmSjujuVd10h4
xRmEt3xCW5JwEIcBWhrMqhlU0QoiX/kT+tv5esBeCglE0yeynOqjtQJCAfUa/zZV
ReqIEH7NaYWHMZ6NOhS35gB15Ka8JDR9avQFJVq0D2NpF1ysohGqorvB0Z19IhHW
9HfYZ4kBOAf856pDAkIBsf8PJGBnBema7096ZLFmykGaTiECDOJH52wLlqnWVr/W
UmlNzC/Dh+WFDwxH5csW7iLciLkNwhFTLltOMEw7owsCQgHOjbgNIFOkdSq80cHY
5v2PfI+jdklSHYENw9eruCWU0Hc1rcYSnnxZKGWF5zvGEtf6Bvr++qu5QMH5fm2J
OhNiXwJCANlis/f5ncEVaTjzq4/iWGV5BMybtgY0FeYydX+LJMShJL505rYfOqbI
baTC9wSAfMTdi2+kmeKagPrYW0rP9JNPAkEwMQ3d0gOzgT6nxG1BCTXOABZKg4Gl
Q7OOtmo+ZZEyjE8q/jfs5YsQi2TTFCpwwgS++LqrFAuXHzJZC3X4hrUNuw==
-----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.key_2048
View file

Binary file not shown.

50
ssl/test/axTLS.key_2048.pem
View file

@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA+Vp2PKclcZoKZ3OicQZNA4XpGZbD96Gasb5E66voMPub7l+y MIIEpAIBAAKCAQEApaC6WCGcPJ25ATSgSfk+BSqhb+CccHwPzd26bJBT4po1RCGa
ln6A9CYveBna0i/cQHRCwpYuzzbHQgOjAAw7rcveiIqm8nJMxA8BFNMJCHv0knDl RxfXrDqNm3/UhBqol3l0bIa3/NHqv2lm3ngM1esJnwmBWTnyBOippSE02hEh5SJi
RT3H28xoTt08Z/MCfCYyOXoVsJOS6BSOSdFVyzhfU6nAie5iskYnmKecmhYaFm94 P+xyo/elmIFiNU8z6OXVGKsi21LX3UmiKoWGvg52Q6Q8TBXUUvKHuze/04cChLyb
S8WWJMNgEvwzPyhdmE4rpqUBHRSu3zPgHUnRRIOfui5KdZGzKpaC+i1Gn58MOC4W dTdxsPjm1lTAsQVKAQqwExhSsTTeLpGPAcrWw0ZsnUnC/p5aUYupieUYjVOChmvH
L8kguEMDCEkQD6zxFq0PX5GBgu+zVqCFByX7soxZB027FsmJUN6WNoo3hR/H1QV8 lJ5n/ZGKLWNcq/ZOIoutK5J75aXB5tIra7z+xGJDwXoVkja9W3ZLoWMcuBk+KOO6
RdXvgMbT00yymEnYVfn9ZL7nXShKI70Pi5Y11QIDAQABAoIBAQDQQBrrgPUmsW3r zFvpdGW/4Cx+ZHqTfGeYpFWCoi++Xg8yVRaLLQIDAQABAoIBAQCUcALxn1W1oak/
BIowNwDu5lHNizrTf+ZAeBX7dbEP57NNHCN8yN5OCe4vMfis/kfGlNKEzQT/DlLP olmRUnY6DSXX7ZZm3VkQqIo+Z+82I/xfDjqFQqIA8g0dcqgUqQu1jZ1A8lAMnllj
8VWa3pyhA9kw1AumBIvUWmuexrmOmmeiPiNc9sIJ8edTpjWi4zO6F/RuSGYA+N8C qOQPt8nRIi9iQBOT0vHLYnU/0A3c7gPRpkolfhSUTQs1LafFnTEppmmgDShVJd7e
cNh9EhXDCaujpewlxjArj6fWOHXzwMewghiGCm/fW0rWri5HCQ7ec+WuHPC2KQGQ rPJQZ5EF3lIxdwyvJ9U9ba0lpeYefO02GBVobeF/sERK1gOEo+V8H82/6p/X91Ro
mRDpkXUsxWzTIMIsMKe3M2jYD+pk4xkJqN1+OV/APmQfLyshkGD4EN/qG1dieMQ0 jZezh0ATKJd27jhX5f0+PRop9lM16op48biJMAVDyS8+9fcb6V7zpOsbJhL2C91Q
e85HxxCxbFETOzip0+pHXMbtxY/ok25/SCdtBXkBUJK1KqAysEZdHtOWmmk4HDaz CZe6vMpCcp4t5fby1vx9CttnWYEewWyfVkdMuCf4E5hLuqMCYocmQYx9wOebE2b5
Dx2PBbKpAoGBAP+BT/WXeVgtOv1idyv9RG34kOJCDaROtVk3g5MNLfj9mIklcwEd eoI194XFAoGBAM6O6mcvpzlTRjKsNG2eKbEkqHBvINWkYUuo7GowLHlXvDoTnrep
SylhpFxvvrFQAWQIDFPzFkukMs8aIuC0Gm4zxH+8RF45lwhgcXlXP87IiIyW6Bqu qJ5jtIZ0DIFAYmwoXOcDb0icrGL1gb9KZxW9HPKT+HXGlPf1YSWKY6aKEA/nxach
aglmWAM9UHol3/b2AD1UdpqGe0nvWo0rIqs4pdtGTA5BSSUYeaZXhzFDAoGBAPnW Pcb8iAYeVf9BsYiK2xBOH21eEdG/kDCcjpX3fzlZxqGmZpd+TaM9FKmLAoGBAM1F
GWqDarzSbZM4TWcrx6O+cjLnstxDW+cgSCIrm9iVq2ys+Hn5O03aN9SsklyGxXgo wXym78pmw8+qp4035j6ZcH0SPbS3Dbj9v+MHuvevZlLhX1kUT/JrNV8ouac4qHjZ
ygdGvbYnnPl3ugT139KEiIeUSCBU15WP/NZejpHmtUHduDw1Y6SlBJ9T+p5CSDE+ 765QNoRfHEsO3uYqS5E8lss5YuEB9/X+2msWxQS9EvYio+v+rIZfhr/bFNqVafTx
2kJoZu1zG7W3eBprZsyqNWtw3Dwc2N+emrF+NF8HAoGBANzErAVFq6if9E+KK/SL oacsAXVGFiRBQsV9GtVykFfv4YP8K1UhyCRJAwUnAoGAJvpjE0uzw6aKNZ+3WQQi
cvwegXmun0DwbUu4ZuzBv45b+NfPzu4QlKgd4TmpqDhnK7x2I8jJyuLy7p/6Mla7 m/Ht8yGVUZtuXMeorTUf/1nmBBOVvNTAI/tuonydq3pJ2F0ZguJsCoi+IwJvFHjm
5/Z+rnO8hcpwsmqfgozY8Z5HsYzgu46KU77penTaHtZcMYefCZf0ikJ8nrzEnxZJ 0PxZzRDNLvRlQhFE3r+ppFCjTU0QSESGktkulfD9i2iLJtgFFKOZXJsGw8zhWbsB
RjxxxwWPWRocGQp/emVbTconAoGAUClmFkr8YIGULvyNuWDOubdNpQ+6z/m87zfo UR1eHaVqTTDIZUgJQIeTMZcCgYEAyXkhw3sF+B6NKhJRiaXH8sEfS2LP9cOFUICe
bS5Y3vGHA2OshlZ1tNEjwNVuUMndamSMDjGghWXIdDL6OMU7f6yOshHd4qHWWmLM CfLYa6pYQBi8QO5S2ZioNdH/BkXx9UvSl8BbAeloF7Nsy3PP36kcSDL2/em0ull9
2WuVizLfTbb6ejcXNajNBuJHM6hIyaRFG7Gr9NxOM8weeTukzF6ArWyU/aSz4Wxe f4ZFsbTyG2s8gLDiHLE9zKj2+uOTr7pJ846Zj8VOjh8Prk5wO/fJ/MWRDr4+ubwC
bjz0SNkCgYBVC0xdMPauqO1Ie/Gp6SPrIx9+bDDlwEvnDki/2RN7z5IkmBnRFxPy eLrAoBkCgYBHwbHMfgouSHD8OEYkSTOd4DVNE8zpUBKiN8mlm8+vmmPEKfuNMlpK
6wqBiMFRxJXI4q3SSSbicb+7TQlK2/Vq/bL6QfjjQM8ZEzpPenYpP/wyMQXdVxfh ZbhhsKpLi4eo3qEr28Z2jVfdnclRGtuN9B5qICj4la8TuoI9AQ5kNP9c3By3swAx
1GFDTzeiAhXTvBsZVj8R64VNhNaNn4naMlC4hqxaZ2KA0wrjTRKR0g== ltt7aGTVYI9kuDJ65hkmSdi8IFdCTQY3REsBwvrLd14pWuHcU34XRg==
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.key_4096
View file

Binary file not shown.

98
ssl/test/axTLS.key_4096.pem
View file

@ -1,51 +1,51 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEAwApOo9f0syXI8DmEkP88eHCgZZ8FumcICcqcFe0OywR9UsXU MIIJKAIBAAKCAgEAo5gChsj+wQBrSNjdaeHZQFNBsrMsgQXT8+5U56Gq2ddnVP7s
dQhMqKfMLi8Wlco+rNqFcDfsNyAllCDiq89dp/aNj3inCVAoXnaJuiZQ6dX9UtBR s9O6SzyKNab45c3+68uDRhlAOk62O63smiDpfc8OvV+cYJkH0HLNSpUMILc61jdW
VEW9cr/z6RjgrZQ9+MkbOx+MXVd44I8jEWVuW2oK1eQzU+FUb12dj45mTaLpL6Bx WnxrHRvHQm5Drlkc/s+VCf7YMNybOzKaigddZ1qMI5vtNd1kK3jx9q718T/Wmnj5
XcXGC7e2KSeO75iWwitMyGmJQirV8fttUNa6VfKu7isxESz5jaUmuSsMZIl6Hjm/ nSwpSK5uV3+KGbkiBubBJtFatsfNkncxq8wIcwrAK8JQMxTWzhV6T4PFm1rcCko8
KxmZxkBuFv1Zm2KkKqItV/WqQYCrngil1I5zJLjHWFNjA634U63yWZo5LWQY8pp5 HlpCtb1+6k1PTVcQmRAGOk7ybzM+txdBYpTSbZiWP7spehs3D5i4WChlGEksR1Ro
wy0stC87yJD70rsszjm3zejtXAVipm27+GWe1bKI6UAVfyG3y+bEAKOGc9b6UpUJ Y39FRVSmN1NnwDqsKq6I4yDVJpWbWkI/jMOTbBiuSV8dIz8j0JnEGiLFYSZhxU0D
7iRPd32DrZCJ1xubVW3Lx+gK5YILsf7fQARPAbc1KbuJ2GJ2v9ihINzkqyT6N6FJ FERyblAuYtaG8Tw9Mvkyg6GRo4Cffs0W3OqN9IehMwyZfOoWNXW0pkmy1D7+9zrU
ns/BcZnHAXk+KorS03xDMgI/CMKEjoc5YjFY9ioOUvvtpeg2kb0VUqvAHOm4i+DU gqnkJwp7q89l9kf+3tnH2H/uuBBCbBh8NFu/QYgrBPAUjmHEf1eKk9ClLQK85T9J
f5pQ82uH16tHVk2YyZqNWNVu8cbYsLAKFYPtyur9EO2TeKhCI+vAjl5FNw3TQAjy 6aGpJVj0x1Vm2/vlars5qBx3TSrC+BKg2FVQoTKbbN5ySS3a6RyWWiGkuvkfvFFK
1N4P7olDpJh1Vkx5q2fbaQvIq1HMovSmGKKvObXjjAoqlwVaiCukkr/djV1Teu1J WTW9d8lpeH1ivXPGvUVZ5LOW/2W7pUAV3tFX76LR+P30WeOBYwVQe99dUTEJL6Oc
T50aP7tqCOOrBYBaWHO1IOB6xFOSfpAkuZVf4gqHsl2jTiLY6zDhkafJgoECAwEA PVXN+pYdzVquKRJnULU5pMvd4QPILRHI99HAIVaTiidRtpRsmAR6CTVRCQECAwEA
AQKCAgAlKVlyZzXY/PTXV6oJjPqcq96+C3nGSm3Jx0VREOCN9L5zqAim5QZAlMf0 AQKCAgBIbWlY8S3QlvXop5LHaOU9VF721dqzOLhQ+8h9UJcKoRIvkDmNmASXgLMT
H/SU4+Ag/uBXiNrTCAt9kKeMa8JJ4HIgU06vhK1rKjEYrpV1yo0M23cBgcVZUT/X 89uoKl5dWJnC9DT6W5TUsTjaOA4H1B8LeoQKRFYwVFNNXNWkulqDMra5kvH9TioW
2ZKQxGEBpZj5Ze95mJWxjsFQenpSgkC6h0BPeQkny8vTndC6MU5Cgx+s77qVReWg 4Ch4zR1INvEeHsTqRRE40TuYNpCEzJLUxRjtSxopIP/HHkjmyUOi2kJw8ndIpWlW
LSGBx9tUk6B2H8YJ4dQo0Wij/gls3FtxhzYlhrh76nuF1Yi+Y8QX2UDfDEMvlAQ5 tbGXl95Xvdvv6qpF2AnMeZb1H3zyKeVQulO1edlsHhgrkgRvtndK2vjo2z9DpSTG
uqj+YqY2AdAYd1eM+WM8X5wHd9FcR817kBdW/PFS8BQ3tppd6ELTn4T0eedurr04 aPneHNjNW0nWkNNGpiJy/wnEsmzDdtW2W4+ObvQepJeg+Clh6it/XQBmZJdvjX2V
4KV6b/IJri2dUPetmPUwE4gOV0vW5LP1DSNS+sBD1OrsQ+Ytovht868GLMQ/d6M+ awi5E4Db2K/kFsonrf68pC3sjT373RfHAEjiNY2Kspr7fgUNsFVOfyaORuWcqbzo
82IDz2at0lDQ+6JLGBrY2rOXYi22fqGgSg2ErDENgYU1dft1Yc8sAzCTl5WC/Bhg TMBG9vryGOfhsADISSWtJFN8FW4rjoIJ9Y0Oac95MCoMOFI82sr8VuEibwtbnhAz
IxbfUChsYqURvq7faaqVfb50FcMYUcj/rAXVSLOuix2HUgLsQSj2MTtvuR7+BUgh 2r6aB85XoSarJdfy6ejMTp6LHorJu7zcw7alNpEjiRxbMFTxRGeZoif2TKUmElxs
2KEmiCaMJy6CQyIgtOTjhmPqMr5Se/JYi1SRG0SxZpsYhGRPfjC8jg1k/VmRoAmS oaN76hZm3fOScvo3YhoZokz0MlSg0KzJzdpKlWvkoEhSr5RLHY+qlpd5sYAtf4bJ
pvqfhqgUMB0vAjfynoxFOZGNZIVrSR+yuC3xaORBW5UAPGvZHS1XzuxdybjpPm74 EIH0vVrP5/B42Hnf/9g2wwP7wP+UfjzWCNPeniLOrfWyP//q2pdYjVX9U+pIVPOZ
0NB1JIc3ylAWcJEWdpnpk8OzZCAhifx0Farrq6Xauk6/ZLtd4QKCAQEA4a0DaHcp cdNbOtH+GO3VHBAAG8QR7L85I+r+8L6w0ugWZp2cznQexDwO0QKCAQEA2bBmFxEV
OqFTudM8kC/N21FuE9U5MRLtJ2HP42iTEAfMi1bpZjO35giqYhfxNJiyTPnWDbkS 8BUSnaFAvTipo5uKixVWpkV1EUWCE//2R1c0U0blW3KocefURIFHGYmu+XdmnI2H
HVvNuSLAG58/Xs0KTuXCEgWuALBFtgg39BrPTT9Kw2CdqCgIpx5ArBwF+3lDfGIH MTDB9Nh0I6oqceXiRKeyvTppudIASrJER04ZEskw2YQEtDsRTZlBk4fK84ZtNAcs
lIeoOhR7OKnN8a1/6l7KVOHxV4FMX9aVmom8FKKqjZYcObY86MgLObMtt50v0cKY RJX0nIIP1yFaSWoZWktiZB3RBDPBzfNU647Rw1wlsa7d1h0n4SGVfkq2NB+85Uqu
GgNZCy1HLoXHRGJ+3pypZEV0qxbOt2jGAhEpDf/LdX9Ez4AIYK16/a5AvUnNJlvN y2xAR1d61S5SxZAD2H3yNAwJBbEeJm3uiryDQKnDHuiGq9yngkGpyM5lWJ4q07Jw
d28LPgTCvPK8Mhz/m+7ms8IfZ2j0hJgm2j9jiMTK0QvyhWq57TfrU+8HWCKzsUfH sbdRW++c9xM0OmwUAZPjOXG3yOW/9/+X5/gYUh8HntCuq66DVjyEPbQH97rhB6rp
M1Riwt0z8u9HpQKCAQEA2dhE79/lyaGe3lxqJmzxdLG3Khp3wAk4/SM6CP9elN9J JroahvRzkpPinQKCAQEAwGJxZvJCCAaPnBvy4KcJ2ko5M12l7I91x5UDylAahexY
4kg7UFGIE1AUs73HPwlXmoOyE1r+g6W2CaNMds5qqJKOIIS/89mrGZs68hpTLbdR u4TyxeRSm+UcaYoV0BRG2usW2ImioxP1FNr+GSp0M3bOxE/dAebi061rpiMdS76j
rTrNNeTLlOQcF/txNfawYEtPwAedjIxUFATKDibbDwfe0p3mRZSm/ji0N3n5ehJl ddH/uczVGZgKn3O8iZLyWquhCaxyAt5SdIVHfJ11IpMN4A6SxotQdAk6sjKjYXRQ
yDwfaSVsZsoHWm0GUfhMVGwu1OZjAGGpGZIf/tcjMNQ3cKAmqAvRpRrlc51eUw5M WgR8a+OG9vgrcADHV3GaBcQBZ3NRgkU1YddFyauTx5QPaWJSFmJcWn6HyNN2v3hG
+Z+POgRY2mnrKgTUREFzaLG62umaTVTGC6dn++QLPmFgoFuloSUJNUbRRvIg9d+a HeskNeOyWgiT2roBO8mJvpM7lRQiFdWRKAeSMaJBpR0aLhEdwNn4HNjrQRgrWLWR
aatn2eiusBILVarQcHGWdysuMFqxUJ9VHQqCNqI4rQKCAQBjPcZF5kEHO3KqQS5c I3tU48+H8nmf/Br6xbF2IRRg7+26X5bPA7P3F3gQtQKCAQEAoVq4AUb/zMnB16cL
6ejJDaIurpGb9wq7StQ02QPzBLr6e5ngC9ZPHnhu8sBrtMqT9zoehshkiL6LL7Dz tnXGf+etpHP3mx0GrfuodCyYnr6LoWJ+ZO8y3eMpmnF8gvhkArM3ErlwyMxMJ7E9
dLBVbC2gTIFvk3fVba76Qdr5SeDnw3GJQa+TByfm9fLSvPAUilsXE7TpqE5eXCtj PKZH+c6cjakDunEOptZ6suM56uR/f0YzeDb7yZ+yrqL3UWQo0aMFVLgwXtIL0uow
26hpIzchRdYMRd/v7zg63Q6lCvTezjnaUazP5EgcxfvJv/XWzRT+VWi158r8k0i+ 1ZP6OUp0alJQJsdXA1ddwssnWcatwrGNmwtzkN5hjeT3yvmT3kTcHdTihRPC/V5h
OK5McFQCaTpEkhagNkNpfHW26vz23woF/ZWw+ki02xU/AaYOl6nTuIM+hmKXP1iz RJyma5vYzeJk4aE+GsLzByca1iju3MI4R7OxBrhyTQFg2N/rjOkH84xjLcckfhG4
5rrD/uSZGhHx8ugEfa8psA9F4qJOvtvB2lMoQKrKmtCt9GtyYrBKwZnkBLP5pXT2 dgb9AoTTu2uj1BNvV3C8fxUrwpxJYq1vV490uPqMjSIkHxxPf5c8bxOG59awDPIq
3CrRAoIBABiIz/LIH6QezLq0Y8wiFuuSnFNkmboKD94Kmp2qzSctIrAWfH+mPxIV rC4DnQKCAQAE03Nczb7yTJfVpq3VDNumai49J6A96utdclOCA7hmm6MuMQuWA0A/
wc8gf5Es5y3iySp+5A1Fm4PoXVNAGikUIGevK8M175w5rGDZ8CZE8DD3X2dDdl41 QOQRkbEyYw/T9gnArNMznBCN0WCGaRY5JEXTjt1QauZNwQ/uPvtBJysajYYItyax
dqiIzA5M0z51HO0+rlLG9y0uAOepHqDJvSGxYN7TSB93mWxqE1vZOJddlhgMe/Hz WasKjPCx0snZlGyZvYWupL0UxzMf4SNLFr1GXZc4+82s235pcfO/Qhex6mLkofSE
rPJVNxICSe50JK4bqGjBlv7nQy07Y547OGc50kC43AqhRdhIj/gAs1Cl1Mau+KbY xXzxdlOJ0gO3GU+ftLjat7m7Fpddk7xFSWWJkznT7eu7KWlmlEdqTi4UGg3yfB/B
qQCZfKKXUH0pDydaieNNueRUHVT0MQP8iZpl1/iXKDtU13sLCAVJAqYGBPM4znvL Om3bEsdtJIUcDr1z4+lm+tCFXItCS3uyFKTPewZwDAe5UYe1PlH4C7X0WeerP019
/HTQgRs4375aIaCWhkPTPg3AQjwO9x0CggEANIoxDPtty49prkkd8xQQceySEbnf u6dTv6mCxAzej5BO9Hu0YigXQ7BzGkPxAoIBAB8nbMVXC8yNlp617XQJkciLiN7h
CeTljNd1uUEqki5DSJMfXajwuSkUrhZAnSevT7k9BjsAzqHM9sWqo3C3PQpFA2Q/ oLI/zM2QcScGmgsqnhWLZjXAOd/pq/v5V6wJHcRjMzyxdnWSsPSkr7aux6JS8ffN
seTA7lSIxyKvQ4bt/ZaMMeryCzC/WKH81+F35IoQ616nzJz+A7khHX/+l6ZdS9Ud J7pW9VBit38UW3fRrWRMX+PCtILT+MWjb8q0NYDbBhKphDtHbKk/fJuzBVW5TwoA
LYmYUEB1PQVd0PFQQ67dnNCJ265Hi54XLez9rzuYbuNFIb+wg4FsjV8NHUQSMow3 TXsihp5wxO4JXXMXaw8BFtXt2BFv3d+Dr3Ua7wcCTFXrnEdFor/k3OPwJ0rqKahD
LQLLMO16nqs9lQA17WdTlhyR6fYrovh6h7puGzONesSF0s9uLSyiOQ9UDKenNPPb PaidQ+zu64aZF1MjDEWUHXumDli/vVCu6dmgQAGAlRMKd60oZUzxonx2SZ85cQo0
nBdM3Bwq5M72o11IKwTPvq95e09o2eFY0SlqwqLdqeD9lrbh/HWfO9VpWA== TdXq1LOweaGRYe1RqUWGdcLX2BZI0EZ9L+aNzzFnSVbhnHx0sMKpOp8SlAM=
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.key_512 Normal file
View file

Binary file not shown.

