arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-25 20:02:37 +03:00
Code

Ignore CA cert errors (caused by invalid signature types in cert bundles)

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@189 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2011-01-04 01:34:46 +00:00
parent f5dbc8875e
commit 9e082c868e
5 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/bigint.c
View File

@ -961,17 +961,17 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi)
{
uint8_t c = 0;
long_comp xx = (long_comp)x[i]*x[j];
if (COMP_MAX-xx < xx)
if ((COMP_MAX-xx) < xx)
c = 1;
tmp = (xx<<1);
if (COMP_MAX-tmp < w[i+j])
if ((COMP_MAX-tmp) < w[i+j])
c = 1;
tmp += w[i+j];
if (COMP_MAX-tmp < carry)
if ((COMP_MAX-tmp) < carry)
c = 1;
tmp += carry;
@ -982,7 +982,7 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi)
carry += COMP_RADIX;
}
tmp = carry + w[i+t];
tmp = w[i+t] + carry;
w[i+t] = (comp)tmp;
w[i+t+1] = tmp >> COMP_BIT_SIZE;
} while (++i < t);

4
ssl/asn1.c
View File

@ -50,7 +50,7 @@ static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
};
static const uint8_t sig_iis6_oid[SIG_IIS6_OID_SIZE] =
static const uint8_t sig_sha1WithRSAEncrypt[SIG_IIS6_OID_SIZE] =
{
0x2b, 0x0e, 0x03, 0x02, 0x1d
};
@ -540,7 +540,7 @@ int asn1_signature_type(const uint8_t *cert,
len = get_asn1_length(cert, offset);
if (len == 5 && memcmp(sig_iis6_oid, &cert[*offset],
if (len == 5 && memcmp(sig_sha1WithRSAEncrypt, &cert[*offset],
SIG_IIS6_OID_SIZE) == 0)
{
x509_ctx->sig_type = SIG_TYPE_SHA1;

21
ssl/test/ssltest.c
View File

@ -572,6 +572,17 @@ static int cert_tests(void)
SSL_CTX *ssl_ctx;
uint8_t *buf;
ssl_ctx = ssl_ctx_new(0, 0);
if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT,
"../ssl/test/ca-bundle.crt", NULL))
{
printf("Cert #10\n");
goto bad_cert;
}
ssl_ctx_free(ssl_ctx);
exit(0);
/* check a bunch of 3rd party certificates */
ssl_ctx = ssl_ctx_new(0, 0);
len = get_file("../ssl/test/microsoft.x509_ca", &buf);
@ -695,16 +706,6 @@ static int cert_tests(void)
x509_free(x509_ctx);
free(buf);
ssl_ctx = ssl_ctx_new(0, 0);
if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT,
"../ssl/test/ca-bundle.crt", NULL))
{
printf("Cert #10\n");
goto bad_cert;
}
ssl_ctx_free(ssl_ctx);
res = 0; /* all ok */
printf("All Certificate tests passed\n");

6
ssl/tls1.c
View File

@ -386,9 +386,9 @@ error:
*/
int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
{
int ret = SSL_ERROR_NO_CERT_DEFINED;
int i = 0;
int offset;
int ret = SSL_OK; /* ignore errors for now */
CA_CERT_CTX *ca_cert_ctx;
if (ssl_ctx->ca_cert_ctx == NULL)
@ -408,9 +408,7 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
goto error;
}
if ((ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i])))
goto error;
ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i]);
len -= offset;
ret = SSL_OK; /* ok so far */

5
ssl/x509.c
View File

@ -113,7 +113,9 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
asn1_validity(cert, &offset, x509_ctx) ||
asn1_name(cert, &offset, x509_ctx->cert_dn) ||
asn1_public_key(cert, &offset, x509_ctx))
{
goto end_cert;
}
bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
@ -210,7 +212,8 @@ end_cert:
#ifdef CONFIG_SSL_FULL_MODE
if (ret)
{
printf("Error: Invalid X509 ASN.1 file\n");
printf("Error: Invalid X509 ASN.1 file (%s)\n",
x509_display_error(ret));
}
#endif