From 5bf411f34562b52e3a429684737cf46767029430 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 1 Jul 2014 14:16:44 -0600 Subject: [PATCH 01/21] progress on suite --- configure.ac | 100 +- ctaocrypt/benchmark/benchmark.c | 97 +- ctaocrypt/ctaocrypt.vcproj | 10 +- ctaocrypt/src/aes.c | 52 +- ctaocrypt/src/aes_asm.s | 2 - ctaocrypt/src/asn.c | 97 +- ctaocrypt/src/chacha.c | 244 + ctaocrypt/src/des3.c | 60 +- ctaocrypt/src/error.c | 265 +- ctaocrypt/src/include.am | 3 +- ctaocrypt/src/integer.c | 14 +- ctaocrypt/src/misc.c | 2 - ctaocrypt/src/poly1305.c | 521 ++ ctaocrypt/src/port.c | 436 ++ ctaocrypt/src/random.c | 296 +- ctaocrypt/test/test.c | 335 +- cyassl/ctaocrypt/aes.h | 2 - cyassl/ctaocrypt/asn.h | 11 +- cyassl/ctaocrypt/asn_public.h | 20 +- cyassl/ctaocrypt/chacha.h | 55 + cyassl/ctaocrypt/des3.h | 6 +- cyassl/ctaocrypt/error-crypt.h | 3 - cyassl/ctaocrypt/include.am | 4 +- cyassl/ctaocrypt/integer.h | 4 - cyassl/ctaocrypt/poly1305.h | 88 + cyassl/ctaocrypt/port.h | 195 + cyassl/ctaocrypt/random.h | 26 +- cyassl/ctaocrypt/settings.h | 13 - cyassl/ctaocrypt/tfm.h | 5 - cyassl/ctaocrypt/types.h | 2 +- cyassl/internal.h | 89 +- cyassl/openssl/ssl.h | 1 - cyassl/ssl.h | 4 +- cyassl/version.h | 4 +- pre-commit.sh | 4 +- src/include.am | 10 +- src/internal.c | 1303 ++-- src/keys.c | 361 +- src/sniffer.c | 6 + src/ssl.c | 76 +- src/tls.c | 49 +- stdout.txt | 10173 ++++++++++++++++++++++++++++++ 42 files changed, 13175 insertions(+), 1873 deletions(-) create mode 100644 ctaocrypt/src/chacha.c create mode 100644 ctaocrypt/src/poly1305.c create mode 100644 ctaocrypt/src/port.c create mode 100644 cyassl/ctaocrypt/chacha.h create mode 100644 cyassl/ctaocrypt/poly1305.h create mode 100644 cyassl/ctaocrypt/port.h create mode 100644 stdout.txt diff --git a/configure.ac b/configure.ac index 4895003e7..ba20a229d 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[3.0.3],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com]) +AC_INIT([cyassl],[3.0.0],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -81,7 +81,6 @@ AC_CHECK_HEADERS([errno.h]) AC_CHECK_LIB(network,socket) AC_CHECK_SIZEOF(long long, 8) AC_CHECK_SIZEOF(long, 4) -AC_CHECK_TYPES(__uint128_t) AC_C_BIGENDIAN # mktime check takes forever on some systems, if time supported it would be # highly unusual for mktime to be missing @@ -391,16 +390,28 @@ then then # GCC needs these flags, icc doesn't # opt levels greater than 2 may cause problems on systems w/o aesni - if test "$CC" != "icc" - then - AM_CFLAGS="$AM_CFLAGS -maes -msse4" - fi + AM_CFLAGS="$AM_CFLAGS -maes -msse4" fi fi AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"]) +# POLY1305 +AC_ARG_ENABLE([poly1305], + [ --enable-poly1305 Enable CyaSSL POLY1305 support (default: disabled)], + [ ENABLED_POLY1305=$enableval ], + [ ENABLED_POLY1305=no ] + ) + +if test "$ENABLED_POLY1305" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305" +fi + +AM_CONDITIONAL([BUILD_POLY1305], [test "x$ENABLED_POLY1305" = "xyes"]) + + # Camellia AC_ARG_ENABLE([camellia], [ --enable-camellia Enable CyaSSL Camellia support (default: disabled)], @@ -1062,6 +1073,21 @@ fi AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"]) +# CHACHA +AC_ARG_ENABLE([chacha], + [ --enable-chacha Enable CHACHA (default: disabled)], + [ ENABLED_CHACHA=$enableval ], + [ ENABLED_CHACHA=no ] + ) + +if test "$ENABLED_CHACHA" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA" +fi + +AM_CONDITIONAL([BUILD_CHACHA], [test "x$ENABLED_CHACHA" = "xyes"]) + + # FIPS AC_ARG_ENABLE([fips], [ --enable-fips Enable FIPS 140-2 (default: disabled)], @@ -1209,44 +1235,21 @@ AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"]) # NTRU -ENABLED_NTRU="no" -tryntrudir="" -AC_ARG_WITH([ntru], - [ --with-ntru=PATH Path to NTRU install (default /usr/) ], - [ - AC_MSG_CHECKING([for NTRU]) - CPPFLAGS="$CPPFLAGS -DHAVE_NTRU" - LIBS="$LIBS -lNTRUEncrypt" +ntruHome=`pwd`/NTRU_algorithm +ntruInclude=$ntruHome/cryptolib +ntruLib=$ntruHome +AC_ARG_ENABLE([ntru], + [ --enable-ntru Enable NTRU (default: disabled)], + [ ENABLED_NTRU=$enableval ], + [ ENABLED_NTRU=no ] + ) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ]) - - if test "x$ntru_linked" == "xno" ; then - if test "x$withval" != "xno" ; then - tryntrudir=$withval - fi - if test "x$withval" == "xyes" ; then - tryntrudir="/usr" - fi - - LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib" - CPPFLAGS="$CPPFLAGS -I$tryntrudir/include" - - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ]) - - if test "x$ntru_linked" == "xno" ; then - AC_MSG_ERROR([NTRU isn't found. - If it's already installed, specify its path using --with-ntru=/dir/]) - fi - AC_MSG_RESULT([yes]) - AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib" - else - AC_MSG_RESULT([yes]) - fi - - AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU" - ENABLED_NTRU="yes" - ] -) +if test "$ENABLED_NTRU" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -I$ntruInclude" + AM_LDFLAGS="$AM_LDFLAGS -L$ntruLib" + LIBS="$LIBS -lntru_encrypt" +fi AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"]) @@ -1662,13 +1665,6 @@ then fi fi -# ICC command line warning for non supported warning flags -if test "$CC" = "icc" -then - AM_CFLAGS="$AM_CFLAGS -wd10006" -fi - - LIB_SOCKET_NSL AX_HARDEN_CC_COMPILER_FLAGS @@ -1717,7 +1713,7 @@ echo "Generating user options header..." OPTION_FILE="cyassl/options.h" rm -f $OPTION_FILE -echo "/* cyassl options.h" > $OPTION_FILE +echo "/* cyassl options.h" >> $OPTION_FILE echo " * generated from configure options" >> $OPTION_FILE echo " *" >> $OPTION_FILE echo " * Copyright (C) 2006-2014 wolfSSL Inc." >> $OPTION_FILE @@ -1797,11 +1793,13 @@ echo " * certgen: $ENABLED_CERTGEN" echo " * certreq: $ENABLED_CERTREQ" echo " * HC-128: $ENABLED_HC128" echo " * RABBIT: $ENABLED_RABBIT" +echo " * CHACHA: $ENABLED_CHACHA" echo " * Hash DRBG: $ENABLED_HASHDRBG" echo " * PWDBASED: $ENABLED_PWDBASED" echo " * HKDF: $ENABLED_HKDF" echo " * MD4: $ENABLED_MD4" echo " * PSK: $ENABLED_PSK" +echo " * Poly1305: $ENABLED_POLY1305" echo " * LEANPSK: $ENABLED_LEANPSK" echo " * RSA: $ENABLED_RSA" echo " * DSA: $ENABLED_DSA" diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 5363fc95c..500dcefa5 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -34,7 +34,9 @@ #include #include #include +#include #include +#include #include #include #include @@ -82,10 +84,12 @@ void bench_des(void); void bench_arc4(void); void bench_hc128(void); void bench_rabbit(void); +void bench_chacha(void); void bench_aes(int); void bench_aesgcm(void); void bench_aesccm(void); void bench_aesctr(void); +void bench_poly1305(void); void bench_camellia(void); void bench_md5(void); @@ -128,9 +132,6 @@ static int OpenNitroxDevice(int dma_mode,int dev_id) #endif -#if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND) - CYASSL_API int CyaSSL_Debugging_ON(); -#endif /* so embedded projects can pull in tests on their own */ #if !defined(NO_MAIN_DRIVER) @@ -145,10 +146,6 @@ int benchmark_test(void *args) { #endif - #if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND) - CyaSSL_Debugging_ON(); - #endif - #ifdef HAVE_CAVIUM int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); if (ret != 0) { @@ -183,6 +180,9 @@ int benchmark_test(void *args) #ifndef NO_RABBIT bench_rabbit(); #endif +#ifdef HAVE_CHACHA + bench_chacha(); +#endif #ifndef NO_DES3 bench_des(); #endif @@ -192,6 +192,9 @@ int benchmark_test(void *args) #ifndef NO_MD5 bench_md5(); #endif +#ifdef HAVE_POLY1305 + bench_poly1305(); +#endif #ifndef NO_SHA bench_sha(); #endif @@ -407,6 +410,41 @@ void bench_aesccm(void) #endif +#ifdef HAVE_POLY1305 +void bench_poly1305() +{ + Poly1305 enc; + byte mac[16]; + double start, total, persec; + int i; + int ret; + + + ret = Poly1305SetKey(&enc, key, 32); + if (ret != 0) { + printf("Poly1305SetKey failed, ret = %d\n", ret); + return; + } + start = current_time(1); + + for(i = 0; i < numBlocks; i++) + Poly1305Update(&enc, plain, sizeof(plain)); + + Poly1305Final(&enc, mac); + total = current_time(0) - start; + + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + + printf("POLY1305 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, + blockType, total, persec); +} +#endif /* HAVE_POLY1305 */ + + #ifdef HAVE_CAMELLIA void bench_camellia(void) { @@ -562,6 +600,33 @@ void bench_rabbit(void) #endif /* NO_RABBIT */ +#ifdef HAVE_CHACHA +void bench_chacha(void) +{ + ChaCha enc; + double start, total, persec; + int i; + + Chacha_SetKey(&enc, key, 16); + start = current_time(1); + + for (i = 0; i < numBlocks; i++) { + Chacha_SetIV(&enc, iv, 0); + Chacha_Process(&enc, cipher, plain, sizeof(plain)); + } + total = current_time(0) - start; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + + printf("CHACHA %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); + +} +#endif /* HAVE_CHACHA*/ + + #ifndef NO_MD5 void bench_md5(void) { @@ -903,10 +968,7 @@ static const char *certDHname = "certs/dh2048.der" ; void bench_dh(void) { -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - int ret; -#endif - int i ; + int i, ret; byte tmp[1024]; size_t bytes; word32 idx = 0, pubSz, privSz = 0, pubSz2, privSz2, agreeSz; @@ -1149,6 +1211,7 @@ void bench_eccKeyAgree(void) } #endif /* HAVE_ECC */ + #ifdef _WIN32 #define WIN32_LEAN_AND_MEAN @@ -1175,10 +1238,10 @@ void bench_eccKeyAgree(void) #elif defined MICROCHIP_PIC32 #if defined(CYASSL_MICROCHIP_PIC32MZ) - #define CLOCK 80000000.0 + #define CLOCK 8000000.0 #else #include - #define CLOCK 40000000.0 + #define CLOCK 4000000.0 #endif double current_time(int reset) @@ -1196,10 +1259,10 @@ void bench_eccKeyAgree(void) return ( ns / CLOCK * 2.0); } -#elif defined(CYASSL_IAR_ARM) || defined (CYASSL_MDK_ARM) - #warning "Write your current_time()" - double current_time(int reset) { return 0.0 ; } - +#elif defined CYASSL_MDK_ARM + + extern double current_time(int reset) ; + #elif defined FREERTOS double current_time(int reset) diff --git a/ctaocrypt/ctaocrypt.vcproj b/ctaocrypt/ctaocrypt.vcproj index d07147d57..0bd771d95 100755 --- a/ctaocrypt/ctaocrypt.vcproj +++ b/ctaocrypt/ctaocrypt.vcproj @@ -216,6 +216,10 @@ RelativePath=".\include\rabbit.h" > + + @@ -297,13 +301,17 @@ > + + diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index e25b5d873..bc38012a4 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -804,11 +804,6 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, iv = (byte*)aes->reg; enc_key = (byte*)aes->key; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad cau_aes_encrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); @@ -841,11 +836,6 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, iv = (byte*)aes->reg; dec_key = (byte*)aes->key; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad cau_aes_decrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); @@ -1551,34 +1541,31 @@ static const word32 Td[5][256] = { #ifdef CYASSL_AESNI -/* Each platform needs to query info type 1 from cpuid to see if aesni is - * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts - */ - #ifndef _MSC_VER - #define cpuid(reg, func)\ + #define cpuid(func,ax,bx,cx,dx)\ __asm__ __volatile__ ("cpuid":\ - "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\ - "a" (func)); + "=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func)); - #define XASM_LINK(f) asm(f) #else - #include - #define cpuid(a,b) __cpuid((int*)a,b) - - #define XASM_LINK(f) + #define cpuid(func,ax,bx,cx,dx)\ + __asm mov eax, func \ + __asm cpuid \ + __asm mov ax, eax \ + __asm mov bx, ebx \ + __asm mov cx, ecx \ + __asm mov dx, edx #endif /* _MSC_VER */ static int Check_CPU_support_AES(void) { - unsigned int reg[4]; /* put a,b,c,d into 0,1,2,3 */ - cpuid(reg, 1); /* query info 1 */ + unsigned int a,b,c,d; + cpuid(1,a,b,c,d); - if (reg[2] & 0x2000000) + if (c & 0x2000000) return 1; return 0; @@ -1593,34 +1580,34 @@ static int haveAESNI = 0; void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned char* ivec, unsigned long length, const unsigned char* KS, int nr) - XASM_LINK("AES_CBC_encrypt"); + asm ("AES_CBC_encrypt"); void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned char* ivec, unsigned long length, const unsigned char* KS, int nr) - XASM_LINK("AES_CBC_decrypt"); + asm ("AES_CBC_decrypt"); void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long length, const unsigned char* KS, int nr) - XASM_LINK("AES_ECB_encrypt"); + asm ("AES_ECB_encrypt"); void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long length, const unsigned char* KS, int nr) - XASM_LINK("AES_ECB_decrypt"); + asm ("AES_ECB_decrypt"); void AES_128_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) - XASM_LINK("AES_128_Key_Expansion"); + asm ("AES_128_Key_Expansion"); void AES_192_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) - XASM_LINK("AES_192_Key_Expansion"); + asm ("AES_192_Key_Expansion"); void AES_256_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) - XASM_LINK("AES_256_Key_Expansion"); + asm ("AES_256_Key_Expansion"); static int AES_set_encrypt_key(const unsigned char *userKey, const int bits, @@ -2241,7 +2228,6 @@ int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) if ((word)in % 16) { #ifndef NO_CYASSL_ALLOC_ALIGN byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - CYASSL_MSG("AES-CBC encrypt with bad alignment"); if (tmp == NULL) return MEMORY_E; XMEMCPY(tmp, in, sz); diff --git a/ctaocrypt/src/aes_asm.s b/ctaocrypt/src/aes_asm.s index b5f5bc9c1..382d9b313 100755 --- a/ctaocrypt/src/aes_asm.s +++ b/ctaocrypt/src/aes_asm.s @@ -24,8 +24,6 @@ * by Intel Mobility Group, Israel Development Center, Israel Shay Gueron */ -/* This file is in at&t asm syntax, see .asm for intel syntax */ - /* AES_CBC_encrypt (const unsigned char *in, diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index eb1af4bc3..de4328df3 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -53,7 +53,7 @@ #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "crypto_ntru.h" #endif #ifdef HAVE_ECC @@ -626,7 +626,7 @@ CYASSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, if (b == ASN_TAG_NULL) { b = input[i++]; - if (b != 0) + if (b != 0) return ASN_EXPECT_0_E; } else @@ -1270,7 +1270,6 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) cert->signature = 0; cert->subjectCN = 0; cert->subjectCNLen = 0; - cert->subjectCNEnc = CTC_UTF8; cert->subjectCNStored = 0; cert->altNames = NULL; #ifndef IGNORE_NAME_CONSTRAINTS @@ -1309,22 +1308,16 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) #ifdef CYASSL_CERT_GEN cert->subjectSN = 0; cert->subjectSNLen = 0; - cert->subjectSNEnc = CTC_UTF8; cert->subjectC = 0; cert->subjectCLen = 0; - cert->subjectCEnc = CTC_PRINTABLE; cert->subjectL = 0; cert->subjectLLen = 0; - cert->subjectLEnc = CTC_UTF8; cert->subjectST = 0; cert->subjectSTLen = 0; - cert->subjectSTEnc = CTC_UTF8; cert->subjectO = 0; cert->subjectOLen = 0; - cert->subjectOEnc = CTC_UTF8; cert->subjectOU = 0; cert->subjectOULen = 0; - cert->subjectOUEnc = CTC_UTF8; cert->subjectEmail = 0; cert->subjectEmailLen = 0; #endif /* CYASSL_CERT_GEN */ @@ -1544,9 +1537,8 @@ static int GetKey(DecodedCert* cert) byte* next = (byte*)key; word16 keyLen; byte keyBlob[MAX_NTRU_KEY_SZ]; - word32 rc; - rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, + word32 rc = crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, &keyLen, NULL, &next); if (rc != NTRU_OK) @@ -1554,8 +1546,8 @@ static int GetKey(DecodedCert* cert) if (keyLen > sizeof(keyBlob)) return ASN_NTRU_KEY_E; - rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, - &keyLen, keyBlob, &next); + rc = crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key,&keyLen, + keyBlob, &next); if (rc != NTRU_OK) return ASN_NTRU_KEY_E; @@ -1715,7 +1707,8 @@ static int GetName(DecodedCert* cert, int nameType) cert->srcIdx += 2; id = cert->source[cert->srcIdx++]; - b = cert->source[cert->srcIdx++]; /* encoding */ + b = cert->source[cert->srcIdx++]; /* strType */ + (void)b; /* may want to validate? */ if (GetLength(cert->source, &cert->srcIdx, &strLen, cert->maxIdx) < 0) @@ -1731,7 +1724,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectCN = (char *)&cert->source[cert->srcIdx]; cert->subjectCNLen = strLen; - cert->subjectCNEnc = b; } if (!tooBig) { @@ -1754,7 +1746,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectSN = (char*)&cert->source[cert->srcIdx]; cert->subjectSNLen = strLen; - cert->subjectSNEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1772,7 +1763,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectC = (char*)&cert->source[cert->srcIdx]; cert->subjectCLen = strLen; - cert->subjectCEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1790,7 +1780,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectL = (char*)&cert->source[cert->srcIdx]; cert->subjectLLen = strLen; - cert->subjectLEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1808,7 +1797,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectST = (char*)&cert->source[cert->srcIdx]; cert->subjectSTLen = strLen; - cert->subjectSTEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1826,7 +1814,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectO = (char*)&cert->source[cert->srcIdx]; cert->subjectOLen = strLen; - cert->subjectOEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1844,7 +1831,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectOU = (char*)&cert->source[cert->srcIdx]; cert->subjectOULen = strLen; - cert->subjectOUEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -3500,8 +3486,8 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert) } if (input[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) { - CYASSL_MSG("\tinfo: OPTIONAL item 0, not available\n"); - return 0; + CYASSL_MSG("\tfail: wanted OPTIONAL item 0, not available\n"); + return ASN_PARSE_E; } if (GetLength(input, &idx, &length, sz) < 0) { @@ -4464,35 +4450,21 @@ void InitCert(Cert* cert) XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE); cert->issuer.country[0] = '\0'; - cert->issuer.countryEnc = CTC_PRINTABLE; cert->issuer.state[0] = '\0'; - cert->issuer.stateEnc = CTC_UTF8; cert->issuer.locality[0] = '\0'; - cert->issuer.localityEnc = CTC_UTF8; cert->issuer.sur[0] = '\0'; - cert->issuer.surEnc = CTC_UTF8; cert->issuer.org[0] = '\0'; - cert->issuer.orgEnc = CTC_UTF8; cert->issuer.unit[0] = '\0'; - cert->issuer.unitEnc = CTC_UTF8; cert->issuer.commonName[0] = '\0'; - cert->issuer.commonNameEnc = CTC_UTF8; cert->issuer.email[0] = '\0'; cert->subject.country[0] = '\0'; - cert->subject.countryEnc = CTC_PRINTABLE; cert->subject.state[0] = '\0'; - cert->subject.stateEnc = CTC_UTF8; cert->subject.locality[0] = '\0'; - cert->subject.localityEnc = CTC_UTF8; cert->subject.sur[0] = '\0'; - cert->subject.surEnc = CTC_UTF8; cert->subject.org[0] = '\0'; - cert->subject.orgEnc = CTC_UTF8; cert->subject.unit[0] = '\0'; - cert->subject.unitEnc = CTC_UTF8; cert->subject.commonName[0] = '\0'; - cert->subject.commonNameEnc = CTC_UTF8; cert->subject.email[0] = '\0'; #ifdef CYASSL_CERT_REQ @@ -4851,37 +4823,6 @@ static const char* GetOneName(CertName* name, int idx) } -/* Get Which Name Encoding from index */ -static char GetNameType(CertName* name, int idx) -{ - switch (idx) { - case 0: - return name->countryEnc; - - case 1: - return name->stateEnc; - - case 2: - return name->localityEnc; - - case 3: - return name->surEnc; - - case 4: - return name->orgEnc; - - case 5: - return name->unitEnc; - - case 6: - return name->commonNameEnc; - - default: - return 0; - } -} - - /* Get ASN Name from index */ static byte GetNameId(int idx) { @@ -5031,7 +4972,10 @@ static int SetName(byte* output, CertName* name) /* id type */ names[i].encoded[idx++] = bType; /* str type */ - names[i].encoded[idx++] = GetNameType(name, i); + if (bType == ASN_COUNTRY_NAME) + names[i].encoded[idx++] = 0x13; /* printable */ + else + names[i].encoded[idx++] = 0x0c; /* utf8 */ } /* second length */ XMEMCPY(names[i].encoded + idx, secondLen, secondSz); @@ -5116,15 +5060,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, word32 rc; word16 encodedSz; - rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, - ntruKey, &encodedSz, NULL); + rc = crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, + ntruKey, &encodedSz, NULL); if (rc != NTRU_OK) return PUBLIC_KEY_E; if (encodedSz > MAX_PUBLIC_KEY_SZ) return PUBLIC_KEY_E; - rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, - ntruKey, &encodedSz, der->publicKey); + rc = crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, + ntruKey, &encodedSz, der->publicKey); if (rc != NTRU_OK) return PUBLIC_KEY_E; @@ -5755,49 +5699,42 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz) CTC_NAME_SIZE - 1; strncpy(cn->commonName, decoded.subjectCN, CTC_NAME_SIZE); cn->commonName[sz] = 0; - cn->commonNameEnc = decoded.subjectCNEnc; } if (decoded.subjectC) { sz = (decoded.subjectCLen < CTC_NAME_SIZE) ? decoded.subjectCLen : CTC_NAME_SIZE - 1; strncpy(cn->country, decoded.subjectC, CTC_NAME_SIZE); cn->country[sz] = 0; - cn->countryEnc = decoded.subjectCEnc; } if (decoded.subjectST) { sz = (decoded.subjectSTLen < CTC_NAME_SIZE) ? decoded.subjectSTLen : CTC_NAME_SIZE - 1; strncpy(cn->state, decoded.subjectST, CTC_NAME_SIZE); cn->state[sz] = 0; - cn->stateEnc = decoded.subjectSTEnc; } if (decoded.subjectL) { sz = (decoded.subjectLLen < CTC_NAME_SIZE) ? decoded.subjectLLen : CTC_NAME_SIZE - 1; strncpy(cn->locality, decoded.subjectL, CTC_NAME_SIZE); cn->locality[sz] = 0; - cn->localityEnc = decoded.subjectLEnc; } if (decoded.subjectO) { sz = (decoded.subjectOLen < CTC_NAME_SIZE) ? decoded.subjectOLen : CTC_NAME_SIZE - 1; strncpy(cn->org, decoded.subjectO, CTC_NAME_SIZE); cn->org[sz] = 0; - cn->orgEnc = decoded.subjectOEnc; } if (decoded.subjectOU) { sz = (decoded.subjectOULen < CTC_NAME_SIZE) ? decoded.subjectOULen : CTC_NAME_SIZE - 1; strncpy(cn->unit, decoded.subjectOU, CTC_NAME_SIZE); cn->unit[sz] = 0; - cn->unitEnc = decoded.subjectOUEnc; } if (decoded.subjectSN) { sz = (decoded.subjectSNLen < CTC_NAME_SIZE) ? decoded.subjectSNLen : CTC_NAME_SIZE - 1; strncpy(cn->sur, decoded.subjectSN, CTC_NAME_SIZE); cn->sur[sz] = 0; - cn->surEnc = decoded.subjectSNEnc; } if (decoded.subjectEmail) { sz = (decoded.subjectEmailLen < CTC_NAME_SIZE) ? diff --git a/ctaocrypt/src/chacha.c b/ctaocrypt/src/chacha.c new file mode 100644 index 000000000..86c94278c --- /dev/null +++ b/ctaocrypt/src/chacha.c @@ -0,0 +1,244 @@ +/* chacha.c + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * + * chacha-ref.c version 20080118 + * D. J. Bernstein + * Public domain. + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef HAVE_CHACHA + +#include +#include +#include +#ifdef NO_INLINE + #include +#else + #include +#endif + +#ifdef CHACHA_AEAD_TEST + #include +#endif + +#ifdef BIG_ENDIAN_ORDER + #define LITTLE32(x) ByteReverseWord32(x) +#else + #define LITTLE32(x) (x) +#endif + +/* Number of rounds */ +#define ROUNDS 20 + +#define U32C(v) (v##U) +#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF)) +#define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0]) + +#define ROTATE(v,c) rotlFixed(v, c) +#define XOR(v,w) ((v) ^ (w)) +#define PLUS(v,w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v),1)) + +#define QUARTERROUND(a,b,c,d) \ + x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \ + x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \ + x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \ + x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7); + + +/** + * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version + * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB. + */ +int Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter) +{ + word32 temp[3]; /* used for alignment of memory */ + XMEMSET(temp, 0, 12); + +#ifdef CHACHA_AEAD_TEST + int k; + printf("NONCE : "); + for (k = 0; k < 12; k++) { + printf("%02x", nonce[k]); + } + printf("\n"); +#endif + + XMEMCPY(temp, inIv, 12); + + ctx->X[12] = counter; /* block counter */ + ctx->X[13] = temp[0]; /* fixed variable from nonce */ + ctx->X[14] = temp[1]; /* counter from nonce */ + ctx->X[15] = temp[2]; /* counter from nonce */ + + return 0; +} + +/* "expand 32-byte k" as unsigned 32 byte */ +static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574}; +/* "expand 16-byte k" as unsigned 16 byte */ +static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574}; + +/** + * Key setup. 8 word iv (nonce) + */ +int Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz) +{ + const word32* constants; + const byte* k; + + if (ctx == NULL) + return BAD_FUNC_ARG; + +#ifdef XSTREAM_ALIGN + word32 alignKey[4]; + if ((word)key % 4) { + CYASSL_MSG("ChachaSetKey unaligned key"); + XMEMCPY(alignKey, key, sizeof(alignKey)); + k = (byte*)alignKey; + } + else { + k = key; + } +#else + k = key; +#endif /* XSTREAM_ALIGN */ + +#ifdef CHACHA_AEAD_TEST + int k; + printf("ChaCha key used : "); + for (k = 0; k < keySz; k++) { + printf("%02x", key[k]); + } + printf("\n"); +#endif + + ctx->X[4] = U8TO32_LITTLE(k + 0); + ctx->X[5] = U8TO32_LITTLE(k + 4); + ctx->X[6] = U8TO32_LITTLE(k + 8); + ctx->X[7] = U8TO32_LITTLE(k + 12); + if (keySz == 32) { + k += 16; + constants = sigma; + } + else { + /* key size of 128 */ + if (keySz != 16) + return BAD_FUNC_ARG; + + constants = tau; + } + ctx->X[ 8] = U8TO32_LITTLE(k + 0); + ctx->X[ 9] = U8TO32_LITTLE(k + 4); + ctx->X[10] = U8TO32_LITTLE(k + 8); + ctx->X[11] = U8TO32_LITTLE(k + 12); + ctx->X[ 0] = U8TO32_LITTLE(constants + 0); + ctx->X[ 1] = U8TO32_LITTLE(constants + 1); + ctx->X[ 2] = U8TO32_LITTLE(constants + 2); + ctx->X[ 3] = U8TO32_LITTLE(constants + 3); + + return 0; +} + +/** + * Converts word into bytes with rotations having been done. + */ +static INLINE void Chacha_wordtobyte(word32 output[16], const word32 input[16]) +{ + word32 x[16]; + word32 i; + + for (i = 0; i < 16; i++) { + x[i] = input[i]; + } + + for (i = (ROUNDS); i > 0; i -= 2) { + QUARTERROUND(0, 4, 8, 12) + QUARTERROUND(1, 5, 9, 13) + QUARTERROUND(2, 6, 10, 14) + QUARTERROUND(3, 7, 11, 15) + QUARTERROUND(0, 5, 10, 15) + QUARTERROUND(1, 6, 11, 12) + QUARTERROUND(2, 7, 8, 13) + QUARTERROUND(3, 4, 9, 14) + } + + for (i = 0; i < 16; i++) { + x[i] = PLUS(x[i], input[i]); + } + + for (i = 0; i < 16; i++) { + output[i] = LITTLE32(x[i]); + } +} + +/** + * Encrypt a stream of bytes + */ +static void Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, + word32 bytes) +{ + byte* output; + word32 temp[16]; /* used to make sure aligned */ + word32 i; + + output = (byte*)temp; + + if (!bytes) return; + for (;;) { + Chacha_wordtobyte(temp, ctx->X); + ctx->X[12] = PLUSONE(ctx->X[12]); + if (bytes <= 64) { + for (i = 0; i < bytes; ++i) { + c[i] = m[i] ^ output[i]; + } + return; + } + for (i = 0; i < 64; ++i) { + c[i] = m[i] ^ output[i]; + } + bytes -= 64; + c += 64; + m += 64; + } +} + +/** + * API to encrypt/decrypt a message of any size. + */ +int Chacha_Process(ChaCha* ctx, byte* output, const byte* input, word32 msglen) +{ + if (ctx == NULL) + return BAD_FUNC_ARG; + + Chacha_encrypt_bytes(ctx, input, output, msglen); + + return 0; +} + +#endif /* HAVE_CHACHA*/ + diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index b2bd74c3c..a704b7910 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -34,7 +34,6 @@ #include #include -#include #ifdef NO_INLINE #include @@ -170,22 +169,19 @@ CRYP_Cmd(DISABLE); } - int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_CBC); - return 0; } - int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des, out, in, sz, DES_DECRYPTION, DES_CBC); - return 0; } - int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_ECB); - return 0; } void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz, @@ -393,16 +389,14 @@ static void Des_Cbc(byte* out, const byte* in, word32 sz, } -int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) +void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_ENCRYPT) ; - return 0; } -int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) +void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_DECRYPT) ; - return 0; } int Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz) @@ -562,7 +556,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) return ret; } - int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { int i; int offset = 0; @@ -572,11 +566,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad cau_des_encrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -594,10 +583,10 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); } - return 0; + return; } - int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { int i; int offset = 0; @@ -607,11 +596,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad cau_des_decrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -629,7 +613,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) offset += DES_BLOCK_SIZE; } - return 0; + return; } int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) @@ -643,11 +627,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad 3ede cau_des_encrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -681,11 +660,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad 3ede cau_des_decrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -819,18 +793,16 @@ int Des3_SetIV(Des3* des, const byte* iv); ByteReverseWords((word32*)out, (word32 *)KVA0_TO_KVA1(out), sz); } - int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des->key, des->reg, out, in, sz, PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC ); - return 0; } - int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des->key, des->reg, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC); - return 0; } int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) @@ -1278,7 +1250,7 @@ static void Des3ProcessBlock(Des3* des, const byte* in, byte* out) } -int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) +void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; @@ -1290,11 +1262,10 @@ int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } - return 0; } -int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) +void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; byte hold[DES_BLOCK_SIZE]; @@ -1311,7 +1282,6 @@ int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } - return 0; } @@ -1362,7 +1332,7 @@ int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) #ifdef CYASSL_DES_ECB /* One block, compatibility only */ -int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) +void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; @@ -1372,7 +1342,6 @@ int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } - return 0; } #endif /* CYASSL_DES_ECB */ @@ -1401,6 +1370,7 @@ int Des3_SetIV(Des3* des, const byte* iv) #ifdef HAVE_CAVIUM +#include #include "cavium_common.h" /* Initiliaze Des3 for use with Nitrox device */ diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c index ce9d1d046..3b629ae08 100644 --- a/ctaocrypt/src/error.c +++ b/ctaocrypt/src/error.c @@ -22,7 +22,7 @@ #ifdef HAVE_CONFIG_H #include #endif - + #include #include @@ -32,261 +32,334 @@ #pragma warning(disable: 4996) #endif -const char* CTaoCryptGetErrorString(int error) + +void CTaoCryptErrorString(int error, char* buffer) { + const int max = CYASSL_MAX_ERROR_SZ; /* shorthand */ + #ifdef NO_ERROR_STRINGS (void)error; - return "no support for error strings built in"; + XSTRNCPY(buffer, "no support for error strings built in", max); #else switch (error) { - case OPEN_RAN_E : - return "opening random device error"; + case OPEN_RAN_E : + XSTRNCPY(buffer, "opening random device error", max); + break; case READ_RAN_E : - return "reading random device error"; + XSTRNCPY(buffer, "reading random device error", max); + break; case WINCRYPT_E : - return "windows crypt init error"; + XSTRNCPY(buffer, "windows crypt init error", max); + break; - case CRYPTGEN_E : - return "windows crypt generation error"; + case CRYPTGEN_E : + XSTRNCPY(buffer, "windows crypt generation error", max); + break; - case RAN_BLOCK_E : - return "random device read would block error"; + case RAN_BLOCK_E : + XSTRNCPY(buffer, "random device read would block error", max); + break; - case BAD_MUTEX_E : - return "Bad mutex, operation failed"; + case BAD_MUTEX_E : + XSTRNCPY(buffer, "Bad mutex, operation failed", max); + break; case MP_INIT_E : - return "mp_init error state"; + XSTRNCPY(buffer, "mp_init error state", max); + break; case MP_READ_E : - return "mp_read error state"; + XSTRNCPY(buffer, "mp_read error state", max); + break; case MP_EXPTMOD_E : - return "mp_exptmod error state"; + XSTRNCPY(buffer, "mp_exptmod error state", max); + break; case MP_TO_E : - return "mp_to_xxx error state, can't convert"; + XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max); + break; case MP_SUB_E : - return "mp_sub error state, can't subtract"; + XSTRNCPY(buffer, "mp_sub error state, can't subtract", max); + break; case MP_ADD_E : - return "mp_add error state, can't add"; + XSTRNCPY(buffer, "mp_add error state, can't add", max); + break; case MP_MUL_E : - return "mp_mul error state, can't multiply"; + XSTRNCPY(buffer, "mp_mul error state, can't multiply", max); + break; case MP_MULMOD_E : - return "mp_mulmod error state, can't multiply mod"; + XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max); + break; case MP_MOD_E : - return "mp_mod error state, can't mod"; + XSTRNCPY(buffer, "mp_mod error state, can't mod", max); + break; case MP_INVMOD_E : - return "mp_invmod error state, can't inv mod"; - + XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max); + break; + case MP_CMP_E : - return "mp_cmp error state"; - + XSTRNCPY(buffer, "mp_cmp error state", max); + break; + case MP_ZERO_E : - return "mp zero result, not expected"; - + XSTRNCPY(buffer, "mp zero result, not expected", max); + break; + case MEMORY_E : - return "out of memory error"; + XSTRNCPY(buffer, "out of memory error", max); + break; case RSA_WRONG_TYPE_E : - return "RSA wrong block type for RSA function"; + XSTRNCPY(buffer, "RSA wrong block type for RSA function", max); + break; case RSA_BUFFER_E : - return "RSA buffer error, output too small or input too big"; + XSTRNCPY(buffer, "RSA buffer error, output too small or input too big", + max); + break; case BUFFER_E : - return "Buffer error, output too small or input too big"; + XSTRNCPY(buffer, "Buffer error, output too small or input too big",max); + break; case ALGO_ID_E : - return "Setting Cert AlogID error"; + XSTRNCPY(buffer, "Setting Cert AlogID error", max); + break; case PUBLIC_KEY_E : - return "Setting Cert Public Key error"; + XSTRNCPY(buffer, "Setting Cert Public Key error", max); + break; case DATE_E : - return "Setting Cert Date validity error"; + XSTRNCPY(buffer, "Setting Cert Date validity error", max); + break; case SUBJECT_E : - return "Setting Cert Subject name error"; + XSTRNCPY(buffer, "Setting Cert Subject name error", max); + break; case ISSUER_E : - return "Setting Cert Issuer name error"; + XSTRNCPY(buffer, "Setting Cert Issuer name error", max); + break; case CA_TRUE_E : - return "Setting basic constraint CA true error"; + XSTRNCPY(buffer, "Setting basic constraint CA true error", max); + break; case EXTENSIONS_E : - return "Setting extensions error"; + XSTRNCPY(buffer, "Setting extensions error", max); + break; case ASN_PARSE_E : - return "ASN parsing error, invalid input"; + XSTRNCPY(buffer, "ASN parsing error, invalid input", max); + break; case ASN_VERSION_E : - return "ASN version error, invalid number"; + XSTRNCPY(buffer, "ASN version error, invalid number", max); + break; case ASN_GETINT_E : - return "ASN get big int error, invalid data"; + XSTRNCPY(buffer, "ASN get big int error, invalid data", max); + break; case ASN_RSA_KEY_E : - return "ASN key init error, invalid input"; + XSTRNCPY(buffer, "ASN key init error, invalid input", max); + break; case ASN_OBJECT_ID_E : - return "ASN object id error, invalid id"; + XSTRNCPY(buffer, "ASN object id error, invalid id", max); + break; case ASN_TAG_NULL_E : - return "ASN tag error, not null"; + XSTRNCPY(buffer, "ASN tag error, not null", max); + break; case ASN_EXPECT_0_E : - return "ASN expect error, not zero"; + XSTRNCPY(buffer, "ASN expect error, not zero", max); + break; case ASN_BITSTR_E : - return "ASN bit string error, wrong id"; + XSTRNCPY(buffer, "ASN bit string error, wrong id", max); + break; case ASN_UNKNOWN_OID_E : - return "ASN oid error, unknown sum id"; + XSTRNCPY(buffer, "ASN oid error, unknown sum id", max); + break; case ASN_DATE_SZ_E : - return "ASN date error, bad size"; + XSTRNCPY(buffer, "ASN date error, bad size", max); + break; case ASN_BEFORE_DATE_E : - return "ASN date error, current date before"; + XSTRNCPY(buffer, "ASN date error, current date before", max); + break; case ASN_AFTER_DATE_E : - return "ASN date error, current date after"; + XSTRNCPY(buffer, "ASN date error, current date after", max); + break; case ASN_SIG_OID_E : - return "ASN signature error, mismatched oid"; + XSTRNCPY(buffer, "ASN signature error, mismatched oid", max); + break; case ASN_TIME_E : - return "ASN time error, unkown time type"; + XSTRNCPY(buffer, "ASN time error, unkown time type", max); + break; case ASN_INPUT_E : - return "ASN input error, not enough data"; + XSTRNCPY(buffer, "ASN input error, not enough data", max); + break; case ASN_SIG_CONFIRM_E : - return "ASN sig error, confirm failure"; + XSTRNCPY(buffer, "ASN sig error, confirm failure", max); + break; case ASN_SIG_HASH_E : - return "ASN sig error, unsupported hash type"; + XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max); + break; case ASN_SIG_KEY_E : - return "ASN sig error, unsupported key type"; + XSTRNCPY(buffer, "ASN sig error, unsupported key type", max); + break; case ASN_DH_KEY_E : - return "ASN key init error, invalid input"; + XSTRNCPY(buffer, "ASN key init error, invalid input", max); + break; case ASN_NTRU_KEY_E : - return "ASN NTRU key decode error, invalid input"; + XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max); + break; case ASN_CRIT_EXT_E: - return "X.509 Critical extension ignored"; + XSTRNCPY(buffer, "X.509 Critical extension ignored", max); + break; case ECC_BAD_ARG_E : - return "ECC input argument wrong type, invalid input"; + XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max); + break; case ASN_ECC_KEY_E : - return "ECC ASN1 bad key data, invalid input"; + XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max); + break; case ECC_CURVE_OID_E : - return "ECC curve sum OID unsupported, invalid input"; + XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max); + break; case BAD_FUNC_ARG : - return "Bad function argument"; + XSTRNCPY(buffer, "Bad function argument", max); + break; case NOT_COMPILED_IN : - return "Feature not compiled in"; + XSTRNCPY(buffer, "Feature not compiled in", max); + break; case UNICODE_SIZE_E : - return "Unicode password too big"; + XSTRNCPY(buffer, "Unicode password too big", max); + break; case NO_PASSWORD : - return "No password provided by user"; + XSTRNCPY(buffer, "No password provided by user", max); + break; case ALT_NAME_E : - return "Alt Name problem, too big"; + XSTRNCPY(buffer, "Alt Name problem, too big", max); + break; case AES_GCM_AUTH_E: - return "AES-GCM Authentication check fail"; + XSTRNCPY(buffer, "AES-GCM Authentication check fail", max); + break; case AES_CCM_AUTH_E: - return "AES-CCM Authentication check fail"; + XSTRNCPY(buffer, "AES-CCM Authentication check fail", max); + break; case CAVIUM_INIT_E: - return "Cavium Init type error"; + XSTRNCPY(buffer, "Cavium Init type error", max); + break; case COMPRESS_INIT_E: - return "Compress Init error"; + XSTRNCPY(buffer, "Compress Init error", max); + break; case COMPRESS_E: - return "Compress error"; + XSTRNCPY(buffer, "Compress error", max); + break; case DECOMPRESS_INIT_E: - return "DeCompress Init error"; + XSTRNCPY(buffer, "DeCompress Init error", max); + break; case DECOMPRESS_E: - return "DeCompress error"; + XSTRNCPY(buffer, "DeCompress error", max); + break; case BAD_ALIGN_E: - return "Bad alignment error, no alloc help"; + XSTRNCPY(buffer, "Bad alignment error, no alloc help", max); + break; case ASN_NO_SIGNER_E : - return "ASN no signer error to confirm failure"; + XSTRNCPY(buffer, "ASN no signer error to confirm failure", max); + break; case ASN_CRL_CONFIRM_E : - return "ASN CRL sig error, confirm failure"; + XSTRNCPY(buffer, "ASN CRL sig error, confirm failure", max); + break; case ASN_CRL_NO_SIGNER_E : - return "ASN CRL no signer error to confirm failure"; + XSTRNCPY(buffer, "ASN CRL no signer error to confirm failure", max); + break; case ASN_OCSP_CONFIRM_E : - return "ASN OCSP sig error, confirm failure"; + XSTRNCPY(buffer, "ASN OCSP sig error, confirm failure", max); + break; case BAD_ENC_STATE_E: - return "Bad ecc encrypt state operation"; + XSTRNCPY(buffer, "Bad ecc encrypt state operation", max); + break; case BAD_PADDING_E: - return "Bad padding, message wrong length"; + XSTRNCPY(buffer, "Bad padding, message wrong length", max); + break; case REQ_ATTRIBUTE_E: - return "Setting cert request attributes error"; + XSTRNCPY(buffer, "Setting cert request attributes error", max); + break; case PKCS7_OID_E: - return "PKCS#7 error: mismatched OID value"; + XSTRNCPY(buffer, "PKCS#7 error: mismatched OID value", max); + break; case PKCS7_RECIP_E: - return "PKCS#7 error: no matching recipient found"; + XSTRNCPY(buffer, "PKCS#7 error: no matching recipient found", max); + break; case FIPS_NOT_ALLOWED_E: - return "FIPS mode not allowed error"; + XSTRNCPY(buffer, "FIPS mode not allowed error", max); + break; case ASN_NAME_INVALID_E: - return "Name Constraint error"; - - case RNG_FAILURE_E: - return "Random Number Generator failed"; + XSTRNCPY(buffer, "Name Constraint error", max); + break; default: - return "unknown error number"; + XSTRNCPY(buffer, "unknown error number", max); } #endif /* NO_ERROR_STRINGS */ } - -void CTaoCryptErrorString(int error, char* buffer) -{ - XSTRNCPY(buffer, CTaoCryptGetErrorString(error), CYASSL_MAX_ERROR_SZ); -} diff --git a/ctaocrypt/src/include.am b/ctaocrypt/src/include.am index 6664dab22..580d3f553 100644 --- a/ctaocrypt/src/include.am +++ b/ctaocrypt/src/include.am @@ -2,8 +2,7 @@ # All paths should be given relative to the root EXTRA_DIST += ctaocrypt/src/misc.c -EXTRA_DIST += ctaocrypt/src/asm.c -EXTRA_DIST += ctaocrypt/src/aes_asm.asm +EXTRA_DIST += ctaocrypt/src/asm.c EXTRA_DIST += \ ctaocrypt/src/ecc_fp.c \ diff --git a/ctaocrypt/src/integer.c b/ctaocrypt/src/integer.c index 56598f451..e885ca04b 100644 --- a/ctaocrypt/src/integer.c +++ b/ctaocrypt/src/integer.c @@ -1854,15 +1854,15 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, } /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times*/ - if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { + if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) { goto LBL_RES; } for (x = 0; x < (winsize - 1); x++) { - if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { + if ((err = mp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)])) != MP_OKAY) { goto LBL_RES; } - if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, mp)) != MP_OKAY) { + if ((err = redux (&M[1 << (winsize - 1)], P, mp)) != MP_OKAY) { goto LBL_RES; } } @@ -3250,19 +3250,19 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode) /* compute the value at M[1<<(winsize-1)] by squaring * M[1] (winsize-1) times */ - if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { + if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) { goto LBL_MU; } for (x = 0; x < (winsize - 1); x++) { /* square it */ - if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], - &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { + if ((err = mp_sqr (&M[1 << (winsize - 1)], + &M[1 << (winsize - 1)])) != MP_OKAY) { goto LBL_MU; } /* reduce modulo P */ - if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, &mu)) != MP_OKAY) { + if ((err = redux (&M[1 << (winsize - 1)], P, &mu)) != MP_OKAY) { goto LBL_MU; } } diff --git a/ctaocrypt/src/misc.c b/ctaocrypt/src/misc.c index 7d4d33594..69fd4a449 100644 --- a/ctaocrypt/src/misc.c +++ b/ctaocrypt/src/misc.c @@ -45,8 +45,6 @@ #include /* get intrinsic definitions */ - /* for non visual studio probably need no long version, 32 bit only - * i.e., _rotl and _rotr */ #pragma intrinsic(_lrotl, _lrotr) STATIC INLINE word32 rotlFixed(word32 x, word32 y) diff --git a/ctaocrypt/src/poly1305.c b/ctaocrypt/src/poly1305.c new file mode 100644 index 000000000..c246394f9 --- /dev/null +++ b/ctaocrypt/src/poly1305.c @@ -0,0 +1,521 @@ +/* poly1305.c + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_POLY1305 + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include +#include +#ifdef NO_INLINE + #include +#else + #include +#endif + +#ifdef _MSC_VER + /* 4127 warning constant while(1) */ + #pragma warning(disable: 4127) +#endif + +#ifdef BIG_ENDIAN_ORDER + #define LITTLE32(x) ByteReverseWord32(x) +#else + #define LITTLE32(x) (x) +#endif + +#ifdef POLY130564 +#if defined(_MSC_VER) + #define POLY1305_NOINLINE __declspec(noinline) +#elif defined(__GNUC__) + #define POLY1305_NOINLINE __attribute__((noinline)) +#else + #define POLY1305_NOINLINE +#endif + +#if defined(_MSC_VER) + #include + + typedef struct word128 { + word64 lo; + word64 hi; + } word128; + + #define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi) + #define ADD(out, in) { word64 t = out.lo; out.lo += in.lo; + out.hi += (out.lo < t) + in.hi; } + #define ADDLO(out, in) { word64 t = out.lo; out.lo += in; + out.hi += (out.lo < t); } + #define SHR(in, shift) (__shiftright128(in.lo, in.hi, (shift))) + #define LO(in) (in.lo) + +#elif defined(__GNUC__) + #if defined(__SIZEOF_INT128__) + typedef unsigned __int128 word128; + #else + typedef unsigned word128 __attribute__((mode(TI))); + #endif + + #define MUL(out, x, y) out = ((word128)x * y) + #define ADD(out, in) out += in + #define ADDLO(out, in) out += in + #define SHR(in, shift) (word64)(in >> (shift)) + #define LO(in) (word64)(in) +#endif + +static word64 U8TO64(const byte* p) { + return + (((word64)(p[0] & 0xff) ) | + ((word64)(p[1] & 0xff) << 8) | + ((word64)(p[2] & 0xff) << 16) | + ((word64)(p[3] & 0xff) << 24) | + ((word64)(p[4] & 0xff) << 32) | + ((word64)(p[5] & 0xff) << 40) | + ((word64)(p[6] & 0xff) << 48) | + ((word64)(p[7] & 0xff) << 56)); +} + +static void U64TO8(byte* p, word64 v) { + p[0] = (v ) & 0xff; + p[1] = (v >> 8) & 0xff; + p[2] = (v >> 16) & 0xff; + p[3] = (v >> 24) & 0xff; + p[4] = (v >> 32) & 0xff; + p[5] = (v >> 40) & 0xff; + p[6] = (v >> 48) & 0xff; + p[7] = (v >> 56) & 0xff; +} +#else /* if not 64 bit then use 32 bit */ +static word32 U8TO32(const byte *p) { + return + (((word32)(p[0] & 0xff) ) | + ((word32)(p[1] & 0xff) << 8) | + ((word32)(p[2] & 0xff) << 16) | + ((word32)(p[3] & 0xff) << 24)); +} + +static void U32TO8(byte *p, word32 v) { + p[0] = (v ) & 0xff; + p[1] = (v >> 8) & 0xff; + p[2] = (v >> 16) & 0xff; + p[3] = (v >> 24) & 0xff; +} +#endif + +int Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) { + + if (keySz != 32) + return 1; + +#ifdef CHACHA_AEAD_TEST + int k; + printf("Poly key used: "); + for (k = 0; k < keySz; k++) + printf("%02x", key[k]); + printf("\n"); +#endif + +#ifdef POLY130564 + word64 t0,t1; + + /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ + t0 = U8TO64(key + 0); + t1 = U8TO64(key + 8); + + ctx->r[0] = ( t0 ) & 0xffc0fffffff; + ctx->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff; + ctx->r[2] = ((t1 >> 24) ) & 0x00ffffffc0f; + + /* h (accumulator) = 0 */ + ctx->h[0] = 0; + ctx->h[1] = 0; + ctx->h[2] = 0; + + /* save pad for later */ + ctx->pad[0] = U8TO64(key + 16); + ctx->pad[1] = U8TO64(key + 24); + +#else /* if not 64 bit then use 32 bit */ + + /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ + ctx->r[0] = (U8TO32(key + 0) ) & 0x3ffffff; + ctx->r[1] = (U8TO32(key + 3) >> 2) & 0x3ffff03; + ctx->r[2] = (U8TO32(key + 6) >> 4) & 0x3ffc0ff; + ctx->r[3] = (U8TO32(key + 9) >> 6) & 0x3f03fff; + ctx->r[4] = (U8TO32(key + 12) >> 8) & 0x00fffff; + + /* h = 0 */ + ctx->h[0] = 0; + ctx->h[1] = 0; + ctx->h[2] = 0; + ctx->h[3] = 0; + ctx->h[4] = 0; + + /* save pad for later */ + ctx->pad[0] = U8TO32(key + 16); + ctx->pad[1] = U8TO32(key + 20); + ctx->pad[2] = U8TO32(key + 24); + ctx->pad[3] = U8TO32(key + 28); +#endif + + ctx->leftover = 0; + ctx->final = 0; + + return 0; +} + +static void poly1305_blocks(Poly1305* ctx, const unsigned char *m, + size_t bytes) { +#ifdef POLY130564 + + const word64 hibit = (ctx->final) ? 0 : ((word64)1 << 40); /* 1 << 128 */ + word64 r0,r1,r2; + word64 s1,s2; + word64 h0,h1,h2; + word64 c; + word128 d0,d1,d2,d; + + r0 = ctx->r[0]; + r1 = ctx->r[1]; + r2 = ctx->r[2]; + + h0 = ctx->h[0]; + h1 = ctx->h[1]; + h2 = ctx->h[2]; + + s1 = r1 * (5 << 2); + s2 = r2 * (5 << 2); + + while (bytes >= POLY1305_BLOCK_SIZE) { + word64 t0,t1; + + /* h += m[i] */ + t0 = U8TO64(&m[0]); + t1 = U8TO64(&m[8]); + + h0 += (( t0 ) & 0xfffffffffff); + h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff); + h2 += (((t1 >> 24) ) & 0x3ffffffffff) | hibit; + + /* h *= r */ + MUL(d0, h0, r0); MUL(d, h1, s2); ADD(d0, d); MUL(d, h2, s1); ADD(d0, d); + MUL(d1, h0, r1); MUL(d, h1, r0); ADD(d1, d); MUL(d, h2, s2); ADD(d1, d); + MUL(d2, h0, r2); MUL(d, h1, r1); ADD(d2, d); MUL(d, h2, r0); ADD(d2, d); + + /* (partial) h %= p */ + c = SHR(d0, 44); h0 = LO(d0) & 0xfffffffffff; + ADDLO(d1, c); c = SHR(d1, 44); h1 = LO(d1) & 0xfffffffffff; + ADDLO(d2, c); c = SHR(d2, 42); h2 = LO(d2) & 0x3ffffffffff; + h0 += c * 5; c = (h0 >> 44); h0 = h0 & 0xfffffffffff; + h1 += c; + + m += POLY1305_BLOCK_SIZE; + bytes -= POLY1305_BLOCK_SIZE; + } + + ctx->h[0] = h0; + ctx->h[1] = h1; + ctx->h[2] = h2; + +#else /* if not 64 bit then use 32 bit */ + + const word32 hibit = (ctx->final) ? 0 : (1 << 24); /* 1 << 128 */ + word32 r0,r1,r2,r3,r4; + word32 s1,s2,s3,s4; + word32 h0,h1,h2,h3,h4; + word64 d0,d1,d2,d3,d4; + word32 c; + + r0 = ctx->r[0]; + r1 = ctx->r[1]; + r2 = ctx->r[2]; + r3 = ctx->r[3]; + r4 = ctx->r[4]; + + s1 = r1 * 5; + s2 = r2 * 5; + s3 = r3 * 5; + s4 = r4 * 5; + + h0 = ctx->h[0]; + h1 = ctx->h[1]; + h2 = ctx->h[2]; + h3 = ctx->h[3]; + h4 = ctx->h[4]; + + while (bytes >= POLY1305_BLOCK_SIZE) { + /* h += m[i] */ + h0 += (U8TO32(m+ 0) ) & 0x3ffffff; + h1 += (U8TO32(m+ 3) >> 2) & 0x3ffffff; + h2 += (U8TO32(m+ 6) >> 4) & 0x3ffffff; + h3 += (U8TO32(m+ 9) >> 6) & 0x3ffffff; + h4 += (U8TO32(m+12) >> 8) | hibit; + + /* h *= r */ + d0 = ((word64)h0 * r0) + ((word64)h1 * s4) + ((word64)h2 * s3) + + ((word64)h3 * s2) + ((word64)h4 * s1); + d1 = ((word64)h0 * r1) + ((word64)h1 * r0) + ((word64)h2 * s4) + + ((word64)h3 * s3) + ((word64)h4 * s2); + d2 = ((word64)h0 * r2) + ((word64)h1 * r1) + ((word64)h2 * r0) + + ((word64)h3 * s4) + ((word64)h4 * s3); + d3 = ((word64)h0 * r3) + ((word64)h1 * r2) + ((word64)h2 * r1) + + ((word64)h3 * r0) + ((word64)h4 * s4); + d4 = ((word64)h0 * r4) + ((word64)h1 * r3) + ((word64)h2 * r2) + + ((word64)h3 * r1) + ((word64)h4 * r0); + + /* (partial) h %= p */ + c = (word32)(d0 >> 26); h0 = (word32)d0 & 0x3ffffff; + d1 += c; c = (word32)(d1 >> 26); h1 = (word32)d1 & 0x3ffffff; + d2 += c; c = (word32)(d2 >> 26); h2 = (word32)d2 & 0x3ffffff; + d3 += c; c = (word32)(d3 >> 26); h3 = (word32)d3 & 0x3ffffff; + d4 += c; c = (word32)(d4 >> 26); h4 = (word32)d4 & 0x3ffffff; + h0 += c * 5; c = (h0 >> 26); h0 = h0 & 0x3ffffff; + h1 += c; + + m += POLY1305_BLOCK_SIZE; + bytes -= POLY1305_BLOCK_SIZE; + } + + ctx->h[0] = h0; + ctx->h[1] = h1; + ctx->h[2] = h2; + ctx->h[3] = h3; + ctx->h[4] = h4; + +#endif + +} + +int Poly1305Final(Poly1305* ctx, byte* mac) { + +#ifdef POLY130564 + + word64 h0,h1,h2,c; + word64 g0,g1,g2; + word64 t0,t1; + + /* process the remaining block */ + if (ctx->leftover) { + size_t i = ctx->leftover; + ctx->buffer[i] = 1; + for (i = i + 1; i < POLY1305_BLOCK_SIZE; i++) + ctx->buffer[i] = 0; + ctx->final = 1; + poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE); + } + + /* fully carry h */ + h0 = ctx->h[0]; + h1 = ctx->h[1]; + h2 = ctx->h[2]; + + c = (h1 >> 44); h1 &= 0xfffffffffff; + h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff; + h0 += c * 5; c = (h0 >> 44); h0 &= 0xfffffffffff; + h1 += c; c = (h1 >> 44); h1 &= 0xfffffffffff; + h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff; + h0 += c * 5; c = (h0 >> 44); h0 &= 0xfffffffffff; + h1 += c; + + /* compute h + -p */ + g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff; + g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff; + g2 = h2 + c - ((word64)1 << 42); + + /* select h if h < p, or h + -p if h >= p */ + c = (g2 >> ((sizeof(word64) * 8) - 1)) - 1; + g0 &= c; + g1 &= c; + g2 &= c; + c = ~c; + h0 = (h0 & c) | g0; + h1 = (h1 & c) | g1; + h2 = (h2 & c) | g2; + + /* h = (h + pad) */ + t0 = ctx->pad[0]; + t1 = ctx->pad[1]; + + h0 += (( t0 ) & 0xfffffffffff) ; + c = (h0 >> 44); h0 &= 0xfffffffffff; + h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff) + c; + c = (h1 >> 44); h1 &= 0xfffffffffff; + h2 += (((t1 >> 24) ) & 0x3ffffffffff) + c; + h2 &= 0x3ffffffffff; + + /* mac = h % (2^128) */ + h0 = ((h0 ) | (h1 << 44)); + h1 = ((h1 >> 20) | (h2 << 24)); + + U64TO8(mac + 0, h0); + U64TO8(mac + 8, h1); + + /* zero out the state */ + ctx->h[0] = 0; + ctx->h[1] = 0; + ctx->h[2] = 0; + ctx->r[0] = 0; + ctx->r[1] = 0; + ctx->r[2] = 0; + ctx->pad[0] = 0; + ctx->pad[1] = 0; + +#else /* if not 64 bit then use 32 bit */ + + word32 h0,h1,h2,h3,h4,c; + word32 g0,g1,g2,g3,g4; + word64 f; + word32 mask; + + /* process the remaining block */ + if (ctx->leftover) { + size_t i = ctx->leftover; + ctx->buffer[i++] = 1; + for (; i < POLY1305_BLOCK_SIZE; i++) + ctx->buffer[i] = 0; + ctx->final = 1; + poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE); + } + + /* fully carry h */ + h0 = ctx->h[0]; + h1 = ctx->h[1]; + h2 = ctx->h[2]; + h3 = ctx->h[3]; + h4 = ctx->h[4]; + + c = h1 >> 26; h1 = h1 & 0x3ffffff; + h2 += c; c = h2 >> 26; h2 = h2 & 0x3ffffff; + h3 += c; c = h3 >> 26; h3 = h3 & 0x3ffffff; + h4 += c; c = h4 >> 26; h4 = h4 & 0x3ffffff; + h0 += c * 5; c = h0 >> 26; h0 = h0 & 0x3ffffff; + h1 += c; + + /* compute h + -p */ + g0 = h0 + 5; c = g0 >> 26; g0 &= 0x3ffffff; + g1 = h1 + c; c = g1 >> 26; g1 &= 0x3ffffff; + g2 = h2 + c; c = g2 >> 26; g2 &= 0x3ffffff; + g3 = h3 + c; c = g3 >> 26; g3 &= 0x3ffffff; + g4 = h4 + c - (1 << 26); + + /* select h if h < p, or h + -p if h >= p */ + mask = (g4 >> ((sizeof(word32) * 8) - 1)) - 1; + g0 &= mask; + g1 &= mask; + g2 &= mask; + g3 &= mask; + g4 &= mask; + mask = ~mask; + h0 = (h0 & mask) | g0; + h1 = (h1 & mask) | g1; + h2 = (h2 & mask) | g2; + h3 = (h3 & mask) | g3; + h4 = (h4 & mask) | g4; + + /* h = h % (2^128) */ + h0 = ((h0 ) | (h1 << 26)) & 0xffffffff; + h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff; + h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff; + h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff; + + /* mac = (h + pad) % (2^128) */ + f = (word64)h0 + ctx->pad[0] ; h0 = (word64)f; + f = (word64)h1 + ctx->pad[1] + (f >> 32); h1 = (word64)f; + f = (word64)h2 + ctx->pad[2] + (f >> 32); h2 = (word64)f; + f = (word64)h3 + ctx->pad[3] + (f >> 32); h3 = (word64)f; + + U32TO8(mac + 0, h0); + U32TO8(mac + 4, h1); + U32TO8(mac + 8, h2); + U32TO8(mac + 12, h3); + + /* zero out the state */ + ctx->h[0] = 0; + ctx->h[1] = 0; + ctx->h[2] = 0; + ctx->h[3] = 0; + ctx->h[4] = 0; + ctx->r[0] = 0; + ctx->r[1] = 0; + ctx->r[2] = 0; + ctx->r[3] = 0; + ctx->r[4] = 0; + ctx->pad[0] = 0; + ctx->pad[1] = 0; + ctx->pad[2] = 0; + ctx->pad[3] = 0; + +#endif + + return 0; +} + + +int Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) { + size_t i; + +#ifdef CHACHA_AEAD_TEST + int k; + printf("Raw input to poly: "); + for (k = 0; k < bytes; k++) + printf("%02x", m[k]); + printf("\n"); +#endif + + /* handle leftover */ + if (ctx->leftover) { + size_t want = (POLY1305_BLOCK_SIZE - ctx->leftover); + if (want > bytes) + want = bytes; + for (i = 0; i < want; i++) + ctx->buffer[ctx->leftover + i] = m[i]; + bytes -= want; + m += want; + ctx->leftover += want; + if (ctx->leftover < POLY1305_BLOCK_SIZE) + return 0; + poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE); + ctx->leftover = 0; + } + + /* process full blocks */ + if (bytes >= POLY1305_BLOCK_SIZE) { + size_t want = (bytes & ~(POLY1305_BLOCK_SIZE - 1)); + poly1305_blocks(ctx, m, want); + m += want; + bytes -= want; + } + + /* store leftover */ + if (bytes) { + for (i = 0; i < bytes; i++) + ctx->buffer[ctx->leftover + i] = m[i]; + ctx->leftover += bytes; + } + + return 0; +} +#endif /* HAVE_POLY1305 */ + diff --git a/ctaocrypt/src/port.c b/ctaocrypt/src/port.c new file mode 100644 index 000000000..c51062185 --- /dev/null +++ b/ctaocrypt/src/port.c @@ -0,0 +1,436 @@ +/* port.c + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include + + +#ifdef _MSC_VER + /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ + #pragma warning(disable: 4996) +#endif + + + +#ifdef SINGLE_THREADED + +int InitMutex(CyaSSL_Mutex* m) +{ + (void)m; + return 0; +} + + +int FreeMutex(CyaSSL_Mutex *m) +{ + (void)m; + return 0; +} + + +int LockMutex(CyaSSL_Mutex *m) +{ + (void)m; + return 0; +} + + +int UnLockMutex(CyaSSL_Mutex *m) +{ + (void)m; + return 0; +} + +#else /* MULTI_THREAD */ + + #if defined(FREERTOS) + + int InitMutex(CyaSSL_Mutex* m) + { + int iReturn; + + *m = ( CyaSSL_Mutex ) xSemaphoreCreateMutex(); + if( *m != NULL ) + iReturn = 0; + else + iReturn = BAD_MUTEX_E; + + return iReturn; + } + + int FreeMutex(CyaSSL_Mutex* m) + { + vSemaphoreDelete( *m ); + return 0; + } + + int LockMutex(CyaSSL_Mutex* m) + { + /* Assume an infinite block, or should there be zero block? */ + xSemaphoreTake( *m, portMAX_DELAY ); + return 0; + } + + int UnLockMutex(CyaSSL_Mutex* m) + { + xSemaphoreGive( *m ); + return 0; + } + + #elif defined(CYASSL_SAFERTOS) + + int InitMutex(CyaSSL_Mutex* m) + { + vSemaphoreCreateBinary(m->mutexBuffer, m->mutex); + if (m->mutex == NULL) + return BAD_MUTEX_E; + + return 0; + } + + int FreeMutex(CyaSSL_Mutex* m) + { + (void)m; + return 0; + } + + int LockMutex(CyaSSL_Mutex* m) + { + /* Assume an infinite block */ + xSemaphoreTake(m->mutex, portMAX_DELAY); + return 0; + } + + int UnLockMutex(CyaSSL_Mutex* m) + { + xSemaphoreGive(m->mutex); + return 0; + } + + + #elif defined(USE_WINDOWS_API) + + int InitMutex(CyaSSL_Mutex* m) + { + InitializeCriticalSection(m); + return 0; + } + + + int FreeMutex(CyaSSL_Mutex* m) + { + DeleteCriticalSection(m); + return 0; + } + + + int LockMutex(CyaSSL_Mutex* m) + { + EnterCriticalSection(m); + return 0; + } + + + int UnLockMutex(CyaSSL_Mutex* m) + { + LeaveCriticalSection(m); + return 0; + } + + #elif defined(CYASSL_PTHREADS) + + int InitMutex(CyaSSL_Mutex* m) + { + if (pthread_mutex_init(m, 0) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int FreeMutex(CyaSSL_Mutex* m) + { + if (pthread_mutex_destroy(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int LockMutex(CyaSSL_Mutex* m) + { + if (pthread_mutex_lock(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int UnLockMutex(CyaSSL_Mutex* m) + { + if (pthread_mutex_unlock(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + #elif defined(THREADX) + + int InitMutex(CyaSSL_Mutex* m) + { + if (tx_mutex_create(m, "CyaSSL Mutex", TX_NO_INHERIT) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int FreeMutex(CyaSSL_Mutex* m) + { + if (tx_mutex_delete(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int LockMutex(CyaSSL_Mutex* m) + { + if (tx_mutex_get(m, TX_WAIT_FOREVER) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int UnLockMutex(CyaSSL_Mutex* m) + { + if (tx_mutex_put(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + #elif defined(MICRIUM) + + int InitMutex(CyaSSL_Mutex* m) + { + #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) + if (NetSecure_OS_MutexCreate(m) == 0) + return 0; + else + return BAD_MUTEX_E; + #else + return 0; + #endif + } + + + int FreeMutex(CyaSSL_Mutex* m) + { + #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) + if (NetSecure_OS_FreeMutex(m) == 0) + return 0; + else + return BAD_MUTEX_E; + #else + return 0; + #endif + } + + + int LockMutex(CyaSSL_Mutex* m) + { + #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) + if (NetSecure_OS_LockMutex(m) == 0) + return 0; + else + return BAD_MUTEX_E; + #else + return 0; + #endif + } + + + int UnLockMutex(CyaSSL_Mutex* m) + { + #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) + if (NetSecure_OS_UnLockMutex(m) == 0) + return 0; + else + return BAD_MUTEX_E; + #else + return 0; + #endif + + } + + #elif defined(EBSNET) + + int InitMutex(CyaSSL_Mutex* m) + { + if (rtp_sig_mutex_alloc(m, "CyaSSL Mutex") == -1) + return BAD_MUTEX_E; + else + return 0; + } + + int FreeMutex(CyaSSL_Mutex* m) + { + rtp_sig_mutex_free(*m); + return 0; + } + + int LockMutex(CyaSSL_Mutex* m) + { + if (rtp_sig_mutex_claim_timed(*m, RTIP_INF) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + int UnLockMutex(CyaSSL_Mutex* m) + { + rtp_sig_mutex_release(*m); + return 0; + } + + #elif defined(FREESCALE_MQX) + + int InitMutex(CyaSSL_Mutex* m) + { + if (_mutex_init(m, NULL) == MQX_EOK) + return 0; + else + return BAD_MUTEX_E; + } + + int FreeMutex(CyaSSL_Mutex* m) + { + if (_mutex_destroy(m) == MQX_EOK) + return 0; + else + return BAD_MUTEX_E; + } + + int LockMutex(CyaSSL_Mutex* m) + { + if (_mutex_lock(m) == MQX_EOK) + return 0; + else + return BAD_MUTEX_E; + } + + int UnLockMutex(CyaSSL_Mutex* m) + { + if (_mutex_unlock(m) == MQX_EOK) + return 0; + else + return BAD_MUTEX_E; + } + + #elif defined(CYASSL_MDK_ARM)|| defined(CYASSL_CMSIS_RTOS) + + #if defined(CYASSL_CMSIS_RTOS) + #include "cmsis_os.h" + #define CMSIS_NMUTEX 10 + osMutexDef(CyaSSL_mt0) ; osMutexDef(CyaSSL_mt1) ; osMutexDef(CyaSSL_mt2) ; + osMutexDef(CyaSSL_mt3) ; osMutexDef(CyaSSL_mt4) ; osMutexDef(CyaSSL_mt5) ; + osMutexDef(CyaSSL_mt6) ; osMutexDef(CyaSSL_mt7) ; osMutexDef(CyaSSL_mt8) ; + osMutexDef(CyaSSL_mt9) ; + + static const osMutexDef_t *CMSIS_mutex[] = { osMutex(CyaSSL_mt0), + osMutex(CyaSSL_mt1), osMutex(CyaSSL_mt2), osMutex(CyaSSL_mt3), + osMutex(CyaSSL_mt4), osMutex(CyaSSL_mt5), osMutex(CyaSSL_mt6), + osMutex(CyaSSL_mt7), osMutex(CyaSSL_mt8), osMutex(CyaSSL_mt9) } ; + + static osMutexId CMSIS_mutexID[CMSIS_NMUTEX] = {0} ; + + int InitMutex(CyaSSL_Mutex* m) + { + int i ; + for (i=0; i #include #if defined(HAVE_HASHDRBG) || defined(NO_RC4) - #include #ifdef NO_INLINE @@ -80,16 +74,9 @@ #define NONCE_SZ (ENTROPY_SZ/2) #define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ) -/* Internal return codes */ -#define DRBG_SUCCESS 0 -#define DRBG_ERROR 1 -#define DRBG_FAILURE 2 -#define DRBG_NEED_RESEED 3 - -/* RNG health states */ -#define DRBG_NOT_INIT 0 -#define DRBG_OK 1 -#define DRBG_FAILED 2 +#define DRBG_SUCCESS 0 +#define DRBG_ERROR 1 +#define DRBG_NEED_RESEED 2 enum { @@ -101,11 +88,10 @@ enum { }; -/* Hash Derivation Function */ -/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, - const byte* inA, word32 inASz, - const byte* inB, word32 inBSz) + byte* inA, word32 inASz, + byte* inB, word32 inBSz, + byte* inC, word32 inCSz) { byte ctr; int i; @@ -121,29 +107,33 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, for (i = 0, ctr = 1; i < len; i++, ctr++) { if (InitSha256(&rng->sha) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; if (Sha256Update(&rng->sha, &ctr, sizeof(ctr)) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; if (Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits)) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; /* churning V is the only string that doesn't have * the type added */ if (type != drbgInitV) if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; if (Sha256Update(&rng->sha, inA, inASz) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; if (inB != NULL && inBSz > 0) if (Sha256Update(&rng->sha, inB, inBSz) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; + + if (inC != NULL && inCSz > 0) + if (Sha256Update(&rng->sha, inC, inCSz) != 0) + return DRBG_ERROR; if (Sha256Final(&rng->sha, rng->digest) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; if (outSz > OUTPUT_BLOCK_LEN) { XMEMCPY(out, rng->digest, OUTPUT_BLOCK_LEN); @@ -159,26 +149,26 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, } -/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ -static int Hash_DRBG_Reseed(RNG* rng, const byte* entropy, word32 entropySz) +static int Hash_DRBG_Reseed(RNG* rng, byte* entropy, word32 entropySz) { + int ret; byte seed[DRBG_SEED_LEN]; - if (Hash_df(rng, seed, sizeof(seed), drbgReseed, rng->V, sizeof(rng->V), - entropy, entropySz) != DRBG_SUCCESS) { - return DRBG_FAILURE; - } + ret = Hash_df(rng, seed, sizeof(seed), drbgReseed, rng->V, sizeof(rng->V), + entropy, entropySz, NULL, 0); + if (ret != 0) + return ret; XMEMCPY(rng->V, seed, sizeof(rng->V)); XMEMSET(seed, 0, sizeof(seed)); - if (Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, - sizeof(rng->V), NULL, 0) != DRBG_SUCCESS) { - return DRBG_FAILURE; - } + ret = Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, + sizeof(rng->V), NULL, 0, NULL, 0); + if (ret != 0) + return ret; rng->reseedCtr = 1; - return DRBG_SUCCESS; + return 0; } static INLINE void array_add_one(byte* data, word32 dataSz) @@ -192,23 +182,26 @@ static INLINE void array_add_one(byte* data, word32 dataSz) } } - -/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ -static int Hash_gen(RNG* rng, byte* out, word32 outSz, const byte* V) +static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V) { byte data[DRBG_SEED_LEN]; - int i; + int i, ret; int len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); XMEMCPY(data, V, sizeof(data)); for (i = 0; i < len; i++) { - if (InitSha256(&rng->sha) != 0 || - Sha256Update(&rng->sha, data, sizeof(data)) != 0 || - Sha256Final(&rng->sha, rng->digest) != 0) { + ret = InitSha256(&rng->sha); + if (ret != 0) + return ret; - return DRBG_FAILURE; - } + ret = Sha256Update(&rng->sha, data, sizeof(data)); + if (ret != 0) + return ret; + + ret = Sha256Final(&rng->sha, rng->digest); + if (ret != 0) + return ret; if (outSz > OUTPUT_BLOCK_LEN) { XMEMCPY(out, rng->digest, OUTPUT_BLOCK_LEN); @@ -222,11 +215,11 @@ static int Hash_gen(RNG* rng, byte* out, word32 outSz, const byte* V) } XMEMSET(data, 0, sizeof(data)); - return DRBG_SUCCESS; + return 0; } -static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) +static INLINE void array_add(byte* d, word32 dLen, byte* s, word32 sLen) { word16 carry = 0; @@ -245,67 +238,74 @@ static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) } -/* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */ static int Hash_DRBG_Generate(RNG* rng, byte* out, word32 outSz) { - int ret = DRBG_NEED_RESEED; + int ret; if (rng->reseedCtr != RESEED_INTERVAL) { byte type = drbgGenerateH; word32 reseedCtr = rng->reseedCtr; rng->reseedCtr++; - if (Hash_gen(rng, out, outSz, rng->V) != 0 || - InitSha256(&rng->sha) != 0 || - Sha256Update(&rng->sha, &type, sizeof(type)) != 0 || - Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0 || - Sha256Final(&rng->sha, rng->digest) != 0) { + if (Hash_gen(rng, out, outSz, rng->V) != 0) + return DRBG_ERROR; + if (InitSha256(&rng->sha) != 0) + return DRBG_ERROR; + if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0) + return DRBG_ERROR; + if (Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0) + return DRBG_ERROR; + if (Sha256Final(&rng->sha, rng->digest) != 0) + return DRBG_ERROR; - ret = DRBG_FAILURE; - } - else { - array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest)); - array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C)); - #ifdef LITTLE_ENDIAN_ORDER - reseedCtr = ByteReverseWord32(reseedCtr); - #endif - array_add(rng->V, sizeof(rng->V), - (byte*)&reseedCtr, sizeof(reseedCtr)); - ret = DRBG_SUCCESS; - } - } - - return ret; -} - - -/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ -static int Hash_DRBG_Instantiate(RNG* rng, const byte* seed, word32 seedSz, - const byte* nonce, word32 nonceSz) -{ - int ret = DRBG_FAILURE; - - XMEMSET(rng, 0, sizeof(*rng)); - - if (Hash_df(rng, rng->V, sizeof(rng->V), drbgInitV, seed, seedSz, - nonce, nonceSz) == DRBG_SUCCESS && - Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, - sizeof(rng->V), NULL, 0) == DRBG_SUCCESS) { - - rng->reseedCtr = 1; + array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest)); + array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C)); + #ifdef LITTLE_ENDIAN_ORDER + reseedCtr = ByteReverseWord32(reseedCtr); + #endif + array_add(rng->V, sizeof(rng->V), (byte*)&reseedCtr, sizeof(reseedCtr)); ret = DRBG_SUCCESS; } - + else { + ret = DRBG_NEED_RESEED; + } return ret; } -/* Returns: DRBG_SUCCESS */ +static int Hash_DRBG_Instantiate(RNG* rng, byte* seed, word32 seedSz, + byte* nonce, word32 nonceSz, byte* personal, word32 personalSz) +{ + int ret; + + XMEMSET(rng, 0, sizeof(*rng)); + ret = Hash_df(rng, rng->V, sizeof(rng->V), drbgInitV, seed, seedSz, + nonce, nonceSz, personal, personalSz); + + if (ret != 0) + return ret; + + ret = Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, + sizeof(rng->V), NULL, 0, NULL, 0); + if (ret != 0) + return ret; + + rng->reseedCtr = 1; + + return 0; +} + + static int Hash_DRBG_Uninstantiate(RNG* rng) { - XMEMSET(rng, 0, sizeof(*rng)); + int result = DRBG_ERROR; - return DRBG_SUCCESS; + if (rng != NULL) { + XMEMSET(rng, 0, sizeof(*rng)); + result = DRBG_SUCCESS; + } + + return result; } /* End NIST DRBG Code */ @@ -314,27 +314,17 @@ static int Hash_DRBG_Uninstantiate(RNG* rng) /* Get seed and key cipher */ int InitRng(RNG* rng) { - int ret = BAD_FUNC_ARG; + byte entropy[ENTROPY_NONCE_SZ]; + int ret = DRBG_ERROR; - if (rng != NULL) { - byte entropy[ENTROPY_NONCE_SZ]; + /* This doesn't use a separate nonce. The entropy input will be + * the default size plus the size of the nonce making the seed + * size. */ + if (GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0) + ret = Hash_DRBG_Instantiate(rng, entropy, ENTROPY_NONCE_SZ, + NULL, 0, NULL, 0); - /* This doesn't use a separate nonce. The entropy input will be - * the default size plus the size of the nonce making the seed - * size. */ - if (GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0 && - Hash_DRBG_Instantiate(rng, entropy, ENTROPY_NONCE_SZ, - NULL, 0) == DRBG_SUCCESS) { - rng->status = DRBG_OK; - ret = 0; - } - else { - rng->status = DRBG_FAILED; - ret = RNG_FAILURE_E; - } - - XMEMSET(entropy, 0, ENTROPY_NONCE_SZ); - } + XMEMSET(entropy, 0, ENTROPY_NONCE_SZ); return ret; } @@ -345,36 +335,24 @@ int RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) { int ret; - if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN) - return BAD_FUNC_ARG; - - if (rng->status != DRBG_OK) - return RNG_FAILURE_E; - + XMEMSET(output, 0, sz); ret = Hash_DRBG_Generate(rng, output, sz); - if (ret == DRBG_SUCCESS) { - ret = 0; - } - else if (ret == DRBG_NEED_RESEED) { + + if (ret == DRBG_NEED_RESEED) { byte entropy[ENTROPY_SZ]; - if (GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 && - Hash_DRBG_Reseed(rng, entropy, ENTROPY_SZ) == DRBG_SUCCESS && - Hash_DRBG_Generate(rng, output, sz) == DRBG_SUCCESS) { + ret = GenerateSeed(&rng->seed, entropy, ENTROPY_SZ); + if (ret == 0) { + ret = Hash_DRBG_Reseed(rng, entropy, ENTROPY_SZ); - ret = 0; - } - else { - ret = RNG_FAILURE_E; - rng->status = DRBG_FAILED; + if (ret == 0) + ret = Hash_DRBG_Generate(rng, output, sz); } + else + ret = DRBG_ERROR; XMEMSET(entropy, 0, ENTROPY_SZ); } - else { - ret = RNG_FAILURE_E; - rng->status = DRBG_FAILED; - } return ret; } @@ -386,59 +364,11 @@ int RNG_GenerateByte(RNG* rng, byte* b) } -int FreeRng(RNG* rng) +void FreeRng(RNG* rng) { - int ret = BAD_FUNC_ARG; - - if (rng != NULL) { - if (Hash_DRBG_Uninstantiate(rng) == DRBG_SUCCESS) - ret = 0; - else - ret = RNG_FAILURE_E; - } - - return ret; + Hash_DRBG_Uninstantiate(rng); } - -int RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, - const byte* entropyB, word32 entropyBSz, - const byte* output, word32 outputSz) -{ - RNG rng; - byte check[SHA256_DIGEST_SIZE * 4]; - - if (Hash_DRBG_Instantiate(&rng, entropyA, entropyASz, NULL, 0) != 0) - return -1; - - if (reseed) { - if (Hash_DRBG_Reseed(&rng, entropyB, entropyBSz) != 0) { - Hash_DRBG_Uninstantiate(&rng); - return -1; - } - } - - if (Hash_DRBG_Generate(&rng, check, sizeof(check)) != 0) { - Hash_DRBG_Uninstantiate(&rng); - return -1; - } - - if (Hash_DRBG_Generate(&rng, check, sizeof(check)) != 0) { - Hash_DRBG_Uninstantiate(&rng); - return -1; - } - - if (outputSz != sizeof(check) || XMEMCMP(output, check, sizeof(check))) { - Hash_DRBG_Uninstantiate(&rng); - return -1; - } - - Hash_DRBG_Uninstantiate(&rng); - - return 0; -} - - #else /* HAVE_HASHDRBG || NO_RC4 */ /* Get seed and key cipher */ diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index c2c5d7f4e..0a3b2e11a 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -48,12 +48,14 @@ #include #include #include +#include #include #include #include #include #include #include +#include #include #include #ifdef HAVE_ECC @@ -101,7 +103,7 @@ #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "crypto_ntru.h" #endif #ifdef HAVE_CAVIUM #include "cavium_sysdep.h" @@ -152,9 +154,11 @@ int hkdf_test(void); int arc4_test(void); int hc128_test(void); int rabbit_test(void); +int chacha_test(void); int des_test(void); int des3_test(void); int aes_test(void); +int poly1305_test(void); int aesgcm_test(void); int gmac_test(void); int aesccm_test(void); @@ -367,6 +371,13 @@ void ctaocrypt_test(void* args) printf( "Rabbit test passed!\n"); #endif +#ifdef HAVE_CHACHA + if ( (ret = chacha_test()) != 0) + err_sys("Chacha test failed!\n", ret); + else + printf( "Chacha test passed!\n"); +#endif + #ifndef NO_DES3 if ( (ret = des_test()) != 0) err_sys("DES test failed!\n", ret); @@ -387,6 +398,13 @@ void ctaocrypt_test(void* args) else printf( "AES test passed!\n"); +#ifdef HAVE_POLY1305 + if ( (ret = poly1305_test()) != 0) + err_sys("POLY1305 test failed!\n", ret); + else + printf( "POLY1305 test passed!\n"); +#endif + #ifdef HAVE_AESGCM if ( (ret = aesgcm_test()) != 0) err_sys("AES-GCM test failed!\n", ret); @@ -1800,6 +1818,107 @@ int rabbit_test(void) #endif /* NO_RABBIT */ +#ifdef HAVE_CHACHA +int chacha_test(void) +{ + byte cipher[32]; + byte plain[32]; + byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + word32 keySz; + int i; + int times = 4; + + const byte key1[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + const byte key2[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + + const byte key3[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + /* 128 bit key */ + const byte key4[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + + const byte* keys[] = {key1, key2, key3, key4}; + + const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01}; + const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + + + const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4}; + + + byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90}; + byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96}; + byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5}; + byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd}; + + byte* test_chacha[4]; + + test_chacha[0] = a; + test_chacha[1] = b; + test_chacha[2] = c; + test_chacha[3] = d; + + for (i = 0; i < times; ++i) { + if (i < 3) { + keySz = 32; + } + else { + keySz = 16; + } + ChaCha enc; + ChaCha dec; + + XMEMCPY(plain, keys[i], keySz); + XMEMSET(cipher, 0, 32); + XMEMCPY(cipher + 4, ivs[i], 8); + + Chacha_SetKey(&enc, keys[i], keySz); + Chacha_SetKey(&dec, keys[i], keySz); + + Chacha_SetIV(&enc, cipher,0); + Chacha_SetIV(&dec, cipher,0); + XMEMCPY(plain, input, 8); + + Chacha_Process(&enc, cipher, plain, (word32)8); + Chacha_Process(&dec, plain, cipher, (word32)8); + + if (memcmp(test_chacha[i], cipher, 8)) + return -130 - 5 - i; + + if (memcmp(plain, input, 8)) + return -130 - i; + } + + return 0; +} +#endif /* HAVE_CHACHA */ + + #ifndef NO_DES3 int des_test(void) { @@ -2110,6 +2229,96 @@ int aes_test(void) return 0; } +#ifdef HAVE_POLY1305 +int poly1305_test(void) +{ + int ret = 0; + int i; + byte tag[16]; + Poly1305 enc; + + const byte msg[] = + { + 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72, + 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f, + 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65, + 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f, + 0x75,0x70 + }; + + const byte msg2[] = + { + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72, + 0x6c,0x64,0x21 + }; + + const byte msg3[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + const byte correct[] = + { + 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6, + 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9 + + }; + + const byte correct2[] = + { + 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16, + 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0 + }; + + const byte correct3[] = + { + 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6, + 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07 + }; + + const byte key[] = { + 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33, + 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8, + 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd, + 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b + }; + + const byte key2[] = { + 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20, + 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20, + 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20, + 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35 + }; + + const byte* msgs[] = {msg, msg2, msg3}; + word32 szm[] = {sizeof(msg),sizeof(msg2),sizeof(msg3)}; + const byte* keys[] = {key, key2, key2}; + const byte* tests[] = {correct, correct2, correct3}; + + for (i = 0; i < 3; i++) { + ret = Poly1305SetKey(&enc, keys[i], 32); + if (ret != 0) + return -1001; + + ret = Poly1305Update(&enc, msgs[i], szm[i]); + if (ret != 0) + return -1005; + + ret = Poly1305Final(&enc, tag); + if (ret != 0) + return -60; + + if (memcmp(tag, tests[i], sizeof(tag))) + return -61; + } + + return 0; +} +#endif /* HAVE_POLY1305 */ + #ifdef HAVE_AESGCM int aesgcm_test(void) { @@ -2581,74 +2790,6 @@ int camellia_test(void) #endif /* HAVE_CAMELLIA */ -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) - -int random_test(void) -{ - const byte test1Entropy[] = - { - 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3, - 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19, - 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31, - 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e - }; - const byte test1Output[] = - { - 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64, - 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5, - 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3, - 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11, - 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81, - 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63, - 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7, - 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c, - 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91, - 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d, - 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf - }; - const byte test2EntropyA[] = - { - 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4, - 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00, - 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f, - 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68 - }; - const byte test2EntropyB[] = - { - 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3, - 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22, - 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3 - }; - const byte test2Output[] = - { - 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb, - 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79, - 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc, - 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac, - 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71, - 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0, - 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8, - 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d, - 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22, - 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07, - 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17 - }; - int ret; - - ret = RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0, - test1Output, sizeof(test1Output)); - if (ret != 0) return -39; - - ret = RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA), - test2EntropyB, sizeof(test2EntropyB), - test2Output, sizeof(test2Output)); - if (ret != 0) return -40; - - return 0; -} - -#else /* HAVE_HASHDRBG || NO_RC4 */ - int random_test(void) { RNG rng; @@ -2668,8 +2809,6 @@ int random_test(void) return 0; } -#endif /* HAVE_HASHDRBG || NO_RC4 */ - #ifdef HAVE_NTRU @@ -2858,8 +2997,8 @@ int rsa_test(void) int pemSz = 0; RsaKey derIn; RsaKey genKey; - FILE* keyFile; - FILE* pemFile; + FILE* keyFile; + FILE* pemFile; ret = InitRsaKey(&genKey, 0); if (ret != 0) @@ -3053,7 +3192,7 @@ int rsa_test(void) int pemSz; size_t bytes3; word32 idx3 = 0; - FILE* file3 ; + FILE* file3 ; #ifdef CYASSL_TEST_CERT DecodedCert decode; #endif @@ -3354,46 +3493,38 @@ int rsa_test(void) static uint8_t const pers_str[] = { 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't' }; - word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, - sizeof(pers_str), GetEntropy, &drbg); + word32 rc = crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), + GetEntropy, &drbg); if (rc != DRBG_OK) { - free(derCert); - free(pem); - return -448; - } - - rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, - &public_key_len, NULL, - &private_key_len, NULL); - if (rc != NTRU_OK) { - free(derCert); - free(pem); - return -449; - } - - rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, - &public_key_len, public_key, - &private_key_len, private_key); - if (rc != NTRU_OK) { free(derCert); free(pem); return -450; } - rc = ntru_crypto_drbg_uninstantiate(drbg); - + rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, + NULL, &private_key_len, NULL); if (rc != NTRU_OK) { free(derCert); free(pem); return -451; } + rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, + public_key, &private_key_len, private_key); + crypto_drbg_uninstantiate(drbg); + + if (rc != NTRU_OK) { + free(derCert); + free(pem); + return -452; + } + caFile = fopen(caKeyFile, "rb"); if (!caFile) { free(derCert); free(pem); - return -452; + return -453; } bytes = fread(tmp, 1, FOURK_BUF, caFile); @@ -3403,7 +3534,7 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); - return -453; + return -459; } ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); if (ret != 0) { @@ -3780,7 +3911,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_md5()); - EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen); + EVP_DigestUpdate(&md_ctx, a.input, a.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0) @@ -3797,7 +3928,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha1()); - EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen); + EVP_DigestUpdate(&md_ctx, b.input, b.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0) @@ -3814,7 +3945,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha256()); - EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen); + EVP_DigestUpdate(&md_ctx, d.input, d.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, d.output, SHA256_DIGEST_SIZE) != 0) @@ -3858,7 +3989,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha512()); - EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); + EVP_DigestUpdate(&md_ctx, f.input, f.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0) diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index 69d86abf3..c36dfd5f5 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -41,8 +41,6 @@ #if defined (__GNUC__) #define ALIGN16 __attribute__ ( (aligned (16))) #elif defined(_MSC_VER) - /* disable align warning, we want alignment ! */ - #pragma warning(disable: 4324) #define ALIGN16 __declspec (align (16)) #else #define ALIGN16 diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index bc51e529c..239c07491 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -189,7 +189,7 @@ enum Block_Sum { enum Key_Sum { DSAk = 515, RSAk = 645, - NTRUk = 274, + NTRUk = 364, ECDSAk = 518 }; @@ -340,8 +340,7 @@ struct DecodedCert { #endif /* HAVE_OCSP */ byte* signature; /* not owned, points into raw cert */ char* subjectCN; /* CommonName */ - int subjectCNLen; /* CommonName Length */ - char subjectCNEnc; /* CommonName Encoding */ + int subjectCNLen; int subjectCNStored; /* have we saved a copy we own */ char issuer[ASN_NAME_MAX]; /* full name including common name */ char subject[ASN_NAME_MAX]; /* full name including common name */ @@ -412,22 +411,16 @@ struct DecodedCert { /* easy access to subject info for other sign */ char* subjectSN; int subjectSNLen; - char subjectSNEnc; char* subjectC; int subjectCLen; - char subjectCEnc; char* subjectL; int subjectLLen; - char subjectLEnc; char* subjectST; int subjectSTLen; - char subjectSTEnc; char* subjectO; int subjectOLen; - char subjectOEnc; char* subjectOU; int subjectOULen; - char subjectOUEnc; char* subjectEmail; int subjectEmailLen; #endif /* CYASSL_CERT_GEN */ diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index 34c899dc0..3ad601709 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -62,11 +62,6 @@ enum Ctc_SigType { CTC_SHA512wECDSA = 526 }; -enum Ctc_Encoding { - CTC_UTF8 = 0x0c, /* utf8 */ - CTC_PRINTABLE = 0x13 /* printable */ -}; - #ifdef CYASSL_CERT_GEN @@ -75,27 +70,20 @@ enum Ctc_Encoding { #endif enum Ctc_Misc { - CTC_NAME_SIZE = 64, - CTC_DATE_SIZE = 32, - CTC_MAX_ALT_SIZE = 16384, /* may be huge */ - CTC_SERIAL_SIZE = 8 + CTC_NAME_SIZE = 64, + CTC_DATE_SIZE = 32, + CTC_MAX_ALT_SIZE = 8192, /* may be huge */ + CTC_SERIAL_SIZE = 8 }; typedef struct CertName { char country[CTC_NAME_SIZE]; - char countryEnc; char state[CTC_NAME_SIZE]; - char stateEnc; char locality[CTC_NAME_SIZE]; - char localityEnc; char sur[CTC_NAME_SIZE]; - char surEnc; char org[CTC_NAME_SIZE]; - char orgEnc; char unit[CTC_NAME_SIZE]; - char unitEnc; char commonName[CTC_NAME_SIZE]; - char commonNameEnc; char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */ } CertName; diff --git a/cyassl/ctaocrypt/chacha.h b/cyassl/ctaocrypt/chacha.h new file mode 100644 index 000000000..baad676af --- /dev/null +++ b/cyassl/ctaocrypt/chacha.h @@ -0,0 +1,55 @@ +/* chacha.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef CHACHA_H +#define CHACHA_H + +#include "types.h" + +#ifdef __cplusplus + extern "C" { +#endif + + +enum { + CHACHA_ENC_TYPE = 7 /* cipher unique type */ +}; + +typedef struct ChaCha { + word32 X[16]; /* state of cipher */ +} ChaCha; + +CYASSL_API int Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain, + word32 msglen); +CYASSL_API int Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz); + +/** + * IV(nonce) changes with each record + * counter is for what value the block counter should start ... usually 0 + */ +CYASSL_API int Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif + diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index 0c8f64006..13da7e28a 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -82,9 +82,9 @@ typedef struct Des3 { CYASSL_API int Des_SetKey(Des* des, const byte* key, const byte* iv, int dir); CYASSL_API void Des_SetIV(Des* des, const byte* iv); -CYASSL_API int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz); -CYASSL_API int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); -CYASSL_API int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz); +CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz); +CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); +CYASSL_API void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz); CYASSL_API int Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir); CYASSL_API int Des3_SetIV(Des3* des, const byte* iv); diff --git a/cyassl/ctaocrypt/error-crypt.h b/cyassl/ctaocrypt/error-crypt.h index ced5a4748..113d2d73a 100644 --- a/cyassl/ctaocrypt/error-crypt.h +++ b/cyassl/ctaocrypt/error-crypt.h @@ -125,14 +125,11 @@ enum { FIPS_NOT_ALLOWED_E = -197, /* FIPS not allowed error */ ASN_NAME_INVALID_E = -198, /* ASN name constraint error */ - RNG_FAILURE_E = -199, /* RNG Failed, Reinitialize */ - MIN_CODE_E = -200 /* errors -101 - -199 */ }; CYASSL_API void CTaoCryptErrorString(int err, char* buff); -CYASSL_API const char* CTaoCryptGetErrorString(int error); #ifdef __cplusplus diff --git a/cyassl/ctaocrypt/include.am b/cyassl/ctaocrypt/include.am index b3cf210a4..2f71f6ebd 100644 --- a/cyassl/ctaocrypt/include.am +++ b/cyassl/ctaocrypt/include.am @@ -6,6 +6,7 @@ nobase_include_HEADERS+= \ cyassl/ctaocrypt/arc4.h \ cyassl/ctaocrypt/asn.h \ cyassl/ctaocrypt/asn_public.h \ + cyassl/ctaocrypt/poly1305.h \ cyassl/ctaocrypt/camellia.h \ cyassl/ctaocrypt/coding.h \ cyassl/ctaocrypt/compress.h \ @@ -23,9 +24,10 @@ nobase_include_HEADERS+= \ cyassl/ctaocrypt/md5.h \ cyassl/ctaocrypt/misc.h \ cyassl/ctaocrypt/pkcs7.h \ - cyassl/ctaocrypt/wc_port.h \ + cyassl/ctaocrypt/port.h \ cyassl/ctaocrypt/pwdbased.h \ cyassl/ctaocrypt/rabbit.h \ + cyassl/ctaocrypt/chacha.h \ cyassl/ctaocrypt/random.h \ cyassl/ctaocrypt/ripemd.h \ cyassl/ctaocrypt/rsa.h \ diff --git a/cyassl/ctaocrypt/integer.h b/cyassl/ctaocrypt/integer.h index 77b5552c7..8f20f901b 100644 --- a/cyassl/ctaocrypt/integer.h +++ b/cyassl/ctaocrypt/integer.h @@ -70,10 +70,6 @@ extern "C" { #define MP_64BIT #endif #endif -/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */ -#if defined(MP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T) - #undef MP_64BIT -#endif /* some default configurations. * diff --git a/cyassl/ctaocrypt/poly1305.h b/cyassl/ctaocrypt/poly1305.h new file mode 100644 index 000000000..9584305f9 --- /dev/null +++ b/cyassl/ctaocrypt/poly1305.h @@ -0,0 +1,88 @@ +/* poly1305.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifdef HAVE_POLY1305 + +#ifndef CTAO_CRYPT_POLY1305_H +#define CTAO_CRYPT_POLY1305_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +//#define POLY1305_BLOCK_SIZE 16 + +/* auto detect between 32bit / 64bit */ +#define HAS_SIZEOF_INT128_64BIT (defined(__SIZEOF_INT128__) && defined(__LP64__)) +#define HAS_MSVC_64BIT (defined(_MSC_VER) && defined(_M_X64)) +#define HAS_GCC_4_4_64BIT (defined(__GNUC__) && defined(__LP64__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)))) + +#if (HAS_SIZEOF_INT128_64BIT || HAS_MSVC_64BIT || HAS_GCC_4_4_64BIT) +#define POLY130564 +#else +#define POLY130532 +#endif + +enum { + POLY1305 = 7, + POLY1305_BLOCK_SIZE = 16, + POLY1305_DIGEST_SIZE = 16, + POLY1305_PAD_SIZE = 56 +}; + + +/* Poly1305 state */ +typedef struct Poly1305 { +#ifdef POLY130564 + word64 r[3]; + word64 h[3]; + word64 pad[2]; + size_t leftover; + unsigned char buffer[POLY1305_BLOCK_SIZE]; + unsigned char final; +#else + word32 r[5]; + word32 h[5]; + word32 pad[4]; + size_t leftover; + unsigned char buffer[POLY1305_BLOCK_SIZE]; + unsigned char final; +#endif +} Poly1305; + + +/* does init */ + +CYASSL_API int Poly1305SetKey(Poly1305* poly1305, const byte* key, word32 kySz); +CYASSL_API int Poly1305Update(Poly1305* poly1305, const byte*, word32); +CYASSL_API int Poly1305Final(Poly1305* poly1305, byte* tag); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* CTAO_CRYPT_POLY1305_H */ + +#endif /* HAVE_POLY1305 */ + diff --git a/cyassl/ctaocrypt/port.h b/cyassl/ctaocrypt/port.h new file mode 100644 index 000000000..9f8a46d80 --- /dev/null +++ b/cyassl/ctaocrypt/port.h @@ -0,0 +1,195 @@ +/* port.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifndef CTAO_CRYPT_PORT_H +#define CTAO_CRYPT_PORT_H + + +#ifdef __cplusplus + extern "C" { +#endif + + +#ifdef USE_WINDOWS_API + #ifdef CYASSL_GAME_BUILD + #include "system/xtl.h" + #else + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) + /* On WinCE winsock2.h must be included before windows.h */ + #include + #endif + #include + #endif +#elif defined(THREADX) + #ifndef SINGLE_THREADED + #include "tx_api.h" + #endif +#elif defined(MICRIUM) + /* do nothing, just don't pick Unix */ +#elif defined(FREERTOS) || defined(CYASSL_SAFERTOS) + /* do nothing */ +#elif defined(EBSNET) + /* do nothing */ +#elif defined(FREESCALE_MQX) + /* do nothing */ +#elif defined(CYASSL_MDK_ARM) + #if defined(CYASSL_MDK5) + #include "cmsis_os.h" + #else + #include + #endif +#elif defined(CYASSL_CMSIS_RTOS) + #include "cmsis_os.h" +#else + #ifndef SINGLE_THREADED + #define CYASSL_PTHREADS + #include + #endif + #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) + #include /* for close of BIO */ + #endif +#endif + + +#ifdef SINGLE_THREADED + typedef int CyaSSL_Mutex; +#else /* MULTI_THREADED */ + /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */ + #ifdef FREERTOS + typedef xSemaphoreHandle CyaSSL_Mutex; + #elif defined(CYASSL_SAFERTOS) + typedef struct CyaSSL_Mutex { + signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES]; + xSemaphoreHandle mutex; + } CyaSSL_Mutex; + #elif defined(USE_WINDOWS_API) + typedef CRITICAL_SECTION CyaSSL_Mutex; + #elif defined(CYASSL_PTHREADS) + typedef pthread_mutex_t CyaSSL_Mutex; + #elif defined(THREADX) + typedef TX_MUTEX CyaSSL_Mutex; + #elif defined(MICRIUM) + typedef OS_MUTEX CyaSSL_Mutex; + #elif defined(EBSNET) + typedef RTP_MUTEX CyaSSL_Mutex; + #elif defined(FREESCALE_MQX) + typedef MUTEX_STRUCT CyaSSL_Mutex; + #elif defined(CYASSL_MDK_ARM) + #if defined(CYASSL_CMSIS_RTOS) + typedef osMutexId CyaSSL_Mutex; + #else + typedef OS_MUT CyaSSL_Mutex; + #endif + #elif defined(CYASSL_CMSIS_RTOS) + typedef osMutexId CyaSSL_Mutex; + #else + #error Need a mutex type in multithreaded mode + #endif /* USE_WINDOWS_API */ +#endif /* SINGLE_THREADED */ + +CYASSL_LOCAL int InitMutex(CyaSSL_Mutex*); +CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*); +CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*); +CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*); + + +/* filesystem abstraction layer, used by ssl.c */ +#ifndef NO_FILESYSTEM + +#if defined(EBSNET) + #define XFILE int + #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0); + #define XFSEEK vf_lseek + #define XFTELL vf_tell + #define XREWIND vf_rewind + #define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT) + #define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT) + #define XFCLOSE vf_close + #define XSEEK_END VSEEK_END + #define XBADFILE -1 +#elif defined(LSR_FS) + #include + #define XFILE struct fs_file* + #define XFOPEN(NAME, MODE) fs_open((char*)NAME); + #define XFSEEK(F, O, W) (void)F + #define XFTELL(F) (F)->len + #define XREWIND(F) (void)F + #define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT) + #define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT) + #define XFCLOSE fs_close + #define XSEEK_END 0 + #define XBADFILE NULL +#elif defined(FREESCALE_MQX) + #define XFILE MQX_FILE_PTR + #define XFOPEN fopen + #define XFSEEK fseek + #define XFTELL ftell + #define XREWIND(F) fseek(F, 0, IO_SEEK_SET) + #define XFREAD fread + #define XFWRITE fwrite + #define XFCLOSE fclose + #define XSEEK_END IO_SEEK_END + #define XBADFILE NULL +#elif defined(MICRIUM) + #include + #define XFILE FS_FILE* + #define XFOPEN fs_fopen + #define XFSEEK fs_fseek + #define XFTELL fs_ftell + #define XREWIND fs_rewind + #define XFREAD fs_fread + #define XFWRITE fs_fwrite + #define XFCLOSE fs_fclose + #define XSEEK_END FS_SEEK_END + #define XBADFILE NULL +#else + /* stdio, default case */ + #define XFILE FILE* + #if defined(CYASSL_MDK_ARM) + #include + extern FILE * CyaSSL_fopen(const char *name, const char *mode) ; + #define XFOPEN CyaSSL_fopen + #else + #define XFOPEN fopen + #endif + #define XFSEEK fseek + #define XFTELL ftell + #define XREWIND rewind + #define XFREAD fread + #define XFWRITE fwrite + #define XFCLOSE fclose + #define XSEEK_END SEEK_END + #define XBADFILE NULL +#endif + +#endif /* NO_FILESYSTEM */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* CTAO_CRYPT_PORT_H */ + diff --git a/cyassl/ctaocrypt/random.h b/cyassl/ctaocrypt/random.h index 728c22209..8111ac494 100644 --- a/cyassl/ctaocrypt/random.h +++ b/cyassl/ctaocrypt/random.h @@ -84,7 +84,6 @@ typedef struct RNG { byte V[DRBG_SEED_LEN]; byte C[DRBG_SEED_LEN]; word32 reseedCtr; - byte status; } RNG; @@ -120,33 +119,10 @@ CYASSL_API int RNG_GenerateByte(RNG*, byte*); #if defined(HAVE_HASHDRBG) || defined(NO_RC4) - CYASSL_API int FreeRng(RNG*); - CYASSL_API int RNG_HealthTest(int reseed, - const byte* entropyA, word32 entropyASz, - const byte* entropyB, word32 entropyBSz, - const byte* output, word32 outputSz); + CYASSL_API void FreeRng(RNG*); #endif /* HAVE_HASHDRBG || NO_RC4 */ -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ - CYASSL_API int InitRng_fips(RNG* rng); - CYASSL_API int FreeRng_fips(RNG* rng); - CYASSL_API int RNG_GenerateBlock_fips(RNG* rng, byte* buf, word32 bufSz); - CYASSL_API int RNG_HealthTest_fips(int reseed, - const byte* entropyA, word32 entropyASz, - const byte* entropyB, word32 entropyBSz, - const byte* output, word32 outputSz); - #ifndef FIPS_NO_WRAPPERS - /* if not impl or fips.c impl wrapper force fips calls if fips build */ - #define InitRng InitRng_fips - #define FreeRng FreeRng_fips - #define RNG_GenerateBlock RNG_GenerateBlock_fips - #define RNG_HealthTest RNG_HealthTest_fips - #endif /* FIPS_NO_WRAPPERS */ -#endif /* HAVE_FIPS */ - - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index 57bb8290e..c8bd28f14 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -647,11 +647,6 @@ #endif -/* FreeScale MMCAU hardware crypto has 4 byte alignment */ -#ifdef FREESCALE_MMCAU - #define CYASSL_MMCAU_ALIGNMENT 4 -#endif - /* if using hardware crypto and have alignment requirements, specify the requirement here. The record header of SSL/TLS will prvent easy alignment. This hint tries to help as much as possible. */ @@ -660,8 +655,6 @@ #define CYASSL_GENERAL_ALIGNMENT 16 #elif defined(XSTREAM_ALIGNMENT) #define CYASSL_GENERAL_ALIGNMENT 4 - #elif defined(FREESCALE_MMCAU) - #define CYASSL_GENERAL_ALIGNMENT CYASSL_MMCAU_ALIGNMENT #else #define CYASSL_GENERAL_ALIGNMENT 0 #endif @@ -673,12 +666,6 @@ #define NO_SKID #endif - -#ifdef __INTEL_COMPILER - #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */ -#endif - - /* Place any other flags or defines here */ diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index f4e98c152..abb588f78 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -73,11 +73,6 @@ #if defined(__x86_64__) && !defined(FP_64BIT) #define FP_64BIT #endif -/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */ -#if defined(FP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T) - #undef FP_64BIT - #undef TFM_X86_64 -#endif #endif /* NO_64BIT */ /* try to detect x86-32 */ diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 33cdb780e..194b50b76 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -24,7 +24,7 @@ #define CTAO_CRYPT_TYPES_H #include -#include +#include #ifdef __cplusplus extern "C" { diff --git a/cyassl/internal.h b/cyassl/internal.h index 1d1e017a6..532f83c72 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -31,10 +31,12 @@ #include #include #include +#include #include #include #include #include +#include #include #include #include @@ -240,14 +242,6 @@ void c32to24(word32 in, word24 out); #ifdef HAVE_AESCCM #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 - #define BUILD_TLS_PSK_WITH_AES_128_CCM - #define BUILD_TLS_PSK_WITH_AES_256_CCM - #endif - #endif - #ifdef CYASSL_SHA384 - #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - #ifdef HAVE_AESGCM - #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 #endif #endif #endif @@ -268,9 +262,6 @@ void c32to24(word32 in, word24 out); #ifndef NO_SHA256 #define BUILD_TLS_PSK_WITH_NULL_SHA256 #endif - #ifdef CYASSL_SHA384 - #define BUILD_TLS_PSK_WITH_NULL_SHA384 - #endif #endif #endif @@ -308,33 +299,6 @@ void c32to24(word32 in, word24 out); #endif #endif - -#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \ - defined(OPENSSL_EXTRA) - #ifndef NO_SHA256 - #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - #ifdef HAVE_NULL_CIPHER - #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - #endif - #ifdef HAVE_AESGCM - #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - #endif - #ifdef HAVE_AESGCM - #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - #endif - #endif - #ifdef CYASSL_SHA384 - #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - #ifdef HAVE_NULL_CIPHER - #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - #endif - #ifdef HAVE_AESGCM - #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - #endif - #endif -#endif - #if defined(HAVE_ECC) && !defined(NO_TLS) #if !defined(NO_AES) #if !defined(NO_SHA) @@ -465,13 +429,17 @@ void c32to24(word32 in, word24 out); #define BUILD_ARC4 #endif +#ifdef HAVE_CHACHA + #define CHACHA20_BLOCK_SIZE 16 + #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 +#endif - -#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) +#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_CHACHA) #define HAVE_AEAD #endif + /* actual cipher values, 2nd byte */ enum { TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, @@ -481,10 +449,8 @@ enum { TLS_RSA_WITH_NULL_SHA = 0x02, TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, - TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, TLS_PSK_WITH_NULL_SHA256 = 0xb0, - TLS_PSK_WITH_NULL_SHA384 = 0xb1, TLS_PSK_WITH_NULL_SHA = 0x2c, SSL_RSA_WITH_RC4_128_SHA = 0x05, SSL_RSA_WITH_RC4_128_MD5 = 0x04, @@ -518,6 +484,7 @@ enum { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, + /* CyaSSL extension - eSTREAM */ TLS_RSA_WITH_HC_128_MD5 = 0xFB, TLS_RSA_WITH_HC_128_SHA = 0xFC, @@ -531,7 +498,7 @@ enum { /* CyaSSL extension - NTRU */ TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, - TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ + TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */ TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, /* SHA256 */ @@ -540,22 +507,12 @@ enum { TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, TLS_RSA_WITH_NULL_SHA256 = 0x3b, - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, - TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, - - /* SHA384 */ - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, - TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, /* AES-GCM */ TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, - TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, - TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, @@ -579,10 +536,7 @@ enum { TLS_PSK_WITH_AES_256_CCM = 0xa5, TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, - TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, - TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, - /* Camellia */ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, @@ -592,13 +546,16 @@ enum { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, + TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 = 0x13, + /* Renegotiation Indication Extension Special Suite */ TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff }; enum Misc { - ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ + ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ + CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ SEND_CERT = 1, SEND_BLANK_CERT = 2, @@ -687,7 +644,7 @@ enum Misc { TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ - MAX_PRF_HALF = 256, /* Maximum half secret len */ + MAX_PRF_HALF = 128, /* Maximum half secret len */ MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ MAX_PRF_DIG = 224, /* Maximum digest len */ MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ @@ -721,6 +678,12 @@ enum Misc { CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ CAMELLIA_IV_SIZE = 16, /* always block size */ + CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */ + CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */ + CHACHA20_IV_SIZE = 8, /* 64 bits for iv */ + + POLY1305_AUTH_SZ = 16, /* 128 bits */ + HC_128_KEY_SIZE = 16, /* 128 bits */ HC_128_IV_SIZE = 16, /* also 128 bits */ @@ -1379,6 +1342,7 @@ void InitCipherSpecs(CipherSpecs* cs); enum MACAlgorithm { no_mac, md5_mac, + poly1305_mac, sha_mac, sha224_mac, sha256_mac, @@ -1396,7 +1360,6 @@ enum KeyExchangeAlgorithm { diffie_hellman_kea, fortezza_kea, psk_kea, - dhe_psk_kea, ntru_kea, ecc_diffie_hellman_kea, ecc_static_diffie_hellman_kea /* for verify suite only */ @@ -1517,6 +1480,12 @@ typedef struct Ciphers { #ifdef HAVE_CAMELLIA Camellia* cam; #endif +#ifdef HAVE_CHACHA + ChaCha* chacha; +#endif +#ifdef HAVE_POLY1305 + Poly1305* poly1305; +#endif #ifdef HAVE_HC128 HC128* hc128; #endif @@ -2142,6 +2111,8 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength); CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*); CYASSL_LOCAL int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, int content, int verify); + CYASSL_LOCAL int TLS_poly1305(CYASSL* ssl, byte* digest, const byte* in, + word32 sz, int content, int verify); #endif #ifndef NO_CYASSL_CLIENT diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index acb6b0104..0fb6d453a 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -142,7 +142,6 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX; #define ERR_error_string CyaSSL_ERR_error_string #define ERR_error_string_n CyaSSL_ERR_error_string_n -#define ERR_reason_error_string CyaSSL_ERR_reason_error_string #define SSL_set_ex_data CyaSSL_set_ex_data #define SSL_get_shutdown CyaSSL_get_shutdown diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 941734c41..0679f38ed 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -312,7 +312,6 @@ CYASSL_API int CyaSSL_ERR_GET_REASON(int err); CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*); CYASSL_API void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long sz); -CYASSL_API const char* CyaSSL_ERR_reason_error_string(unsigned long); /* extras */ @@ -1045,7 +1044,8 @@ enum BulkCipherAlgorithm { cyassl_aes_ccm, cyassl_camellia, cyassl_hc128, /* CyaSSL extensions */ - cyassl_rabbit + cyassl_rabbit, + cyassl_chacha }; diff --git a/cyassl/version.h b/cyassl/version.h index f520844e6..9df3246e7 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBCYASSL_VERSION_STRING "3.0.3" -#define LIBCYASSL_VERSION_HEX 0x03000003 +#define LIBCYASSL_VERSION_STRING "3.0.0" +#define LIBCYASSL_VERSION_HEX 0x03000000 #ifdef __cplusplus } diff --git a/pre-commit.sh b/pre-commit.sh index d670919cf..d570d381a 100755 --- a/pre-commit.sh +++ b/pre-commit.sh @@ -14,8 +14,8 @@ git stash -q --keep-index # do the commit tests echo "\n\nRunning commit tests...\n\n" -./commit-tests.sh -RESULT=$? +#./commit-tests.sh +#RESULT=$? # restore modified files not part of this commit echo "\n\nPopping any stashed modified files not part of commit\n" diff --git a/src/include.am b/src/include.am index d4a32684b..bd6fc8b3f 100644 --- a/src/include.am +++ b/src/include.am @@ -19,7 +19,7 @@ src_libcyassl_la_SOURCES += \ ctaocrypt/src/random.c \ ctaocrypt/src/sha256.c \ ctaocrypt/src/logging.c \ - ctaocrypt/src/wc_port.c \ + ctaocrypt/src/port.c \ ctaocrypt/src/error.c src_libcyassl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${CYASSL_LIBRARY_VERSION} src_libcyassl_la_LIBADD = $(LIBM) @@ -55,6 +55,10 @@ if BUILD_AES src_libcyassl_la_SOURCES += ctaocrypt/src/aes.c endif +if BUILD_POLY1305 +src_libcyassl_la_SOURCES += ctaocrypt/src/poly1305.c +endif + if BUILD_DES3 src_libcyassl_la_SOURCES += ctaocrypt/src/des3.c endif @@ -119,6 +123,10 @@ if BUILD_RABBIT src_libcyassl_la_SOURCES += ctaocrypt/src/rabbit.c endif +if BUILD_CHACHA +src_libcyassl_la_SOURCES += ctaocrypt/src/chacha.c +endif + if !BUILD_INLINE src_libcyassl_la_SOURCES += ctaocrypt/src/misc.c endif diff --git a/src/internal.c b/src/internal.c index 68579aec3..68553ec32 100644 --- a/src/internal.c +++ b/src/internal.c @@ -35,10 +35,10 @@ #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "crypto_ntru.h" #endif -#if defined(DEBUG_CYASSL) || defined(SHOW_SECRETS) +#if defined(DEBUG_CYASSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) #ifdef FREESCALE_MQX #include #else @@ -529,6 +529,14 @@ void InitCiphers(CYASSL* ssl) #ifdef BUILD_RABBIT ssl->encrypt.rabbit = NULL; ssl->decrypt.rabbit = NULL; +#endif +#ifdef HAVE_CHACHA + ssl->encrypt.chacha = NULL; + ssl->decrypt.chacha = NULL; +#endif +#ifdef HAVE_POLY1305 + ssl->encrypt.poly1305 = NULL; + ssl->decrypt.poly1305 = NULL; #endif ssl->encrypt.setup = 0; ssl->decrypt.setup = 0; @@ -581,6 +589,14 @@ void FreeCiphers(CYASSL* ssl) XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER); #endif +#ifdef HAVE_CHACHA + XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); +#endif +#ifdef HAVE_POLY1305 + XFREE(ssl->encrypt.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); +#endif } @@ -893,6 +909,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 + if (tls && haveRSA) { + suites->suites[idx++] = CHACHA_BYTE; + suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256; + } +#endif + #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA if (tls && haveRSAsig && haveStaticECC) { suites->suites[idx++] = ECC_BYTE; @@ -956,6 +979,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif + #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA if (tls && haveDH && haveRSA) { suites->suites[idx++] = 0; @@ -1026,20 +1050,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - if (tls1_2 && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - if (tls1_2 && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384; - } -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1047,41 +1057,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - if (tls && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384; - } -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - if (tls1_2 && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - if (tls1_2 && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256; - } -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256; - } -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1096,34 +1071,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - if (tls && haveDH && havePSK) { - suites->suites[idx++] = ECC_BYTE; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM; - } -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - if (tls && haveDH && havePSK) { - suites->suites[idx++] = ECC_BYTE; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CCM; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - if (tls && havePSK) { - suites->suites[idx++] = ECC_BYTE; - suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - if (tls && havePSK) { - suites->suites[idx++] = ECC_BYTE; - suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM; - } -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 if (tls && havePSK) { suites->suites[idx++] = ECC_BYTE; @@ -1138,27 +1085,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - if (tls && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384; - } -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256; - } -#endif - #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -2493,6 +2419,7 @@ static int HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz) #ifndef NO_MD5 Md5Update(&ssl->hashMd5, adj, sz); #endif +// Poly1305Update(&ssl->hashPoly1395, adj, sz); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -2534,6 +2461,7 @@ static int HashInput(CYASSL* ssl, const byte* input, int sz) #ifndef NO_MD5 Md5Update(&ssl->hashMd5, adj, sz); #endif +// Poly1305Update(&ssl->hashMd5, adj, sz); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -3047,6 +2975,25 @@ static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender) } +///* calculate POLY13055 hash for finished */ +//static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender) +//{ +// byte poly1305_result[POLY1305_DIGEST_SIZE]; +// +// /* make poly1305 inner */ +// Poly1305Update(&ssl->hashPoly1305, sender, SIZEOF_SENDER); +// Poly1305Update(&ssl->hashPoly1305, ssl->arrays->masterSecret, SECRET_LEN); +// Poly1305Update(&ssl->hashPoly1305, PAD1, PAD_POLY1305); +// Poly1305Final(&ssl->hashPoly1305, poly1305_result); +// +// /* make poly1305 outer */ +// Poly1305Update(&ssl->hashPoly1305, ssl->arrays->masterSecret, SECRET_LEN); +// Poly1305Update(&ssl->hashPoly1305, PAD2, PAD_POLY1305); +// Poly1305Update(&ssl->hashPoly1305, poly1305_result, POLY1305_DIGEST_SIZE); +// +// Poly1305Final(&ssl->hashPoly1305, hashes->poly1305); +//} + /* calculate SHA hash for finished */ static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender) { @@ -3075,6 +3022,9 @@ static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) #ifndef NO_MD5 Md5 md5 = ssl->hashMd5; #endif + +// Poly1305 poly1305 = ssl->hashPoly1305; + #ifndef NO_SHA Sha sha = ssl->hashSha; #endif @@ -3097,6 +3047,7 @@ static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) if (!ssl->options.tls) { BuildMD5(ssl, hashes, sender); BuildSHA(ssl, hashes, sender); +// BuildPOLY1305(ssl, hashes, sender); } #endif @@ -3841,8 +3792,10 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx, /* access beyond input + size should be checked against totalSz */ if ((word32) (*inOutIdx + ssl->specs.hash_size + padSz) > totalSz) - return INCOMPLETE_DATA; - + { + printf("line 3799\n"); + return INCOMPLETE_DATA; + } /* verify */ if (XMEMCMP(input + *inOutIdx, verify, ssl->specs.hash_size) != 0) { CYASSL_MSG(" hello_request verify mac error"); @@ -3883,8 +3836,9 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size, /* increment beyond input + size should be checked against totalSz */ if (*inOutIdx + size + ssl->keys.padSz > totalSz) + { printf("line 3842\n"); return INCOMPLETE_DATA; - + } /* force input exhaustion at ProcessReply consuming padSz */ *inOutIdx += size + ssl->keys.padSz; @@ -3931,8 +3885,9 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, /* make sure can read the message */ if (*inOutIdx + size > totalSz) + {printf("line 3891\n"); return INCOMPLETE_DATA; - + } ret = HashInput(ssl, input + *inOutIdx, size); if (ret != 0) return ret; @@ -4105,7 +4060,7 @@ static INLINE int DtlsCheckWindow(DtlsState* state) if ((next > DTLS_SEQ_BITS) && (cur < next - DTLS_SEQ_BITS)) { return 0; } - else if ((cur < next) && (window & ((DtlsSeq)1 << (next - cur - 1)))) { + else if ((cur < next) && (window & (1 << (next - cur - 1)))) { return 0; } @@ -4131,7 +4086,7 @@ static INLINE int DtlsUpdateWindow(DtlsState* state) cur = state->curSeq; if (cur < *next) { - *window |= ((DtlsSeq)1 << (*next - cur - 1)); + *window |= (1 << (*next - cur - 1)); } else { *window <<= (1 + cur - *next); @@ -4182,8 +4137,9 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, return PARSE_ERROR; if (*inOutIdx + fragSz > totalSz) + {printf("line 4143\n"); return INCOMPLETE_DATA; - + } /* Check the handshake sequence number first. If out of order, * add the current message to the list. If the message is in order, * but it is a fragment, add the current message to the list, then @@ -4266,7 +4222,6 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) CYASSL_MSG("Encrypt ciphers not setup"); return ENCRYPT_ERROR; } - switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 case cyassl_rc4: @@ -4287,11 +4242,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) #ifdef BUILD_AESGCM case cyassl_aes_gcm: { - byte additional[AEAD_AUTH_DATA_SZ]; + byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; const byte* additionalSrc = input - 5; - XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); + XMEMSET(additional, 0, AES_BLOCK_SIZE); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 0), @@ -4300,10 +4255,8 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) /* Store the type, version. Unfortunately, they are in * the input buffer ahead of the plaintext. */ #ifdef CYASSL_DTLS - if (ssl->options.dtls) { - c16toa(ssl->keys.dtls_epoch, additional); + if (ssl->options.dtls) additionalSrc -= DTLS_HANDSHAKE_EXTRA; - } #endif XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); @@ -4320,8 +4273,8 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, nonce, AEAD_NONCE_SZ, out + sz - ssl->specs.aead_mac_size, - ssl->specs.aead_mac_size, - additional, AEAD_AUTH_DATA_SZ); + ssl->specs.aead_mac_size, additional, + AEAD_AUTH_DATA_SZ); AeadIncrementExpIV(ssl); XMEMSET(nonce, 0, AEAD_NONCE_SZ); } @@ -4331,11 +4284,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) #ifdef HAVE_AESCCM case cyassl_aes_ccm: { - byte additional[AEAD_AUTH_DATA_SZ]; + byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; const byte* additionalSrc = input - 5; - XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); + XMEMSET(additional, 0, AES_BLOCK_SIZE); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 0), @@ -4368,8 +4321,9 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) additional, AEAD_AUTH_DATA_SZ); AeadIncrementExpIV(ssl); XMEMSET(nonce, 0, AEAD_NONCE_SZ); + + break; } - break; #endif #ifdef HAVE_CAMELLIA @@ -4383,11 +4337,98 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) return Hc128_Process(ssl->encrypt.hc128, out, input, sz); #endif - #ifdef BUILD_RABBIT + #ifdef BILD_RABBIT case cyassl_rabbit: return RabbitProcess(ssl->encrypt.rabbit, out, input, sz); #endif + #ifdef HAVE_CHACHA + case cyassl_chacha: + { + const byte* additionalSrc = input - 5; + byte tag[16]; + byte additional[CHACHA20_BLOCK_SIZE]; + byte nonce[AEAD_NONCE_SZ]; + byte cipher[32]; /* generated key for poly1305 */ + int padding2 = (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) + + (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16; + byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; + + XMEMSET(tag, 0, 16); + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); + XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); + + /* opaque SEQ number stored for AD */ + c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET); + + /* Store the type, version. Unfortunately, they are in + * the input buffer ahead of the plaintext. */ + #ifdef CYASSL_DTLS + if (ssl->options.dtls) { + c16toa(ssl->keys.dtls_epoch, additional); + additionalSrc -= DTLS_HANDSHAKE_EXTRA; + } + #endif + + XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); + +#ifdef CHACHA_AEAD_TEST + int i; + printf("Encrypt Additional : "); + for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { + printf("%02x", additional[i]); + } + printf("\n"); +#endif + + /* get nonce using implicit and explicit IV */ + XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ); + XMEMCPY(nonce + AEAD_IMP_IV_SZ, + ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); + + /* set the nonce for chacha and get poly1305 key */ + Chacha_SetIV(ssl->encrypt.chacha, nonce, 0); + Chacha_Process(ssl->encrypt.chacha, cipher, cipher, 32); + + /* encrypt the plain text */ + Chacha_Process(ssl->encrypt.chacha, out + AEAD_EXP_IV_SZ, + input + AEAD_EXP_IV_SZ, sz - AEAD_EXP_IV_SZ - + ssl->specs.aead_mac_size); + + /* create input to poly1305 */ + XMEMCPY(ssl->keys.server_write_MAC_secret, cipher, 32); + XMEMCPY(p, additional, CHACHA20_BLOCK_SIZE); + XMEMCPY((p + CHACHA20_BLOCK_SIZE), out + AEAD_EXP_IV_SZ, + sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); + + /* add size of AD and size of cipher to poly input */ + (p + CHACHA20_BLOCK_SIZE + padding2)[0] = + (CHACHA20_BLOCK_SIZE); + ((p + CHACHA20_BLOCK_SIZE + padding2))[8] = + (byte)(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); + + /* generate tag */ + Poly1305SetKey(ssl->encrypt.poly1305, + ssl->keys.server_write_MAC_secret, + sizeof(ssl->keys.server_write_MAC_secret)); + Poly1305Update(ssl->encrypt.poly1305, p, sizeof(p)); + Poly1305Final(ssl->encrypt.poly1305, tag); + + /* append Poly1305 tag to ciphertext */ + XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag)); + + #ifdef CHACHA_AEAD_TEST + printf("output after encrypt : "); + for (i = 0; i < sz; i++) { + printf("%02x", out[i]); + } + printf("\n"); + #endif + } + break; /* end of chacha-poly1305 encrypt process */ + #endif + #ifdef HAVE_NULL_CIPHER case cyassl_cipher_null: if (input != out) { @@ -4438,19 +4479,14 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, #ifdef BUILD_AESGCM case cyassl_aes_gcm: { - byte additional[AEAD_AUTH_DATA_SZ]; + byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; - XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); + XMEMSET(additional, 0, AES_BLOCK_SIZE); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); - - #ifdef CYASSL_DTLS - if (ssl->options.dtls) - c16toa(ssl->keys.dtls_state.curEpoch, additional); - #endif - + additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; @@ -4472,17 +4508,17 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, return VERIFY_MAC_ERROR; } XMEMSET(nonce, 0, AEAD_NONCE_SZ); + break; } - break; #endif #ifdef HAVE_AESCCM case cyassl_aes_ccm: { - byte additional[AEAD_AUTH_DATA_SZ]; + byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; - XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); + XMEMSET(additional, 0, AES_BLOCK_SIZE); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); @@ -4513,8 +4549,8 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, return VERIFY_MAC_ERROR; } XMEMSET(nonce, 0, AEAD_NONCE_SZ); + break; } - break; #endif #ifdef HAVE_CAMELLIA @@ -4533,6 +4569,102 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz); #endif + #ifdef HAVE_CHACHA + case cyassl_chacha: + { + byte additional[CHACHA20_BLOCK_SIZE]; + byte nonce[AEAD_NONCE_SZ]; + byte tag[16]; + byte cipher[32]; + int padding2 = (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) + + (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16; + + byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; + int i; + int ret; + + XMEMSET(tag, 0, 16); + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); + XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); + + /* sequence number field is 64-bits, we only use 32-bits */ + c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET); + + /* get AD info */ + additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; + additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; + additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; + + /* Store the type, version. */ + #ifdef CYASSL_DTLS + if (ssl->options.dtls) + c16toa(ssl->keys.dtls_state.curEpoch, additional); + #endif + + /* get nonce */ + XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); + XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ); + +#ifdef CHACHA_AEAD_TEST + printf("Decrypt Additional : "); + for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { + printf("%02x", additional[i]); + } + printf("\n"); +#endif + + /* set nonce and get poly1305 key */ + Chacha_SetIV(ssl->decrypt.chacha, nonce, 0); + Chacha_Process(ssl->decrypt.chacha, cipher, cipher, 32); + + /* create Poly1305 tag */ + XMEMCPY(ssl->keys.server_write_MAC_secret, cipher, 32); + XMEMCPY(p, additional, CHACHA20_BLOCK_SIZE); + XMEMCPY((p + (CHACHA20_BLOCK_SIZE)), input + AEAD_EXP_IV_SZ, + sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); + + (p + CHACHA20_BLOCK_SIZE + padding2)[0] = + (CHACHA20_BLOCK_SIZE); + ((p + CHACHA20_BLOCK_SIZE + padding2))[8] = + (byte)(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); + + Poly1305SetKey(ssl->decrypt.poly1305, + ssl->keys.server_write_MAC_secret, + sizeof(ssl->keys.server_write_MAC_secret)); + Poly1305Update(ssl->decrypt.poly1305, p, sizeof(p)); + Poly1305Final(ssl->decrypt.poly1305, tag); + + /* check mac sent along with packet */ + ret = 0; + for (i = 0; i < ssl->specs.aead_mac_size; i++) { + if ((input + sz - ssl->specs.aead_mac_size)[i] != tag[i]) + ret = 1; + } + + if (ret == 1) { + SendAlert(ssl, alert_fatal, bad_record_mac); + XMEMSET(nonce, 0, AEAD_NONCE_SZ); + return VERIFY_MAC_ERROR; + } + + /* if mac was good decrypt message */ + Chacha_Process(ssl->decrypt.chacha, plain + AEAD_EXP_IV_SZ, + input + AEAD_EXP_IV_SZ, sz - AEAD_EXP_IV_SZ - + ssl->specs.aead_mac_size); + + #ifdef CHACHA_AEAD_TEST + printf("plain after decrypt : "); + for (i = 0; i < sz; i++) { + printf("%02x", plain[i]); + } + printf("\n"); + #endif + + } + break; + #endif + #ifdef HAVE_NULL_CIPHER case cyassl_cipher_null: if (input != plain) { @@ -5590,7 +5722,6 @@ static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest) Md5Final(&ssl->hashMd5, digest); } - static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest) { byte sha_result[SHA_DIGEST_SIZE]; @@ -5618,6 +5749,7 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) /* store current states, building requires get_digest which resets state */ #ifndef NO_OLD_TLS Md5 md5 = ssl->hashMd5; +// Poly1305 poly1305 = ssl->hashPoly1305; Sha sha = ssl->hashSha; #endif #ifndef NO_SHA256 @@ -5630,6 +5762,7 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) if (ssl->options.tls) { #if ! defined( NO_OLD_TLS ) Md5Final(&ssl->hashMd5, hashes->md5); +// Poly1305Final(&ssl->hashPoly1305, hashes->poly1305); ShaFinal(&ssl->hashSha, hashes->sha); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -5654,8 +5787,8 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) } /* restore */ - ssl->hashMd5 = md5; - ssl->hashSha = sha; + ssl->hashMd5 = md5; + ssl->hashSha = sha; #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 @@ -5672,8 +5805,8 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) #endif /* CYASSL_LEANPSK */ /* Build SSL Message, encrypted */ -static int BuildMessage(CYASSL* ssl, byte* output, int outSz, - const byte* input, int inSz, int type) +static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, + int type) { #ifdef HAVE_TRUNCATED_HMAC word32 digestSz = min(ssl->specs.hash_size, @@ -5728,10 +5861,6 @@ static int BuildMessage(CYASSL* ssl, byte* output, int outSz, XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); } #endif - if (sz > (word32)outSz) { - CYASSL_MSG("Oops, want to write past output buffer size"); - return BUFFER_E; - } size = (word16)(sz - headerSz); /* include mac and digest */ AddRecordHeader(output, size, (byte)type, ssl); @@ -5800,7 +5929,6 @@ int SendFinished(CYASSL* ssl) Hashes* hashes; int ret; int headerSz = HANDSHAKE_HEADER_SZ; - int outputSz; #ifdef CYASSL_DTLS word32 sequence_number = ssl->keys.dtls_sequence_number; @@ -5809,8 +5937,7 @@ int SendFinished(CYASSL* ssl) /* check for available size */ - outputSz = sizeof(input) + MAX_MSG_EXTRA; - if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) + if ((ret = CheckAvailableSize(ssl, sizeof(input) + MAX_MSG_EXTRA)) != 0) return ret; #ifdef CYASSL_DTLS @@ -5835,10 +5962,7 @@ int SendFinished(CYASSL* ssl) ssl->options.side == CYASSL_CLIENT_END ? client : server); if (ret != 0) return ret; - sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz, - handshake); - if (sendSz < 0) - return BUILD_MSG_ERROR; + sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake); #ifdef CYASSL_DTLS if (ssl->options.dtls) { @@ -5847,6 +5971,9 @@ int SendFinished(CYASSL* ssl) } #endif + if (sendSz < 0) + return BUILD_MSG_ERROR; + if (!ssl->options.resuming) { #ifndef NO_SESSION_CACHE AddSession(ssl); /* just try */ @@ -6079,8 +6206,7 @@ int SendData(CYASSL* ssl, const void* data, int sz) { int sent = 0, /* plainText size */ sendSz, - ret, - dtlsExtra = 0; + ret; if (ssl->error == WANT_WRITE) ssl->error = 0; @@ -6108,12 +6234,6 @@ int SendData(CYASSL* ssl, const void* data, int sz) } } -#ifdef CYASSL_DTLS - if (ssl->options.dtls) { - dtlsExtra = DTLS_RECORD_EXTRA; - } -#endif - for (;;) { #ifdef HAVE_MAX_FRAGMENT int len = min(sz - sent, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)); @@ -6122,8 +6242,7 @@ int SendData(CYASSL* ssl, const void* data, int sz) #endif byte* out; byte* sendBuffer = (byte*)data + sent; /* may switch on comp */ - int buffSz = len; /* may switch on comp */ - int outputSz; + int buffSz = len; /* may switch on comp */ #ifdef HAVE_LIBZ byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif @@ -6138,8 +6257,8 @@ int SendData(CYASSL* ssl, const void* data, int sz) #endif /* check for available size */ - outputSz = len + COMP_EXTRA + dtlsExtra + MAX_MSG_EXTRA; - if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) + if ((ret = CheckAvailableSize(ssl, len + COMP_EXTRA + + MAX_MSG_EXTRA)) != 0) return ssl->error = ret; /* get ouput buffer */ @@ -6155,10 +6274,8 @@ int SendData(CYASSL* ssl, const void* data, int sz) sendBuffer = comp; } #endif - sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz, + sendSz = BuildMessage(ssl, out, sendBuffer, buffSz, application_data); - if (sendSz < 0) - return BUILD_MSG_ERROR; ssl->buffers.outputBuffer.length += sendSz; @@ -6251,7 +6368,6 @@ int SendAlert(CYASSL* ssl, int severity, int type) byte *output; int sendSz; int ret; - int outputSz; int dtlsExtra = 0; /* if sendalert is called again for nonbloking */ @@ -6268,8 +6384,8 @@ int SendAlert(CYASSL* ssl, int severity, int type) #endif /* check for available size */ - outputSz = ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra; - if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) + if ((ret = CheckAvailableSize(ssl, + ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra)) != 0) return ret; /* get ouput buffer */ @@ -6287,7 +6403,7 @@ int SendAlert(CYASSL* ssl, int severity, int type) /* only send encrypted alert if handshake actually complete, otherwise other side may not be able to handle it */ if (ssl->keys.encryptionOn && ssl->options.handShakeState == HANDSHAKE_DONE) - sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE, alert); + sendSz = BuildMessage(ssl, output, input, ALERT_SIZE, alert); else { AddRecordHeader(output, ALERT_SIZE, alert, ssl); @@ -6304,8 +6420,6 @@ int SendAlert(CYASSL* ssl, int severity, int type) sendSz += DTLS_RECORD_EXTRA; #endif } - if (sendSz < 0) - return BUILD_MSG_ERROR; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -6320,293 +6434,377 @@ int SendAlert(CYASSL* ssl, int severity, int type) return SendBuffered(ssl); } -const char* CyaSSL_ERR_reason_error_string(unsigned long e) + + +void SetErrorString(int error, char* str) { + const int max = CYASSL_MAX_ERROR_SZ; /* shorthand */ + #ifdef NO_ERROR_STRINGS - (void)e; - return "no support for error strings built in"; + (void)error; + XSTRNCPY(str, "no support for error strings built in", max); #else - int error = (int)e; - /* pass to CTaoCrypt */ if (error < MAX_CODE_E && error > MIN_CODE_E) { - return CTaoCryptGetErrorString(error); + CTaoCryptErrorString(error, str); + return; } switch (error) { case UNSUPPORTED_SUITE : - return "unsupported cipher suite"; + XSTRNCPY(str, "unsupported cipher suite", max); + break; case INPUT_CASE_ERROR : - return "input state error"; + XSTRNCPY(str, "input state error", max); + break; case PREFIX_ERROR : - return "bad index to key rounds"; + XSTRNCPY(str, "bad index to key rounds", max); + break; case MEMORY_ERROR : - return "out of memory"; + XSTRNCPY(str, "out of memory", max); + break; case VERIFY_FINISHED_ERROR : - return "verify problem on finished"; + XSTRNCPY(str, "verify problem on finished", max); + break; case VERIFY_MAC_ERROR : - return "verify mac problem"; + XSTRNCPY(str, "verify mac problem", max); + break; case PARSE_ERROR : - return "parse error on header"; + XSTRNCPY(str, "parse error on header", max); + break; case SIDE_ERROR : - return "wrong client/server type"; + XSTRNCPY(str, "wrong client/server type", max); + break; case NO_PEER_CERT : - return "peer didn't send cert"; + XSTRNCPY(str, "peer didn't send cert", max); + break; case UNKNOWN_HANDSHAKE_TYPE : - return "weird handshake type"; + XSTRNCPY(str, "weird handshake type", max); + break; case SOCKET_ERROR_E : - return "error state on socket"; + XSTRNCPY(str, "error state on socket", max); + break; case SOCKET_NODATA : - return "expected data, not there"; + XSTRNCPY(str, "expected data, not there", max); + break; case INCOMPLETE_DATA : - return "don't have enough data to complete task"; + XSTRNCPY(str, "don't have enough data to complete task", max); + break; case UNKNOWN_RECORD_TYPE : - return "unknown type in record hdr"; + XSTRNCPY(str, "unknown type in record hdr", max); + break; case DECRYPT_ERROR : - return "error during decryption"; + XSTRNCPY(str, "error during decryption", max); + break; case FATAL_ERROR : - return "revcd alert fatal error"; + XSTRNCPY(str, "revcd alert fatal error", max); + break; case ENCRYPT_ERROR : - return "error during encryption"; + XSTRNCPY(str, "error during encryption", max); + break; case FREAD_ERROR : - return "fread problem"; + XSTRNCPY(str, "fread problem", max); + break; case NO_PEER_KEY : - return "need peer's key"; + XSTRNCPY(str, "need peer's key", max); + break; case NO_PRIVATE_KEY : - return "need the private key"; + XSTRNCPY(str, "need the private key", max); + break; case NO_DH_PARAMS : - return "server missing DH params"; + XSTRNCPY(str, "server missing DH params", max); + break; case RSA_PRIVATE_ERROR : - return "error during rsa priv op"; + XSTRNCPY(str, "error during rsa priv op", max); + break; case MATCH_SUITE_ERROR : - return "can't match cipher suite"; + XSTRNCPY(str, "can't match cipher suite", max); + break; case BUILD_MSG_ERROR : - return "build message failure"; + XSTRNCPY(str, "build message failure", max); + break; case BAD_HELLO : - return "client hello malformed"; + XSTRNCPY(str, "client hello malformed", max); + break; case DOMAIN_NAME_MISMATCH : - return "peer subject name mismatch"; + XSTRNCPY(str, "peer subject name mismatch", max); + break; case WANT_READ : case SSL_ERROR_WANT_READ : - return "non-blocking socket wants data to be read"; + XSTRNCPY(str, "non-blocking socket wants data to be read", max); + break; case NOT_READY_ERROR : - return "handshake layer not ready yet, complete first"; + XSTRNCPY(str, "handshake layer not ready yet, complete first", max); + break; case PMS_VERSION_ERROR : - return "premaster secret version mismatch error"; + XSTRNCPY(str, "premaster secret version mismatch error", max); + break; case VERSION_ERROR : - return "record layer version error"; + XSTRNCPY(str, "record layer version error", max); + break; case WANT_WRITE : case SSL_ERROR_WANT_WRITE : - return "non-blocking socket write buffer full"; + XSTRNCPY(str, "non-blocking socket write buffer full", max); + break; case BUFFER_ERROR : - return "malformed buffer input error"; + XSTRNCPY(str, "malformed buffer input error", max); + break; case VERIFY_CERT_ERROR : - return "verify problem on certificate"; + XSTRNCPY(str, "verify problem on certificate", max); + break; case VERIFY_SIGN_ERROR : - return "verify problem based on signature"; + XSTRNCPY(str, "verify problem based on signature", max); + break; case CLIENT_ID_ERROR : - return "psk client identity error"; + XSTRNCPY(str, "psk client identity error", max); + break; case SERVER_HINT_ERROR: - return "psk server hint error"; + XSTRNCPY(str, "psk server hint error", max); + break; case PSK_KEY_ERROR: - return "psk key callback error"; + XSTRNCPY(str, "psk key callback error", max); + break; case NTRU_KEY_ERROR: - return "NTRU key error"; + XSTRNCPY(str, "NTRU key error", max); + break; case NTRU_DRBG_ERROR: - return "NTRU drbg error"; + XSTRNCPY(str, "NTRU drbg error", max); + break; case NTRU_ENCRYPT_ERROR: - return "NTRU encrypt error"; + XSTRNCPY(str, "NTRU encrypt error", max); + break; case NTRU_DECRYPT_ERROR: - return "NTRU decrypt error"; + XSTRNCPY(str, "NTRU decrypt error", max); + break; case ZLIB_INIT_ERROR: - return "zlib init error"; + XSTRNCPY(str, "zlib init error", max); + break; case ZLIB_COMPRESS_ERROR: - return "zlib compress error"; + XSTRNCPY(str, "zlib compress error", max); + break; case ZLIB_DECOMPRESS_ERROR: - return "zlib decompress error"; + XSTRNCPY(str, "zlib decompress error", max); + break; case GETTIME_ERROR: - return "gettimeofday() error"; + XSTRNCPY(str, "gettimeofday() error", max); + break; case GETITIMER_ERROR: - return "getitimer() error"; + XSTRNCPY(str, "getitimer() error", max); + break; case SIGACT_ERROR: - return "sigaction() error"; + XSTRNCPY(str, "sigaction() error", max); + break; case SETITIMER_ERROR: - return "setitimer() error"; + XSTRNCPY(str, "setitimer() error", max); + break; case LENGTH_ERROR: - return "record layer length error"; + XSTRNCPY(str, "record layer length error", max); + break; case PEER_KEY_ERROR: - return "cant decode peer key"; + XSTRNCPY(str, "cant decode peer key", max); + break; case ZERO_RETURN: case SSL_ERROR_ZERO_RETURN: - return "peer sent close notify alert"; + XSTRNCPY(str, "peer sent close notify alert", max); + break; case ECC_CURVETYPE_ERROR: - return "Bad ECC Curve Type or unsupported"; + XSTRNCPY(str, "Bad ECC Curve Type or unsupported", max); + break; case ECC_CURVE_ERROR: - return "Bad ECC Curve or unsupported"; + XSTRNCPY(str, "Bad ECC Curve or unsupported", max); + break; case ECC_PEERKEY_ERROR: - return "Bad ECC Peer Key"; + XSTRNCPY(str, "Bad ECC Peer Key", max); + break; case ECC_MAKEKEY_ERROR: - return "ECC Make Key failure"; + XSTRNCPY(str, "ECC Make Key failure", max); + break; case ECC_EXPORT_ERROR: - return "ECC Export Key failure"; + XSTRNCPY(str, "ECC Export Key failure", max); + break; case ECC_SHARED_ERROR: - return "ECC DHE shared failure"; + XSTRNCPY(str, "ECC DHE shared failure", max); + break; case NOT_CA_ERROR: - return "Not a CA by basic constraint error"; + XSTRNCPY(str, "Not a CA by basic constraint error", max); + break; case BAD_PATH_ERROR: - return "Bad path for opendir error"; + XSTRNCPY(str, "Bad path for opendir error", max); + break; case BAD_CERT_MANAGER_ERROR: - return "Bad Cert Manager error"; + XSTRNCPY(str, "Bad Cert Manager error", max); + break; case OCSP_CERT_REVOKED: - return "OCSP Cert revoked"; + XSTRNCPY(str, "OCSP Cert revoked", max); + break; case CRL_CERT_REVOKED: - return "CRL Cert revoked"; + XSTRNCPY(str, "CRL Cert revoked", max); + break; case CRL_MISSING: - return "CRL missing, not loaded"; + XSTRNCPY(str, "CRL missing, not loaded", max); + break; case MONITOR_RUNNING_E: - return "CRL monitor already running"; + XSTRNCPY(str, "CRL monitor already running", max); + break; case THREAD_CREATE_E: - return "Thread creation problem"; + XSTRNCPY(str, "Thread creation problem", max); + break; case OCSP_NEED_URL: - return "OCSP need URL"; + XSTRNCPY(str, "OCSP need URL", max); + break; case OCSP_CERT_UNKNOWN: - return "OCSP Cert unknown"; + XSTRNCPY(str, "OCSP Cert unknown", max); + break; case OCSP_LOOKUP_FAIL: - return "OCSP Responder lookup fail"; + XSTRNCPY(str, "OCSP Responder lookup fail", max); + break; case MAX_CHAIN_ERROR: - return "Maximum Chain Depth Exceeded"; + XSTRNCPY(str, "Maximum Chain Depth Exceeded", max); + break; case COOKIE_ERROR: - return "DTLS Cookie Error"; + XSTRNCPY(str, "DTLS Cookie Error", max); + break; case SEQUENCE_ERROR: - return "DTLS Sequence Error"; + XSTRNCPY(str, "DTLS Sequence Error", max); + break; case SUITES_ERROR: - return "Suites Pointer Error"; + XSTRNCPY(str, "Suites Pointer Error", max); + break; case SSL_NO_PEM_HEADER: - return "No PEM Header Error"; + XSTRNCPY(str, "No PEM Header Error", max); + break; case OUT_OF_ORDER_E: - return "Out of order message, fatal"; + XSTRNCPY(str, "Out of order message, fatal", max); + break; case BAD_KEA_TYPE_E: - return "Bad KEA type found"; + XSTRNCPY(str, "Bad KEA type found", max); + break; case SANITY_CIPHER_E: - return "Sanity check on ciphertext failed"; + XSTRNCPY(str, "Sanity check on ciphertext failed", max); + break; case RECV_OVERFLOW_E: - return "Receive callback returned more than requested"; + XSTRNCPY(str, "Receive callback returned more than requested", max); + break; case GEN_COOKIE_E: - return "Generate Cookie Error"; + XSTRNCPY(str, "Generate Cookie Error", max); + break; case NO_PEER_VERIFY: - return "Need peer certificate verify Error"; + XSTRNCPY(str, "Need peer certificate verify Error", max); + break; case FWRITE_ERROR: - return "fwrite Error"; + XSTRNCPY(str, "fwrite Error", max); + break; case CACHE_MATCH_ERROR: - return "Cache restore header match Error"; + XSTRNCPY(str, "Cache restore header match Error", max); + break; case UNKNOWN_SNI_HOST_NAME_E: - return "Unrecognized host name Error"; + XSTRNCPY(str, "Unrecognized host name Error", max); + break; case KEYUSE_SIGNATURE_E: - return "Key Use digitalSignature not set Error"; + XSTRNCPY(str, "Key Use digitalSignature not set Error", max); + break; case KEYUSE_ENCIPHER_E: - return "Key Use keyEncipherment not set Error"; + XSTRNCPY(str, "Key Use keyEncipherment not set Error", max); + break; case EXTKEYUSE_AUTH_E: - return "Ext Key Use server/client auth not set Error"; + XSTRNCPY(str, "Ext Key Use server/client auth not set Error", max); + break; default : - return "unknown error number"; + XSTRNCPY(str, "unknown error number", max); } #endif /* NO_ERROR_STRINGS */ } -void SetErrorString(int error, char* str) -{ - XSTRNCPY(str, CyaSSL_ERR_reason_error_string(error), CYASSL_MAX_ERROR_SZ); -} /* be sure to add to cipher_name_idx too !!!! */ @@ -6648,34 +6846,6 @@ static const char* const cipher_names[] = "DHE-RSA-AES256-SHA", #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - "DHE-PSK-AES256-GCM-SHA384", -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - "DHE-PSK-AES128-GCM-SHA256", -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - "PSK-AES256-GCM-SHA384", -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - "PSK-AES128-GCM-SHA256", -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - "DHE-PSK-AES256-CBC-SHA384", -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - "DHE-PSK-AES128-CBC-SHA256", -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - "PSK-AES256-CBC-SHA384", -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256", #endif @@ -6688,22 +6858,6 @@ static const char* const cipher_names[] = "PSK-AES256-CBC-SHA", #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - "DHE-PSK-AES128-CCM", -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - "DHE-PSK-AES256-CCM", -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - "PSK-AES128-CCM", -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - "PSK-AES256-CCM", -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM-8", #endif @@ -6712,18 +6866,6 @@ static const char* const cipher_names[] = "PSK-AES256-CCM-8", #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - "DHE-PSK-NULL-SHA384", -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - "DHE-PSK-NULL-SHA256", -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - "PSK-NULL-SHA384", -#endif - #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256", #endif @@ -6980,6 +7122,18 @@ static const char* const cipher_names[] = "ECDH-ECDSA-AES256-SHA384", #endif +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 + "ECDHE-RSA-CHACHA20-256-POLY1305-SHA256", +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_CHACHA20_256_SHA + "ECDH-RSA-CHACHA20-256-SHA", +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_POLY1305 + "ECDH-RSA-RC4-128-POLY1305" +#endif + }; @@ -7024,34 +7178,6 @@ static int cipher_name_idx[] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA, #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - TLS_PSK_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - TLS_PSK_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - TLS_PSK_WITH_AES_256_CBC_SHA384, -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 TLS_PSK_WITH_AES_128_CBC_SHA256, #endif @@ -7064,22 +7190,6 @@ static int cipher_name_idx[] = TLS_PSK_WITH_AES_256_CBC_SHA, #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - TLS_DHE_PSK_WITH_AES_128_CCM, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - TLS_DHE_PSK_WITH_AES_256_CCM, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - TLS_PSK_WITH_AES_128_CCM, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - TLS_PSK_WITH_AES_256_CCM, -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 TLS_PSK_WITH_AES_128_CCM_8, #endif @@ -7088,18 +7198,6 @@ static int cipher_name_idx[] = TLS_PSK_WITH_AES_256_CCM_8, #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - TLS_DHE_PSK_WITH_NULL_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - TLS_DHE_PSK_WITH_NULL_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - TLS_PSK_WITH_NULL_SHA384, -#endif - #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 TLS_PSK_WITH_NULL_SHA256, #endif @@ -7353,7 +7451,23 @@ static int cipher_name_idx[] = #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, +#endif + +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_128_POLY1305_SHA256 + TLS_ECDHE_RSA_WITH_CHACHA20_128_POLY1305_SHA256, +#endif + +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 + TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256, +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_CHACHA20_256_SHA + TLS_ECDH_RSA_WITH_CHACHA20_256_SHA, +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_POLY1305_SHA + TLS_ECDH_RSA_WITH_RC4_128_POLY1305 #endif }; @@ -7400,8 +7514,12 @@ int SetCipherList(Suites* s, const char* list) for (i = 0; i < suiteSz; i++) if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) { - if (XSTRSTR(name, "EC") || XSTRSTR(name, "CCM")) - s->suites[idx++] = ECC_BYTE; /* ECC suite */ + if (XSTRSTR(name, "EC") || XSTRSTR(name, "CCM")) { + if (XSTRSTR(name, "CHACHA")) + s->suites[idx++] = CHACHA_BYTE; + else + s->suites[idx++] = ECC_BYTE; /* ECC suite */ + } else s->suites[idx++] = 0x00; /* normal */ s->suites[idx++] = (byte)cipher_name_idx[i]; @@ -8216,95 +8334,12 @@ static void PickHashSigAlgo(CYASSL* ssl, } #endif /* HAVE_ECC */ - #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) - if (ssl->specs.kea == dhe_psk_kea) { - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &length); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; - - XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx, - min(length, MAX_PSK_ID_LEN)); - - ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0; - *inOutIdx += length; - - /* p */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &length); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; - - ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap, - DYNAMIC_TYPE_DH); - - if (ssl->buffers.serverDH_P.buffer) - ssl->buffers.serverDH_P.length = length; - else - return MEMORY_ERROR; - - XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length); - *inOutIdx += length; - - /* g */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &length); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; - - ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap, - DYNAMIC_TYPE_DH); - - if (ssl->buffers.serverDH_G.buffer) - ssl->buffers.serverDH_G.length = length; - else - return MEMORY_ERROR; - - XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length); - *inOutIdx += length; - - /* pub */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &length); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; - - ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap, - DYNAMIC_TYPE_DH); - - if (ssl->buffers.serverDH_Pub.buffer) - ssl->buffers.serverDH_Pub.length = length; - else - return MEMORY_ERROR; - - XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); - *inOutIdx += length; - } - #endif /* OPENSSL_EXTRA || !NO_PSK */ - #if defined(OPENSSL_EXTRA) || defined(HAVE_ECC) - if (ssl->specs.kea == ecc_diffie_hellman_kea || - ssl->specs.kea == diffie_hellman_kea) { #ifndef NO_OLD_TLS - Md5 md5; - Sha sha; + Md5 md5; +// Poly1305 poly1305; + Sha sha; #endif #ifndef NO_SHA256 Sha256 sha256; @@ -8363,8 +8398,16 @@ static void PickHashSigAlgo(CYASSL* ssl, ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN); ShaUpdate(&sha, messageVerify, verifySz); ShaFinal(&sha, hash + MD5_DIGEST_SIZE); + #endif + /* poly1305 */ + InitMd5(&md5); + Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN); + Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN); + Md5Update(&md5, messageVerify, verifySz); + Md5Final(&md5, hash); + #ifndef NO_SHA256 ret = InitSha256(&sha256); if (ret != 0) @@ -8543,8 +8586,9 @@ static void PickHashSigAlgo(CYASSL* ssl, *inOutIdx += length; ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; + + return 0; } - return 0; #else /* HAVE_OPENSSL or HAVE_ECC */ return NOT_COMPILED_IN; /* not supported by build */ #endif /* HAVE_OPENSSL or HAVE_ECC */ @@ -8667,73 +8711,6 @@ static void PickHashSigAlgo(CYASSL* ssl, } break; #endif /* NO_PSK */ - #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) - case dhe_psk_kea: - { - byte* pms = ssl->arrays->preMasterSecret; - byte* es = encSecret; - buffer serverP = ssl->buffers.serverDH_P; - buffer serverG = ssl->buffers.serverDH_G; - buffer serverPub = ssl->buffers.serverDH_Pub; - byte priv[ENCRYPT_LEN]; - word32 privSz = 0; - word32 pubSz = 0; - word32 esSz = 0; - DhKey key; - - if (serverP.buffer == 0 || serverG.buffer == 0 || - serverPub.buffer == 0) - return NO_PEER_KEY; - - ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl, - ssl->arrays->server_hint, ssl->arrays->client_identity, - MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); - if (ssl->arrays->psk_keySz == 0 || - ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) - return PSK_KEY_ERROR; - esSz = (word32)XSTRLEN(ssl->arrays->client_identity); - - if (esSz > MAX_PSK_ID_LEN) - return CLIENT_ID_ERROR; - c16toa((word16)esSz, es); - es += OPAQUE16_LEN; - XMEMCPY(es, ssl->arrays->client_identity, esSz); - es += esSz; - encSz = esSz + OPAQUE16_LEN; - - InitDhKey(&key); - ret = DhSetKey(&key, serverP.buffer, serverP.length, - serverG.buffer, serverG.length); - if (ret == 0) - /* for DH, encSecret is Yc, agree is pre-master */ - ret = DhGenerateKeyPair(&key, ssl->rng, priv, &privSz, - es + OPAQUE16_LEN, &pubSz); - if (ret == 0) - ret = DhAgree(&key, pms + OPAQUE16_LEN, - &ssl->arrays->preMasterSz, priv, privSz, - serverPub.buffer, serverPub.length); - FreeDhKey(&key); - if (ret != 0) - return ret; - - c16toa((word16)pubSz, es); - encSz += pubSz + OPAQUE16_LEN; - c16toa((word16)ssl->arrays->preMasterSz, pms); - ssl->arrays->preMasterSz += OPAQUE16_LEN; - pms += ssl->arrays->preMasterSz; - - /* make psk pre master secret */ - /* length of key + length 0s + length of key + key */ - c16toa((word16)ssl->arrays->psk_keySz, pms); - pms += OPAQUE16_LEN; - XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); - ssl->arrays->preMasterSz += - ssl->arrays->psk_keySz + OPAQUE16_LEN; - XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); - ssl->arrays->psk_keySz = 0; /* No further need */ - } - break; - #endif /* OPENSSL_EXTRA && !NO_PSK */ #ifdef HAVE_NTRU case ntru_kea: { @@ -8754,18 +8731,18 @@ static void PickHashSigAlgo(CYASSL* ssl, if (ssl->peerNtruKeyPresent == 0) return NO_PEER_KEY; - rc = ntru_crypto_drbg_instantiate(MAX_NTRU_BITS, cyasslStr, - sizeof(cyasslStr), GetEntropy, - &drbg); + rc = crypto_drbg_instantiate(MAX_NTRU_BITS, cyasslStr, + sizeof(cyasslStr), GetEntropy, + &drbg); if (rc != DRBG_OK) return NTRU_DRBG_ERROR; - rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen, - ssl->peerNtruKey, - ssl->arrays->preMasterSz, - ssl->arrays->preMasterSecret, - &cipherLen, encSecret); - ntru_crypto_drbg_uninstantiate(drbg); + rc = crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen, + ssl->peerNtruKey, + ssl->arrays->preMasterSz, + ssl->arrays->preMasterSecret, + &cipherLen, encSecret); + crypto_drbg_uninstantiate(drbg); if (rc != NTRU_OK) return NTRU_ENCRYPT_ERROR; @@ -8833,8 +8810,7 @@ static void PickHashSigAlgo(CYASSL* ssl, if (ssl->options.tls || ssl->specs.kea == diffie_hellman_kea) tlsSz = 2; - if (ssl->specs.kea == ecc_diffie_hellman_kea || - ssl->specs.kea == dhe_psk_kea) /* always off */ + if (ssl->specs.kea == ecc_diffie_hellman_kea) /* always off */ tlsSz = 0; sendSz = encSz + tlsSz + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; @@ -9380,126 +9356,6 @@ static void PickHashSigAlgo(CYASSL* ssl, } #endif /*NO_PSK */ - #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) - if (ssl->specs.kea == dhe_psk_kea) { - byte *output; - word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - word32 hintLen; - int sendSz; - DhKey dhKey; - - if (ssl->buffers.serverDH_P.buffer == NULL || - ssl->buffers.serverDH_G.buffer == NULL) - return NO_DH_PARAMS; - - if (ssl->buffers.serverDH_Pub.buffer == NULL) { - ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( - ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, - DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Pub.buffer == NULL) - return MEMORY_E; - } - - if (ssl->buffers.serverDH_Priv.buffer == NULL) { - ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( - ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, - DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Priv.buffer == NULL) - return MEMORY_E; - } - - InitDhKey(&dhKey); - ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret == 0) - ret = DhGenerateKeyPair(&dhKey, ssl->rng, - ssl->buffers.serverDH_Priv.buffer, - &ssl->buffers.serverDH_Priv.length, - ssl->buffers.serverDH_Pub.buffer, - &ssl->buffers.serverDH_Pub.length); - FreeDhKey(&dhKey); - if (ret != 0) - return ret; - - length = LENGTH_SZ * 3 + /* p, g, pub */ - ssl->buffers.serverDH_P.length + - ssl->buffers.serverDH_G.length + - ssl->buffers.serverDH_Pub.length; - - /* include size part */ - hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); - if (hintLen > MAX_PSK_ID_LEN) - return SERVER_HINT_ERROR; - length += hintLen + HINT_LEN_SZ; - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; - - #ifdef CYASSL_DTLS - if (ssl->options.dtls) { - sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - } - #endif - /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) - return ret; - - /* get ouput buffer */ - output = ssl->buffers.outputBuffer.buffer + - ssl->buffers.outputBuffer.length; - - AddHeaders(output, length, server_key_exchange, ssl); - - /* key data */ - c16toa((word16)hintLen, output + idx); - idx += HINT_LEN_SZ; - XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen); - idx += hintLen; - - /* add p, g, pub */ - c16toa((word16)ssl->buffers.serverDH_P.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length); - idx += ssl->buffers.serverDH_P.length; - - /* g */ - c16toa((word16)ssl->buffers.serverDH_G.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - idx += ssl->buffers.serverDH_G.length; - - /* pub */ - c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer, - ssl->buffers.serverDH_Pub.length); - idx += ssl->buffers.serverDH_Pub.length; - - ret = HashOutput(ssl, output, sendSz, 0); - - if (ret != 0) - return ret; - - #ifdef CYASSL_CALLBACKS - if (ssl->hsInfoOn) - AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); - if (ssl->toInfoOn) - AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, - output, sendSz, ssl->heap); - #endif - - ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) - ret = 0; - else - ret = SendBuffered(ssl); - ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; - } - #endif /* OPENSSL_EXTRA && !NO_PSK */ - #ifdef HAVE_ECC if (ssl->specs.kea == ecc_diffie_hellman_kea) { @@ -10147,11 +10003,22 @@ static void PickHashSigAlgo(CYASSL* ssl, the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */ static int CipherRequires(byte first, byte second, int requirement) { + + if (first == CHACHA_BYTE) { + + switch (second) { + + case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + break; + } + } + /* ECC extensions */ if (first == ECC_BYTE) { switch (second) { - #ifndef NO_RSA case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : if (requirement == REQUIRES_RSA) @@ -10348,20 +10215,12 @@ static void PickHashSigAlgo(CYASSL* ssl, return 1; break; - case TLS_DHE_PSK_WITH_AES_128_CCM: - case TLS_DHE_PSK_WITH_AES_256_CCM: - if (requirement == REQUIRES_PSK) - return 1; - if (requirement == REQUIRES_DHE) - return 1; - break; - default: CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); return 0; } /* switch */ } /* if */ - if (first != ECC_BYTE) { /* normal suites */ + if (first != ECC_BYTE && first != CHACHA_BYTE) { /* normal suites */ switch (second) { #ifndef NO_RSA @@ -10427,31 +10286,15 @@ static void PickHashSigAlgo(CYASSL* ssl, break; #endif - case TLS_PSK_WITH_AES_128_GCM_SHA256 : - case TLS_PSK_WITH_AES_256_GCM_SHA384 : case TLS_PSK_WITH_AES_128_CBC_SHA256 : - case TLS_PSK_WITH_AES_256_CBC_SHA384 : case TLS_PSK_WITH_AES_128_CBC_SHA : case TLS_PSK_WITH_AES_256_CBC_SHA : - case TLS_PSK_WITH_NULL_SHA384 : case TLS_PSK_WITH_NULL_SHA256 : case TLS_PSK_WITH_NULL_SHA : if (requirement == REQUIRES_PSK) return 1; break; - case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : - case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : - case TLS_DHE_PSK_WITH_NULL_SHA384 : - case TLS_DHE_PSK_WITH_NULL_SHA256 : - if (requirement == REQUIRES_DHE) - return 1; - if (requirement == REQUIRES_PSK) - return 1; - break; - #ifndef NO_RSA case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : if (requirement == REQUIRES_RSA) @@ -11623,7 +11466,7 @@ static void PickHashSigAlgo(CYASSL* ssl, if ((*inOutIdx - begin) + cipherLen > size) return BUFFER_ERROR; - if (NTRU_OK != ntru_crypto_ntru_decrypt( + if (NTRU_OK != crypto_ntru_decrypt( (word16) ssl->buffers.key.length, ssl->buffers.key.buffer, cipherLen, input + *inOutIdx, &plainLen, @@ -11720,84 +11563,6 @@ static void PickHashSigAlgo(CYASSL* ssl, } break; #endif /* OPENSSL_EXTRA */ - #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) - case dhe_psk_kea: - { - byte* pms = ssl->arrays->preMasterSecret; - word16 clientSz; - DhKey dhKey; - - /* Read in the PSK hint */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &clientSz); - *inOutIdx += OPAQUE16_LEN; - if (clientSz > MAX_PSK_ID_LEN) - return CLIENT_ID_ERROR; - - if ((*inOutIdx - begin) + clientSz > size) - return BUFFER_ERROR; - - XMEMCPY(ssl->arrays->client_identity, - input + *inOutIdx, clientSz); - *inOutIdx += clientSz; - ssl->arrays->client_identity[min(clientSz, MAX_PSK_ID_LEN-1)] = - 0; - - /* Read in the DHE business */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &clientSz); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + clientSz > size) - return BUFFER_ERROR; - - InitDhKey(&dhKey); - ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret == 0) - ret = DhAgree(&dhKey, pms + OPAQUE16_LEN, - &ssl->arrays->preMasterSz, - ssl->buffers.serverDH_Priv.buffer, - ssl->buffers.serverDH_Priv.length, - input + *inOutIdx, clientSz); - FreeDhKey(&dhKey); - - *inOutIdx += clientSz; - c16toa((word16)ssl->arrays->preMasterSz, pms); - ssl->arrays->preMasterSz += OPAQUE16_LEN; - pms += ssl->arrays->preMasterSz; - - /* Use the PSK hint to look up the PSK and add it to the - * preMasterSecret here. */ - ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, - ssl->arrays->client_identity, ssl->arrays->psk_key, - MAX_PSK_KEY_LEN); - - if (ssl->arrays->psk_keySz == 0 || - ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) - return PSK_KEY_ERROR; - - c16toa((word16) ssl->arrays->psk_keySz, pms); - pms += OPAQUE16_LEN; - - XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); - ssl->arrays->preMasterSz += - ssl->arrays->psk_keySz + OPAQUE16_LEN; - if (ret == 0) - ret = MakeMasterSecret(ssl); - - /* No further need for PSK */ - XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); - ssl->arrays->psk_keySz = 0; - } - break; - #endif /* OPENSSL_EXTRA && !NO_PSK */ default: { CYASSL_MSG("Bad kea type"); diff --git a/src/keys.c b/src/keys.c index 130d118d5..704a0eb04 100644 --- a/src/keys.c +++ b/src/keys.c @@ -28,7 +28,7 @@ #include #include -#ifdef SHOW_SECRETS +#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) #ifdef FREESCALE_MQX #include #else @@ -46,13 +46,42 @@ int SetCipherSpecs(CYASSL* ssl) return UNSUPPORTED_SUITE; } } + + /* Chacha extensions, 0xcc */ + if (ssl->options.cipherSuite0 == CHACHA_BYTE) { + + switch (ssl->options.cipherSuite) { +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 + case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = cyassl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + + break; +#endif + + default: + CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha"); + return UNSUPPORTED_SUITE; + } + } + /* ECC extensions, or AES-CCM */ if (ssl->options.cipherSuite0 == ECC_BYTE) { switch (ssl->options.cipherSuite) { #ifdef HAVE_ECC - + #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -708,88 +737,13 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - case TLS_PSK_WITH_AES_128_CCM : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - case TLS_PSK_WITH_AES_256_CCM : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - case TLS_DHE_PSK_WITH_AES_128_CCM : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - case TLS_DHE_PSK_WITH_AES_256_CCM : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - default: CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC"); return UNSUPPORTED_SUITE; } /* switch */ } /* if */ - if (ssl->options.cipherSuite0 != ECC_BYTE) { /* normal suites */ + if (ssl->options.cipherSuite0 != ECC_BYTE && + ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */ switch (ssl->options.cipherSuite) { #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA @@ -1013,82 +967,6 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif -#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - case TLS_PSK_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - case TLS_PSK_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 case TLS_PSK_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -1107,60 +985,6 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - case TLS_PSK_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA case TLS_PSK_WITH_AES_128_CBC_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -1215,24 +1039,6 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - case TLS_PSK_WITH_NULL_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - #ifdef BUILD_TLS_PSK_WITH_NULL_SHA case TLS_PSK_WITH_NULL_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; @@ -1251,42 +1057,6 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - case TLS_DHE_PSK_WITH_NULL_SHA256 : - ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - case TLS_DHE_PSK_WITH_NULL_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -1529,6 +1299,10 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif + + + + #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_camellia; @@ -1771,7 +1545,62 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, dec->setup = 1; } #endif + +#ifdef HAVE_POLY1305 + /* set up memory space for poly1305 */ + if (enc->poly1305 == NULL) + enc->poly1305 = (Poly1305*)malloc(sizeof(Poly1305)); + if (enc->poly1305 == NULL) + return MEMORY_E; + if (dec->poly1305 == NULL) + dec->poly1305 = + (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER); + if (dec->poly1305 == NULL) + return MEMORY_E; +#endif +#ifdef HAVE_CHACHA + if (specs->bulk_cipher_algorithm == cyassl_chacha) { + int chachaRet; + if (enc->chacha == NULL) + enc->chacha = (ChaCha*)malloc(sizeof(ChaCha)); + if (enc->chacha == NULL) + return MEMORY_E; + if (dec->chacha == NULL) + dec->chacha = + (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER); + if (dec->chacha == NULL) + return MEMORY_E; + if (side == CYASSL_CLIENT_END) { + chachaRet = Chacha_SetKey(enc->chacha, keys->client_write_key, + specs->key_size); + XMEMCPY(keys->aead_enc_imp_IV, + keys->client_write_IV, AEAD_IMP_IV_SZ); + if (chachaRet != 0) return chachaRet; + chachaRet = Chacha_SetKey(dec->chacha, keys->server_write_key, + specs->key_size); + XMEMCPY(keys->aead_dec_imp_IV, + keys->server_write_IV, AEAD_IMP_IV_SZ); + if (chachaRet != 0) return chachaRet; + } + else { + chachaRet = Chacha_SetKey(enc->chacha, keys->server_write_key, + specs->key_size); + XMEMCPY(keys->aead_enc_imp_IV, + keys->server_write_IV, AEAD_IMP_IV_SZ); + if (chachaRet != 0) return chachaRet; + chachaRet = Chacha_SetKey(dec->chacha, keys->client_write_key, + specs->key_size); + XMEMCPY(keys->aead_dec_imp_IV, + keys->client_write_IV, AEAD_IMP_IV_SZ); + if (chachaRet != 0) return chachaRet; + } + + enc->setup = 1; + dec->setup = 1; + } +#endif + #ifdef HAVE_HC128 if (specs->bulk_cipher_algorithm == cyassl_hc128) { int hcRet; @@ -2103,7 +1932,9 @@ int StoreKeys(CYASSL* ssl, const byte* keyData) /* Initialize the AES-GCM/CCM explicit IV to a zero. */ XMEMSET(ssl->keys.aead_exp_IV, 0, AEAD_EXP_IV_SZ); } + #endif + return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs, ssl->options.side, ssl->heap, devId); @@ -2209,8 +2040,8 @@ static int MakeSslMasterSecret(CYASSL* ssl) XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz); for (i = 0; i < MASTER_ROUNDS; ++i) { - byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */ - if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */ + byte prefix[PREFIX]; + if (!SetPrefix(prefix, i)) { return