9
ssl/test/axTLS.key_512.pem Normal file
View file

@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAMjKXU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB
3vGQ4n/U47F7yXVTIpDJ0Zxv2hm/0LfudBcCAwEAAQJAJDnee8YCQVqxm2W8jvBB
RmjEfvG6s7QFjh2T9AK9T4mPsva55HuPnRee1WgkIVFLCB2wy+xeKqYUatT/Lcy1
AQIhAO4vmcbILievlsnHew3SZcs+mjJTMlgt0/0yUz03w+FJAiEA187GrlzN0yFB
5HnYap/rzz6AR6zaHSJOSU/WXLTpCl8CIDkzj0+w5Xy8a48b7A5+t9meuDNbzZxl
rSKCgoESMmWZAiEAsPzQTOenlePMmoijSK7nQgxMQHwuVX5xHgbwEw/7n5kCIQDp
i1Gb2CDHu79/fL6kcQ9DEfGMT9i9lQ+bNiggYoL4uw==
-----END RSA PRIVATE KEY-----

22
ssl/test/axTLS.key_aes128.pem
View file

@ -1,18 +1,12 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,7BFA0887B7740C1BBA458D0362E75F89 DEK-Info: AES-128-CBC,ECA1836F07770828A77072CB8E75B461
aBIhF2zVGRMFZAWg8s11WnxoTQhGabdzchHBxPltnipEgvwOM9FGmYnVIDsFPvyb IEKSJV5xp91M43nqeO3tWV42uXhRuQq1QYlwHNTJoJ+P/+Pw2g6DODFU2xcWoM89
hSA2HgmN972SPeRG4hITzrIXiRZMBOd6Lchz9p2Ui/mqkR6RUfnUBkUtkgxGymSa /QHcZIjC+Er4GM/IcRWI307XWexpxd3SSsvDd1D08HU6DyPts7Yb9zy0bwzDfS1g
oD7WAmbpNG73+7KX4gV36tevC1dM9lQzbClhhXQL9FH9LFh11cS7ZFa9L/esWHbb wDhifACXUEYnpiTCAbO8Pni+4TMV4tQ25Iugis8IfUiBtqfsEAo/tOHbTIRTWUNN
sxgicR8zG919UEA+XvhLPVXpYD3AVHTcyEHbPWiGY49SIEI+GOcLi6rvxQizcXKY yh7LS+7TKU0GuvEUP6uoxn0i1tDXtP9vaqgkO+DNFgi8A/Pm98qdTvLtp8mNHlJx
pFtmlk/jM06OdZWur5/qLg3HqGP/o8GUjjA6KuAe5SIWVrmlkHCYHj6c1KFLVQJZ kX+U3+9yxm+HlwtjhU2DgHxBXq8eAtBW3rZj/pM7bFubSNeqbsD086hlxvom7ISa
7qAUNvjVaELXOc3+SE64Fl4OMP/4MiUA5WJ+gcdIKFtX/qksjywzF7goNTsxB1ZX Rpm7QhoPcrbFYy3rjs2JyQBoRvIAPXX2tYCuKh+Iylq5KztPspGIXXd3Sxv4g1tB
8g9JP6m5BF2VS/Woz+9ypekzk7DEKST4Knh8cYBNdz6yYwX73FBb93jk1aPMXv2K bQRVfmSwLNKo8rEP5vWa/DCVZl1GJoJTIR7vmQvGGkc=
SzhupTSHyAt7ddvXm+QYXBrklpZgUcuvinrkb7TNYEDcc2h3iDkLMHhI2VW0fiSF
JcL2DZWLu1UChg+Nkc43+9f8Ao76tjJHdV+IkWfINlKz8cpKthIfOiUSQWYK4Czr
0E3dyUrljIqFyKmZGokQ2QH+kdMmcm2/R+8NwL4s0Y4k1ylB0mZ5+A55t0ESaUVC
8NJtoIMrLz2pyhf2ohXMVepcjvR/Id8vNxSlLFResmIwSo4orTZOnsHBlQqm5hJl
9dr8G0o7n7WVfGbHLlpuPHoKegn1OK5xLbDbAi14HnZIi7/lUnbQHMbFFBjyS5EE
v+SMbI7JU+5zeJc34WLUTm1zll1ZNpFH/76vlP7tUWxYqVUZfKYHOndqS4b1rAs2
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

22
ssl/test/axTLS.key_aes256.pem
View file

@ -1,18 +1,12 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,5AA67B48694516B66EECE19E0F3BB048 DEK-Info: AES-256-CBC,22B407B6BE071AC8FEADA8834A3C0FBB
eXbuyN1kJR84JMhFruS9yeJ/WnyD0V6h9w/6fhEcPfxW0HmFqgIk35IE4c4QYazZ a9LRlNUJ0oatOOxS4eMMNd3mJLre6llYU8JXnJVFyuNzmh99sgdAFao2xDOoszYj
aMC0J1S19Yb4kKnRd7j0+92IDBw3B7zeJKjPDrcRDSo8R8K7O7+6MYwcmJJ/DZlC ZcBUDD5OcZxDIVRNnbsCC7iDXsOdIrBseDmC/qiRouNZ8i2a6Dh7IMTrpToPxNQ6
yqcaHr3cJEiS4I8NS3EdffffFA37Uf2O4C26b96ewg899YZXmPtai6uOvKbF1A90 rfDC1pEf2yUtbK8fefzIKzkXz84igCGrqLCIz1aqW+xjOOoTfXXIZj/LoYueLzag
aRV4PdCpJdJq0q69VfoSeQ5p//Wokb4RfDGWTNxpgclYr0SK2F8qfITjCNDbqR+E i8/nasxFQqDFEFskH38dEOMTwiKs1xZh6cUA0sQo8l4IYiwjAsAqPMiNiOdBA6sD
r+6tRsy9VcHVRjswuewU19HOQNQzaPlIiNaoGBGvOVRHLdE0s8b1Czyh3oeuRAZi 9322LCQwPqqU7ZelTXl8NCWvxX5S5yxV7KYmEV7VeSiPj4/ZlI8t13TTw+2Lu5j0
EK/SPEdZ5JMWbtxpKi+rdqFZhW3sGE5T9QItYqAWezScOCcuZw7ivVITWj0HuAJl 35Rh18I5iUPsDUV8VaU3df81wQHnWamKFGUAY2imS8X7z1uUiUiycuJipZNSoAHx
YZnkL4CS2qMKfQ7oz/YBAuShDvfl/W1M2YXt8caoYIox8NWnGaifHbk+eP7sQRE3 3QvISza1zXCqbzs8lI8JQqja+Onope0CeeCBKBo9fuUirI8NsG6EPrnp5IxACPXl
UMA/71gfz4AOUSKOWTNCen+qeAImyRi++6kFOVyAZnmvGAj1INv76xh6tHP9aDN+
0ROlEMeL+4EyqEeTeRL5+i9xEGtA247hMjtwB6i8SDl2N9RZkIzGOj6GmJpWQhHK
qRSu+PvoDfSHqfHYXof0rtvCuKj6pAhYgKeL5Ycfc0FtJX6gTvErlKWENUrsJxgV
RJNcRbltxcOylmdYP2tUe/PxQCSFcYIzFbQbXJDoZ9hMgJRv086fzn/QWiZEx59o
9r8kKQrYhKjS34Aq13ghFBf/Mr+GKrB8JtO5DnlC4N9AnapVlDgeZn2NmXyVZygA
mcIq5MTJcZzCdX6PdzNVBsttRfYeItN9M8aP5q5YodBfuLXPOvFhV2J7wc5Bgt4i
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

27
ssl/test/axTLS.key_device.pem
View file

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvV0Pomdmpxx7s19ue0itPlPusWrTSwofoWEU141dp7cS9eXc
SnQV5pfvYvvw21HsZHy+xW2cupjQBzvqPtrrqAz4p2E9VHTMuzvDSScj6GU0BUD+
GQ3qthLkXMfh7pJZFN5DYtVqzSE+ufZlYlfBqsT1BON9eRs2fTf6OnMFApx0ANjJ
yFElu2cEf3iif/3Z6PF0iUNtKaDNDVvVBoiRa9mUuj4vxnyH4HmyzThp2bXDLMUO
Viz/WWZs9Nl/QoJduyJZGEii1UM5VS81qQnu2dT1g/E0yPXwtOQUnVgjSMPfW+CA
yJ1XTdSwVDSsyXApyxxtSEYbM81t3GGvmmCf+QIDAQABAoIBAFFO4COvmlgu1r6S
P3IYJqsYhukPIWKbGjHE6ZoUTR5ycWW8KPafGbhFjLhHzYeeiY4sMg27nwxQCSLS
CyaqAX3K9AmKqzbUYAQVCSkj8TscGVYYLgK8Awfi3MMp4Ez78dwQA4cwdAdYOwLG
VYoAfFvC7iIHPB0AHklt+7eVI5WWsYlOIf9aS6+PDVii86GVoCpBE0eNZjE3JJo7
hC0ctcjOqSVZRPC4p5KLFI8QkwyEK3vstyIiQOKSCFbZIn5Wi0+d6A9K96WhwssM
OpmenLv3xgz4zrUkRDbv0cPAU+/e7ZVPCiIbL/Y78qk3lBjUuyztX6fwQ/eDFadw
BS6LcvECgYEA+Nlwgi1Kzcd46xKG7xryI0mYjHO4cbZMsTcB4FQK5xXkGlg6j+WD
NAi/LKDJhaKcBKIYDhYi8tY1ye7JSDmyrPfZ0WvQF8K4yprUAqidNIuwOPMASjTW
CEBgTfMwCATNYNiaQ8eRuTLyknF4I2lrc4Ifby7cYEZrJ6aLGyolvdcCgYEAws4J
rGQS8W1DmzrL9mIDlSUtMFkTWqhx7nvG4lCYWVGpMByiQwf4DRvcqmXhwPr0syaj
qE6nu8G3iuOywSx2qrPX1a6NzeoZZybOSL7poaVmnpxgtS1xXyo1Bdc5ZPPOom1T
apb1QXHIPFVFKsuKsrQvyXfYLFGlQbYh3TGrtq8CgYEAmDqT+95vI0ECNHNp/f0y
4OlVm53y2AUYF1S6Hhvra3/VwVP1xy80uvEa2dcmUEywOplaM8vQ51KpJvWfRkKd
jfg01Eqqys5AsxhR16qEOK+3Rq9InxyBThzrjOPWnyEo7jSy8gG0oGGNSI6HWspT
hB620hINmAub426bLCv1WJMCgYEAkdfBZEAT8o30BH5TfyVIO1v25fB6TfA4Q+yF
LKBcPtqlSPDXBkosClxmq2fVSS5ZDtsJwZMJfsb8C86G4JrSSOCV4VNqtNPjqtdh
rxLHRQ7YsjyvJlVcQHwP8Ex+mrbxZ6djwTQ9b36pA4pvWyfBsiK2eCXyQNPrXjPm
THzIat8CgYAXN7CO+EUKtBil/r3PTj8FpWxvfZiKMbmktiHKD9ntcN3te2hrOWVs
1SmrIzr8/eBIsh7OGS3LUZTb4wKGtY29N6fTHuoA8pYILeRcJALGZnmrsTyFDzGH
iXBSkZ94EXpywxWHAEglow028nQ9UNugKk9SIkpg42u4vrqhRitMqw==
-----END RSA PRIVATE KEY-----

27
ssl/test/axTLS.key_end_chain.pem
View file

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqe
DyUTpdwtzBt8H8/axNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3Y
uRN4Y0i8sn8A1Fbe69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+aj
TB2TnO7UTsjKRrXPv16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzl
I8eTDHZqZJiw8gPg7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOe
DU6wo4/e0Ta5bdZe7apqOBfdDnq3EUnHO1ZQbQIDAQABAoIBADbu47Yse4L7YQ0/
rRfWUfTpMsQgYd0far4P+Cqpeh1r32/Qp4OctFuVkeqaZ3w7PFSjQj1aPMh/ZoGJ
ShxkBus/0dSA1yXNBix1wYNcEb9Mn25GU1I1R4vA2y6DK98FrSl2xwgickhiFQ4W
yiD3huiphq8AcIQLqR679KIL63IF+lMnHmYTrm9/rkGvO/wiW55OMhLvhuR4w7/n
5g+PMBLF4vEqtN6wEpb5f3Q8ugNCG35ykpgBMFWI6FGGmcZkYgux+xnTweZ9+Xol
tBQRrq9cY3/ouIrRX4K30e/EcaJN0eA0Cx9WerEHfYO45BWUJGySsxPab9vk6Qep
uxRnHoECgYEA+uv054HQKGQOZPjgZ9lCqfPB4wQ98T4hNSLgNwAkd85D7UtF6Wb9
GMsEecJ5aPIQjDN6dTT6Nb45AV4e0XWtQFtxHFXP6SKfyIlf0Zcl0cd8Fvt7CX/e
ghZF6ndUxHaWtAltALVwo+Fi6LOgEN7+dsBjkAZf994cZNfqrr6B1s0CgYEA8eqY
u2p/QE7YNfw7naMUKDqgqGzo41IjF915rznYOyuO4hu+zGrL2D+7EeZnLWfSCSxl
t0uowOzDOKkm6XeungMyJFH0DnzhYEgh6K9AXMi3QF0zfgGrh7hhK5wFEt+a4nOY
hIAnqhANqISRhOOd0iT2VIt+igQhEQv8XLjAICECgYAVvkKfmQkfpuP0bfiMJzB2
p6/Ca0iu0fJwt0/0lCeU1iPeuSoaupjuABGoN2jr5iX28DMJWwjfhVdNPgmvnuHf
dM0NZoY4ro5oAzdxYwac8gtXtn0H6rOuVB3E3ohS6e/PNA3lBNP473vxrDcPnzMv
uSYngdXpFa8iMe+dKtb3dQKBgQCAzse56q+Mvy5yODZJ7f4amXTXmP27pA1ZdKyI
90TB5KR0kg9aanbVUsG5ezNuwrvb9I7INPnKl4Yu0ioM35PTQKJfIl/PowChsmaT
rVSY0qp4E+gJ7Lu3TR44CR/Od87RSnln+5CjBV8wXj3ZQxTSQqoCRDABLseoevhJ
Knnp4QKBgEHHHpegaCXl7+kaPzD/qD38iN6AmoAya9ZUxCUH55bDmkTFu1ZGgA6S
87fuXQ2tzwFyOtaxAftPuOkSKMpZYRPJY92SalHA4WyN1pl0MhWMZQiyKOh0QQ7A
yaHjrLn5wPrhHhkpmYu2L1ZNiN+NIFDuD/j+APCX+wqb9otfbfxk
-----END RSA PRIVATE KEY-----

27
ssl/test/axTLS.key_intermediate_ca.pem
View file

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAzhdv9CgZ895+JuF4J5ttgKS8HDKL5uCAYOS2B+o1OkGzYRkS
I+vA41BpPfE8D8P9lgjcbzAOrOvgYHPZneE3Ix1mhlyPwbnXesC48AahbWXeHFJL
u3Hr3EfjIVngptIHF0/FXmLtOjcxLpP/mXyUTX7bm0NMhgEvxAX34fPfgM4r6AwP
YLwxJGl0c4rrb9choDmXp7+72NnjiO/pXzrUkI0VL+fV6U/cT9ro6p6wJYewvfXA
zqV01B76xf+QhYGp6h/HSZQntTQfA2KIp3H7jhaVXgC/CyyZ/fvx1QUAVCy8pMck
Fs7YuLtVuhAOZ1KpeZzaQotwRjTEeRkF99iCxwIDAQABAoIBAFNxi+O4hOGHuV42
tjabKNgIWx2znY+KYJBaqhVET+7ZgS6UPxMKNlwTR7lLvjzH5xnjVpUySQ7cpkmH
Ppo9AN0X31YRjicq/sL12ytcE+o+b5LaA03Oz2euN5leUaZZrYNTyh7wQQrsI96v
D7NujIFgFryjoA0118gvfnEfE+SLW5q4m+n7D4cZ2D1nolDnOo2noLhKhMVWT9jp
UVoa5sO+9/Ap71ElAaet2LawNsKbyjjRuI84544G09zQ+YUfcelADaqtXyYZpSJL
iWrmHasD1w8NfiHB84y2hWHySoiuTBfVBJFfTjg075TaxBwCtDbzzEe0ecDCVGnb
gZfkevECgYEA5+5cUFf9LXt7Cwqc/lnuIUYmX7pvTPVVZbdjEzd1MUvu12p01cRN
QYk4K41LZsQYwDrCk82TFn1+hDbVt27i5r4FPJ9GbkSh4AiqUFDkqpqE/U06ZiUX
JOosU6laI6MmguWbXAAQuv2OwK7xVA0575HdbsEK8LRP2bSTRUYNFjkCgYEA43qb
FaKixVC4KOm8dyNYFHB5oldZW0u4ieemum8B+a9wd2BEG8FdxFw6IuGnKyMQ1BWu
NVwN2wZsHbosmCYxGO7cX4OT37711hdCr4pCGQhQ3gf9eNls4ZjjykZp8EHWQnx8
SYl7sjQMQUjhfqePKwR396IGx4KSrc/l1rxKYP8CgYEAjYPPJ+bIQFw7s30CVeAh
gIQBHh/vkZGQTcQb27nW9AFU9nOqXlSsnvRPJaPNAiNcxs4Ts4OX3/0qmRmsRYSP
RiNjpp24p8eQzdX7tY3mOIKX6saYf4LaIFgSO+n1ahE+ilf296fCjZXw6HjWH2cC
lr710YJQXpZmsnuP8JDRo2ECgYBrasL+5WydZi+ASldPnuYByNb3HO46GTiMDlKB
6Ndy8zBVfqTKwnWnurFNNWc+DHHu5En+Mnjse0zkgLx8IFTA5FI13Ckg18i4jwVT
ZSMvNOkS340G2wz6PrsaEkQGSuCFRsld5Ej/7mn3DhZFO5R0iMipq94tqe/fmbN7
wjAROwKBgHLl/XNhPTI/ed76ZjmCpbCvQlKZeYLhNbTS4lHvKCuniHKQsPz4BxjB
fuVCUDH61yQT7WM31zIMfzQZjx9hTgFYYvnptRWj9zIBlIZJEieX3//flvEJ3Qmd
/tbSoADa/1y+Y58biKkgmM4f4qS9h0AkVe88OCbpm14Xs2u7/4Nu
-----END RSA PRIVATE KEY-----

27
ssl/test/axTLS.key_intermediate_ca2.pem
View file

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAqhp+ySEP4Oods+29nF39auqEmJ/qTUqQCz+9iWyOhp6NU5pJ
2LZiQNxVWIzasFHp9I1cvmf+4fnstMpaFl/TtdCpQnuV+eFIe7alEP6+Pc3YiFrO
zyO0XnqJcZwmmkpr5omvGcx9FbcrKflzfgmn4ZvGIdgtwkA+ZAj6WkpZHGGpzqLY
yAFz86fwANeT4I3a90aGwOEo/on+jvJA+O8KARsFx+yspxrfSZtNVTNWFfQfkIIt
7vOWnevZNAEkMnHxY8jDFq8EACNGDo3r0j+G5imRl8P0hdklpN261OS1hANVM3l2
t2INNN/UkZjJe3/T7RW30A0VZ3Wk/nz3IgKlDwIDAQABAoIBACV6FurrPNtZ2Vd2
DqtvzdCLgNE7klybC+dekLzBTRl9vzdnK9PyQu11XdxXlCr6sSfvKTrOIMrazHr8
hiKd1EAfi9sY7W8TYmvXTsDSz0lAm+9Wym+6txeFudhtBdhCg0lUll6BviFVrM3f
psFjETjUoC9+uH4ut1BE5huUe9OTmOXxupLWdETcHViMc2VrpnDsNKX/lFIMFSo7
3JDVojyTA/xdawJgkksCmQyHLICDvqJrIbLaDKxCfEiMKMyjVqgf9qwR33WAJ73e
ES8XMVtgIce2Zpzx6OITf+gNhS0ekqsxZJ56iiacOVHxpphNKk+BwSj1bBxHLRoo
narBebkCgYEA1BuLsbfr5lXAmGxE4JG1XrOZ7YtTqQNMYzy03s6fndoITqS+YpHk
dtPqM/lQ6qByqLbaPZFVEqecIb9EVRoG1m+9rIkAutiWf/vAWwr7w7yIbFID2YBH
50crmdtbK+1eoml/MkNx2grmgelqtMy5iOzwbPcFzmgXaTBzXvJvZEUCgYEAzU3F
f3QP0xgbrT0iK6138waegsuPaLoBdq+arlZ0LMzuN7T3KTKiNfkJKWbxoaECmu1p
PpJsQpG+0cQxyKU1PK9Pz+9qUXaPf/OsRKTcvpiS2kdBFXLPEgGi2JeSoPZxErYM
WuaqLIM8krYrV0JBRgGv38Pd0u0VaSbQvPx5u0MCgYEAidFoIE6IKf64CJH44w3q
EiGSt8Va06u/+48bWtZY4kEkOq1Sw0tWbltdhu3NRNaCCdvdzDldVKSxjz/vD3i8
zqKGVNAkOEO47mnO35kwY0tiPTfBJpbyoXUeAHeGMvGmFtODgU5PcMS6Z9kZq2aG
e1CxG6waCraZ15BStnPCKx0CgYA2n7Olhp7TPn3WqQZXcq8QdTlleX2tkpfjGTPh
oNUGOnxDTB3a00L/c0QxxNcTdwB3ciVnZZPyXk7UBwxr4zD39XkZzQyPoijqFU5H
cUneWD/yXbT+XO6lTtQiJqn3s7pADTnaUbcDYuOR8XA0pkcxti8yLS3u+e+Ra6ds
MQy+ewKBgDfHrvBhbxyYskxc/xHnSeAZjrKsKoFNmV3/n9XTmms3WAVoCYydIEou
Pm3p5kDiaiTTqLBpxoa4g2tuaEXBJpgLwxq79Jod4PA1bnip45ERRrk4kRROIaFg
eHV6U0+PQTrdFhiJkvK7CgNZVr+NLiS1V1pM3x7xI81nAV9Sv4c5
-----END RSA PRIVATE KEY-----

BIN
ssl/test/axTLS.noname.p12
View file

Binary file not shown.

