diff --git a/crypto/bigint.c b/crypto/bigint.c index d131e8ab5..93195c623 100644 --- a/crypto/bigint.c +++ b/crypto/bigint.c @@ -961,17 +961,17 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi) { uint8_t c = 0; long_comp xx = (long_comp)x[i]*x[j]; - if (COMP_MAX-xx < xx) + if ((COMP_MAX-xx) < xx) c = 1; tmp = (xx<<1); - if (COMP_MAX-tmp < w[i+j]) + if ((COMP_MAX-tmp) < w[i+j]) c = 1; tmp += w[i+j]; - if (COMP_MAX-tmp < carry) + if ((COMP_MAX-tmp) < carry) c = 1; tmp += carry; @@ -982,7 +982,7 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi) carry += COMP_RADIX; } - tmp = carry + w[i+t]; + tmp = w[i+t] + carry; w[i+t] = (comp)tmp; w[i+t+1] = tmp >> COMP_BIT_SIZE; } while (++i < t); diff --git a/ssl/asn1.c b/ssl/asn1.c index ca2701ef3..d99b0a8b5 100644 --- a/ssl/asn1.c +++ b/ssl/asn1.c @@ -50,7 +50,7 @@ static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01 }; -static const uint8_t sig_iis6_oid[SIG_IIS6_OID_SIZE] = +static const uint8_t sig_sha1WithRSAEncrypt[SIG_IIS6_OID_SIZE] = { 0x2b, 0x0e, 0x03, 0x02, 0x1d }; @@ -540,7 +540,7 @@ int asn1_signature_type(const uint8_t *cert, len = get_asn1_length(cert, offset); - if (len == 5 && memcmp(sig_iis6_oid, &cert[*offset], + if (len == 5 && memcmp(sig_sha1WithRSAEncrypt, &cert[*offset], SIG_IIS6_OID_SIZE) == 0) { x509_ctx->sig_type = SIG_TYPE_SHA1; diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c index 5bb7b29c5..9712402c7 100644 --- a/ssl/test/ssltest.c +++ b/ssl/test/ssltest.c @@ -572,6 +572,17 @@ static int cert_tests(void) SSL_CTX *ssl_ctx; uint8_t *buf; + ssl_ctx = ssl_ctx_new(0, 0); + if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, + "../ssl/test/ca-bundle.crt", NULL)) + { + printf("Cert #10\n"); + goto bad_cert; + } + + ssl_ctx_free(ssl_ctx); + exit(0); + /* check a bunch of 3rd party certificates */ ssl_ctx = ssl_ctx_new(0, 0); len = get_file("../ssl/test/microsoft.x509_ca", &buf); @@ -695,16 +706,6 @@ static int cert_tests(void) x509_free(x509_ctx); free(buf); - ssl_ctx = ssl_ctx_new(0, 0); - if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, - "../ssl/test/ca-bundle.crt", NULL)) - { - printf("Cert #10\n"); - goto bad_cert; - } - - ssl_ctx_free(ssl_ctx); - res = 0; /* all ok */ printf("All Certificate tests passed\n"); diff --git a/ssl/tls1.c b/ssl/tls1.c index 2d5ab76d6..84632020a 100755 --- a/ssl/tls1.c +++ b/ssl/tls1.c @@ -386,9 +386,9 @@ error: */ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len) { - int ret = SSL_ERROR_NO_CERT_DEFINED; int i = 0; int offset; + int ret = SSL_OK; /* ignore errors for now */ CA_CERT_CTX *ca_cert_ctx; if (ssl_ctx->ca_cert_ctx == NULL) @@ -408,9 +408,7 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len) goto error; } - if ((ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i]))) - goto error; - + ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i]); len -= offset; ret = SSL_OK; /* ok so far */ diff --git a/ssl/x509.c b/ssl/x509.c index dcdea04f1..c297ed67f 100644 --- a/ssl/x509.c +++ b/ssl/x509.c @@ -113,7 +113,9 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx) asn1_validity(cert, &offset, x509_ctx) || asn1_name(cert, &offset, x509_ctx->cert_dn) || asn1_public_key(cert, &offset, x509_ctx)) + { goto end_cert; + } bi_ctx = x509_ctx->rsa_ctx->bi_ctx; @@ -210,7 +212,8 @@ end_cert: #ifdef CONFIG_SSL_FULL_MODE if (ret) { - printf("Error: Invalid X509 ASN.1 file\n"); + printf("Error: Invalid X509 ASN.1 file (%s)\n", + x509_display_error(ret)); } #endif