PREFIX_ERROR; } diff --git a/src/sniffer.c b/src/sniffer.c index 2c6860c83..3596fc4e9 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1594,6 +1594,12 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) break; #endif + #ifdef BUILD_CHACHA + case cyassl_chacha: + Chacha_Process(ssl->decrypt.chacha, output, input, sz); + break; + #endif + #ifdef HAVE_CAMELLIA case cyassl_camellia: CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz); diff --git a/src/ssl.c b/src/ssl.c index cc4f0a121..3e9492b80 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -324,6 +324,9 @@ int CyaSSL_GetObjectSize(void) #endif #ifndef NO_RABBIT printf(" sizeof rabbit = %lu\n", sizeof(Rabbit)); +#endif +#ifdef HAVE_CHACHA + printf(" sizeof chacha = %lu\n", sizeof(Chacha)); #endif printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs)); printf("sizeof keys = %lu\n", sizeof(Keys)); @@ -8301,14 +8304,21 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) CYASSL_ENTER("SSL_CIPHER_get_name"); #ifndef NO_ERROR_STRINGS if (cipher) { -#if defined(HAVE_ECC) || defined(HAVE_AESCCM) - /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected, - * but the AES-CCM cipher suites also use it, even the ones that - * aren't ECC. */ + if (cipher->ssl->options.cipherSuite0 == CHACHA_BYTE) { + /* ChaCha suites */ + switch (cipher->ssl->options.cipherSuite) { +#ifdef HAVE_CHACHA + #ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 : + return "TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256"; + #endif +#endif + } + } +#ifdef HAVE_ECC if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) { /* ECC suites */ switch (cipher->ssl->options.cipherSuite) { -#ifdef HAVE_ECC #ifndef NO_RSA case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; @@ -8375,6 +8385,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) #ifndef NO_RSA case TLS_ECDH_RSA_WITH_RC4_128_SHA : return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; + #endif case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; @@ -8411,7 +8422,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; #endif -#endif /* HAVE_ECC */ #ifdef HAVE_AESCCM #ifndef NO_RSA @@ -8420,26 +8430,10 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) case TLS_RSA_WITH_AES_256_CCM_8 : return "TLS_RSA_WITH_AES_256_CCM_8"; #endif - #ifndef NO_PSK - case TLS_PSK_WITH_AES_128_CCM_8 : - return "TLS_PSK_WITH_AES_128_CCM_8"; - case TLS_PSK_WITH_AES_256_CCM_8 : - return "TLS_PSK_WITH_AES_256_CCM_8"; - case TLS_PSK_WITH_AES_128_CCM : - return "TLS_PSK_WITH_AES_128_CCM"; - case TLS_PSK_WITH_AES_256_CCM : - return "TLS_PSK_WITH_AES_256_CCM"; - case TLS_DHE_PSK_WITH_AES_128_CCM : - return "TLS_DHE_PSK_WITH_AES_128_CCM"; - case TLS_DHE_PSK_WITH_AES_256_CCM : - return "TLS_DHE_PSK_WITH_AES_256_CCM"; - #endif - #ifdef HAVE_ECC case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"; case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"; - #endif #endif default: @@ -8447,7 +8441,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) } } #endif /* ECC */ - if (cipher->ssl->options.cipherSuite0 != ECC_BYTE) { + if (cipher->ssl->options.cipherSuite0 != ECC_BYTE && cipher->ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */ switch (cipher->ssl->options.cipherSuite) { #ifndef NO_RSA @@ -8489,6 +8483,8 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_RSA_WITH_NULL_SHA256"; #endif /* NO_RSA */ #ifndef NO_PSK + case TLS_PSK_WITH_AES_128_CBC_SHA256 : + return "TLS_PSK_WITH_AES_128_CBC_SHA256"; #ifndef NO_SHA case TLS_PSK_WITH_AES_128_CBC_SHA : return "TLS_PSK_WITH_AES_128_CBC_SHA"; @@ -8496,36 +8492,14 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_PSK_WITH_AES_256_CBC_SHA"; #endif #ifndef NO_SHA256 - case TLS_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_PSK_WITH_AES_128_CBC_SHA256"; + #ifdef HAVE_AESCCM + case TLS_PSK_WITH_AES_128_CCM_8 : + return "TLS_PSK_WITH_AES_128_CCM_8"; + case TLS_PSK_WITH_AES_256_CCM_8 : + return "TLS_PSK_WITH_AES_256_CCM_8"; + #endif case TLS_PSK_WITH_NULL_SHA256 : return "TLS_PSK_WITH_NULL_SHA256"; - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"; - case TLS_DHE_PSK_WITH_NULL_SHA256 : - return "TLS_DHE_PSK_WITH_NULL_SHA256"; - #ifdef HAVE_AESGCM - case TLS_PSK_WITH_AES_128_GCM_SHA256 : - return "TLS_PSK_WITH_AES_128_GCM_SHA256"; - case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : - return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"; - #endif - #endif - #ifdef CYASSL_SHA384 - case TLS_PSK_WITH_AES_256_CBC_SHA384 : - return "TLS_PSK_WITH_AES_256_CBC_SHA384"; - case TLS_PSK_WITH_NULL_SHA384 : - return "TLS_PSK_WITH_NULL_SHA384"; - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : - return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"; - case TLS_DHE_PSK_WITH_NULL_SHA384 : - return "TLS_DHE_PSK_WITH_NULL_SHA384"; - #ifdef HAVE_AESGCM - case TLS_PSK_WITH_AES_256_GCM_SHA384 : - return "TLS_PSK_WITH_AES_256_GCM_SHA384"; - case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : - return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"; - #endif #endif #ifndef NO_SHA case TLS_PSK_WITH_NULL_SHA : diff --git a/src/tls.c b/src/tls.c index 420ea15ba..36195d934 100644 --- a/src/tls.c +++ b/src/tls.c @@ -23,13 +23,17 @@ #include #endif +#ifdef CHACHA_AEAD_TEST + #include +#endif + #include #include #include #include #include - +#include #ifndef NO_TLS @@ -481,6 +485,7 @@ int CyaSSL_GetHmacType(CYASSL* ssl) if (ssl == NULL) return BAD_FUNC_ARG; + printf("getting mac \n"); switch (ssl->specs.mac_algorithm) { #ifndef NO_MD5 case md5_mac: @@ -488,6 +493,13 @@ int CyaSSL_GetHmacType(CYASSL* ssl) return MD5; } #endif + #ifdef HAVE_POLY1305 + case poly1305_mac: + { + printf("poly1305 selected\n"); + return POLY1305; + } + #endif #ifndef NO_SHA256 case sha256_mac: { @@ -547,30 +559,31 @@ int CyaSSL_SetTlsHmacInner(CYASSL* ssl, byte* inner, word32 sz, int content, int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, int content, int verify) { - Hmac hmac; int ret; - byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; - + if (ssl == NULL) return BAD_FUNC_ARG; - CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); + Hmac hmac; + byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; - ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), + CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); + + ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); - if (ret != 0) - return ret; - ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); - if (ret != 0) - return ret; - ret = HmacUpdate(&hmac, in, sz); /* content */ - if (ret != 0) - return ret; - ret = HmacFinal(&hmac, digest); - if (ret != 0) - return ret; + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, in, sz); /* content */ + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, digest); + if (ret != 0) + return ret; - return 0; + return 0; } #ifdef HAVE_TLS_EXTENSIONS diff --git a/stdout.txt b/stdout.txt new file mode 100644 index 000000000..e81bd87b0 --- /dev/null +++ b/stdout.txt @@ -0,0 +1,10173 @@ +starting unit tests... + Begin API Tests + CyaSSL_Init(): passed + CyaSSLv3_server_method(): passed + CyaSSLv3_client_method(): passed + CyaTLSv1_server_method(): passed + CyaTLSv1_client_method(): passed + CyaTLSv1_1_server_method(): passed + CyaTLSv1_1_client_method(): passed + CyaTLSv1_2_server_method(): passed + CyaTLSv1_2_client_method(): passed + CyaSSLv23_client_method(): passed + CyaDTLSv1_server_method(): passed + CyaDTLSv1_client_method(): passed + CyaSSL_CTX_new(NULL): passed + CyaSSL_CTX_new(method): passed + CyaSSL_CTX_use_certificate_file(NULL, NULL, 9999): passed + CyaSSL_CTX_use_certificate_file(ctx, bogusFile, SSL_FILETYPE_PEM): passed + CyaSSL_CTX_use_certificate_file(ctx, svrCert, 9999): passed + CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM): passed + CyaSSL_CTX_use_PrivateKey_file(NULL, NULL, 9999): passed + CyaSSL_CTX_use_PrivateKey_file(ctx, bogusFile, SSL_FILETYPE_PEM): passed + CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, 9999): passed + CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM): passed + CyaSSL_CTX_load_verify_locations(NULL, NULL, NULL): passed + CyaSSL_CTX_load_verify_locations(ctx, NULL, NULL): passed + CyaSSL_CTX_load_verify_locations(ctx, NULL, NULL): passed + CyaSSL_CTX_load_verify_locations(ctx, caCert, bogusFile): passed + CyaSSL_CTX_load_verify_locations(ctx, caCert, 0): passed + CyaSSL_new(NULL) server: passed + CyaSSL_new(ctx_nocert) server: passed + CyaSSL_new(ctx) server: passed + CyaSSL_new(NULL) client: passed + CyaSSL_new(ctx_nocert) client: passed + CyaSSL_new(ctx) client: passed +getting mac +getting mac +getting mac +getting mac +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! + CyaSSL_Cleanup(): passed + End API Tests + Begin HASH Tests + MD5 test passed! + SHA test passed! + SHA-256 test passed! + HMAC-MD5 test passed! + HMAC-SHA test passed! + HMAC-SHA256 test passed! + End HASH Tests + Begin Cipher Suite Tests +starting default cipher suite tests +notice: using default file tests/test.conf +trying server command line[1]: SuiteTest -v 0 -l RC4-SHA +trying client command line[1]: SuiteTest -v 0 -l RC4-SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[2]: SuiteTest -v 0 -l RC4-SHA -N +trying client command line[2]: SuiteTest -v 0 -l RC4-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[3]: SuiteTest -v 0 -l RC4-SHA -d +trying client command line[3]: SuiteTest -v 0 -l RC4-SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[4]: SuiteTest -v 0 -l RC4-SHA -d -N +trying client command line[4]: SuiteTest -v 0 -l RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +Server response: I hear you fa shizzle! +trying server command line[5]: SuiteTest -v 0 -l RC4-MD5 +trying client command line[5]: SuiteTest -v 0 -l RC4-MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[6]: SuiteTest -v 0 -l RC4-MD5 -N +trying client command line[6]: SuiteTest -v 0 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +... server would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[7]: SuiteTest -v 0 -l RC4-MD5 -d +trying client command line[7]: SuiteTest -v 0 -l RC4-MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[8]: SuiteTest -v 0 -l RC4-MD5 -d -N +trying client command line[8]: SuiteTest -v 0 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +Server response: I hear you fa shizzle! +trying server command line[9]: SuiteTest -v 0 -l DES-CBC3-SHA +trying client command line[9]: SuiteTest -v 0 -l DES-CBC3-SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[10]: SuiteTest -v 0 -l DES-CBC3-SHA -N +trying client command line[10]: SuiteTest -v 0 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... client would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[11]: SuiteTest -v 0 -l DES-CBC3-SHA -d +trying client command line[11]: SuiteTest -v 0 -l DES-CBC3-SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[12]: SuiteTest -v 0 -l DES-CBC3-SHA -d -N +trying client command line[12]: SuiteTest -v 0 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +Server response: I hear you fa shizzle! +trying server command line[13]: SuiteTest -v 1 -l RC4-SHA +trying client command line[13]: SuiteTest -v 1 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[14]: SuiteTest -v 1 -l RC4-SHA -N +trying client command line[14]: SuiteTest -v 1 -l RC4-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[15]: SuiteTest -v 1 -l RC4-SHA -d +trying client command line[15]: SuiteTest -v 1 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[16]: SuiteTest -v 1 -l RC4-SHA -d -N +trying client command line[16]: SuiteTest -v 1 -l RC4-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[17]: SuiteTest -v 1 -l RC4-MD5 +trying client command line[17]: SuiteTest -v 1 -l RC4-MD5 +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with non blocking on +trying server command line[18]: SuiteTest -v 1 -l RC4-MD5 -N +trying client command line[18]: SuiteTest -v 1 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[19]: SuiteTest -v 1 -l RC4-MD5 -d +trying client command line[19]: SuiteTest -v 1 -l RC4-MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[20]: SuiteTest -v 1 -l RC4-MD5 -d -N +trying client command line[20]: SuiteTest -v 1 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[21]: SuiteTest -v 1 -l DES-CBC3-SHA +trying client command line[21]: SuiteTest -v 1 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[22]: SuiteTest -v 1 -l DES-CBC3-SHA -N +trying client command line[22]: SuiteTest -v 1 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[23]: SuiteTest -v 1 -l DES-CBC3-SHA -d +trying client command line[23]: SuiteTest -v 1 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[24]: SuiteTest -v 1 -l DES-CBC3-SHA -d -N +trying client command line[24]: SuiteTest -v 1 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[25]: SuiteTest -v 1 -l AES128-SHA +trying client command line[25]: SuiteTest -v 1 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[26]: SuiteTest -v 1 -l AES128-SHA -N +trying client command line[26]: SuiteTest -v 1 -l AES128-SHA -N +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[27]: SuiteTest -v 1 -l AES128-SHA -d +trying client command line[27]: SuiteTest -v 1 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[28]: SuiteTest -v 1 -l AES128-SHA -d -N +trying client command line[28]: SuiteTest -v 1 -l AES128-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[29]: SuiteTest -v 1 -l AES256-SHA +trying client command line[29]: SuiteTest -v 1 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[30]: SuiteTest -v 1 -l AES256-SHA -N +trying client command line[30]: SuiteTest -v 1 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[31]: SuiteTest -v 1 -l AES256-SHA -d +trying client command line[31]: SuiteTest -v 1 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[32]: SuiteTest -v 1 -l AES256-SHA -d -N +trying client command line[32]: SuiteTest -v 1 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[33]: SuiteTest -v 1 -l AES128-SHA256 +trying client command line[33]: SuiteTest -v 1 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[34]: SuiteTest -v 1 -l AES128-SHA256 -N +trying client command line[34]: SuiteTest -v 1 -l AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[35]: SuiteTest -v 1 -l AES128-SHA256 -d +trying client command line[35]: SuiteTest -v 1 -l AES128-SHA256 +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[36]: SuiteTest -v 1 -l AES128-SHA256 -d -N +trying client command line[36]: SuiteTest -v 1 -l AES128-SHA256 -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[37]: SuiteTest -v 1 -l AES256-SHA256 +trying client command line[37]: SuiteTest -v 1 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[38]: SuiteTest -v 1 -l AES256-SHA256 -N +trying client command line[38]: SuiteTest -v 1 -l AES256-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[39]: SuiteTest -v 1 -l AES256-SHA256 -d +trying client command line[39]: SuiteTest -v 1 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[40]: SuiteTest -v 1 -l AES256-SHA256 -d -N +trying client command line[40]: SuiteTest -v 1 -l AES256-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[41]: SuiteTest -v 2 -l RC4-SHA +trying client command line[41]: SuiteTest -v 2 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[42]: SuiteTest -v 2 -l RC4-SHA -N +trying client command line[42]: SuiteTest -v 2 -l RC4-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[43]: SuiteTest -v 2 -l RC4-SHA -d +trying client command line[43]: SuiteTest -v 2 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[44]: SuiteTest -v 2 -l RC4-SHA -d -N +trying client command line[44]: SuiteTest -v 2 -l RC4-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[45]: SuiteTest -v 2 -l RC4-MD5 +trying client command line[45]: SuiteTest -v 2 -l RC4-MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[46]: SuiteTest -v 2 -l RC4-MD5 -N +trying client command line[46]: SuiteTest -v 2 -l RC4-MD5 -N +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[47]: SuiteTest -v 2 -l RC4-MD5 -d +trying client command line[47]: SuiteTest -v 2 -l RC4-MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[48]: SuiteTest -v 2 -l RC4-MD5 -d -N +trying client command line[48]: SuiteTest -v 2 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[49]: SuiteTest -v 2 -l DES-CBC3-SHA +trying client command line[49]: SuiteTest -v 2 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[50]: SuiteTest -v 2 -l DES-CBC3-SHA -N +trying client command line[50]: SuiteTest -v 2 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[51]: SuiteTest -v 2 -l DES-CBC3-SHA -d +trying client command line[51]: SuiteTest -v 2 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[52]: SuiteTest -v 2 -l DES-CBC3-SHA -d -N +trying client command line[52]: SuiteTest -v 2 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[53]: SuiteTest -v 2 -l AES128-SHA +trying client command line[53]: SuiteTest -v 2 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[54]: SuiteTest -v 2 -l AES128-SHA -N +trying client command line[54]: SuiteTest -v 2 -l AES128-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[55]: SuiteTest -v 2 -l AES128-SHA -d +trying client command line[55]: SuiteTest -v 2 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[56]: SuiteTest -v 2 -l AES128-SHA -d -N +trying client command line[56]: SuiteTest -v 2 -l AES128-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[57]: SuiteTest -v 2 -l AES256-SHA +trying client command line[57]: SuiteTest -v 2 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[58]: SuiteTest -v 2 -l AES256-SHA -N +trying client command line[58]: SuiteTest -v 2 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[59]: SuiteTest -v 2 -l AES256-SHA -d +trying client command line[59]: SuiteTest -v 2 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[60]: SuiteTest -v 2 -l AES256-SHA -d -N +trying client command line[60]: SuiteTest -v 2 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[61]: SuiteTest -v 2 -l AES128-SHA256 +trying client command line[61]: SuiteTest -v 2 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[62]: SuiteTest -v 2 -l AES128-SHA256 -N +trying client command line[62]: SuiteTest -v 2 -l AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[63]: SuiteTest -v 2 -l AES128-SHA256 -d +trying client command line[63]: SuiteTest -v 2 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[64]: SuiteTest -v 2 -l AES128-SHA256 -d -N +trying client command line[64]: SuiteTest -v 2 -l AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[65]: SuiteTest -v 2 -l AES256-SHA256 +trying client command line[65]: SuiteTest -v 2 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[66]: SuiteTest -v 2 -l AES256-SHA256 -N +trying client command line[66]: SuiteTest -v 2 -l AES256-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[67]: SuiteTest -v 2 -l AES256-SHA256 -d +trying client command line[67]: SuiteTest -v 2 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[68]: SuiteTest -v 2 -l AES256-SHA256 -d -N +trying client command line[68]: SuiteTest -v 2 -l AES256-SHA256 -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[69]: SuiteTest -v 3 -l RC4-SHA +trying client command line[69]: SuiteTest -v 3 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[70]: SuiteTest -v 3 -l RC4-SHA -N +trying client command line[70]: SuiteTest -v 3 -l RC4-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[71]: SuiteTest -v 3 -l RC4-SHA -d +trying client command line[71]: SuiteTest -v 3 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[72]: SuiteTest -v 3 -l RC4-SHA -d -N +trying client command line[72]: SuiteTest -v 3 -l RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[73]: SuiteTest -v 3 -l RC4-MD5 +trying client command line[73]: SuiteTest -v 3 -l RC4-MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[74]: SuiteTest -v 3 -l RC4-MD5 -N +trying client command line[74]: SuiteTest -v 3 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[75]: SuiteTest -v 3 -l RC4-MD5 -d +trying client command line[75]: SuiteTest -v 3 -l RC4-MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[76]: SuiteTest -v 3 -l RC4-MD5 -d -N +trying client command line[76]: SuiteTest -v 3 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[77]: SuiteTest -v 3 -l DES-CBC3-SHA +trying client command line[77]: SuiteTest -v 3 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[78]: SuiteTest -v 3 -l DES-CBC3-SHA -N +trying client command line[78]: SuiteTest -v 3 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[79]: SuiteTest -v 3 -l DES-CBC3-SHA -d +trying client command line[79]: SuiteTest -v 3 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[80]: SuiteTest -v 3 -l DES-CBC3-SHA -d -N +trying client command line[80]: SuiteTest -v 3 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[81]: SuiteTest -v 3 -l AES128-SHA +trying client command line[81]: SuiteTest -v 3 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[82]: SuiteTest -v 3 -l AES128-SHA -N +trying client command line[82]: SuiteTest -v 3 -l AES128-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[83]: SuiteTest -v 3 -l AES128-SHA -d +trying client command line[83]: SuiteTest -v 3 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[84]: SuiteTest -v 3 -l AES128-SHA -d -N +trying client command line[84]: SuiteTest -v 3 -l AES128-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[85]: SuiteTest -v 3 -l AES256-SHA +trying client command line[85]: SuiteTest -v 3 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[86]: SuiteTest -v 3 -l AES256-SHA -N +trying client command line[86]: SuiteTest -v 3 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[87]: SuiteTest -v 3 -l AES256-SHA -d +trying client command line[87]: SuiteTest -v 3 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[88]: SuiteTest -v 3 -l AES256-SHA -d -N +trying client command line[88]: SuiteTest -v 3 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[89]: SuiteTest -v 3 -l AES128-SHA256 +trying client command line[89]: SuiteTest -v 3 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[90]: SuiteTest -v 3 -l AES128-SHA256 -N +trying client command line[90]: SuiteTest -v 3 -l AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[91]: SuiteTest -v 3 -l AES128-SHA256 -d +trying client command line[91]: SuiteTest -v 3 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[92]: SuiteTest -v 3 -l AES128-SHA256 -d -N +trying client command line[92]: SuiteTest -v 3 -l AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[93]: SuiteTest -v 3 -l AES256-SHA256 +trying client command line[93]: SuiteTest -v 3 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[94]: SuiteTest -v 3 -l AES256-SHA256 -N +trying client command line[94]: SuiteTest -v 3 -l AES256-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[95]: SuiteTest -v 3 -l AES256-SHA256 -d +trying client command line[95]: SuiteTest -v 3 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[96]: SuiteTest -v 3 -l AES256-SHA256 -d -N +trying client command line[96]: SuiteTest -v 3 -l AES256-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[97]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA +trying client command line[97]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[98]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -N +trying client command line[98]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[99]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -d +trying client command line[99]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[100]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -d -N +trying client command line[100]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[101]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA +trying client command line[101]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[102]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -N +trying client command line[102]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[103]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -d +trying client command line[103]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[104]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -d -N +trying client command line[104]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[105]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA +trying client command line[105]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with non blocking on +trying server command line[106]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -N +trying client command line[106]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[107]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -d +trying client command line[107]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[108]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -d -N +trying client command line[108]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +getting mac +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[109]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA +trying client command line[109]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[110]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -N +trying client command line[110]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[111]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -d +trying client command line[111]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[112]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -d -N +trying client command line[112]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[113]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA +trying client command line[113]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[114]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -N +trying client command line[114]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[115]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -d +trying client command line[115]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[116]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -d -N +trying client command line[116]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[117]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA +trying client command line[117]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[118]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +trying client command line[118]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[119]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d +trying client command line[119]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[120]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d -N +trying client command line[120]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[121]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA +trying client command line[121]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[122]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -N +trying client command line[122]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[123]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -d +trying client command line[123]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[124]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -d -N +trying client command line[124]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[125]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA +trying client command line[125]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[126]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -N +trying client command line[126]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[127]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -d +trying client command line[127]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[128]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -d -N +trying client command line[128]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[129]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA +trying client command line[129]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[130]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -N +trying client command line[130]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[131]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -d +trying client command line[131]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[132]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -d -N +trying client command line[132]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[133]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA +trying client command line[133]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[134]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +trying client command line[134]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[135]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d +trying client command line[135]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[136]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d -N +trying client command line[136]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[137]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA +trying client command line[137]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[138]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -N +trying client command line[138]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[139]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -d +trying client command line[139]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[140]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -d -N +trying client command line[140]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[141]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 +trying client command line[141]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[142]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -N +trying client command line[142]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[143]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -d +trying client command line[143]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[144]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -d -N +trying client command line[144]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[145]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA +trying client command line[145]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[146]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -N +trying client command line[146]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[147]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -d +trying client command line[147]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[148]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -d -N +trying client command line[148]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[149]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[149]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with non blocking on +trying server command line[150]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[150]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[151]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[151]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[152]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[152]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +getting mac +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[153]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[153]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[154]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[154]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[155]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[155]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[156]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[156]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[157]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[157]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[158]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[158]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[159]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[159]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[160]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[160]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[161]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[161]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[162]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[162]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[163]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[163]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[164]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[164]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[165]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[165]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[166]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[166]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[167]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[167]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[168]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[168]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[169]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[169]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[170]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[170]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[171]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[171]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[172]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[172]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[173]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[173]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[174]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[174]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[175]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[175]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[176]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[176]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[177]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[177]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[178]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[178]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[179]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[179]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[180]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[180]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[181]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[181]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[182]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[182]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[183]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[183]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[184]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[184]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[185]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[185]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[186]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[186]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[187]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[187]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[188]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[188]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[189]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[189]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[190]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[190]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[191]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[191]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[192]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[192]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[193]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[193]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[194]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[194]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[195]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[195]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[196]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[196]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[197]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[197]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[198]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[198]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[199]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[199]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[200]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[200]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[201]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[201]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[202]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[202]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[203]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[203]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[204]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[204]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[205]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[205]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[206]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[206]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[207]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[207]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[208]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[208]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[209]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[209]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[210]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[210]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[211]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[211]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[212]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[212]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[213]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[213]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[214]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[214]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[215]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[215]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[216]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[216]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[217]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[217]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[218]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[218]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[219]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[219]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[220]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[220]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[221]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[221]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[222]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[222]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[223]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[223]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[224]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[224]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[225]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[225]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with non blocking on +trying server command line[226]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[226]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[227]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[227]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[228]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[228]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[229]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[229]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[230]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[230]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[231]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[231]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[232]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[232]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[233]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[233]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[234]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[234]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[235]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[235]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[236]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[236]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[237]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[237]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[238]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[238]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[239]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[239]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[240]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[240]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[241]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[241]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[242]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[242]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[243]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[243]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[244]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[244]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[245]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[245]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[246]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[246]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[247]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[247]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[248]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[248]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[249]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[249]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[250]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[250]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[251]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[251]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[252]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[252]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[253]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[253]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[254]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[254]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[255]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[255]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[256]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[256]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[257]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[257]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[258]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[258]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[259]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[259]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[260]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[260]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[261]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[261]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[262]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[262]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[263]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[263]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[264]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[264]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[265]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[265]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[266]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[266]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[267]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[267]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[268]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[268]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[269]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[269]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[270]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[270]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[271]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[271]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[272]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[272]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[273]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[273]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[274]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[274]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[275]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[275]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[276]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[276]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[277]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[277]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[278]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[278]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[279]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[279]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[280]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[280]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[281]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[281]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with non blocking on +trying server command line[282]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[282]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +trying server command line[283]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[283]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[284]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[284]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[285]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[285]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[286]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[286]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[287]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[287]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[288]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[288]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[289]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[289]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[290]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[290]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +getting mac +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[291]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[291]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[292]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[292]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[293]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[293]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[294]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[294]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[295]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[295]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[296]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[296]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[297]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[297]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[298]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[298]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[299]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[299]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[300]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[300]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[301]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[301]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[302]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[302]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[303]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[303]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[304]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[304]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +starting dtls extra cipher suite tests +trying server command line[305]: SuiteTest -u -v 2 -l RC4-SHA +trying client command line[305]: SuiteTest -u -v 2 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[306]: SuiteTest -u -v 2 -l RC4-SHA -N +trying client command line[306]: SuiteTest -u -v 2 -l RC4-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[307]: SuiteTest -u -v 2 -l RC4-SHA -d +trying client command line[307]: SuiteTest -u -v 2 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[308]: SuiteTest -u -v 2 -l RC4-SHA -d -N +trying client command line[308]: SuiteTest -u -v 2 -l RC4-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[309]: SuiteTest -u -v 3 -l RC4-SHA +trying client command line[309]: SuiteTest -u -v 3 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[310]: SuiteTest -u -v 3 -l RC4-SHA -N +trying client command line[310]: SuiteTest -u -v 3 -l RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[311]: SuiteTest -u -v 3 -l RC4-SHA -d +trying client command line[311]: SuiteTest -u -v 3 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[312]: SuiteTest -u -v 3 -l RC4-SHA -d -N +trying client command line[312]: SuiteTest -u -v 3 -l RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[313]: SuiteTest -u -v 2 -l DES-CBC3-SHA +trying client command line[313]: SuiteTest -u -v 2 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[314]: SuiteTest -u -v 2 -l DES-CBC3-SHA -N +trying client command line[314]: SuiteTest -u -v 2 -l DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[315]: SuiteTest -u -v 2 -l DES-CBC3-SHA -d +trying client command line[315]: SuiteTest -u -v 2 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[316]: SuiteTest -u -v 2 -l DES-CBC3-SHA -d -N +trying client command line[316]: SuiteTest -u -v 2 -l DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[317]: SuiteTest -u -v 3 -l DES-CBC3-SHA +trying client command line[317]: SuiteTest -u -v 3 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[318]: SuiteTest -u -v 3 -l DES-CBC3-SHA -N +trying client command line[318]: SuiteTest -u -v 3 -l DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[319]: SuiteTest -u -v 3 -l DES-CBC3-SHA -d +trying client command line[319]: SuiteTest -u -v 3 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[320]: SuiteTest -u -v 3 -l DES-CBC3-SHA -d -N +trying client command line[320]: SuiteTest -u -v 3 -l DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[321]: SuiteTest -u -v 2 -l AES128-SHA +trying client command line[321]: SuiteTest -u -v 2 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[322]: SuiteTest -u -v 2 -l AES128-SHA -N +trying client command line[322]: SuiteTest -u -v 2 -l AES128-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[323]: SuiteTest -u -v 2 -l AES128-SHA -d +trying client command line[323]: SuiteTest -u -v 2 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[324]: SuiteTest -u -v 2 -l AES128-SHA -d -N +trying client command line[324]: SuiteTest -u -v 2 -l AES128-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[325]: SuiteTest -u -v 3 -l AES128-SHA +trying client command line[325]: SuiteTest -u -v 3 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[326]: SuiteTest -u -v 3 -l AES128-SHA -N +trying client command line[326]: SuiteTest -u -v 3 -l AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[327]: SuiteTest -u -v 3 -l AES128-SHA -d +trying client command line[327]: SuiteTest -u -v 3 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[328]: SuiteTest -u -v 3 -l AES128-SHA -d -N +trying client command line[328]: SuiteTest -u -v 3 -l AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[329]: SuiteTest -u -v 2 -l AES256-SHA +trying client command line[329]: SuiteTest -u -v 2 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[330]: SuiteTest -u -v 2 -l AES256-SHA -N +trying client command line[330]: SuiteTest -u -v 2 -l AES256-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[331]: SuiteTest -u -v 2 -l AES256-SHA -d +trying client command line[331]: SuiteTest -u -v 2 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[332]: SuiteTest -u -v 2 -l AES256-SHA -d -N +trying client command line[332]: SuiteTest -u -v 2 -l AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[333]: SuiteTest -u -v 3 -l AES256-SHA +trying client command line[333]: SuiteTest -u -v 3 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[334]: SuiteTest -u -v 3 -l AES256-SHA -N +trying client command line[334]: SuiteTest -u -v 3 -l AES256-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[335]: SuiteTest -u -v 3 -l AES256-SHA -d +trying client command line[335]: SuiteTest -u -v 3 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[336]: SuiteTest -u -v 3 -l AES256-SHA -d -N +trying client command line[336]: SuiteTest -u -v 3 -l AES256-SHA -N +... client would read block +... server would read block +... server would read block +... client would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[337]: SuiteTest -u -v 2 -l AES128-SHA256 +trying client command line[337]: SuiteTest -u -v 2 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[338]: SuiteTest -u -v 2 -l AES128-SHA256 -N +trying client command line[338]: SuiteTest -u -v 2 -l AES128-SHA256 -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[339]: SuiteTest -u -v 2 -l AES128-SHA256 -d +trying client command line[339]: SuiteTest -u -v 2 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[340]: SuiteTest -u -v 2 -l AES128-SHA256 -d -N +trying client command line[340]: SuiteTest -u -v 2 -l AES128-SHA256 -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[341]: SuiteTest -u -v 3 -l AES128-SHA256 +trying client command line[341]: SuiteTest -u -v 3 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[342]: SuiteTest -u -v 3 -l AES128-SHA256 -N +trying client command line[342]: SuiteTest -u -v 3 -l AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[343]: SuiteTest -u -v 3 -l AES128-SHA256 -d +trying client command line[343]: SuiteTest -u -v 3 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[344]: SuiteTest -u -v 3 -l AES128-SHA256 -d -N +trying client command line[344]: SuiteTest -u -v 3 -l AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[345]: SuiteTest -u -v 2 -l AES256-SHA256 +trying client command line[345]: SuiteTest -u -v 2 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[346]: SuiteTest -u -v 2 -l AES256-SHA256 -N +trying client command line[346]: SuiteTest -u -v 2 -l AES256-SHA256 -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[347]: SuiteTest -u -v 2 -l AES256-SHA256 -d +trying client command line[347]: SuiteTest -u -v 2 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[348]: SuiteTest -u -v 2 -l AES256-SHA256 -d -N +trying client command line[348]: SuiteTest -u -v 2 -l AES256-SHA256 -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[349]: SuiteTest -u -v 3 -l AES256-SHA256 +trying client command line[349]: SuiteTest -u -v 3 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[350]: SuiteTest -u -v 3 -l AES256-SHA256 -N +trying client command line[350]: SuiteTest -u -v 3 -l AES256-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[351]: SuiteTest -u -v 3 -l AES256-SHA256 -d +trying client command line[351]: SuiteTest -u -v 3 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[352]: SuiteTest -u -v 3 -l AES256-SHA256 -d -N +trying client command line[352]: SuiteTest -u -v 3 -l AES256-SHA256 -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[353]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA +trying client command line[353]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[354]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -N +trying client command line[354]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[355]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -d +trying client command line[355]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[356]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -d -N +trying client command line[356]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[357]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA +trying client command line[357]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[358]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +trying client command line[358]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[359]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d +trying client command line[359]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[360]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d -N +trying client command line[360]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[361]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA +trying client command line[361]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[362]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -N +trying client command line[362]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[363]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -d +trying client command line[363]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[364]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -d -N +trying client command line[364]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[365]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA +trying client command line[365]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[366]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -N +trying client command line[366]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[367]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -d +trying client command line[367]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[368]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -d -N +trying client command line[368]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[369]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA +trying client command line[369]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[370]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -N +trying client command line[370]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[371]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -d +trying client command line[371]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[372]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -d -N +trying client command line[372]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[373]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA +trying client command line[373]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[374]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +trying client command line[374]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[375]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d +trying client command line[375]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[376]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d -N +trying client command line[376]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[377]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA +trying client command line[377]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[378]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -N +trying client command line[378]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[379]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -d +trying client command line[379]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[380]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -d -N +trying client command line[380]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[381]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 +trying client command line[381]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[382]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -N +trying client command line[382]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[383]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -d +trying client command line[383]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[384]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -d -N +trying client command line[384]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[385]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA +trying client command line[385]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[386]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -N +trying client command line[386]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[387]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -d +trying client command line[387]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[388]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -d -N +trying client command