BIN
ssl/test/axTLS.unencrypted.p8
View file

Binary file not shown.

22
ssl/test/axTLS.unencrypted_pem.p8
View file

@ -1,16 +1,10 @@
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL0P1EKodIdUqrk6 MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAyMpdTru2uDnqTsuE
H4vOvbdl+0A90BGanNyCfOqoF+F08wUOYcHBeIqyuhUiWv+buHouD4i3dN4EmaWi bm/leGxROlUUjlk6lxq3+vLdaG0lLqreWcHe8ZDif9TjsXvJdVMikMnRnG/aGb/Q
mVOLrXhaMe28Aeff6ewvoF1T9uaKoMhtQUVjI7PPTlAfKN824nPf1qGzRk9uuw2b t+50FwIDAQABAkAkOd57xgJBWrGbZbyO8EFGaMR+8bqztAWOHZP0Ar1PiY+y9rnk
76j5TKVxoYjdB6mGDT/NmSOihHcPAgMBAAECgYAmP+yWq9QfiQ6dONgnBeW2FAjX e4+dF57VaCQhUUsIHbDL7F4qphRq1P8tzLUBAiEA7i+ZxsguJ6+Wycd7DdJlyz6a
/2l4FkrEBhZVtzpVn76G+FjoxUao8O3a1r+IVS3mciksZMldHZskOphAodKvXKsj MlMyWC3T/TJTPTfD4UkCIQDXzsauXM3TIUHkedhqn+vPPoBHrNodIk5JT9ZctOkK
5DPQ6mBS53qec18ugNHcb0cPl4A20jAH3dbXFYkrdNV+irxjQgryMSm/+fnwiI+K XwIgOTOPT7DlfLxrjxvsDn632Z64M1vNnGWtIoKCgRIyZZkCIQCw/NBM56eV48ya
wiJuFSa3XltYRBw7eQJBAOHxsuXIgJNAUHQU3bLyJ1wMPcBf7pxFbBMA39DZg/qQ iKNIrudCDExAfC5VfnEeBvATD/ufmQIhAOmLUZvYIMe7v398vqRxD0MR8YxP2L2V
LITyqsLd+88DQYgQxrtet7Yuph2quvtKctiarYgNahUCQQDWNiPzXXfI00nBk/7K D5s2KCBigvi7
Deub2r1HKHOXoFDXTCTfmws3rsMxtU9iCMrl75d7Q6DaKx+/qAiT0hYciZnx3ybR
QpmTAkEAsUHkft8g9+Tx+U/Rai0N8ensnDrmwJS6J+J8tKWhI/bt5lNW4lAy2AKO
68d1kdPKPtQ0IHwr+y86EHKxB1a2zQJAHjvyAw10NLItvNbIpXglgw/ymzKIbiRA
hMLIiY72nFtcTY3LsIiRKrcQaGN5NpHTn1d2Lnb+i/SX992JOwvtZQJBALmvvwnJ
kCbzcou/s3znb29bo5W4ngO5z6BTujLB062Fu3lICdY/nNk3kRENBNU7ynRdHJGN
PfH4+b4117JTUB0=
-----END PRIVATE KEY----- -----END PRIVATE KEY-----

BIN
ssl/test/axTLS.withCA.p12
View file

Binary file not shown.

BIN
ssl/test/axTLS.withoutCA.p12
View file

Binary file not shown.

BIN
ssl/test/axTLS.x509_1024.cer
View file

Binary file not shown.

23
ssl/test/axTLS.x509_1024.pem
View file

@ -1,15 +1,12 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/LnxTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh MIIB1zCCAUACCQCrCBinAwcn/TANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl MjYyMjMzMzlaFw0yNDA5MDMyMjMzMzlaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa gYEAzf2JSL42uZV21BMwDr+y7WcKwBY/UQmdKS+ybT8+bC+QgKFx3744xcupmkAU
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o kAr5twcL4drnCb8NV0GGYKHBJ5FbCphGG/aihPhlx84tlheqkfhhBFBw67RDt9ya
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG zDEBFNTNzMI3bWmC1sbEvvI0pcmmGVMyeoYOkYIPoUJUqgECAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAMuA8biHmpvS4EJ+K5guETizlFMpWgT/ALKM5iSTOr0cuGWKy 9w0BAQUFAAOBgQBAtJSaqIlyHQfls2uIIcI4Np56jElIaAwG6NsfTgXmMeP95g1r
5HaRJbzhqO5qaDp3ubJilwwlPF4TSIeAo5HZLuaSKxxSJLF3xvbe2JvZVzdWaBcy 2BMX4C0NuH7LIGyoc6f946f68wJgeB8TQEXudfUQ/Y9odNSsrgQJVSzb2AcHZWkn
ZgEIOAiawYxeP+fJRMtiuUjHiab/jn094UYynBMGmtEXqz+pkAQzLT+BCqVVzraV br9eYUBWi9czO/9uU36dP8BAOqugUE6AR0YNHttM8RtdPCpUp036e3JmxQ==
VK3xT6LKw/Yle3HSaIXpcraZNG3lX/Z0HLmi2isE/4LFCQTEuryCPrRyGI4waEhK
Dac9tfRCOpdgfahhip6YxH5lmep+ynXn2yFdznxmPX7cFP5VBJeoZBK0tTBIcrzb
61tPpvuHAUGR7JiY8Us4okDxBZC7m12WsSJrUA==
-----END CERTIFICATE----- -----END CERTIFICATE-----

15
ssl/test/axTLS.x509_1024_sha256.pem
View file

@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/LnxjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
9w0BAQsFAAOCAQEAbpbFPGnc74yvFgxKiNGA8+9azns10+KionRirc6g/1X1zBnJ
7vBXW9aXwUr2y9G3jnmX82eut0YnaJ3xlU5rp2NbGSH43fQd/OvWC+6yDFBeHfJG
JqbyP9oBkrUSuaXO/svsGUr8z1YVnxvtN7A1NGt+xQmgTyNq2QWg3MSQQwVtNsQt
84mQqU0BmmyRyi14LOCi2dHxjduXFVgHIcM6XzVL8lxQ1oaabA1mP5u8dzH+n+sT
uVDMmn6ABDZsnnCo9i7WidPI8pfJ4k6xR5l0wUdcOQeY8ynwUmILBt7lhKhxtAIG
j9SHuiQYstmr5+6wIBv6LRwjuXNDEwcqdT+o1g==
-----END CERTIFICATE-----

15
ssl/test/axTLS.x509_1024_sha384.pem
View file

@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/LnxzANBgkqhkiG9w0BAQwFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
9w0BAQwFAAOCAQEAcVYgGWa/OFtWSpsH55h4iHan1Hj8WMzhvczirWDP8EaG3N1P
WVo7LQdfhs9OvQwLlacAym3eawwsMe7ODU6Iq2vsbajeKMuF0jb5teghb7dMIiIW
UIy3zRe9pmOZZpIcwJfuzTMTXMq+UksNfSzgB8mGqnIj+4D3UPXce5KYMvxzAjYU
HAAFR9+ZkTdpratH/qFlk14DJ4CKlH69/RUpekkXcn3lk1DutfQ15kaTnaFObTUs
HvGr2pX5PsofeR7DW4NStIMbOwMvTby6thCw8zImI2yyouCv+LkilGxmxEMAV85X
ZKu5dNZXbJwfOFjkmHEtDfmISsdl8NoQxyz55A==
-----END CERTIFICATE-----

15
ssl/test/axTLS.x509_1024_sha512.pem
View file

@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/LnyDANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
9w0BAQ0FAAOCAQEAbrG+mMdCorMaq6VHQC071CdXzqdUGFgXM/qpVjNo3tKjqUbD
73FJOYYoSgXO7aJPebraaZTdSpgHO2vdJrifUjrJg+2RKDwIzCP853fgi3Nm4n+R
7uDsd6K/cj4xvcnhIdmQZC3TPIJFujjbMy0Tw9EQ5Zoz5rNwR0Oy++HtWoULOjTe
xsVsagshFaGajLF6RXoH+caKHIi4HANlWwJvHCBpqQYUyhUCAHUm9Pdo0+h7Viuj
evzm3SPr5rOisE8xTDU4WPOhwel3lggZWfh6nbDG7+1sWmT4qTtAkv3V1m1o1h+8
4TeJUOV9QHm88a2UUqWIZocaLxPYB6NThoBNVg==
-----END CERTIFICATE-----

BIN
ssl/test/axTLS.x509_1042.cer Normal file
View file

Binary file not shown.

12
ssl/test/axTLS.x509_1042.pem Normal file
View file

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIB2TCCAUICCQCrCBinAwcn/jANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
MjYyMjMzNDBaFw0yNDA5MDMyMjMzNDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsC
gYMDUYXtMubODhuyrWhYD7fomF6ZQMdjvQSYQIEEzdP0NsZq6a3wM1k6dMB1hmMs
GbT5jNfen3JdhL2s8AQ4rio6HJD3RCegOKr9Rt2r62MvWFSMflc6X4bH+bFxsnIV
jW6D+FLSeVPeVxpB0BVIQv2qSFNrTDlYbKU/RtGDx+TfgM354QIDAQABMA0GCSqG
SIb3DQEBBQUAA4GBAIEoXdKa4a2ThBYfcfAO8CCwnU4qUKOpAut3k3XSRdwOnQrG
epJ3UP1OpoMeoN2gtagcjcTzhXv/QPYbx5lRko5QfERFJwpNthy+Z8pa11JNY1dX
YugRs4Ad1BoKrCBYnm/QE7ZKVPEGFt2b/geFAW8HpndNWzn2PnTcdDQ/tC2X
-----END CERTIFICATE-----

BIN
ssl/test/axTLS.x509_2048.cer
View file

Binary file not shown.

29
ssl/test/axTLS.x509_2048.pem
View file

@ -1,18 +1,15 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIC3DCCAcQCCQClKsh4h/LnyTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh MIICWzCCAcQCCQCrCBinAwcn/zANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl MjYyMjMzNDBaFw0yNDA5MDMyMjMzNDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAPladjynJXGaCmdzonEGTQOF6RmWw/ehmrG+ROur6DD7m+5fspZ+gPQm AQoCggEBAKWgulghnDyduQE0oEn5PgUqoW/gnHB8D83dumyQU+KaNUQhmkcX16w6
L3gZ2tIv3EB0QsKWLs82x0IDowAMO63L3oiKpvJyTMQPARTTCQh79JJw5UU9x9vM jZt/1IQaqJd5dGyGt/zR6r9pZt54DNXrCZ8JgVk58gToqaUhNNoRIeUiYj/scqP3
aE7dPGfzAnwmMjl6FbCTkugUjknRVcs4X1OpwInuYrJGJ5innJoWGhZveEvFliTD pZiBYjVPM+jl1RirIttS191JoiqFhr4OdkOkPEwV1FLyh7s3v9OHAoS8m3U3cbD4
YBL8Mz8oXZhOK6alAR0Urt8z4B1J0USDn7ouSnWRsyqWgvotRp+fDDguFi/JILhD 5tZUwLEFSgEKsBMYUrE03i6RjwHK1sNGbJ1Jwv6eWlGLqYnlGI1TgoZrx5SeZ/2R
AwhJEA+s8RatD1+RgYLvs1aghQcl+7KMWQdNuxbJiVDeljaKN4Ufx9UFfEXV74DG ii1jXKv2TiKLrSuSe+WlwebSK2u8/sRiQ8F6FZI2vVt2S6FjHLgZPijjusxb6XRl
09NMsphJ2FX5/WS+510oSiO9D4uWNdUCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA v+AsfmR6k3xnmKRVgqIvvl4PMlUWiy0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQAY
HKqK24TYW7NvGoIifLaFyaSwAQV/OODpiZmTie3X5RBHR34v9fnBk5qnBf7EZEfC uw++Zz6+68dQvmd9MiHeYZxVsajDJ0RVEiV9V/TFLsGmJXmtHHX0vVjZJSpDomWJ
uMg/mdMQm2Fst4uBzx9q8PltfcmCaX+/1M0F5nzhEszJ3cDevMBexNl7Q4nfYNTN WKPZu/HvR6KrtOtz+HM2ap5FFfPcg5LA2Dqau2tvTub1KdvDSbfaTqRsh1cQ8FQI
QShJyhSgr9cQ/K48k9IA64RRcRP9DWtSNzt0zzA4UCqlkBvKd6TdcC+rAzOigdhT 222gV/DG5AZ8AlSuDzTgrMuIeWjKZ6hhkirZVIO+rg==
z0e1a9KVfKSxtXxyCAQZyKdsfWlhVyXPWd2urd8IfLfHdiFMKwyyreCCc4tCDjcA
QcJkv2bfL8Cb4cUd2vtI8kic9zUBFaOWyz9tOicGG2k3SBjN99iQfBAsqbHjtGnj
+dKbDCxXy4udsNINgfE3aA==
-----END CERTIFICATE----- -----END CERTIFICATE-----

BIN
ssl/test/axTLS.x509_4096.cer
View file

Binary file not shown.

39
ssl/test/axTLS.x509_4096.pem
View file

@ -1,23 +1,20 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIID3DCCAsQCCQClKsh4h/LnyjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh MIIDWzCCAsQCCQCrCBinAwcoADANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl MjYyMjMzNDFaFw0yNDA5MDMyMjMzNDFaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
AgoCggIBAMAKTqPX9LMlyPA5hJD/PHhwoGWfBbpnCAnKnBXtDssEfVLF1HUITKin AgoCggIBAKOYAobI/sEAa0jY3Wnh2UBTQbKzLIEF0/PuVOehqtnXZ1T+7LPTuks8
zC4vFpXKPqzahXA37DcgJZQg4qvPXaf2jY94pwlQKF52ibomUOnV/VLQUVRFvXK/ ijWm+OXN/uvLg0YZQDpOtjut7Jog6X3PDr1fnGCZB9ByzUqVDCC3OtY3Vlp8ax0b
8+kY4K2UPfjJGzsfjF1XeOCPIxFlbltqCtXkM1PhVG9dnY+OZk2i6S+gcV3Fxgu3 x0JuQ65ZHP7PlQn+2DDcmzsymooHXWdajCOb7TXdZCt48fau9fE/1pp4+Z0sKUiu
tiknju+YlsIrTMhpiUIq1fH7bVDWulXyru4rMREs+Y2lJrkrDGSJeh45vysZmcZA bld/ihm5IgbmwSbRWrbHzZJ3MavMCHMKwCvCUDMU1s4Vek+DxZta3ApKPB5aQrW9
bhb9WZtipCqiLVf1qkGAq54IpdSOcyS4x1hTYwOt+FOt8lmaOS1kGPKaecMtLLQv fupNT01XEJkQBjpO8m8zPrcXQWKU0m2Ylj+7KXobNw+YuFgoZRhJLEdUaGN/RUVU
O8iQ+9K7LM45t83o7VwFYqZtu/hlntWyiOlAFX8ht8vmxACjhnPW+lKVCe4kT3d9 pjdTZ8A6rCquiOMg1SaVm1pCP4zDk2wYrklfHSM/I9CZxBoixWEmYcVNAxREcm5Q
g62Qidcbm1Vty8foCuWCC7H+30AETwG3NSm7idhidr/YoSDc5Ksk+jehSZ7PwXGZ LmLWhvE8PTL5MoOhkaOAn37NFtzqjfSHoTMMmXzqFjV1tKZJstQ+/vc61IKp5CcK
xwF5PiqK0tN8QzICPwjChI6HOWIxWPYqDlL77aXoNpG9FVKrwBzpuIvg1H+aUPNr e6vPZfZH/t7Zx9h/7rgQQmwYfDRbv0GIKwTwFI5hxH9XipPQpS0CvOU/SemhqSVY
h9erR1ZNmMmajVjVbvHG2LCwChWD7crq/RDtk3ioQiPrwI5eRTcN00AI8tTeD+6J 9MdVZtv75Wq7Oagcd00qwvgSoNhVUKEym2zeckkt2ukcllohpLr5H7xRSlk1vXfJ
Q6SYdVZMeatn22kLyKtRzKL0phiirzm144wKKpcFWogrpJK/3Y1dU3rtSU+dGj+7 aXh9Yr1zxr1FWeSzlv9lu6VAFd7RV++i0fj99FnjgWMFUHvfXVExCS+jnD1VzfqW
agjjqwWAWlhztSDgesRTkn6QJLmVX+IKh7Jdo04i2Osw4ZGnyYKBAgMBAAEwDQYJ Hc1arikSZ1C1OaTL3eEDyC0RyPfRwCFWk4onUbaUbJgEegk1UQkBAgMBAAEwDQYJ
KoZIhvcNAQEFBQADggEBABPkfLZVIJ5z5cIhmiN5yqjMKotzGMwi7ihiPx8YSgBc KoZIhvcNAQEEBQADgYEAihEFhLAmC2H+wWMajxFOuGnKwIACS2XZiYX24/8wNUbJ
2grI7Aqyojn/gPBTvKXGRYCGC7aXIBo69RlbnZy0VW1fLqoNo8y6+zLiryCtxsv6 CvE/iTv170ZPnT16Asfrc+PJWdVPU3j72bllHjKHtihgBoSCGceK2rN5I/vgVzm6
3orQmHslh2WofzzhkNyazT3WoGvzV4qhzK5KU7vkrFpHcwiLFRglBMP4ruoOq8jY EbMBJBZVch8FHLNHqR0GXEtge1k8B4mI6rL3f9ZjmCkYgG9Ii7b8o3s2NT1e4E4=
4wKDrP3FpgaSpY4NOm7ro7LiYzmVcj6A9Gci6mm55er6ZGX0yI9O1FXOZCxABPJF
kDEAk4GQScbaEDBZWjFAhkmdwYnE3n6usPnURwp08vDRkd4bGdrMT2KtP5ASNigQ
vEaYj2pQJLS8Eljwc6nEBeGrZ14fGXXaVh+p9TKrpM8=
-----END CERTIFICATE----- -----END CERTIFICATE-----

BIN
ssl/test/axTLS.x509_512.cer Normal file
View file

Binary file not shown.

11
ssl/test/axTLS.x509_512.pem Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBkjCB/AIJAKsIGKcDByf8MA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
NjIyMzMzOFoXDTI0MDkwMzIyMzMzOFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjK
XU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB3vGQ4n/U47F7yXVT
IpDJ0Zxv2hm/0LfudBcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAblnZaFNsGtBkI
K9rqJqB1HX4ty2lU8ALFvOfBdiUHXTjt0UAChirMdr96ELZutPic4P3Spe6oa7Ay
YEuqS9I6/TN3iEHeBkG7tYRpfmUeFuZl8EqzWbLmQsMhNj0CE86utPOnkygYRYIK
PRUw3ZLDlmePKJOZ3LC7kKBBNrKYgw==
-----END CERTIFICATE-----

22
ssl/test/axTLS.x509_aes128.pem
View file

@ -1,15 +1,11 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/Ln0DANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh MIIBkjCB/AIJAKsIGKcDBygCMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl NjIyMzM0M1oXDTI0MDkwMzIyMzM0M1owLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALll
gYEA8k4Lr67fner/JtPfbCJe9+RMyq4ErKmXDlxQnXDEcvn/7Mw/CcNQXDPDRTN2 NkpkyLOhA5d2ys+edm5yNrkFg/vq++Uu6BXJEqvto7UabK624NzvI9APboEMbHVJ
/pw0Cwb45Pgv0bqTAFPK2sWhp68QMiuyl+lIUGSrgXX69nW7B2cAp4YSNW55M8SQ gceP8Gc05uj6rnldy+sCAwEAATANBgkqhkiG9w0BAQUFAAOBgQApsgHtuktgEuwC
EISL3QOkzl1oHW3iuxxGeuCGuVv0i4gRxhQ1XkHdoGOc4G0CAwEAATANBgkqhkiG kWRG4e4wIRcWl6E1SN6tW0vtGU+KGXtAxXHikIfK/0krnfQMKfHGV4Rhj689X1j5
9w0BAQUFAAOCAQEAPbTh7YlIYA/XOKC1Laf0SQ0HQU4hC9rd1IowBIyKYT5YlKVM CoYYBZduyc/hJuCMhwwEqELrSQ60Rv33tZniYZ/iYDQEoE//q4cvwG/sK830w9wx
VIrmqN7B3ytUZbP3eL9ZO63G5NHmGk/i+RpxF+O0oX09uhIPWHlupZ1LeEHDwsSG /5Dm3eR7kLXGtzHeVUnUWKGv4FILNw==
5OjZ1scU0bbIX/aBNPDL8hU7/TSTtL7NY9939cHE5LVwdSuOqndXl5nPFKxyJjfB
npworzs+UUwXLAcJSRHTruyRf6fvSfl1NdMabWiR/L7+tzDV0842+HwUsJLUlWFv
osK0avS8ER8PrFMRnKqGIK416B38ZMjn65G/J5v1j/RSHDAWjp+SYAFHaxiU0gEk
WOAZlVmG1vVlFk/ubTJ/vd+RAk0QYI+THgwlbQ==
-----END CERTIFICATE----- -----END CERTIFICATE-----

22
ssl/test/axTLS.x509_aes256.pem
View file

@ -1,15 +1,11 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/Ln0TANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh MIIBkjCB/AIJAKsIGKcDBygDMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl NjIyMzM0M1oXDTI0MDkwMzIyMzM0M1owLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKwr
gYEAqn/ZBpw3WLD87W/rVp8rdvg2yoml5CSMfePkcXKCfbWMAkZOJJtMupPoMFC9 ugc8AhMAcq/BiZYLgyKL9mAWBHDJxuUGS/NHE2WDdMOVE1Tf1Ame4onsYVTorN0Y
CbQ5EUmSV47BHGTh0xnQK/4s4bc6lPVtkK7dJtFfonCsiTErW0p6z0q7tQfWFEd3 /3Emj8/WBcBpqmRxHtUCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBr2uCTrm9d9x4B
NGNFv/qVIsB0hJDOJn8x30wYWCOY+gC+53KJzRVcRMoM75sCAwEAATANBgkqhkiG MIak3R+RxRUb3920uhASV8PMZ0vYXW2qPnHKAol8ZK2p5ywTzPPRjlTQpF65y9aM
9w0BAQUFAAOCAQEAqI4YkmyznQ9lE0+2cSkRX7ELJeKGedGFCCKJZaee5k9R4PBc K3wFRR7hjBfbf9qzr5jwh3p658OoXSQ9hR0KxvgeDWvnLZRJAAebl/4FE1XV0HZ8
fg97WsEMARSl2WLzAkK3rjSQWslbRxb/u1NYhd2uBdrYGIMXgPyBIjV7sSoI0TkC qhFk5fMnD5nabFdq4FK6pWQjUZjMmw==
3muhke+W2yZsVp55DoJpfsX9dIfzbM0ICbaD509xuClfraIafO/6VLrw/+BzTTVM
DECTo1dCheYYXyOJPgdgdcABKKb3WkTLJPkV6SCK0D8xAHpTRR8AtT0xu60JDRoq
wcKZie02AXOgg3mEQPdvmVDb+cgOL2Cb/nyraS2OVKPRTZfQfvhve0mU3DN/TVDB
7N9bVd1WNst+bsNIE0SbnYiF/oSdnHGNQxaLGA==
-----END CERTIFICATE----- -----END CERTIFICATE-----

22
ssl/test/axTLS.x509_bad_after.pem
View file

@ -1,15 +1,11 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/Ln0zANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh MIIBkjCB/AIJAKsIGKcDBygFMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
MzAyMTA0MjhaFw0xNTEyMzEyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl NjIyMzM0NFoXDTA5MTIyNjIyMzM0NFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjK
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa XU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB3vGQ4n/U47F7yXVT
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o IpDJ0Zxv2hm/0LfudBcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCdnukuKxxoJB14
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG jBVwv4fZLffn3b/GT2LrjLCtk9/mQv9ECbHxOZ9ZOGtFCkkMIP6lnzrng/U/fTT4
9w0BAQUFAAOCAQEAqk3O/LBqyketDzFqMe7L8nqmM/crpmjZ93KEwhrc7uRKJgXm hMdxCCEljxUA7zdCvvLjNgYYW4B4BiEwOokG33fIGM/6dpVrybxJ4Z225AvKAkU9
CjfTSm7D43l4xbz/NbHnNvSFnblFoioAQP23opotJV/WutmrGCIjpidLc682GvcP p8h6yItFqR4/SMYqZLzsr75PlCKyIw==
DvhlOTAqoVFFWmjL6gj2iKEtIUzxCMI7K/h/znQvk/NrsfvOF0uZtpMoLqqo4o3Y
V2vogbTEPpr77952JMpsLvJYatwiYo8G7Pc8qdl86mk3tx1Kqn/Pl9CgMgj8tgFi
tcBRFePe3WvAiK7vnSqz7H4NUXrcv0RTA7f/bUXNWoRUI98GbYKVpxgIY7uFmLF8
0jb92pWMlA9Ps0fAdMKs98c7dIaJi0buM5Mtuw==
-----END CERTIFICATE----- -----END CERTIFICATE-----

22
ssl/test/axTLS.x509_bad_before.pem
View file

@ -1,15 +1,11 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICWDCCAUACCQClKsh4h/Ln0jANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh MIIBkjCB/AIJAKsIGKcDBygEMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDEy VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTIz
MzExNDAwMDBaFw0yNTEyMzExNDAwMDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl MTE0MDAwMFoXDTI1MTIzMTE0MDAwMFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjK
gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa XU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB3vGQ4n/U47F7yXVT
/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o IpDJ0Zxv2hm/0LfudBcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCMgBB+4M4ud6Zf
3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG kZgxFB+upuKhRkXD+6Am2N+XGvJzsB8CsZ4jMxPczgZwrMTPKxm/bCbX7ftLwtps
9w0BAQUFAAOCAQEALWtzVdl7s7NHPKslDc0NN2N/kqd8V5Ug93s9POLPQV6Cq7fH 77eyjihTCE3WzFZMEwT+mY28Cn0B7FkovrLvKEXQROfyDwkt7HWBGJEuSO6JAdAa
WPzxdU/IcLwocngqDzYEADlKJL1prRIP7IEtclRW109kVf5ge4waL7BIFogX0iII 0mesxjwqjiLmmBoY5BLtfc1CGa8muw==
WzjSlLTdYFo6ZK/oxwg86+zVA9UbkWbvQwSGE60Hqr8GEaqon09CxYUpFTtOq7qZ
Ikjjf1Rz/t1AAGXoN2Yls1hm2ONYFuxQq+dBME0sSL7hdhwFoOi/u3Q0QXmg4Z1Y
xe0J3Pg1mt5nsh4cY0QDNZdSbZz1p4jVY5RxQsoYzgyVYQWBeDJGKs2RN8o1CFko
EMQ4Bq65fSUs5hPnYGl4iibWmQQgAWkasKZwaw==
-----END CERTIFICATE----- -----END CERTIFICATE-----

BIN
ssl/test/axTLS.x509_device.cer
View file

Binary file not shown.

50
ssl/test/axTLS.x509_device.pem
View file

@ -1,34 +1,24 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICUjCCAbsCCQClKsh4h/LnyzANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h MIIBjTCCATcCCQCrCBinAwcoATANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTYxMjMwMjEwNDI3 eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwkxMjcuMC4wLjEwHhcNMTAxMjI2MjIzMzQy
WhcNMzAwOTA4MjEwNDI3WjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj WhcNMjQwOTAzMjIzMzQyWjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
ZSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1d ZSBDZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx9iw2v0K
D6JnZqcce7NfbntIrT5T7rFq00sKH6FhFNeNXae3EvXl3Ep0FeaX72L78NtR7GR8 zlzix7KiwmskWLO+KpVpZPci07SCVcbpgSTaONE8BvIPkqui4bWQQA+7WWjPV44C
vsVtnLqY0Ac76j7a66gM+KdhPVR0zLs7w0knI+hlNAVA/hkN6rYS5FzH4e6SWRTe ItYhY3NXigCxWhCqc0+aUvRzNJiuPG4MDuA1dIG7wrdS5cHxAtRJF4KDA7pmcBdG
Q2LVas0hPrn2ZWJXwarE9QTjfXkbNn03+jpzBQKcdADYychRJbtnBH94on/92ejx 6aCpXSyvWsqerFzmHu3XAXPAlYzoqs1Qg6MCAwEAATANBgkqhkiG9w0BAQUFAANB
dIlDbSmgzQ1b1QaIkWvZlLo+L8Z8h+B5ss04adm1wyzFDlYs/1lmbPTZf0KCXbsi ALx4Z9moVhA05QsUrMiyy/+NCiFhaOtZfe6kElJoAl4B1EcGQor8ozE3cFuLOLeQ
WRhIotVDOVUvNakJ7tnU9YPxNMj18LTkFJ1YI0jD31vggMidV03UsFQ0rMlwKcsc YuAX5YpbpxuafYbzw1AdAU8=
bUhGGzPNbdxhr5pgn/kCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBX+beg1jGMSqQd
6Q/d07mQCLuEwmXmmz7hc0lgp6IumjsxulO2xLiotXie7e3GIRAVgJsd6ysRJKim
IioOMxcwUMWw0CcqjcwqorczJjsqzW99dzCd3NcDiDxx+7Pye58D8qOLHGtafC9n
TjQELV6dNIUX5IfH/18jAkPEmFcOUg==
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV MIIB3zCCAUgCCQD76Ccq3Co3qjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg MjYyMjMzMzdaFw0yNDA5MDMyMjMzMzdaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc A4GNADCBiQKBgQCfxX6VHEhZNsMIqPPxt53h1UpfX1jU7ctqwBR4dpWRj3H6cCBN
FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb EK8xj7IVcBTJq6vcMRDwrAUrElSIZl8Kv6+ZqhTss2j+E2tfzkzehP9LcAdAR+UM
XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK JPBsYXic/+vmH5JCMO7CXLUsDJmO2q2Z1TjTtchu2DgAueTo0hWRtMvbMwIDAQAB
dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr MA0GCSqGSIb3DQEBBQUAA4GBABoJU0aQMTocVLNbcY4tbfqLck2oAn/OVjG0p/8p
L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN GIJzlVKOtZ76ZkqHIbcXNKNlgjXy+4S3R+6+mkYcn0JVbVg7eN0tsDlMB04YyFaD
pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G 95D47KEzmDky4Yj2nqI4SmvVTf2lyYxV1zknrFUXND+WvjGxge3gpJxtMoTGE5E0
A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB Jc3F
AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
b5kxOvfGlM4E6v+lMSw/HDrI
-----END CERTIFICATE----- -----END CERTIFICATE-----

19
ssl/test/axTLS.x509_end_chain.pem
View file

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDJDCCAgygAwIBAgIJAKUqyHiH8ufOMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
OFoXDTMwMDkwODIxMDQyOFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVjdDESMBAG
A1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqeDyUTpdwtzBt8H8/a
xNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3YuRN4Y0i8sn8A1Fbe
69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+ajTB2TnO7UTsjKRrXP
v16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzlI8eTDHZqZJiw8gPg
7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOeDU6wo4/e0Ta5bdZe
7apqOBfdDnq3EUnHO1ZQbQIDAQABo00wSzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
/wQEAwIF4DArBgNVHREEJDAigg93d3cuZXhhbXBsZS5uZXSCD3d3dy5leGFtcGxl
Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAbPQ1Y205Ricl1K2ByVa2RHJyYGP0Qj+H
5mWj4A92N1vAb6uOrliqFYOClYINGsKKC8YDZdyA4c8ZglCKZ2RePwOSdaWIw7wi
Efhysyq3WLSlo5jEcnkO7o5dV/7V7FX/+65UEXu35ZqaE8ZY++eotmLzccnInYP3
1e4oaF5hyZIHVNCXnywNvchSkXjN0HhvIpeLTyzC5MQkQMMEOi8EBOgTGAo4UvL9
eau3YhhpvfnCDlrRB6N79RcTLmJyOj5g1YO/9wn/du+EMwEkKUg5QJHzwUB2+ISp
57JjKh2BQt0g/XJfRugHQcNtjUu73Ziexpl0qaXjNjb8mvsuV9RX0g==
-----END CERTIFICATE-----

19
ssl/test/axTLS.x509_end_chain_bad.pem
View file

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDJjCCAg6gAwIBAgIJAKUqyHiH8ufPMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV
BAoTH2F4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIDIgQ0EwHhcNMTYxMjMwMjEw
NDI4WhcNMzAwOTA4MjEwNDI4WjAsMRYwFAYDVQQKEw1heFRMUyBQcm9qZWN0MRIw
EAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDtHhLvmPll+SevNuwC9SepL33sU2TnjmwajRitoNDsJ4lcap4PJROl3C3MG3wf
z9rE0/UEV2A0RacXULUddVuGpbGrXoiVqSpliRiV0ckw9CAVrdi5E3hjSLyyfwDU
Vt7r0P//nslmvXC36rEAlZafRqc8ZeZHQeU7QC3UAJCQoZIT5qNMHZOc7tROyMpG
tc+/XoV1ZNeQlNUdR1W4Czoh+AAqS9BDnMDwPoheCNaxOhZ0XOUjx5MMdmpkmLDy
A+DvEbSN6k30lTTklFzg127N5WP/RZPS12KU7SNA//7wWCKR054NTrCjj97RNrlt
1l7tqmo4F90OercRScc7VlBtAgMBAAGjTTBLMAwGA1UdEwEB/wQCMAAwDgYDVR0P
AQH/BAQDAgXgMCsGA1UdEQQkMCKCD3d3dy5leGFtcGxlLm5ldIIPd3d3LmV4YW1w
bGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBGJydzARx5fNYprptRG9c3pqecGKlX
ArxbLe+K+83wS427HnWONnuZ5LJKGkuXjIeh1G/2AfKYXJz/SMN0IPYY3ro5Lt1Z
GOPyn01qcj6OkfyiUPCDIsVFS9V0TVLTBLTMZFa1j6nMHs8Ajmm10Fkf/NQP/CVk
zEgoktjb+wLqw1iPUGqkVepVtp3wg7VQY6E07SliNp/06Q3ue6xLJnYlKqFhUQf7
064JyRIH9W/C2WnxWbKRBjsE4gCRnMvKQrCrfR64VohCr6XvygIIufwCG/CLJogn
4OJMqz1oDkABPgSgjNhOdwnt+3dvxbjQBiRy1ERfNAJLo+V6x6aO1Gqz
-----END CERTIFICATE-----

19
ssl/test/axTLS.x509_intermediate_ca.pem
View file

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
+innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
2L3MUIVn
-----END CERTIFICATE-----

37
ssl/test/axTLS.x509_intermediate_ca2.pem
View file

@ -1,37 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIC+TCCAeGgAwIBAgIJAKUqyHiH8ufNMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
N1oXDTMwMDkwODIxMDQyN1owKjEoMCYGA1UEChMfYXhUTFMgUHJvamVjdCBJbnRl
cm1lZGlhdGUgMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoa
fskhD+DqHbPtvZxd/WrqhJif6k1KkAs/vYlsjoaejVOaSdi2YkDcVViM2rBR6fSN
XL5n/uH57LTKWhZf07XQqUJ7lfnhSHu2pRD+vj3N2Ihazs8jtF56iXGcJppKa+aJ
rxnMfRW3Kyn5c34Jp+GbxiHYLcJAPmQI+lpKWRxhqc6i2MgBc/On8ADXk+CN2vdG
hsDhKP6J/o7yQPjvCgEbBcfsrKca30mbTVUzVhX0H5CCLe7zlp3r2TQBJDJx8WPI
wxavBAAjRg6N69I/huYpkZfD9IXZJaTdutTktYQDVTN5drdiDTTf1JGYyXt/0+0V
t9ANFWd1pP589yICpQ8CAwEAAaMkMCIwEgYDVR0TAQH/BAgwBgEB/wIBCjAMBgNV
HQ8EBQMDBwWAMA0GCSqGSIb3DQEBCwUAA4IBAQBNWDjqxlO0BwMdyxfUs1wDsLiq
4hOmUFwCv8TuTFsL9aNe7OIJRT8IF2pHw07qyvAxJVEWUCLK/KLq0HrRTzRZO/tK
eNroHMHS+fBwFuHFp+1RGMK2rHLajxVVB6X0aeLWKrNKrvUQZL+Tx+NZ3dEO62rq
rANnElCrnyI1bIBKwHdUbOMOHeZAECr7H0KfvaX8F67aln4IwPzCauQM3DFf9h9Z
FvmxUdVgjRZK4e5he9k4gT/Faom0z/ApnW4DJRF8rpCPWqN872aNpL8NPZuOFtiD
Gzg5O4wJYx7OWIPa/qcQ0hTbn5waPzC68X448tlJTPiwyeKsYT3JwWqLi6o5
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
+innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
2L3MUIVn
-----END CERTIFICATE-----

168
ssl/test/make_certs.sh
View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Copyright (c) 2007-2016, Cameron Rich # Copyright (c) 2007, Cameron Rich
# #
# All rights reserved. # All rights reserved.
# #
@ -41,34 +41,19 @@ cat > ca_cert.conf << EOF
[ req ] [ req ]
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
prompt = no prompt = no
req_extensions = v3_ca
[ req_distinguished_name ] [ req_distinguished_name ]
O = $PROJECT_NAME Dodgy Certificate Authority O = $PROJECT_NAME Dodgy Certificate Authority
[ v3_ca ]
basicConstraints = critical, CA:true
keyUsage = critical, cRLSign, keyCertSign, digitalSignature
EOF EOF
cat > certs.conf << EOF cat > certs.conf << EOF
[ req ] [ req ]
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
prompt = no prompt = no
req_extensions = v3_usr_cert
[ req_distinguished_name ] [ req_distinguished_name ]
O = $PROJECT_NAME O = $PROJECT_NAME
CN = localhost CN = 127.0.0.1
[ v3_usr_cert ]
basicConstraints = critical, CA:false
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.example.net
DNS.2 = www.example.org
EOF EOF
cat > device_cert.conf << EOF cat > device_cert.conf << EOF
@ -80,130 +65,72 @@ prompt = no
O = $PROJECT_NAME Device Certificate O = $PROJECT_NAME Device Certificate
EOF EOF
cat > intermediate_ca.conf << EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
req_extensions = v3_intermediate_ca
[ req_distinguished_name ]
O = $PROJECT_NAME Intermediate CA
[ v3_intermediate_ca ]
basicConstraints = critical, CA:true, pathlen:0
keyUsage = cRLSign, keyCertSign, digitalSignature
EOF
cat > intermediate_ca2.conf << EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
req_extensions = v3_intermediate_ca2
[ req_distinguished_name ]
O = $PROJECT_NAME Intermediate 2 CA
[ v3_intermediate_ca2 ]
basicConstraints = critical, CA:true, pathlen:10
keyUsage = encipherOnly, keyCertSign, decipherOnly
EOF
# private key generation # private key generation
openssl genrsa -out axTLS.ca_key.pem 2048 openssl genrsa -out axTLS.ca_key.pem 1024
openssl genrsa -out axTLS.key_512.pem 512
openssl genrsa -out axTLS.key_1024.pem 1024 openssl genrsa -out axTLS.key_1024.pem 1024
openssl genrsa -out axTLS.key_1042.pem 1042
openssl genrsa -out axTLS.key_2048.pem 2048 openssl genrsa -out axTLS.key_2048.pem 2048
openssl genrsa -out axTLS.key_4096.pem 4096 openssl genrsa -out axTLS.key_4096.pem 4096
openssl genrsa -out axTLS.key_device.pem 2048 openssl genrsa -out axTLS.device_key.pem 1024
openssl genrsa -out axTLS.key_intermediate_ca.pem 2048 openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
openssl genrsa -out axTLS.key_intermediate_ca2.pem 2048 openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 512
openssl genrsa -out axTLS.key_end_chain.pem 2048
openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 1024
openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 1024
# convert private keys into DER format # convert private keys into DER format
openssl rsa -in axTLS.key_512.pem -out axTLS.key_512 -outform DER
openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
openssl rsa -in axTLS.key_1042.pem -out axTLS.key_1042 -outform DER
openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER
# cert requests # cert requests
openssl req -out axTLS.ca_x509.csr -key axTLS.ca_key.pem -new \ openssl req -out axTLS.ca_x509.req -key axTLS.ca_key.pem -new \
-config ./ca_cert.conf -config ./ca_cert.conf
openssl req -out axTLS.x509_1024.csr -key axTLS.key_1024.pem -new \ openssl req -out axTLS.x509_512.req -key axTLS.key_512.pem -new \
-config ./certs.conf -config ./certs.conf
openssl req -out axTLS.x509_2048.csr -key axTLS.key_2048.pem -new \ openssl req -out axTLS.x509_1024.req -key axTLS.key_1024.pem -new \
-config ./certs.conf -config ./certs.conf
openssl req -out axTLS.x509_4096.csr -key axTLS.key_4096.pem -new \ openssl req -out axTLS.x509_1042.req -key axTLS.key_1042.pem -new \
-config ./certs.conf -config ./certs.conf
openssl req -out axTLS.x509_device.csr -key axTLS.key_device.pem -new \ openssl req -out axTLS.x509_2048.req -key axTLS.key_2048.pem -new \
-config ./certs.conf
openssl req -out axTLS.x509_4096.req -key axTLS.key_4096.pem -new \
-config ./certs.conf
openssl req -out axTLS.x509_device.req -key axTLS.device_key.pem -new \
-config ./device_cert.conf -config ./device_cert.conf
openssl req -out axTLS.x509_intermediate_ca.csr \ openssl req -out axTLS.x509_aes128.req -key axTLS.key_aes128.pem \
-key axTLS.key_intermediate_ca.pem -new \
-config ./intermediate_ca.conf
openssl req -out axTLS.x509_intermediate_ca2.csr \
-key axTLS.key_intermediate_ca2.pem -new \
-config ./intermediate_ca2.conf
openssl req -out axTLS.x509_end_chain.csr -key axTLS.key_end_chain.pem -new \
-config ./certs.conf
openssl req -out axTLS.x509_aes128.csr -key axTLS.key_aes128.pem \
-new -config ./certs.conf -passin pass:abcd -new -config ./certs.conf -passin pass:abcd
openssl req -out axTLS.x509_aes256.csr -key axTLS.key_aes256.pem \ openssl req -out axTLS.x509_aes256.req -key axTLS.key_aes256.pem \
-new -config ./certs.conf -passin pass:abcd -new -config ./certs.conf -passin pass:abcd
# generate the actual certs. # generate the actual certs.
openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509.pem \ openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509.pem \
-sha1 -days 5000 -signkey axTLS.ca_key.pem \ -sha1 -days 5000 -signkey axTLS.ca_key.pem
-CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_512.pem \
openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509_sha256.pem \
-sha256 -days 5000 -signkey axTLS.ca_key.pem \
-CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024.pem \
-sha1 -CAcreateserial -days 5000 \ -sha1 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha256.pem \ openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024.pem \
-sha256 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha384.pem \
-sha384 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha512.pem \
-sha512 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_2048.csr -out axTLS.x509_2048.pem \
-sha1 -CAcreateserial -days 5000 \ -sha1 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_4096.csr -out axTLS.x509_4096.pem \ openssl x509 -req -in axTLS.x509_1042.req -out axTLS.x509_1042.pem \
-sha1 -CAcreateserial -days 5000 \ -sha1 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_device.csr -out axTLS.x509_device.pem \ openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \
-md5 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \
-md5 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \
-sha1 -CAcreateserial -days 5000 \ -sha1 -CAcreateserial -days 5000 \
-CA axTLS.x509_1024.pem -CAkey axTLS.key_1024.pem -CA axTLS.x509_512.pem -CAkey axTLS.key_512.pem
openssl x509 -req -in axTLS.x509_intermediate_ca.csr -out axTLS.x509_intermediate_ca.pem \ openssl x509 -req -in axTLS.x509_aes128.req \
-sha256 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem \
-extfile ./intermediate_ca.conf -extensions v3_intermediate_ca
openssl x509 -req -in axTLS.x509_intermediate_ca2.csr -out axTLS.x509_intermediate_ca2.pem \
-sha256 -CAcreateserial -days 5000 \
-CA axTLS.x509_intermediate_ca.pem \
-CAkey axTLS.key_intermediate_ca.pem \
-extfile ./intermediate_ca2.conf -extensions v3_intermediate_ca2
openssl x509 -req -in axTLS.x509_end_chain.csr -out axTLS.x509_end_chain.pem \
-sha256 -CAcreateserial -days 5000 \
-CA axTLS.x509_intermediate_ca.pem \
-CAkey axTLS.key_intermediate_ca.pem \
-extfile ./certs.conf -extensions v3_usr_cert
# basic constraint path len failure
openssl x509 -req -in axTLS.x509_end_chain.csr \
-out axTLS.x509_end_chain_bad.pem \
-sha256 -CAcreateserial -days 5000 \
-CA axTLS.x509_intermediate_ca2.pem \
-CAkey axTLS.key_intermediate_ca2.pem \
-extfile ./certs.conf -extensions v3_usr_cert
cat axTLS.x509_intermediate_ca.pem >> axTLS.x509_intermediate_ca2.pem
openssl x509 -req -in axTLS.x509_aes128.csr \
-out axTLS.x509_aes128.pem \ -out axTLS.x509_aes128.pem \
-sha1 -CAcreateserial -days 5000 \ -sha1 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
openssl x509 -req -in axTLS.x509_aes256.csr \ openssl x509 -req -in axTLS.x509_aes256.req \
-out axTLS.x509_aes256.pem \ -out axTLS.x509_aes256.pem \
-sha1 -CAcreateserial -days 5000 \ -sha1 -CAcreateserial -days 5000 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
@ -211,32 +138,35 @@ openssl x509 -req -in axTLS.x509_aes256.csr \
# note: must be root to do this # note: must be root to do this
DATE_NOW=`date` DATE_NOW=`date`
if date -s "Jan 1 2025"; then if date -s "Jan 1 2025"; then
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_before.pem \ openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_before.pem \
-sha1 -CAcreateserial -days 365 \ -sha1 -CAcreateserial -days 365 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
date -s "$DATE_NOW" date -s "$DATE_NOW"
touch axTLS.x509_bad_before.pem touch axTLS.x509_bad_before.pem
fi fi
openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_after.pem \ openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_after.pem \
-sha1 -CAcreateserial -days -365 \ -sha1 -CAcreateserial -days -365 \
-CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
# some cleanup # some cleanup
rm axTLS*.csr rm axTLS*.req
rm *.srl rm axTLS.srl
rm *.conf rm *.conf
# need this for the client tests # need this for the client tests
openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer
openssl x509 -in axTLS.x509_512.pem -outform DER -out axTLS.x509_512.cer
openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
openssl x509 -in axTLS.x509_1042.pem -outform DER -out axTLS.x509_1042.cer
openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
openssl x509 -in axTLS.x509_device.pem -outform DER -out axTLS.x509_device.cer
# generate pkcs8 files (use RC4-128 for encryption) # generate pkcs8 files (use RC4-128 for encryption)
openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8 openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8 openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8 openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8 openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
# generate pkcs12 files (use RC4-128 for encryption) # generate pkcs12 files (use RC4-128 for encryption)
openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd

521
ssl/test/ssltest.c
View file

@ -50,8 +50,8 @@
#include "os_port.h" #include "os_port.h"
#include "ssl.h" #include "ssl.h"
#define DEFAULT_CERT "../ssl/test/axTLS.x509_1024.cer" #define DEFAULT_CERT "../ssl/test/axTLS.x509_512.cer"
#define DEFAULT_KEY "../ssl/test/axTLS.key_1024" #define DEFAULT_KEY "../ssl/test/axTLS.key_512"
//#define DEFAULT_SVR_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES //#define DEFAULT_SVR_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
#define DEFAULT_SVR_OPTION 0 #define DEFAULT_SVR_OPTION 0
//#define DEFAULT_CLNT_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES //#define DEFAULT_CLNT_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
@ -176,6 +176,78 @@ end:
return res; return res;
} }
/**************************************************************************
* RC4 tests
*
* ARC4 tests vectors from OpenSSL (crypto/rc4/rc4test.c)
**************************************************************************/
static const uint8_t keys[7][30]=
{
{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
{8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
{4,0xef,0x01,0x23,0x45},
{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
{4,0xef,0x01,0x23,0x45},
};
static const uint8_t data_len[7]={8,8,8,20,28,10};
static uint8_t data[7][30]=
{
{0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xff},
{0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
0x12,0x34,0x56,0x78,0xff},
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
{0},
};
static const uint8_t output[7][30]=
{
{0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
{0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
{0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
0x36,0xb6,0x78,0x58,0x00},
{0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
0x40,0x01,0x1e,0xcf,0x00},
{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
{0},
};
static int RC4_test(BI_CTX *bi_ctx)
{
int i, res = 1;
RC4_CTX s;
for (i = 0; i < 6; i++)
{
RC4_setup(&s, &keys[i][1], keys[i][0]);
RC4_crypt(&s, data[i], data[i], data_len[i]);
if (memcmp(data[i], output[i], data_len[i]))
{
printf("Error: RC4 CRYPT #%d failed\n", i);
goto end;
}
}
res = 0;
printf("All RC4 tests passed\n");
end:
return res;
}
/************************************************************************** /**************************************************************************
* SHA1 tests * SHA1 tests
* *
@ -450,9 +522,9 @@ end:
**************************************************************************/ **************************************************************************/
static int HMAC_test(BI_CTX *bi_ctx) static int HMAC_test(BI_CTX *bi_ctx)
{ {
uint8_t key[SHA256_SIZE]; uint8_t key[SHA1_SIZE];
uint8_t ct[SHA256_SIZE]; uint8_t ct[SHA1_SIZE];
uint8_t dgst[SHA256_SIZE]; uint8_t dgst[SHA1_SIZE];
int res = 1; int res = 1;
const char *key_str; const char *key_str;
@ -481,8 +553,8 @@ static int HMAC_test(BI_CTX *bi_ctx)
data_str = "Hi There"; data_str = "Hi There";
key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B"); key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
bi_export(bi_ctx, key_bi, key, SHA1_SIZE); bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
hmac_sha1((const uint8_t *)data_str, 8, hmac_sha1((const uint8_t *)data_str, 8,
@ -498,78 +570,13 @@ static int HMAC_test(BI_CTX *bi_ctx)
ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79"); ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE); bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst); hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 5, dgst);
if (memcmp(dgst, ct, SHA1_SIZE)) if (memcmp(dgst, ct, SHA1_SIZE))
{ {
printf("HMAC SHA1 #2 failed\n"); printf("HMAC SHA1 failed\n");
goto end; exit(1);
} }
data_str = "Hi There";
key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
ct_bi = bi_str_import(bi_ctx,
"B0344C61D8DB38535CA8AFCEAF0BF12B881DC200C9833DA726E9376C2E32CFF7");
bi_export(bi_ctx, key_bi, key, 20);
bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
hmac_sha256((const uint8_t *)data_str, 8,
(const uint8_t *)key, 20, dgst);
if (memcmp(dgst, ct, SHA256_SIZE))
{
printf("HMAC SHA256 #1 failed\n");
goto end;
}
data_str = "what do ya want for nothing?";
key_str = "Jefe";
ct_bi = bi_str_import(bi_ctx,
"5BDCC146BF60754E6A042426089575C75A003F089D2739839DEC58B964EC3843");
bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
hmac_sha256((const uint8_t *)data_str, 28,
(const uint8_t *)key_str, 4, dgst);
if (memcmp(dgst, ct, SHA256_SIZE))
{
printf("HMAC SHA256 #2 failed\n");
goto end;
}
// other test
/*uint8_t secret[16];
key_str = "9BBE436BA940F017B17652849A71DB35";
ct_bi = bi_str_import(bi_ctx, key_str);
bi_export(bi_ctx, ct_bi, secret, 16);
uint8_t random[26];
data_str = "74657374206C6162656CA0BA9F936CDA311827A6F796FFD5198C";
ct_bi = bi_str_import(bi_ctx, data_str);
bi_export(bi_ctx, ct_bi, random, 26);
uint8_t output[256];
p_hash_sha256(secret, 16, random, 26, output, 100);
ct_bi = bi_import(bi_ctx, output, 100);
bi_print("RESULT", ct_bi);
*/
/*uint8_t secret[48];
uint8_t random[256];
uint8_t output[256];
key_str =
"8C6D256467157DAEC7BAEBC1371E6DABFF1AB686EFA7DCF6B65242AA6EEBFC0A7472A1E583C4F2B23F784F25A6DE05A6";
ct_bi = bi_str_import(bi_ctx, key_str);
bi_export(bi_ctx, ct_bi, secret, 48);
data_str =
"636C69656E742066696E697368656475F80B2E4375CFA44105D16694A5E2D232302FF27241BDF52BA681C13E2CDF9F";
ct_bi = bi_str_import(bi_ctx, data_str);
bi_export(bi_ctx, ct_bi, random, 47);
p_hash_sha256(secret, 48, random, 47, output, 12);
ct_bi = bi_import(bi_ctx, output, 12);
bi_print("RESULT1", ct_bi);*/
res = 0; res = 0;
printf("All HMAC tests passed\n"); printf("All HMAC tests passed\n");
@ -962,13 +969,13 @@ static void do_client(client_t *clnt)
/* show the session ids in the reconnect test */ /* show the session ids in the reconnect test */
if (strcmp(clnt->testname, "Session Reuse") == 0) if (strcmp(clnt->testname, "Session Reuse") == 0)
{ {
sprintf(openssl_buf, "echo \"hello client\" | openssl s_client " sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
"-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"",
g_port, clnt->openssl_option); g_port, clnt->openssl_option);
} }
else if (strstr(clnt->testname, "GNUTLS") == NULL) else if (strstr(clnt->testname, "GNUTLS") == NULL)
{ {
sprintf(openssl_buf, "echo \"hello client\" | openssl s_client " sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
#ifdef WIN32 #ifdef WIN32
"-connect localhost:%d -quiet %s", "-connect localhost:%d -quiet %s",
#else #else
@ -980,14 +987,13 @@ static void do_client(client_t *clnt)
{ {
sprintf(openssl_buf, "echo \"hello client\" | gnutls-cli " sprintf(openssl_buf, "echo \"hello client\" | gnutls-cli "
#ifdef WIN32 #ifdef WIN32
"-p %d %s localhost", "-p %d %s 127.0.0.1",
#else #else
"-p %d %s localhost > /dev/null 2>&1", "-p %d %s 127.0.0.1 > /dev/null 2>&1",
#endif #endif
g_port, clnt->openssl_option); g_port, clnt->openssl_option);
} }
//printf("CLIENT %s\n", openssl_buf);
SYSTEM(openssl_buf); SYSTEM(openssl_buf);
} }
@ -1139,60 +1145,21 @@ int SSL_server_tests(void)
/* Go through the algorithms */ /* Go through the algorithms */
/* /*
* TLS client hello * TLS1 client hello
*/ */
/* /*
* AES128-SHA TLS1.2 * AES128-SHA
*/ */
if ((ret = SSL_server_test("AES128-SHA TLS1.2", if ((ret = SSL_server_test("AES128-SHA", "-cipher AES128-SHA",
"-cipher AES128-SHA -tls1_2",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION))) DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
/* /*
* AES256-SHA TLS1.2 * AES256-SHA
*/ */
if ((ret = SSL_server_test("AES256-SHA TLS1.2", if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA",
"-cipher AES256-SHA -tls1_2",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* AES128-SHA256 TLS1.2
*/
if ((ret = SSL_server_test("AES128-SHA256 TLS1.2",
"-cipher AES128-SHA256 -tls1_2",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* AES256-SHA256 TLS1.2
*/
if ((ret = SSL_server_test("AES256-SHA256 TLS1.2",
"-cipher AES256-SHA256 -tls1_2",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* AES128-SHA TLS1.1
*/
if ((ret = SSL_server_test("AES128-SHA TLS1.1",
"-cipher AES128-SHA -tls1_1",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* AES128-SHA TLS1.0
*/
if ((ret = SSL_server_test("AES128-SHA TLS1.0",
"-cipher AES128-SHA -tls1",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION))) DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
@ -1202,26 +1169,45 @@ int SSL_server_tests(void)
* all the session id's should match for session resumption. * all the session id's should match for session resumption.
*/ */
if ((ret = SSL_server_test("Session Reuse", if ((ret = SSL_server_test("Session Reuse",
"-cipher AES128-SHA -reconnect -tls1_2", "-cipher AES128-SHA -reconnect",
DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL, DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
DEFAULT_SVR_OPTION))) DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
/*
* 512 bit RSA key
*/
if ((ret = SSL_server_test("512 bit key",
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_512.cer", NULL,
"../ssl/test/axTLS.key_512",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/* /*
* 1024 bit RSA key (check certificate chaining) * 1024 bit RSA key (check certificate chaining)
*/ */
if ((ret = SSL_server_test("1024 bit key", if ((ret = SSL_server_test("1024 bit key",
"-cipher AES128-SHA -tls1_2", "-cipher AES128-SHA",
"../ssl/test/axTLS.x509_1024.cer", NULL, "../ssl/test/axTLS.x509_1024.cer", NULL,
"../ssl/test/axTLS.key_1024", "../ssl/test/axTLS.key_1024",
NULL, NULL, DEFAULT_SVR_OPTION))) NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
/*
* 1042 bit RSA key (check certificate chaining)
*/
if ((ret = SSL_server_test("1042 bit key",
"-cipher AES128-SHA",
"../ssl/test/axTLS.x509_1042.cer", NULL,
"../ssl/test/axTLS.key_1042",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/* /*
* 2048 bit RSA key * 2048 bit RSA key
*/ */
if ((ret = SSL_server_test("2048 bit key", if ((ret = SSL_server_test("2048 bit key",
"-cipher AES128-SHA -tls1_2", "-cipher AES128-SHA",
"../ssl/test/axTLS.x509_2048.cer", NULL, "../ssl/test/axTLS.x509_2048.cer", NULL,
"../ssl/test/axTLS.key_2048", "../ssl/test/axTLS.key_2048",
NULL, NULL, DEFAULT_SVR_OPTION))) NULL, NULL, DEFAULT_SVR_OPTION)))
@ -1231,63 +1217,20 @@ int SSL_server_tests(void)
* 4096 bit RSA key * 4096 bit RSA key
*/ */
if ((ret = SSL_server_test("4096 bit key", if ((ret = SSL_server_test("4096 bit key",
"-cipher AES128-SHA -tls1_2", "-cipher AES128-SHA",
"../ssl/test/axTLS.x509_4096.cer", NULL, "../ssl/test/axTLS.x509_4096.cer", NULL,
"../ssl/test/axTLS.key_4096", "../ssl/test/axTLS.key_4096",
NULL, NULL, DEFAULT_SVR_OPTION))) NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
/*
* RSA1024/SHA256
*/
if ((ret = SSL_server_test("RSA1024/SHA256",
"-tls1_2",
"../ssl/test/axTLS.x509_1024_sha256.pem" , NULL,
"../ssl/test/axTLS.key_1024",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* RSA1024/SHA384
*/
if ((ret = SSL_server_test("RSA1024/SHA384",
"-tls1_2",
"../ssl/test/axTLS.x509_1024_sha384.pem" , NULL,
"../ssl/test/axTLS.key_1024",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/*
* RSA1024/SHA512
*/
if ((ret = SSL_server_test("RSA1024/SHA512",
"-tls1_2",
"../ssl/test/axTLS.x509_1024_sha512.pem" , NULL,
"../ssl/test/axTLS.key_1024",
NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup;
/* /*
* Client Verification * Client Verification
*/ */
if ((ret = SSL_server_test("Client Verification TLS1.2", if ((ret = SSL_server_test("Client Verification",
"-cipher AES128-SHA -tls1_2 " "-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_2048.pem " "-cert ../ssl/test/axTLS.x509_2048.pem "
"-key ../ssl/test/axTLS.key_2048.pem ", "-key ../ssl/test/axTLS.key_2048.pem ",
NULL, NULL, NULL, NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
"../ssl/test/axTLS.ca_x509.cer", NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
goto cleanup;
if ((ret = SSL_server_test("Client Verification TLS1.1",
"-cipher AES128-SHA -tls1_1 "
"-cert ../ssl/test/axTLS.x509_2048.pem "
"-key ../ssl/test/axTLS.key_2048.pem ",
NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
"../ssl/test/axTLS.ca_x509.cer", NULL, "../ssl/test/axTLS.ca_x509.cer", NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION))) DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
goto cleanup; goto cleanup;
@ -1296,12 +1239,10 @@ int SSL_server_tests(void)
if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0) if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
{ {
if ((ret = SSL_server_test("Error: Bad Before Cert", if ((ret = SSL_server_test("Error: Bad Before Cert",
"-cipher AES128-SHA -tls1_2 " "-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_bad_before.pem " "-cert ../ssl/test/axTLS.x509_bad_before.pem "
"-key ../ssl/test/axTLS.key_1024.pem ", "-key ../ssl/test/axTLS.key_512.pem ",
NULL, NULL, NULL, NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
"../ssl/test/axTLS.ca_x509.cer", NULL, "../ssl/test/axTLS.ca_x509.cer", NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) != DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID)) SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
@ -1313,12 +1254,10 @@ int SSL_server_tests(void)
/* this test should fail */ /* this test should fail */
if ((ret = SSL_server_test("Error: Bad After Cert", if ((ret = SSL_server_test("Error: Bad After Cert",
"-cipher AES128-SHA -tls1_2 " "-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_bad_after.pem " "-cert ../ssl/test/axTLS.x509_bad_after.pem "
"-key ../ssl/test/axTLS.key_1024.pem ", "-key ../ssl/test/axTLS.key_512.pem ",
NULL, NULL, NULL, NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
"../ssl/test/axTLS.ca_x509.cer", NULL, "../ssl/test/axTLS.ca_x509.cer", NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) != DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED)) SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
@ -1331,12 +1270,10 @@ int SSL_server_tests(void)
* No trusted cert * No trusted cert
*/ */
if ((ret = SSL_server_test("Error: No trusted certificate", if ((ret = SSL_server_test("Error: No trusted certificate",
"-cipher AES128-SHA -tls1_2 " "-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_1024.pem " "-cert ../ssl/test/axTLS.x509_512.pem "
"-key ../ssl/test/axTLS.key_1024.pem ", "-key ../ssl/test/axTLS.key_512.pem ",
NULL, NULL, NULL, NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
NULL, NULL, NULL, NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) != DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT)) SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
@ -1349,13 +1286,11 @@ int SSL_server_tests(void)
* Self-signed (from the server) * Self-signed (from the server)
*/ */
if ((ret = SSL_server_test("Error: Self-signed certificate (from server)", if ((ret = SSL_server_test("Error: Self-signed certificate (from server)",
"-cipher AES128-SHA -tls1_2 " "-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_1024.pem " "-cert ../ssl/test/axTLS.x509_512.pem "
"-key ../ssl/test/axTLS.key_1024.pem " "-key ../ssl/test/axTLS.key_512.pem "
"-CAfile ../ssl/test/axTLS.ca_x509.pem ", "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
NULL, NULL, NULL, NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
NULL, NULL, NULL, NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) != DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED)) SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
@ -1369,12 +1304,10 @@ int SSL_server_tests(void)
* Self-signed (from the client) * Self-signed (from the client)
*/ */
if ((ret = SSL_server_test("Self-signed certificate (from client)", if ((ret = SSL_server_test("Self-signed certificate (from client)",
"-cipher AES128-SHA -tls1_2 " "-cipher AES128-SHA -tls1 "
"-cert ../ssl/test/axTLS.x509_1024.pem " "-cert ../ssl/test/axTLS.x509_512.pem "
"-key ../ssl/test/axTLS.key_1024.pem ", "-key ../ssl/test/axTLS.key_512.pem ",
NULL, NULL, NULL, NULL,
"../ssl/test/axTLS.x509_1024.pem",
"../ssl/test/axTLS.key_1024.pem",
"../ssl/test/axTLS.ca_x509.cer", "../ssl/test/axTLS.ca_x509.cer",
NULL, NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION))) DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
@ -1384,9 +1317,9 @@ int SSL_server_tests(void)
* Key in PEM format * Key in PEM format
*/ */
if ((ret = SSL_server_test("Key in PEM format", if ((ret = SSL_server_test("Key in PEM format",
"-cipher AES128-SHA -tls1_2", "-cipher AES128-SHA",
"../ssl/test/axTLS.x509_1024.cer", NULL, "../ssl/test/axTLS.x509_512.cer", NULL,
"../ssl/test/axTLS.key_1024.pem", NULL, "../ssl/test/axTLS.key_512.pem", NULL,
NULL, DEFAULT_SVR_OPTION))) NULL, DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
@ -1394,9 +1327,9 @@ int SSL_server_tests(void)
* Cert in PEM format * Cert in PEM format
*/ */
if ((ret = SSL_server_test("Cert in PEM format", if ((ret = SSL_server_test("Cert in PEM format",
"-cipher AES128-SHA -tls1_2", "-cipher AES128-SHA",
"../ssl/test/axTLS.x509_1024.pem", NULL, "../ssl/test/axTLS.x509_512.pem", NULL,
"../ssl/test/axTLS.key_1024.pem", NULL, "../ssl/test/axTLS.key_512.pem", NULL,
NULL, DEFAULT_SVR_OPTION))) NULL, DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
@ -1404,9 +1337,9 @@ int SSL_server_tests(void)
* Cert chain in PEM format * Cert chain in PEM format
*/ */
if ((ret = SSL_server_test("Cert chain in PEM format", if ((ret = SSL_server_test("Cert chain in PEM format",
"-cipher AES128-SHA -tls1_2", "-cipher AES128-SHA",
"../ssl/test/axTLS.x509_device.pem", "../ssl/test/axTLS.x509_device.pem",
NULL, "../ssl/test/axTLS.key_device.pem", NULL, "../ssl/test/axTLS.device_key.pem",
"../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION))) "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
@ -1414,7 +1347,7 @@ int SSL_server_tests(void)
* AES128 Encrypted key * AES128 Encrypted key
*/ */
if ((ret = SSL_server_test("AES128 encrypted key", if ((ret = SSL_server_test("AES128 encrypted key",
"-cipher AES128-SHA -tls1_2", "-cipher AES128-SHA",
"../ssl/test/axTLS.x509_aes128.pem", NULL, "../ssl/test/axTLS.x509_aes128.pem", NULL,
"../ssl/test/axTLS.key_aes128.pem", "../ssl/test/axTLS.key_aes128.pem",
NULL, "abcd", DEFAULT_SVR_OPTION))) NULL, "abcd", DEFAULT_SVR_OPTION)))
@ -1424,7 +1357,7 @@ int SSL_server_tests(void)
* AES256 Encrypted key * AES256 Encrypted key
*/ */
if ((ret = SSL_server_test("AES256 encrypted key", if ((ret = SSL_server_test("AES256 encrypted key",
"-cipher AES128-SHA -tls1_2", "-cipher AES128-SHA",
"../ssl/test/axTLS.x509_aes256.pem", NULL, "../ssl/test/axTLS.x509_aes256.pem", NULL,
"../ssl/test/axTLS.key_aes256.pem", "../ssl/test/axTLS.key_aes256.pem",
NULL, "abcd", DEFAULT_SVR_OPTION))) NULL, "abcd", DEFAULT_SVR_OPTION)))
@ -1434,7 +1367,7 @@ int SSL_server_tests(void)
* AES128 Encrypted invalid key * AES128 Encrypted invalid key
*/ */
if ((ret = SSL_server_test("AES128 encrypted invalid key", if ((ret = SSL_server_test("AES128 encrypted invalid key",
"-cipher AES128-SHA -tls1_2", "-cipher AES128-SHA",
"../ssl/test/axTLS.x509_aes128.pem", NULL, "../ssl/test/axTLS.x509_aes128.pem", NULL,
"../ssl/test/axTLS.key_aes128.pem", "../ssl/test/axTLS.key_aes128.pem",
NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY) NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
@ -1446,8 +1379,7 @@ int SSL_server_tests(void)
/* /*
* PKCS#8 key (encrypted) * PKCS#8 key (encrypted)
*/ */
if ((ret = SSL_server_test("pkcs#8 encrypted", if ((ret = SSL_server_test("pkcs#8 encrypted", "-cipher AES128-SHA",
"-cipher AES128-SHA -tls1_2",
DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8",
NULL, "abcd", DEFAULT_SVR_OPTION))) NULL, "abcd", DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
@ -1455,8 +1387,7 @@ int SSL_server_tests(void)
/* /*
* PKCS#8 key (unencrypted DER format) * PKCS#8 key (unencrypted DER format)
*/ */
if ((ret = SSL_server_test("pkcs#8 DER unencrypted", if ((ret = SSL_server_test("pkcs#8 DER unencrypted", "-cipher AES128-SHA",
"-cipher AES128-SHA -tls1_2",
DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8",
NULL, NULL, DEFAULT_SVR_OPTION))) NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
@ -1464,8 +1395,7 @@ int SSL_server_tests(void)
/* /*
* PKCS#8 key (unencrypted PEM format) * PKCS#8 key (unencrypted PEM format)
*/ */
if ((ret = SSL_server_test("pkcs#8 PEM unencrypted", if ((ret = SSL_server_test("pkcs#8 PEM unencrypted", "-cipher AES128-SHA",
"-cipher AES128-SHA -tls1_2",
DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted_pem.p8", DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted_pem.p8",
NULL, NULL, DEFAULT_SVR_OPTION))) NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
@ -1492,15 +1422,6 @@ int SSL_server_tests(void)
"../ssl/test/axTLS.key_1024", "../ssl/test/axTLS.key_1024",
NULL, NULL, DEFAULT_SVR_OPTION))) NULL, NULL, DEFAULT_SVR_OPTION)))
goto cleanup; goto cleanup;
if ((ret = SSL_server_test("GNUTLS client with verify",
"--x509certfile ../ssl/test/axTLS.x509_1024.pem "
"--x509keyfile ../ssl/test/axTLS.key_1024.pem",
"../ssl/test/axTLS.x509_1024.cer", NULL,
"../ssl/test/axTLS.key_1024",
"../ssl/test/axTLS.ca_x509.cer", NULL,
DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
goto cleanup;
ret = 0; ret = 0;
cleanup: cleanup:
@ -1553,15 +1474,10 @@ static void do_server(server_t *svr)
} }
else else
{ {
sprintf(openssl_buf, "openssl s_server " sprintf(openssl_buf, "openssl s_server -tls1 "
#ifdef WIN32 "-accept %d -quiet %s ", g_port, svr->openssl_option);
"-accept %d -quiet %s",
#else
"-accept %d -quiet %s > /dev/null",
#endif
g_port, svr->openssl_option);
} }
//printf("SERVER %s\n", openssl_buf);
SYSTEM(openssl_buf); SYSTEM(openssl_buf);
} }
@ -1663,8 +1579,7 @@ static int SSL_client_test(
goto client_test_exit; goto client_test_exit;
} }
ssl = ssl_client_new(*ssl_ctx, client_fd, ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id));
session_id, sizeof(session_id), NULL);
/* check the return status */ /* check the return status */
if ((ret = ssl_handshake_status(ssl))) if ((ret = ssl_handshake_status(ssl)))
@ -1754,11 +1669,10 @@ int SSL_client_tests(void)
sess_resume.start_server = 1; sess_resume.start_server = 1;
printf("### starting client tests\n"); printf("### starting client tests\n");
if ((ret = SSL_client_test("1024 bit key", if ((ret = SSL_client_test("512 bit key",
&ssl_ctx, &ssl_ctx,
"-cert ../ssl/test/axTLS.x509_1024.pem " "-cert ../ssl/test/axTLS.x509_512.pem "
"-key ../ssl/test/axTLS.key_1024.pem", "-key ../ssl/test/axTLS.key_512.pem", &sess_resume,
&sess_resume,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup; goto cleanup;
@ -1805,52 +1719,11 @@ int SSL_client_tests(void)
DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup; goto cleanup;
if ((ret = SSL_client_test("TLS 1.1",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_1024.pem "
"-key ../ssl/test/axTLS.key_1024.pem -tls1_1", NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup;
if ((ret = SSL_client_test("TLS 1.0",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_1024.pem "
"-key ../ssl/test/axTLS.key_1024.pem -tls1", NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup;
if ((ret = SSL_client_test("Basic Constraint - len OK",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_end_chain.pem -key "
"../ssl/test/axTLS.key_end_chain.pem -CAfile "
"../ssl/test/axTLS.x509_intermediate_ca.pem",
NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup;
if ((ret = SSL_client_test("Basic Constraint - len NOT OK",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_end_chain_bad.pem -key "
"../ssl/test/axTLS.key_end_chain.pem -CAfile "
"../ssl/test/axTLS.x509_intermediate_ca2.pem",
NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL))
!= SSL_X509_ERROR(X509_VFY_ERROR_BASIC_CONSTRAINT))
{
printf("*** Error: %d\n", ret);
if (ret == 0)
ret = SSL_NOT_OK;
goto cleanup;
}
printf("SSL server test \"%s\" passed\n", "Basic Constraint - len NOT OK");
if ((ret = SSL_client_test("Server cert chaining", if ((ret = SSL_client_test("Server cert chaining",
&ssl_ctx, &ssl_ctx,
"-cert ../ssl/test/axTLS.x509_device.pem " "-cert ../ssl/test/axTLS.x509_device.pem "
"-key ../ssl/test/axTLS.key_device.pem " "-key ../ssl/test/axTLS.device_key.pem "
"-CAfile ../ssl/test/axTLS.x509_1024.pem ", NULL, "-CAfile ../ssl/test/axTLS.x509_512.pem ", NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL))) DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
goto cleanup; goto cleanup;
@ -1865,23 +1738,12 @@ int SSL_client_tests(void)
"../ssl/test/axTLS.x509_1024.cer"))) "../ssl/test/axTLS.x509_1024.cer")))
goto cleanup; goto cleanup;
/* Check the server can verify the client */
if ((ret = SSL_client_test("Client peer authentication TLS1.1",
&ssl_ctx,
"-cert ../ssl/test/axTLS.x509_2048.pem "
"-key ../ssl/test/axTLS.key_2048.pem "
"-CAfile ../ssl/test/axTLS.ca_x509.pem "
"-verify 1 -tls1_1", NULL, DEFAULT_CLNT_OPTION,
"../ssl/test/axTLS.key_1024", NULL,
"../ssl/test/axTLS.x509_1024.cer")))
goto cleanup;
/* Should get an "ERROR" from openssl (as the handshake fails as soon as /* Should get an "ERROR" from openssl (as the handshake fails as soon as
* the certificate verification fails) */ * the certificate verification fails) */
if ((ret = SSL_client_test("Error: Expired cert (verify now)", if ((ret = SSL_client_test("Error: Expired cert (verify now)",
&ssl_ctx, &ssl_ctx,
"-cert ../ssl/test/axTLS.x509_bad_after.pem " "-cert ../ssl/test/axTLS.x509_bad_after.pem "
"-key ../ssl/test/axTLS.key_1024.pem", NULL, "-key ../ssl/test/axTLS.key_512.pem", NULL,
DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) != DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) !=
SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED)) SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
{ {
@ -1895,7 +1757,7 @@ int SSL_client_tests(void)
if ((ret = SSL_client_test("Error: Expired cert (verify later)", if ((ret = SSL_client_test("Error: Expired cert (verify later)",
&ssl_ctx, &ssl_ctx,
"-cert ../ssl/test/axTLS.x509_bad_after.pem " "-cert ../ssl/test/axTLS.x509_bad_after.pem "
"-key ../ssl/test/axTLS.key_1024.pem", NULL, "-key ../ssl/test/axTLS.key_512.pem", NULL,
DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL,
NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED)) NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
{ {
@ -1906,43 +1768,27 @@ int SSL_client_tests(void)
printf("SSL client test \"Expired cert (verify later)\" passed\n"); printf("SSL client test \"Expired cert (verify later)\" passed\n");
/* invalid cert type */ /* invalid cert type */
/*if ((ret = SSL_client_test("Error: Invalid certificate type", if ((ret = SSL_client_test("Error: Invalid certificate type",
&ssl_ctx, &ssl_ctx,
"-cert ../ssl/test/axTLS.x509_2048.pem " "-cert ../ssl/test/axTLS.x509_2048.pem "
"-key ../ssl/test/axTLS.key_2048.pem " "-key ../ssl/test/axTLS.key_2048.pem "
"-CAfile ../ssl/test/axTLS.ca_x509.pem " "-CAfile ../ssl/test/axTLS.ca_x509.pem "
"-verify 1 ", NULL, DEFAULT_CLNT_OPTION, "-verify 1 ", NULL, DEFAULT_CLNT_OPTION,
"../ssl/test/axTLS.key_1024.pem", NULL, "../ssl/test/axTLS.x509_1024.cer", NULL,
"../ssl/test/axTLS.x509_1024.pem")) "../ssl/test/axTLS.x509_1024.cer"))
!= SSL_ERROR_INVALID_KEY) != SSL_ERROR_INVALID_KEY)
{ {
if (ret == 0)
ret = SSL_NOT_OK;
printf("*** Error: %d\n", ret); TTY_FLUSH(); printf("*** Error: %d\n", ret); TTY_FLUSH();
goto cleanup; goto cleanup;
} }
printf("SSL client test \"Invalid certificate type\" passed\n"); */ printf("SSL client test \"Invalid certificate type\" passed\n");
if ((ret = SSL_client_test("GNUTLS client", if ((ret = SSL_client_test("GNUTLS client",
&ssl_ctx, &ssl_ctx,
"--x509certfile ../ssl/test/axTLS.x509_1024.pem " "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
"--x509keyfile ../ssl/test/axTLS.key_1024.pem -g", NULL, "--x509keyfile ../ssl/test/axTLS.key_1024.pem -q", NULL,
DEFAULT_CLNT_OPTION, DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
"../ssl/test/axTLS.key_1024.pem", NULL,
"../ssl/test/axTLS.x509_1024.pem")))
goto cleanup;
ret = 0;
if ((ret = SSL_client_test("GNUTLS client with verify",
&ssl_ctx,
"--x509certfile ../ssl/test/axTLS.x509_1024.pem "
"--x509keyfile ../ssl/test/axTLS.key_1024.pem -r -g", NULL,
DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER,
"../ssl/test/axTLS.key_1024.pem", NULL,
"../ssl/test/axTLS.x509_1024.pem")))
goto cleanup; goto cleanup;
ret = 0; ret = 0;
@ -1986,7 +1832,7 @@ static void do_basic(void)
"../ssl/test/axTLS.ca_x509.cer", NULL)) "../ssl/test/axTLS.ca_x509.cer", NULL))
goto error; goto error;
ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL); ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
/* check the return status */ /* check the return status */
if (ssl_handshake_status(ssl_clnt) < 0) if (ssl_handshake_status(ssl_clnt) < 0)
@ -2023,13 +1869,7 @@ static int SSL_basic_test(void)
goto error; goto error;
ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS); ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT,
"../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
goto error;
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY,
"../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
goto error;
#ifndef WIN32 #ifndef WIN32
pthread_create(&thread, NULL, pthread_create(&thread, NULL,
(void *(*)(void *))do_basic, NULL); (void *(*)(void *))do_basic, NULL);
@ -2116,7 +1956,7 @@ static void do_unblocked(void)
"../ssl/test/axTLS.ca_x509.cer", NULL)) "../ssl/test/axTLS.ca_x509.cer", NULL))
goto error; goto error;
ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL); ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
while (ssl_handshake_status(ssl_clnt) != SSL_OK) while (ssl_handshake_status(ssl_clnt) != SSL_OK)
{ {
@ -2155,13 +1995,6 @@ static int SSL_unblocked_test(void)
goto error; goto error;
ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS); ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT,
"../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
goto error;
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY,
"../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
goto error;
#ifndef WIN32 #ifndef WIN32
pthread_create(&thread, NULL, pthread_create(&thread, NULL,
@ -2243,7 +2076,7 @@ void do_multi_clnt(multi_t *multi_data)
goto client_test_exit; goto client_test_exit;
usleep(200000); usleep(200000);
ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0, NULL); ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
if ((res = ssl_handshake_status(ssl))) if ((res = ssl_handshake_status(ssl)))
{ {
@ -2313,14 +2146,7 @@ int multi_thread_test(void)
printf("Do multi-threading test (takes a minute)\n"); printf("Do multi-threading test (takes a minute)\n");
ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS); ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT,
"../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
goto error;
if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY,
"../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
goto error;
ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS); ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
@ -2373,7 +2199,7 @@ int multi_thread_test(void)
printf("Multi-thread test passed (%d)\n", NUM_THREADS); printf("Multi-thread test passed (%d)\n", NUM_THREADS);
error: error:
ssl_ctx_free(ssl_svr_ctx); ssl_ctx_free(ssl_server_ctx);
ssl_ctx_free(ssl_clnt_ctx); ssl_ctx_free(ssl_clnt_ctx);
SOCKET_CLOSE(server_fd); SOCKET_CLOSE(server_fd);
return res; return res;
@ -2480,6 +2306,13 @@ int main(int argc, char *argv[])
} }
TTY_FLUSH(); TTY_FLUSH();
if (RC4_test(bi_ctx))
{
printf("RC4 tests failed\n");
goto cleanup;
}
TTY_FLUSH();
if (MD5_test(bi_ctx)) if (MD5_test(bi_ctx))
{ {
printf("MD5 tests failed\n"); printf("MD5 tests failed\n");

500
ssl/tls1.c
View file

File diff suppressed because it is too large Load diff

69
ssl/tls1.h
View file

@ -48,9 +48,9 @@ extern "C" {
#include "crypto_misc.h" #include "crypto_misc.h"
#define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */ #define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */
#define SSL_PROTOCOL_VERSION_MAX 0x33 /* TLS v1.3 */ #define SSL_PROTOCOL_MINOR_VERSION 0x02 /* TLS v1.1 */
#define SSL_PROTOCOL_VERSION_TLS1_1 0x32 /* TLS v1.1 */ #define SSL_PROTOCOL_VERSION_MAX 0x32 /* TLS v1.1 */
#define SSL_PROTOCOL_VERSION_TLS1_2 0x33 /* TLS v1.2 */ #define SSL_PROTOCOL_VERSION1_1 0x32 /* TLS v1.1 */
#define SSL_RANDOM_SIZE 32 #define SSL_RANDOM_SIZE 32
#define SSL_SECRET_SIZE 48 #define SSL_SECRET_SIZE 48
#define SSL_FINISHED_HASH_SIZE 12 #define SSL_FINISHED_HASH_SIZE 12
@ -76,18 +76,17 @@ extern "C" {
#define IS_SET_SSL_FLAG(A) (ssl->flag & A) #define IS_SET_SSL_FLAG(A) (ssl->flag & A)
#define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */ #define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */
/* On send, will send another SSL fragment if plaintext exceeds RT_MAX_PLAIN_LENGTH */
#ifndef RT_MAX_PLAIN_LENGTH
#define RT_MAX_PLAIN_LENGTH 16384 #define RT_MAX_PLAIN_LENGTH 16384
#endif
/* Total receive buffer is RT_MAX_PLAIN_LENGTH + RT_EXTRA */
#ifndef RT_EXTRA
#define RT_EXTRA 1024 #define RT_EXTRA 1024
#endif
#define BM_RECORD_OFFSET 5 #define BM_RECORD_OFFSET 5
#define NUM_PROTOCOLS 4 #define NUM_PROTOCOLS 2
#define MAX_SIG_ALGORITHMS 4
#define SIG_ALG_SHA1 2
#define SIG_ALG_SHA256 4
#define SIG_ALG_SHA384 5
#define SIG_ALG_SHA512 6
#define SIG_ALG_RSA 1
#define PARANOIA_CHECK(A, B) if (A < B) { \ #define PARANOIA_CHECK(A, B) if (A < B) { \
ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; } ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
@ -116,22 +115,14 @@ enum
HS_FINISHED = 20 HS_FINISHED = 20
}; };
/* SSL extension types */
enum
{
SSL_EXT_SERVER_NAME = 0,
SSL_EXT_MAX_FRAGMENT_SIZE,
SSL_EXT_SIG_ALG = 0x0d,
};
typedef struct typedef struct
{ {
uint8_t cipher; uint8_t cipher;
uint8_t key_size; uint8_t key_size;
uint8_t iv_size; uint8_t iv_size;
uint8_t key_block_size;
uint8_t padding_size; uint8_t padding_size;
uint8_t digest_size; uint8_t digest_size;
uint8_t key_block_size;
hmac_func hmac; hmac_func hmac;
crypt_func encrypt; crypt_func encrypt;
crypt_func decrypt; crypt_func decrypt;
@ -156,31 +147,20 @@ typedef struct
{ {
uint8_t *buf; uint8_t *buf;
int size; int size;
uint8_t hash_alg;
} SSL_CERT; } SSL_CERT;
typedef struct typedef struct
{ {
MD5_CTX md5_ctx; MD5_CTX md5_ctx;
SHA1_CTX sha1_ctx; SHA1_CTX sha1_ctx;
SHA256_CTX sha256_ctx; uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
uint8_t *key_block;
uint8_t master_secret[SSL_SECRET_SIZE];
uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */ uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */ uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
uint8_t final_finish_mac[128];
uint8_t master_secret[SSL_SECRET_SIZE];
uint8_t key_block[256];
uint16_t bm_proc_index; uint16_t bm_proc_index;
uint8_t key_block_generated;
} DISPOSABLE_CTX; } DISPOSABLE_CTX;
typedef struct
{
char *host_name; /* Needed for the SNI support */
/* Needed for the Max Fragment Size Extension.
Allowed values: 2^9, 2^10 .. 2^14 */
uint16_t max_fragment_size;
} SSL_EXTENSIONS;
struct _SSL struct _SSL
{ {
uint32_t flag; uint32_t flag;
@ -194,7 +174,7 @@ struct _SSL
int16_t next_state; int16_t next_state;
int16_t hs_status; int16_t hs_status;
DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */ DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */
int client_fd; long client_fd;
const cipher_info_t *cipher_info; const cipher_info_t *cipher_info;
void *encrypt_ctx; void *encrypt_ctx;
void *decrypt_ctx; void *decrypt_ctx;
@ -202,8 +182,6 @@ struct _SSL
uint8_t *bm_data; uint8_t *bm_data;
uint16_t bm_index; uint16_t bm_index;
uint16_t bm_read_index; uint16_t bm_read_index;
uint8_t sig_algs[MAX_SIG_ALGORITHMS];
uint8_t num_sig_algs;
struct _SSL *next; /* doubly linked list */ struct _SSL *next; /* doubly linked list */
struct _SSL *prev; struct _SSL *prev;
struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */ struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */
@ -211,17 +189,16 @@ struct _SSL
uint16_t session_index; uint16_t session_index;
SSL_SESSION *session; SSL_SESSION *session;
#endif #endif
#ifdef CONFIG_SSL_CERT_VERIFICATION #if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_ENABLE_CLIENT)
X509_CTX *x509_ctx; X509_CTX *x509_ctx;
#endif #endif
uint8_t session_id[SSL_SESSION_ID_SIZE]; uint8_t session_id[SSL_SESSION_ID_SIZE];
uint8_t client_mac[SHA256_SIZE]; /* for HMAC verification */ uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */
uint8_t server_mac[SHA256_SIZE]; /* for HMAC verification */ uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */
uint8_t read_sequence[8]; /* 64 bit sequence number */ uint8_t read_sequence[8]; /* 64 bit sequence number */
uint8_t write_sequence[8]; /* 64 bit sequence number */ uint8_t write_sequence[8]; /* 64 bit sequence number */
uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */ uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
SSL_EXTENSIONS *extensions; /* Contains the SSL (client) extensions */
}; };
typedef struct _SSL SSL; typedef struct _SSL SSL;
@ -256,7 +233,7 @@ typedef struct _SSL_CTX SSLCTX;
extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS]; extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd); SSL *ssl_new(SSL_CTX *ssl_ctx, long client_fd);
void disposable_new(SSL *ssl); void disposable_new(SSL *ssl);
void disposable_free(SSL *ssl); void disposable_free(SSL *ssl);
int send_packet(SSL *ssl, uint8_t protocol, int send_packet(SSL *ssl, uint8_t protocol,
@ -270,7 +247,7 @@ int send_finished(SSL *ssl);
int send_certificate(SSL *ssl); int send_certificate(SSL *ssl);
int basic_read(SSL *ssl, uint8_t **in_data); int basic_read(SSL *ssl, uint8_t **in_data);
int send_change_cipher_spec(SSL *ssl); int send_change_cipher_spec(SSL *ssl);
int finished_digest(SSL *ssl, const char *label, uint8_t *digest); void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret); void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
void add_packet(SSL *ssl, const uint8_t *pkt, int len); void add_packet(SSL *ssl, const uint8_t *pkt, int len);
int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
@ -287,7 +264,7 @@ void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
int do_client_connect(SSL *ssl); int do_client_connect(SSL *ssl);
#endif #endif
#ifdef CONFIG_SSL_FULL_MODE #ifdef CONFIG_SSL_DIAGNOSTICS
void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok); void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
void DISPLAY_BYTES(SSL *ssl, const char *format, void DISPLAY_BYTES(SSL *ssl, const char *format,
const uint8_t *data, int size, ...); const uint8_t *data, int size, ...);
@ -307,9 +284,9 @@ void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros
#endif #endif
#endif #endif
#ifdef CONFIG_SSL_CERT_VERIFICATION //#ifdef CONFIG_SSL_CERT_VERIFICATION
int process_certificate(SSL *ssl, X509_CTX **x509_ctx); int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
#endif //#endif
SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_session_update(int max_sessions,
SSL_SESSION *ssl_sessions[], SSL *ssl, SSL_SESSION *ssl_sessions[], SSL *ssl,

182
ssl/tls1_clnt.c
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2016, Cameron Rich * Copyright (c) 2007, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -37,22 +37,6 @@
#ifdef CONFIG_SSL_ENABLE_CLIENT /* all commented out if no client */ #ifdef CONFIG_SSL_ENABLE_CLIENT /* all commented out if no client */
/* support sha512/384/256/1 RSA */
static const uint8_t g_sig_alg[] = {
0x00, SSL_EXT_SIG_ALG,
0x00, 0x0a, 0x00, 0x08,
SIG_ALG_SHA512, SIG_ALG_RSA,
SIG_ALG_SHA384, SIG_ALG_RSA,
SIG_ALG_SHA256, SIG_ALG_RSA,
SIG_ALG_SHA1, SIG_ALG_RSA
};
static const uint8_t g_asn1_sha256[] =
{
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
};
static int send_client_hello(SSL *ssl); static int send_client_hello(SSL *ssl);
static int process_server_hello(SSL *ssl); static int process_server_hello(SSL *ssl);
static int process_server_hello_done(SSL *ssl); static int process_server_hello_done(SSL *ssl);
@ -63,12 +47,13 @@ static int send_cert_verify(SSL *ssl);
/* /*
* Establish a new SSL connection to an SSL server. * Establish a new SSL connection to an SSL server.
*/ */
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, long client_fd, const
uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext) uint8_t *session_id, uint8_t sess_id_size)
{ {
SSL *ssl = ssl_new(ssl_ctx, client_fd); SSL *ssl = ssl_new(ssl_ctx, client_fd);
ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */ ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
#ifndef CONFIG_SSL_SKELETON_MODE
if (session_id && ssl_ctx->num_sessions) if (session_id && ssl_ctx->num_sessions)
{ {
if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */ if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
@ -81,8 +66,7 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
ssl->sess_id_size = sess_id_size; ssl->sess_id_size = sess_id_size;
SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */ SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */
} }
#endif
ssl->extensions = ssl_ext;
SET_SSL_FLAG(SSL_IS_CLIENT); SET_SSL_FLAG(SSL_IS_CLIENT);
do_client_connect(ssl); do_client_connect(ssl);
@ -191,9 +175,7 @@ static int send_client_hello(SSL *ssl)
uint8_t *buf = ssl->bm_data; uint8_t *buf = ssl->bm_data;
time_t tm = time(NULL); time_t tm = time(NULL);
uint8_t *tm_ptr = &buf[6]; /* time will go here */ uint8_t *tm_ptr = &buf[6]; /* time will go here */
int i, offset, ext_offset; int i, offset;
int ext_len = 0;
buf[0] = HS_CLIENT_HELLO; buf[0] = HS_CLIENT_HELLO;
buf[1] = 0; buf[1] = 0;
@ -239,64 +221,8 @@ static int send_client_hello(SSL *ssl)
buf[offset++] = 1; /* no compression */ buf[offset++] = 1; /* no compression */
buf[offset++] = 0; buf[offset++] = 0;
ext_offset = offset;
buf[offset++] = 0; /* total length of extensions */
buf[offset++] = 0;
/* send the signature algorithm extension for TLS 1.2+ */
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)
{
memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
offset += sizeof(g_sig_alg);
ext_len += sizeof(g_sig_alg);
}
if (ssl->extensions != NULL)
{
/* send the host name if specified */
if (ssl->extensions->host_name != NULL)
{
size_t host_len = strlen(ssl->extensions->host_name);
buf[offset++] = 0;
buf[offset++] = SSL_EXT_SERVER_NAME; /* server_name(0) (65535) */
buf[offset++] = 0;
buf[offset++] = host_len + 5; /* server_name length */
buf[offset++] = 0;
buf[offset++] = host_len + 3; /* server_list length */
buf[offset++] = 0; /* host_name(0) (255) */
buf[offset++] = 0;
buf[offset++] = host_len; /* host_name length */
strncpy((char*) &buf[offset], ssl->extensions->host_name, host_len);
offset += host_len;
ext_len += host_len + 9;
}
if (ssl->extensions->max_fragment_size)
{
buf[offset++] = 0;
buf[offset++] = SSL_EXT_MAX_FRAGMENT_SIZE;
buf[offset++] = 0; // size of data
buf[offset++] = 2;
buf[offset++] = (uint8_t)
((ssl->extensions->max_fragment_size >> 8) & 0xff);
buf[offset++] = (uint8_t)
(ssl->extensions->max_fragment_size & 0xff);
ext_len += 6;
}
}
if (ext_len > 0)
{
// update the extensions length value
buf[ext_offset] = (uint8_t) ((ext_len >> 8) & 0xff);
buf[ext_offset + 1] = (uint8_t) (ext_len & 0xff);
}
buf[3] = offset - 4; /* handshake size */ buf[3] = offset - 4; /* handshake size */
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset); return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
} }
@ -307,7 +233,9 @@ static int process_server_hello(SSL *ssl)
{ {
uint8_t *buf = ssl->bm_data; uint8_t *buf = ssl->bm_data;
int pkt_size = ssl->bm_index; int pkt_size = ssl->bm_index;
#ifndef CONFIG_SSL_SKELETON_MODE
int num_sessions = ssl->ssl_ctx->num_sessions; int num_sessions = ssl->ssl_ctx->num_sessions;
#endif
uint8_t sess_id_size; uint8_t sess_id_size;
int offset, ret = SSL_OK; int offset, ret = SSL_OK;
@ -320,7 +248,9 @@ static int process_server_hello(SSL *ssl)
else if (ssl->version < SSL_PROTOCOL_MIN_VERSION) else if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
{ {
ret = SSL_ERROR_INVALID_VERSION; ret = SSL_ERROR_INVALID_VERSION;
#ifdef CONFIG_SSL_DIAGNOSTICS
ssl_display_error(ret); ssl_display_error(ret);
#endif
goto error; goto error;
} }
@ -337,6 +267,7 @@ static int process_server_hello(SSL *ssl)
goto error; goto error;
} }
#ifndef CONFIG_SSL_SKELETON_MODE
if (num_sessions) if (num_sessions)
{ {
ssl->session = ssl_session_update(num_sessions, ssl->session = ssl_session_update(num_sessions,
@ -350,23 +281,21 @@ static int process_server_hello(SSL *ssl)
SSL_SESSION_ID_SIZE-sess_id_size); SSL_SESSION_ID_SIZE-sess_id_size);
} }
} }
#endif
memcpy(ssl->session_id, &buf[offset], sess_id_size); memcpy(ssl->session_id, &buf[offset], sess_id_size);
ssl->sess_id_size = sess_id_size; ssl->sess_id_size = sess_id_size;
offset += sess_id_size; offset += sess_id_size;
/* get the real cipher we are using - ignore MSB */ /* get the real cipher we are using */
ssl->cipher = buf[++offset]; ssl->cipher = buf[++offset];
ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ?
HS_FINISHED : HS_CERTIFICATE; HS_FINISHED : HS_CERTIFICATE;
offset += 2; // ignore compression offset++; // skip the compr
PARANOIA_CHECK(pkt_size, offset); PARANOIA_CHECK(pkt_size, offset);
ssl->dc->bm_proc_index = offset+1;
ssl->dc->bm_proc_index = offset;
PARANOIA_CHECK(pkt_size, offset);
// no extensions
error: error:
return ret; return ret;
} }
@ -392,10 +321,8 @@ static int send_client_key_xchg(SSL *ssl)
buf[0] = HS_CLIENT_KEY_XCHG; buf[0] = HS_CLIENT_KEY_XCHG;
buf[1] = 0; buf[1] = 0;
// spec says client must use the what is initially negotiated - premaster_secret[0] = 0x03; /* encode the version number */
// and this is our current version premaster_secret[1] = SSL_PROTOCOL_MINOR_VERSION; /* must be TLS 1.1 */
premaster_secret[0] = 0x03;
premaster_secret[1] = SSL_PROTOCOL_VERSION_MAX & 0x0f;
if (get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]) < 0) if (get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]) < 0)
return SSL_NOT_OK; return SSL_NOT_OK;
@ -423,47 +350,14 @@ static int process_cert_req(SSL *ssl)
{ {
uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index]; uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
int ret = SSL_OK; int ret = SSL_OK;
int cert_req_size = (buf[2]<<8) + buf[3]; int offset = (buf[2] << 4) + buf[3];
int offset = 4;
int pkt_size = ssl->bm_index; int pkt_size = ssl->bm_index;
uint8_t cert_type_len, sig_alg_len;
PARANOIA_CHECK(pkt_size, offset + cert_req_size);
ssl->dc->bm_proc_index = cert_req_size;
/* don't do any processing - we will send back an RSA certificate anyway */ /* don't do any processing - we will send back an RSA certificate anyway */
ssl->next_state = HS_SERVER_HELLO_DONE; ssl->next_state = HS_SERVER_HELLO_DONE;
SET_SSL_FLAG(SSL_HAS_CERT_REQ); SET_SSL_FLAG(SSL_HAS_CERT_REQ);
ssl->dc->bm_proc_index += offset;
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+ PARANOIA_CHECK(pkt_size, offset);
{
// supported certificate types
cert_type_len = buf[offset++];
PARANOIA_CHECK(pkt_size, offset + cert_type_len);
offset += cert_type_len;
// supported signature algorithms
sig_alg_len = buf[offset++] << 8;
sig_alg_len += buf[offset++];
PARANOIA_CHECK(pkt_size, offset + sig_alg_len);
while (sig_alg_len > 0)
{
uint8_t hash_alg = buf[offset++];
uint8_t sig_alg = buf[offset++];
sig_alg_len -= 2;
if (sig_alg == SIG_ALG_RSA &&
(hash_alg == SIG_ALG_SHA1 ||
hash_alg == SIG_ALG_SHA256 ||
hash_alg == SIG_ALG_SHA384 ||
hash_alg == SIG_ALG_SHA512))
{
ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
}
}
}
error: error:
return ret; return ret;
} }
@ -474,11 +368,9 @@ error:
static int send_cert_verify(SSL *ssl) static int send_cert_verify(SSL *ssl)
{ {
uint8_t *buf = ssl->bm_data; uint8_t *buf = ssl->bm_data;
uint8_t dgst[SHA1_SIZE+MD5_SIZE+15]; uint8_t dgst[MD5_SIZE+SHA1_SIZE];
RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx; RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
int n = 0, ret; int n = 0, ret;
int offset = 0;
int dgst_len;
if (rsa_ctx == NULL) if (rsa_ctx == NULL)
return SSL_OK; return SSL_OK;
@ -488,26 +380,13 @@ static int send_cert_verify(SSL *ssl)
buf[0] = HS_CERT_VERIFY; buf[0] = HS_CERT_VERIFY;
buf[1] = 0; buf[1] = 0;
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+ finished_digest(ssl, NULL, dgst); /* calculate the digest */
{
buf[4] = SIG_ALG_SHA256;
buf[5] = SIG_ALG_RSA;
offset = 6;
memcpy(dgst, g_asn1_sha256, sizeof(g_asn1_sha256));
dgst_len = finished_digest(ssl, NULL, &dgst[sizeof(g_asn1_sha256)]) +
sizeof(g_asn1_sha256);
}
else
{
offset = 4;
dgst_len = finished_digest(ssl, NULL, dgst);
}
/* rsa_ctx->bi_ctx is not thread-safe */ /* rsa_ctx->bi_ctx is not thread-safe */
if (rsa_ctx) if (rsa_ctx)
{ {
SSL_CTX_LOCK(ssl->ssl_ctx->mutex); SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
n = RSA_encrypt(rsa_ctx, dgst, dgst_len, &buf[offset + 2], 1); n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex); SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
if (n == 0) if (n == 0)
@ -517,19 +396,12 @@ static int send_cert_verify(SSL *ssl)
} }
} }
buf[offset] = n >> 8; /* add the RSA size */ buf[4] = n >> 8; /* add the RSA size (not officially documented) */
buf[offset+1] = n & 0xff; buf[5] = n & 0xff;
n += 2; n += 2;
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
{
n += 2; // sig/alg
offset -= 2;
}
buf[2] = n >> 8; buf[2] = n >> 8;
buf[3] = n & 0xff; buf[3] = n & 0xff;
ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n + offset); ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n+4);
error: error:
return ret; return ret;

156
ssl/tls1_svr.c
View file

@ -27,19 +27,15 @@
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/ */
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include "os_port.h" #include "os_port.h"
#include "ssl.h" #include "ssl.h"
#ifdef CONFIG_SSL_ENABLE_SERVER
static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 }; static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
static const uint8_t g_asn1_sha256[] =
{
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
};
static int process_client_hello(SSL *ssl); static int process_client_hello(SSL *ssl);
static int send_server_hello_sequence(SSL *ssl); static int send_server_hello_sequence(SSL *ssl);
@ -54,14 +50,14 @@ static int process_cert_verify(SSL *ssl);
/* /*
* Establish a new SSL connection to an SSL client. * Establish a new SSL connection to an SSL client.
*/ */
EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd) EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, long client_fd)
{ {
SSL *ssl; SSL *ssl;
ssl = ssl_new(ssl_ctx, client_fd); ssl = ssl_new(ssl_ctx, client_fd);
ssl->next_state = HS_CLIENT_HELLO; ssl->next_state = HS_CLIENT_HELLO;
#ifdef CONFIG_SSL_FULL_MODE #ifdef CONFIG_SSL_DIAGNOSTICS
if (ssl_ctx->chain_length == 0) if (ssl_ctx->chain_length == 0)
printf("Warning - no server certificate defined\n"); TTY_FLUSH(); printf("Warning - no server certificate defined\n"); TTY_FLUSH();
#endif #endif
@ -92,10 +88,8 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
if (ret == SSL_OK) /* verify the cert */ if (ret == SSL_OK) /* verify the cert */
{ {
int cert_res; int cert_res;
int pathLenConstraint = 0; cert_res = x509_verify(
ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
cert_res = x509_verify(ssl->ssl_ctx->ca_cert_ctx,
ssl->x509_ctx, &pathLenConstraint);
ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res); ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res);
} }
break; break;
@ -139,7 +133,9 @@ static int process_client_hello(SSL *ssl)
else if (version < SSL_PROTOCOL_MIN_VERSION) /* old version supported? */ else if (version < SSL_PROTOCOL_MIN_VERSION) /* old version supported? */
{ {
ret = SSL_ERROR_INVALID_VERSION; ret = SSL_ERROR_INVALID_VERSION;
#ifdef CONFIG_SSL_DIAGNOSTICS
ssl_display_error(ret); ssl_display_error(ret);
#endif
goto error; goto error;
} }
@ -161,7 +157,7 @@ static int process_client_hello(SSL *ssl)
cs_len = (buf[offset]<<8) + buf[offset+1]; cs_len = (buf[offset]<<8) + buf[offset+1];
offset += 3; /* add 1 due to all cipher suites being 8 bit */ offset += 3; /* add 1 due to all cipher suites being 8 bit */
PARANOIA_CHECK(pkt_size, offset + cs_len); PARANOIA_CHECK(pkt_size, offset);
/* work out what cipher suite we are going to use - client defines /* work out what cipher suite we are going to use - client defines
the preference */ the preference */
@ -172,72 +168,15 @@ static int process_client_hello(SSL *ssl)
if (ssl_prot_prefs[j] == buf[offset+i]) /* got a match? */ if (ssl_prot_prefs[j] == buf[offset+i]) /* got a match? */
{ {
ssl->cipher = ssl_prot_prefs[j]; ssl->cipher = ssl_prot_prefs[j];
goto do_compression; goto do_state;
} }
} }
} }
/* ouch! protocol is not supported */ /* ouch! protocol is not supported */
return SSL_ERROR_NO_CIPHER; ret = SSL_ERROR_NO_CIPHER;
/* completely ignore compression */
do_compression:
offset += cs_len;
id_len = buf[offset++];
offset += id_len;
PARANOIA_CHECK(pkt_size, offset + id_len);
if (offset == pkt_size)
{
/* no extensions */
goto error;
}
/* extension size */
id_len = buf[offset++] << 8;
id_len += buf[offset++];
PARANOIA_CHECK(pkt_size, offset + id_len);
// Check for extensions from the client - only the signature algorithm
// is supported
while (offset < pkt_size)
{
int ext = buf[offset++] << 8;
ext += buf[offset++];
int ext_len = buf[offset++] << 8;
ext_len += buf[offset++];
PARANOIA_CHECK(pkt_size, offset + ext_len);
if (ext == SSL_EXT_SIG_ALG)
{
while (ext_len > 0)
{
uint8_t hash_alg = buf[offset++];
uint8_t sig_alg = buf[offset++];
ext_len -= 2;
if (sig_alg == SIG_ALG_RSA &&
(hash_alg == SIG_ALG_SHA1 ||
hash_alg == SIG_ALG_SHA256 ||
hash_alg == SIG_ALG_SHA384 ||
hash_alg == SIG_ALG_SHA512))
{
ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
}
}
}
else
{
offset += ext_len;
}
}
/* default is RSA/SHA1 */
if (ssl->num_sig_algs == 0)
{
ssl->sig_algs[ssl->num_sig_algs++] = SIG_ALG_SHA1;
}
do_state:
error: error:
return ret; return ret;
} }
@ -245,6 +184,7 @@ error:
/* /*
* Send the entire server hello sequence * Send the entire server hello sequence
*/ */
#if CONFIG_SSL_ENABLE_SERVER
static int send_server_hello_sequence(SSL *ssl) static int send_server_hello_sequence(SSL *ssl)
{ {
int ret; int ret;
@ -343,7 +283,7 @@ static int send_server_hello(SSL *ssl)
buf[offset++] = 0; /* cipher we are using */ buf[offset++] = 0; /* cipher we are using */
buf[offset++] = ssl->cipher; buf[offset++] = ssl->cipher;
buf[offset++] = 0; /* no compression and no extensions supported */ buf[offset++] = 0; /* no compression */
buf[3] = offset - 4; /* handshake size */ buf[3] = offset - 4; /* handshake size */
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset); return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
} }
@ -356,6 +296,7 @@ static int send_server_hello_done(SSL *ssl)
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
g_hello_done, sizeof(g_hello_done)); g_hello_done, sizeof(g_hello_done));
} }
#endif
/* /*
* Pull apart a client key exchange message. Decrypt the pre-master key (using * Pull apart a client key exchange message. Decrypt the pre-master key (using
@ -402,6 +343,10 @@ static int process_client_key_xchg(SSL *ssl)
/* and continue - will die eventually when checking the mac */ /* and continue - will die eventually when checking the mac */
} }
#if 0
print_blob("pre-master", premaster_secret, SSL_SECRET_SIZE);
#endif
generate_master_secret(ssl, premaster_secret); generate_master_secret(ssl, premaster_secret);
#ifdef CONFIG_SSL_CERT_VERIFICATION #ifdef CONFIG_SSL_CERT_VERIFICATION
@ -417,35 +362,16 @@ error:
} }
#ifdef CONFIG_SSL_CERT_VERIFICATION #ifdef CONFIG_SSL_CERT_VERIFICATION
static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
0, 0x0e,
1, 1, // rsa sign
0x00, 0x08,
SIG_ALG_SHA256, SIG_ALG_RSA,
SIG_ALG_SHA512, SIG_ALG_RSA,
SIG_ALG_SHA384, SIG_ALG_RSA,
SIG_ALG_SHA1, SIG_ALG_RSA,
0, 0
};
static const uint8_t g_cert_request_v1[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
/* /*
* Send the certificate request message. * Send the certificate request message.
*/ */
static int send_certificate_request(SSL *ssl) static int send_certificate_request(SSL *ssl)
{
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
{ {
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
g_cert_request, sizeof(g_cert_request)); g_cert_request, sizeof(g_cert_request));
} }
else
{
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
g_cert_request_v1, sizeof(g_cert_request_v1));
}
}
/* /*
* Ensure the client has the private key by first decrypting the packet and * Ensure the client has the private key by first decrypting the packet and
@ -459,51 +385,16 @@ static int process_cert_verify(SSL *ssl)
uint8_t dgst[MD5_SIZE+SHA1_SIZE]; uint8_t dgst[MD5_SIZE+SHA1_SIZE];
X509_CTX *x509_ctx = ssl->x509_ctx; X509_CTX *x509_ctx = ssl->x509_ctx;
int ret = SSL_OK; int ret = SSL_OK;
int offset = 6;
int rsa_len;
int n; int n;
PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
DISPLAY_RSA(ssl, x509_ctx->rsa_ctx); DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
{
// TODO: should really need to be able to handle other algorihms. An
// assumption is made on RSA/SHA256 and appears to be OK.
//uint8_t hash_alg = buf[4];
//uint8_t sig_alg = buf[5];
offset = 8;
rsa_len = (buf[6] << 8) + buf[7];
}
else
{
rsa_len = (buf[4] << 8) + buf[5];
}
PARANOIA_CHECK(pkt_size, offset + rsa_len);
/* rsa_ctx->bi_ctx is not thread-safe */ /* rsa_ctx->bi_ctx is not thread-safe */
SSL_CTX_LOCK(ssl->ssl_ctx->mutex); SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[offset], dgst_buf, n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, sizeof(dgst_buf), 0);
sizeof(dgst_buf), 0);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex); SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
{
if (memcmp(dgst_buf, g_asn1_sha256, sizeof(g_asn1_sha256)))
{
ret = SSL_ERROR_INVALID_KEY;
goto error;
}
finished_digest(ssl, NULL, dgst); /* calculate the digest */
if (memcmp(&dgst_buf[sizeof(g_asn1_sha256)], dgst, SHA256_SIZE))
{
ret = SSL_ERROR_INVALID_KEY;
goto error;
}
}
else // TLS1.0/1.1
{
if (n != SHA1_SIZE + MD5_SIZE) if (n != SHA1_SIZE + MD5_SIZE)
{ {
ret = SSL_ERROR_INVALID_KEY; ret = SSL_ERROR_INVALID_KEY;
@ -515,7 +406,6 @@ static int process_cert_verify(SSL *ssl)
{ {
ret = SSL_ERROR_INVALID_KEY; ret = SSL_ERROR_INVALID_KEY;
} }
}
end_cert_vfy: end_cert_vfy:
ssl->next_state = HS_FINISHED; ssl->next_state = HS_FINISHED;
@ -524,3 +414,5 @@ error:
} }
#endif #endif
#endif

387
ssl/x509.c
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007-2016, Cameron Rich * Copyright (c) 2007-2015, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@ -42,13 +42,6 @@
#include "crypto_misc.h" #include "crypto_misc.h"
#ifdef CONFIG_SSL_CERT_VERIFICATION #ifdef CONFIG_SSL_CERT_VERIFICATION
static int x509_v3_subject_alt_name(const uint8_t *cert, int offset,
X509_CTX *x509_ctx);
static int x509_v3_basic_constraints(const uint8_t *cert, int offset,
X509_CTX *x509_ctx);
static int x509_v3_key_usage(const uint8_t *cert, int offset,
X509_CTX *x509_ctx);
/** /**
* Retrieve the signature from a certificate. * Retrieve the signature from a certificate.
*/ */
@ -80,11 +73,8 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
{ {
int begin_tbs, end_tbs; int begin_tbs, end_tbs;
int ret = X509_NOT_OK, offset = 0, cert_size = 0; int ret = X509_NOT_OK, offset = 0, cert_size = 0;
int version = 0;
X509_CTX *x509_ctx; X509_CTX *x509_ctx;
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
BI_CTX *bi_ctx; BI_CTX *bi_ctx;
#endif
*ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX)); *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
x509_ctx = *ctx; x509_ctx = *ctx;
@ -102,10 +92,11 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0) if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
goto end_cert; goto end_cert;
/* optional version */ if (cert[offset] == ASN1_EXPLICIT_TAG) /* optional version */
if (cert[offset] == ASN1_EXPLICIT_TAG && {
asn1_version(cert, &offset, &version) == X509_NOT_OK) if (asn1_version(cert, &offset, x509_ctx))
goto end_cert; goto end_cert;
}
if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */
asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0) asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
@ -126,9 +117,9 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
goto end_cert; goto end_cert;
} }
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
bi_ctx = x509_ctx->rsa_ctx->bi_ctx; bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
/* use the appropriate signature algorithm */ /* use the appropriate signature algorithm */
switch (x509_ctx->sig_type) switch (x509_ctx->sig_type)
{ {
@ -188,11 +179,50 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
break; break;
} }
if (version == 2 && asn1_next_obj(cert, &offset, ASN1_V3_DATA) > 0) if (cert[offset] == ASN1_V3_DATA)
{ {
x509_v3_subject_alt_name(cert, offset, x509_ctx); int suboffset;
x509_v3_basic_constraints(cert, offset, x509_ctx);
x509_v3_key_usage(cert, offset, x509_ctx); ++offset;
get_asn1_length(cert, &offset);
if ((suboffset = asn1_find_subjectaltname(cert, offset)) > 0)
{
if (asn1_next_obj(cert, &suboffset, ASN1_OCTET_STRING) > 0)
{
int altlen;
if ((altlen = asn1_next_obj(cert,
&suboffset, ASN1_SEQUENCE)) > 0)
{
int endalt = suboffset + altlen;
int totalnames = 0;
while (suboffset < endalt)
{
int type = cert[suboffset++];
int dnslen = get_asn1_length(cert, &suboffset);
if (type == ASN1_CONTEXT_DNSNAME)
{
x509_ctx->subject_alt_dnsnames = (char**)
realloc(x509_ctx->subject_alt_dnsnames,
(totalnames + 2) * sizeof(char*));
x509_ctx->subject_alt_dnsnames[totalnames] =
(char*)malloc(dnslen + 1);
x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
memcpy(x509_ctx->subject_alt_dnsnames[totalnames],
cert + suboffset, dnslen);
x509_ctx->subject_alt_dnsnames[
totalnames][dnslen] = 0;
++totalnames;
}
suboffset += dnslen;
}
}
}
}
} }
offset = end_tbs; /* skip the rest of v3 data */ offset = end_tbs; /* skip the rest of v3 data */
@ -220,106 +250,6 @@ end_cert:
return ret; return ret;
} }
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
static int x509_v3_subject_alt_name(const uint8_t *cert, int offset,
X509_CTX *x509_ctx)
{
if ((offset = asn1_is_subject_alt_name(cert, offset)) > 0)
{
x509_ctx->subject_alt_name_present = true;
x509_ctx->subject_alt_name_is_critical =
asn1_is_critical_ext(cert, &offset);
if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) > 0)
{
int altlen;
if ((altlen = asn1_next_obj(cert, &offset, ASN1_SEQUENCE)) > 0)
{
int endalt = offset + altlen;
int totalnames = 0;
while (offset < endalt)
{
int type = cert[offset++];
int dnslen = get_asn1_length(cert, &offset);
if (type == ASN1_CONTEXT_DNSNAME)
{
x509_ctx->subject_alt_dnsnames = (char**)
realloc(x509_ctx->subject_alt_dnsnames,
(totalnames + 2) * sizeof(char*));
x509_ctx->subject_alt_dnsnames[totalnames] =
(char*)malloc(dnslen + 1);
x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
memcpy(x509_ctx->subject_alt_dnsnames[totalnames],
cert + offset, dnslen);
x509_ctx->subject_alt_dnsnames[totalnames][dnslen] = 0;
totalnames++;
}
offset += dnslen;
}
}
}
}
return X509_OK;
}
/**
* Basic constraints - see https://tools.ietf.org/html/rfc5280#page-39
*/
static int x509_v3_basic_constraints(const uint8_t *cert, int offset,
X509_CTX *x509_ctx)
{
int ret = X509_OK;
if ((offset = asn1_is_basic_constraints(cert, offset)) == 0)
goto end_contraints;
x509_ctx->basic_constraint_present = true;
x509_ctx->basic_constraint_is_critical =
asn1_is_critical_ext(cert, &offset);
if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
asn1_get_bool(cert, &offset, &x509_ctx->basic_constraint_cA) < 0 ||
asn1_get_int(cert, &offset,
&x509_ctx->basic_constraint_pathLenConstraint) < 0)
{
ret = X509_NOT_OK;
}
end_contraints:
return ret;
}
/*
* Key usage - see https://tools.ietf.org/html/rfc5280#section-4.2.1.3
*/
static int x509_v3_key_usage(const uint8_t *cert, int offset,
X509_CTX *x509_ctx)
{
int ret = X509_OK;
if ((offset = asn1_is_key_usage(cert, offset)) == 0)
goto end_key_usage;
x509_ctx->key_usage_present = true;
x509_ctx->key_usage_is_critical = asn1_is_critical_ext(cert, &offset);
if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
asn1_get_bit_string_as_int(cert, &offset, &x509_ctx->key_usage))
{
ret = X509_NOT_OK;
}
end_key_usage:
return ret;
}
#endif
/** /**
* Free an X.509 object's resources. * Free an X.509 object's resources.
*/ */
@ -413,10 +343,8 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
* - That the certificate(s) are not self-signed. * - That the certificate(s) are not self-signed.
* - The certificate chain is valid. * - The certificate chain is valid.
* - The signature of the certificate is valid. * - The signature of the certificate is valid.
* - Basic constraints
*/ */
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
int *pathLenConstraint)
{ {
int ret = X509_OK, i = 0; int ret = X509_OK, i = 0;
bigint *cert_sig; bigint *cert_sig;
@ -459,33 +387,6 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
goto end_verify; goto end_verify;
} }
if (cert->basic_constraint_present)
{
/* If the cA boolean is not asserted,
then the keyCertSign bit in the key usage extension MUST NOT be
asserted. */
if (!cert->basic_constraint_cA &&
IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
{
ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
goto end_verify;
}
/* The pathLenConstraint field is meaningful only if the cA boolean is
asserted and the key usage extension, if present, asserts the
keyCertSign bit. In this case, it gives the maximum number of
non-self-issued intermediate certificates that may follow this
certificate in a valid certification path. */
if (cert->basic_constraint_cA &&
(!cert->key_usage_present ||
IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN)) &&
(cert->basic_constraint_pathLenConstraint+1) < *pathLenConstraint)
{
ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
goto end_verify;
}
}
next_cert = cert->next; next_cert = cert->next;
/* last cert in the chain - look for a trusted cert */ /* last cert in the chain - look for a trusted cert */
@ -493,26 +394,17 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
{ {
if (ca_cert_ctx != NULL) if (ca_cert_ctx != NULL)
{ {
/* go thru the CA store */ /* go thu the CA store */
while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
{ {
/* the extension is present but the cA boolean is not
asserted, then the certified public key MUST NOT be used
to verify certificate signatures. */
if (cert->basic_constraint_present &&
!ca_cert_ctx->cert[i]->basic_constraint_cA)
continue;
if (asn1_compare_dn(cert->ca_cert_dn, if (asn1_compare_dn(cert->ca_cert_dn,
ca_cert_ctx->cert[i]->cert_dn) == 0) ca_cert_ctx->cert[i]->cert_dn) == 0)
{ {
/* use this CA certificate for signature verification */ /* use this CA certificate for signature verification */
match_ca_cert = true; match_ca_cert = 1;
ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx; ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx;
mod = ca_cert_ctx->cert[i]->rsa_ctx->m; mod = ca_cert_ctx->cert[i]->rsa_ctx->m;
expn = ca_cert_ctx->cert[i]->rsa_ctx->e; expn = ca_cert_ctx->cert[i]->rsa_ctx->e;
break; break;
} }
@ -571,8 +463,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
/* go down the certificate chain using recursion. */ /* go down the certificate chain using recursion. */
if (next_cert != NULL) if (next_cert != NULL)
{ {
(*pathLenConstraint)++; /* don't include last certificate */ ret = x509_verify(ca_cert_ctx, next_cert);
ret = x509_verify(ca_cert_ctx, next_cert, pathLenConstraint);
} }
end_verify: end_verify:
@ -599,140 +490,9 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
printf("%s\n", cert->cert_dn[X509_ORGANIZATION] ? printf("%s\n", cert->cert_dn[X509_ORGANIZATION] ?
cert->cert_dn[X509_ORGANIZATION] : not_part_of_cert); cert->cert_dn[X509_ORGANIZATION] : not_part_of_cert);
if (cert->cert_dn[X509_ORGANIZATIONAL_UNIT])
{
printf("Organizational Unit (OU):\t"); printf("Organizational Unit (OU):\t");
printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT]); printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT] ?
} cert->cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
if (cert->cert_dn[X509_LOCATION])
{
printf("Location (L):\t\t\t");
printf("%s\n", cert->cert_dn[X509_LOCATION]);
}
if (cert->cert_dn[X509_COUNTRY])
{
printf("Country (C):\t\t\t");
printf("%s\n", cert->cert_dn[X509_COUNTRY]);
}
if (cert->cert_dn[X509_STATE])
{
printf("State (ST):\t\t\t");
printf("%s\n", cert->cert_dn[X509_STATE]);
}
if (cert->basic_constraint_present)
{
printf("Basic Constraints:\t\t%sCA:%s, pathlen:%d\n",
cert->basic_constraint_is_critical ?
"critical, " : "",
cert->basic_constraint_cA? "TRUE" : "FALSE",
cert->basic_constraint_pathLenConstraint);
}
if (cert->key_usage_present)
{
printf("Key Usage:\t\t\t%s", cert->key_usage_is_critical ?
"critical, " : "");
bool has_started = false;
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DIGITAL_SIGNATURE))
{
printf("Digital Signature");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_NON_REPUDIATION))
{
if (has_started)
printf(", ");
printf("Non Repudiation");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_ENCIPHERMENT))
{
if (has_started)
printf(", ");
printf("Key Encipherment");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DATA_ENCIPHERMENT))
{
if (has_started)
printf(", ");
printf("Data Encipherment");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_AGREEMENT))
{
if (has_started)
printf(", ");
printf("Key Agreement");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
{
if (has_started)
printf(", ");
printf("Key Cert Sign");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_CRL_SIGN))
{
if (has_started)
printf(", ");
printf("CRL Sign");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_ENCIPHER_ONLY))
{
if (has_started)
printf(", ");
printf("Encipher Only");
has_started = true;
}
if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DECIPHER_ONLY))
{
if (has_started)
printf(", ");
printf("Decipher Only");
has_started = true;
}
printf("\n");
}
if (cert->subject_alt_name_present)
{
printf("Subject Alt Name:\t\t%s", cert->subject_alt_name_is_critical
? "critical, " : "");
if (cert->subject_alt_dnsnames)
{
int i = 0;
while (cert->subject_alt_dnsnames[i])
printf("%s ", cert->subject_alt_dnsnames[i++]);
}
printf("\n");
}
printf("=== CERTIFICATE ISSUED BY ===\n"); printf("=== CERTIFICATE ISSUED BY ===\n");
printf("Common Name (CN):\t\t"); printf("Common Name (CN):\t\t");
@ -743,29 +503,9 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATION] ? printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATION] ?
cert->ca_cert_dn[X509_ORGANIZATION] : not_part_of_cert); cert->ca_cert_dn[X509_ORGANIZATION] : not_part_of_cert);
if (cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT])
{
printf("Organizational Unit (OU):\t"); printf("Organizational Unit (OU):\t");
printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT]); printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] ?
} cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
if (cert->ca_cert_dn[X509_LOCATION])
{
printf("Location (L):\t\t\t");
printf("%s\n", cert->ca_cert_dn[X509_LOCATION]);
}
if (cert->ca_cert_dn[X509_COUNTRY])
{
printf("Country (C):\t\t\t");
printf("%s\n", cert->ca_cert_dn[X509_COUNTRY]);
}
if (cert->ca_cert_dn[X509_STATE])
{
printf("State (ST):\t\t\t");
printf("%s\n", cert->ca_cert_dn[X509_STATE]);
}
printf("Not Before:\t\t\t%s", ctime(&cert->not_before)); printf("Not Before:\t\t\t%s", ctime(&cert->not_before));
printf("Not After:\t\t\t%s", ctime(&cert->not_after)); printf("Not After:\t\t\t%s", ctime(&cert->not_after));
@ -773,6 +513,9 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
printf("Sig Type:\t\t\t"); printf("Sig Type:\t\t\t");
switch (cert->sig_type) switch (cert->sig_type)
{ {
case SIG_TYPE_MD2:
printf("MD2\n");
break;
case SIG_TYPE_MD5: case SIG_TYPE_MD5:
printf("MD5\n"); printf("MD5\n");
break; break;
@ -795,10 +538,8 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
if (ca_cert_ctx) if (ca_cert_ctx)
{ {
int pathLenConstraint = 0;
printf("Verify:\t\t\t\t%s\n", printf("Verify:\t\t\t\t%s\n",
x509_display_error(x509_verify(ca_cert_ctx, cert, x509_display_error(x509_verify(ca_cert_ctx, cert)));
&pathLenConstraint)));
} }
#if 0 #if 0
@ -814,6 +555,7 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
TTY_FLUSH(); TTY_FLUSH();
} }
#endif
const char * x509_display_error(int error) const char * x509_display_error(int error)
{ {
@ -849,12 +591,9 @@ const char * x509_display_error(int error)
case X509_INVALID_PRIV_KEY: case X509_INVALID_PRIV_KEY:
return "Invalid private key"; return "Invalid private key";
case X509_VFY_ERROR_BASIC_CONSTRAINT:
return "Basic constraint invalid";
default: default:
return "Unknown"; return "Unknown";
} }
} }
#endif /* CONFIG_SSL_FULL_MODE */ //#endif /* CONFIG_SSL_FULL_MODE */

3
www/index.html
View file

File diff suppressed because one or more lines are too long