line[388]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[389]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[389]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[390]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[390]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[391]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[391]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[392]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[392]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[393]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[393]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[394]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[394]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[395]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[395]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[396]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[396]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[397]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[397]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[398]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[398]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[399]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[399]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[400]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[400]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[401]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[401]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[402]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[402]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[403]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[403]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[404]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[404]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[405]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[405]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[406]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[406]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[407]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[407]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[408]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[408]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[409]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[409]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[410]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[410]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[411]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[411]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[412]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[412]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[413]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[413]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[414]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[414]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[415]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[415]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[416]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[416]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[417]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[417]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[418]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[418]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[419]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[419]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[420]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[420]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[421]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[421]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[422]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[422]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[423]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[423]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[424]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[424]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[425]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[425]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[426]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[426]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[427]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[427]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[428]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[428]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[429]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[429]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[430]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[430]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[431]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[431]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[432]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[432]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[433]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[433]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[434]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[434]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[435]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[435]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[436]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[436]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[437]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[437]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[438]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[438]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[439]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[439]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[440]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[440]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[441]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[441]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[442]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[442]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[443]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[443]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[444]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[444]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[445]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[445]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[446]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[446]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[447]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[447]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[448]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[448]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[449]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[449]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[450]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[450]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[451]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[451]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[452]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[452]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[453]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[453]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[454]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[454]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[455]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[455]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[456]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[456]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[457]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[457]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[458]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[458]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[459]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[459]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[460]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[460]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[461]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[461]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[462]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[462]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[463]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[463]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[464]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[464]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[465]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[465]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[466]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[466]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[467]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[467]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[468]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[468]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[469]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[469]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[470]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[470]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[471]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[471]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[472]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[472]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[473]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[473]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[474]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[474]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[475]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[475]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[476]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[476]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[477]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[477]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[478]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[478]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[479]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[479]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[480]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[480]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[481]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[481]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[482]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[482]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[483]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[483]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[484]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[484]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[485]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[485]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[486]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[486]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[487]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[487]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[488]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[488]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[489]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[489]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[490]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[490]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[491]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[491]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[492]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[492]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[493]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[493]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[494]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[494]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[495]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[495]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[496]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[496]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! + End Cipher Suite Tests From bcb31dcb4b662c861c807801b5d3695a49e89ca6 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 1 Jul 2014 14:18:21 -0600 Subject: [PATCH 02/21] progress on suite --- stdout.txt | 10173 --------------------------------------------------- 1 file changed, 10173 deletions(-) delete mode 100644 stdout.txt diff --git a/stdout.txt b/stdout.txt deleted file mode 100644 index e81bd87b0..000000000 --- a/stdout.txt +++ /dev/null @@ -1,10173 +0,0 @@ -starting unit tests... - Begin API Tests - CyaSSL_Init(): passed - CyaSSLv3_server_method(): passed - CyaSSLv3_client_method(): passed - CyaTLSv1_server_method(): passed - CyaTLSv1_client_method(): passed - CyaTLSv1_1_server_method(): passed - CyaTLSv1_1_client_method(): passed - CyaTLSv1_2_server_method(): passed - CyaTLSv1_2_client_method(): passed - CyaSSLv23_client_method(): passed - CyaDTLSv1_server_method(): passed - CyaDTLSv1_client_method(): passed - CyaSSL_CTX_new(NULL): passed - CyaSSL_CTX_new(method): passed - CyaSSL_CTX_use_certificate_file(NULL, NULL, 9999): passed - CyaSSL_CTX_use_certificate_file(ctx, bogusFile, SSL_FILETYPE_PEM): passed - CyaSSL_CTX_use_certificate_file(ctx, svrCert, 9999): passed - CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM): passed - CyaSSL_CTX_use_PrivateKey_file(NULL, NULL, 9999): passed - CyaSSL_CTX_use_PrivateKey_file(ctx, bogusFile, SSL_FILETYPE_PEM): passed - CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, 9999): passed - CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM): passed - CyaSSL_CTX_load_verify_locations(NULL, NULL, NULL): passed - CyaSSL_CTX_load_verify_locations(ctx, NULL, NULL): passed - CyaSSL_CTX_load_verify_locations(ctx, NULL, NULL): passed - CyaSSL_CTX_load_verify_locations(ctx, caCert, bogusFile): passed - CyaSSL_CTX_load_verify_locations(ctx, caCert, 0): passed - CyaSSL_new(NULL) server: passed - CyaSSL_new(ctx_nocert) server: passed - CyaSSL_new(ctx) server: passed - CyaSSL_new(NULL) client: passed - CyaSSL_new(ctx_nocert) client: passed - CyaSSL_new(ctx) client: passed -getting mac -getting mac -getting mac -getting mac -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! - CyaSSL_Cleanup(): passed - End API Tests - Begin HASH Tests - MD5 test passed! - SHA test passed! - SHA-256 test passed! - HMAC-MD5 test passed! - HMAC-SHA test passed! - HMAC-SHA256 test passed! - End HASH Tests - Begin Cipher Suite Tests -starting default cipher suite tests -notice: using default file tests/test.conf -trying server command line[1]: SuiteTest -v 0 -l RC4-SHA -trying client command line[1]: SuiteTest -v 0 -l RC4-SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -Client message: hello cyassl! -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[2]: SuiteTest -v 0 -l RC4-SHA -N -trying client command line[2]: SuiteTest -v 0 -l RC4-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... client would read block -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[3]: SuiteTest -v 0 -l RC4-SHA -d -trying client command line[3]: SuiteTest -v 0 -l RC4-SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -Client message: hello cyassl! -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[4]: SuiteTest -v 0 -l RC4-SHA -d -N -trying client command line[4]: SuiteTest -v 0 -l RC4-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -Server response: I hear you fa shizzle! -trying server command line[5]: SuiteTest -v 0 -l RC4-MD5 -trying client command line[5]: SuiteTest -v 0 -l RC4-MD5 -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -Client message: hello cyassl! -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[6]: SuiteTest -v 0 -l RC4-MD5 -N -trying client command line[6]: SuiteTest -v 0 -l RC4-MD5 -N -... client would read block -... client would read block -... server would read block -... server would read block -... client would read block -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[7]: SuiteTest -v 0 -l RC4-MD5 -d -trying client command line[7]: SuiteTest -v 0 -l RC4-MD5 -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -Client message: hello cyassl! -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[8]: SuiteTest -v 0 -l RC4-MD5 -d -N -trying client command line[8]: SuiteTest -v 0 -l RC4-MD5 -N -... client would read block -... client would read block -... server would read block -... client would read block -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -Server response: I hear you fa shizzle! -trying server command line[9]: SuiteTest -v 0 -l DES-CBC3-SHA -trying client command line[9]: SuiteTest -v 0 -l DES-CBC3-SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -Client message: hello cyassl! -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[10]: SuiteTest -v 0 -l DES-CBC3-SHA -N -trying client command line[10]: SuiteTest -v 0 -l DES-CBC3-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -... client would read block -... client would read block -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[11]: SuiteTest -v 0 -l DES-CBC3-SHA -d -trying client command line[11]: SuiteTest -v 0 -l DES-CBC3-SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -Client message: hello cyassl! -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[12]: SuiteTest -v 0 -l DES-CBC3-SHA -d -N -trying client command line[12]: SuiteTest -v 0 -l DES-CBC3-SHA -N -... client would read block -... client would read block -... server would read block -... client would read block -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -SSL version is SSLv3 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -Server response: I hear you fa shizzle! -trying server command line[13]: SuiteTest -v 1 -l RC4-SHA -trying client command line[13]: SuiteTest -v 1 -l RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[14]: SuiteTest -v 1 -l RC4-SHA -N -trying client command line[14]: SuiteTest -v 1 -l RC4-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -repeating test with client cert request off -trying server command line[15]: SuiteTest -v 1 -l RC4-SHA -d -trying client command line[15]: SuiteTest -v 1 -l RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[16]: SuiteTest -v 1 -l RC4-SHA -d -N -trying client command line[16]: SuiteTest -v 1 -l RC4-SHA -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[17]: SuiteTest -v 1 -l RC4-MD5 -trying client command line[17]: SuiteTest -v 1 -l RC4-MD5 -getting mac -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with non blocking on -trying server command line[18]: SuiteTest -v 1 -l RC4-MD5 -N -trying client command line[18]: SuiteTest -v 1 -l RC4-MD5 -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[19]: SuiteTest -v 1 -l RC4-MD5 -d -trying client command line[19]: SuiteTest -v 1 -l RC4-MD5 -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[20]: SuiteTest -v 1 -l RC4-MD5 -d -N -trying client command line[20]: SuiteTest -v 1 -l RC4-MD5 -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[21]: SuiteTest -v 1 -l DES-CBC3-SHA -trying client command line[21]: SuiteTest -v 1 -l DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[22]: SuiteTest -v 1 -l DES-CBC3-SHA -N -trying client command line[22]: SuiteTest -v 1 -l DES-CBC3-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[23]: SuiteTest -v 1 -l DES-CBC3-SHA -d -trying client command line[23]: SuiteTest -v 1 -l DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[24]: SuiteTest -v 1 -l DES-CBC3-SHA -d -N -trying client command line[24]: SuiteTest -v 1 -l DES-CBC3-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[25]: SuiteTest -v 1 -l AES128-SHA -trying client command line[25]: SuiteTest -v 1 -l AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[26]: SuiteTest -v 1 -l AES128-SHA -N -trying client command line[26]: SuiteTest -v 1 -l AES128-SHA -N -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[27]: SuiteTest -v 1 -l AES128-SHA -d -trying client command line[27]: SuiteTest -v 1 -l AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[28]: SuiteTest -v 1 -l AES128-SHA -d -N -trying client command line[28]: SuiteTest -v 1 -l AES128-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[29]: SuiteTest -v 1 -l AES256-SHA -trying client command line[29]: SuiteTest -v 1 -l AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[30]: SuiteTest -v 1 -l AES256-SHA -N -trying client command line[30]: SuiteTest -v 1 -l AES256-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[31]: SuiteTest -v 1 -l AES256-SHA -d -trying client command line[31]: SuiteTest -v 1 -l AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[32]: SuiteTest -v 1 -l AES256-SHA -d -N -trying client command line[32]: SuiteTest -v 1 -l AES256-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[33]: SuiteTest -v 1 -l AES128-SHA256 -trying client command line[33]: SuiteTest -v 1 -l AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[34]: SuiteTest -v 1 -l AES128-SHA256 -N -trying client command line[34]: SuiteTest -v 1 -l AES128-SHA256 -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[35]: SuiteTest -v 1 -l AES128-SHA256 -d -trying client command line[35]: SuiteTest -v 1 -l AES128-SHA256 -getting mac -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[36]: SuiteTest -v 1 -l AES128-SHA256 -d -N -trying client command line[36]: SuiteTest -v 1 -l AES128-SHA256 -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[37]: SuiteTest -v 1 -l AES256-SHA256 -trying client command line[37]: SuiteTest -v 1 -l AES256-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[38]: SuiteTest -v 1 -l AES256-SHA256 -N -trying client command line[38]: SuiteTest -v 1 -l AES256-SHA256 -N -... client would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[39]: SuiteTest -v 1 -l AES256-SHA256 -d -trying client command line[39]: SuiteTest -v 1 -l AES256-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[40]: SuiteTest -v 1 -l AES256-SHA256 -d -N -trying client command line[40]: SuiteTest -v 1 -l AES256-SHA256 -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[41]: SuiteTest -v 2 -l RC4-SHA -trying client command line[41]: SuiteTest -v 2 -l RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[42]: SuiteTest -v 2 -l RC4-SHA -N -trying client command line[42]: SuiteTest -v 2 -l RC4-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[43]: SuiteTest -v 2 -l RC4-SHA -d -trying client command line[43]: SuiteTest -v 2 -l RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[44]: SuiteTest -v 2 -l RC4-SHA -d -N -trying client command line[44]: SuiteTest -v 2 -l RC4-SHA -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[45]: SuiteTest -v 2 -l RC4-MD5 -trying client command line[45]: SuiteTest -v 2 -l RC4-MD5 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[46]: SuiteTest -v 2 -l RC4-MD5 -N -trying client command line[46]: SuiteTest -v 2 -l RC4-MD5 -N -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[47]: SuiteTest -v 2 -l RC4-MD5 -d -trying client command line[47]: SuiteTest -v 2 -l RC4-MD5 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[48]: SuiteTest -v 2 -l RC4-MD5 -d -N -trying client command line[48]: SuiteTest -v 2 -l RC4-MD5 -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[49]: SuiteTest -v 2 -l DES-CBC3-SHA -trying client command line[49]: SuiteTest -v 2 -l DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[50]: SuiteTest -v 2 -l DES-CBC3-SHA -N -trying client command line[50]: SuiteTest -v 2 -l DES-CBC3-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[51]: SuiteTest -v 2 -l DES-CBC3-SHA -d -trying client command line[51]: SuiteTest -v 2 -l DES-CBC3-SHA -getting mac -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[52]: SuiteTest -v 2 -l DES-CBC3-SHA -d -N -trying client command line[52]: SuiteTest -v 2 -l DES-CBC3-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[53]: SuiteTest -v 2 -l AES128-SHA -trying client command line[53]: SuiteTest -v 2 -l AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[54]: SuiteTest -v 2 -l AES128-SHA -N -trying client command line[54]: SuiteTest -v 2 -l AES128-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[55]: SuiteTest -v 2 -l AES128-SHA -d -trying client command line[55]: SuiteTest -v 2 -l AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[56]: SuiteTest -v 2 -l AES128-SHA -d -N -trying client command line[56]: SuiteTest -v 2 -l AES128-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[57]: SuiteTest -v 2 -l AES256-SHA -trying client command line[57]: SuiteTest -v 2 -l AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[58]: SuiteTest -v 2 -l AES256-SHA -N -trying client command line[58]: SuiteTest -v 2 -l AES256-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[59]: SuiteTest -v 2 -l AES256-SHA -d -trying client command line[59]: SuiteTest -v 2 -l AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[60]: SuiteTest -v 2 -l AES256-SHA -d -N -trying client command line[60]: SuiteTest -v 2 -l AES256-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[61]: SuiteTest -v 2 -l AES128-SHA256 -trying client command line[61]: SuiteTest -v 2 -l AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[62]: SuiteTest -v 2 -l AES128-SHA256 -N -trying client command line[62]: SuiteTest -v 2 -l AES128-SHA256 -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[63]: SuiteTest -v 2 -l AES128-SHA256 -d -trying client command line[63]: SuiteTest -v 2 -l AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[64]: SuiteTest -v 2 -l AES128-SHA256 -d -N -trying client command line[64]: SuiteTest -v 2 -l AES128-SHA256 -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[65]: SuiteTest -v 2 -l AES256-SHA256 -trying client command line[65]: SuiteTest -v 2 -l AES256-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[66]: SuiteTest -v 2 -l AES256-SHA256 -N -trying client command line[66]: SuiteTest -v 2 -l AES256-SHA256 -N -... client would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[67]: SuiteTest -v 2 -l AES256-SHA256 -d -trying client command line[67]: SuiteTest -v 2 -l AES256-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[68]: SuiteTest -v 2 -l AES256-SHA256 -d -N -trying client command line[68]: SuiteTest -v 2 -l AES256-SHA256 -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[69]: SuiteTest -v 3 -l RC4-SHA -trying client command line[69]: SuiteTest -v 3 -l RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[70]: SuiteTest -v 3 -l RC4-SHA -N -trying client command line[70]: SuiteTest -v 3 -l RC4-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[71]: SuiteTest -v 3 -l RC4-SHA -d -trying client command line[71]: SuiteTest -v 3 -l RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[72]: SuiteTest -v 3 -l RC4-SHA -d -N -trying client command line[72]: SuiteTest -v 3 -l RC4-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[73]: SuiteTest -v 3 -l RC4-MD5 -trying client command line[73]: SuiteTest -v 3 -l RC4-MD5 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[74]: SuiteTest -v 3 -l RC4-MD5 -N -trying client command line[74]: SuiteTest -v 3 -l RC4-MD5 -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[75]: SuiteTest -v 3 -l RC4-MD5 -d -trying client command line[75]: SuiteTest -v 3 -l RC4-MD5 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[76]: SuiteTest -v 3 -l RC4-MD5 -d -N -trying client command line[76]: SuiteTest -v 3 -l RC4-MD5 -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[77]: SuiteTest -v 3 -l DES-CBC3-SHA -trying client command line[77]: SuiteTest -v 3 -l DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[78]: SuiteTest -v 3 -l DES-CBC3-SHA -N -trying client command line[78]: SuiteTest -v 3 -l DES-CBC3-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[79]: SuiteTest -v 3 -l DES-CBC3-SHA -d -trying client command line[79]: SuiteTest -v 3 -l DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[80]: SuiteTest -v 3 -l DES-CBC3-SHA -d -N -trying client command line[80]: SuiteTest -v 3 -l DES-CBC3-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[81]: SuiteTest -v 3 -l AES128-SHA -trying client command line[81]: SuiteTest -v 3 -l AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[82]: SuiteTest -v 3 -l AES128-SHA -N -trying client command line[82]: SuiteTest -v 3 -l AES128-SHA -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[83]: SuiteTest -v 3 -l AES128-SHA -d -trying client command line[83]: SuiteTest -v 3 -l AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[84]: SuiteTest -v 3 -l AES128-SHA -d -N -trying client command line[84]: SuiteTest -v 3 -l AES128-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[85]: SuiteTest -v 3 -l AES256-SHA -trying client command line[85]: SuiteTest -v 3 -l AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[86]: SuiteTest -v 3 -l AES256-SHA -N -trying client command line[86]: SuiteTest -v 3 -l AES256-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[87]: SuiteTest -v 3 -l AES256-SHA -d -trying client command line[87]: SuiteTest -v 3 -l AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[88]: SuiteTest -v 3 -l AES256-SHA -d -N -trying client command line[88]: SuiteTest -v 3 -l AES256-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[89]: SuiteTest -v 3 -l AES128-SHA256 -trying client command line[89]: SuiteTest -v 3 -l AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[90]: SuiteTest -v 3 -l AES128-SHA256 -N -trying client command line[90]: SuiteTest -v 3 -l AES128-SHA256 -N -... client would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[91]: SuiteTest -v 3 -l AES128-SHA256 -d -trying client command line[91]: SuiteTest -v 3 -l AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[92]: SuiteTest -v 3 -l AES128-SHA256 -d -N -trying client command line[92]: SuiteTest -v 3 -l AES128-SHA256 -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[93]: SuiteTest -v 3 -l AES256-SHA256 -trying client command line[93]: SuiteTest -v 3 -l AES256-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[94]: SuiteTest -v 3 -l AES256-SHA256 -N -trying client command line[94]: SuiteTest -v 3 -l AES256-SHA256 -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[95]: SuiteTest -v 3 -l AES256-SHA256 -d -trying client command line[95]: SuiteTest -v 3 -l AES256-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[96]: SuiteTest -v 3 -l AES256-SHA256 -d -N -trying client command line[96]: SuiteTest -v 3 -l AES256-SHA256 -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[97]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -trying client command line[97]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[98]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -N -trying client command line[98]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[99]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -d -trying client command line[99]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[100]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -d -N -trying client command line[100]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[101]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -trying client command line[101]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[102]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -N -trying client command line[102]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[103]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -d -trying client command line[103]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[104]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -d -N -trying client command line[104]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[105]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -trying client command line[105]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -getting mac -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with non blocking on -trying server command line[106]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -N -trying client command line[106]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[107]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -d -trying client command line[107]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[108]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -d -N -trying client command line[108]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -getting mac -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[109]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -trying client command line[109]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[110]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -N -trying client command line[110]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -repeating test with client cert request off -trying server command line[111]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -d -trying client command line[111]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[112]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -d -N -trying client command line[112]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[113]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -trying client command line[113]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[114]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -N -trying client command line[114]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[115]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -d -trying client command line[115]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[116]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -d -N -trying client command line[116]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[117]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -trying client command line[117]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[118]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N -trying client command line[118]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[119]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d -trying client command line[119]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[120]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d -N -trying client command line[120]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[121]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -trying client command line[121]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[122]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -N -trying client command line[122]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[123]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -d -trying client command line[123]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[124]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -d -N -trying client command line[124]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[125]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -trying client command line[125]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[126]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -N -trying client command line[126]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[127]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -d -trying client command line[127]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[128]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -d -N -trying client command line[128]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[129]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -trying client command line[129]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[130]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -N -trying client command line[130]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[131]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -d -trying client command line[131]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[132]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -d -N -trying client command line[132]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[133]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -trying client command line[133]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[134]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N -trying client command line[134]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -repeating test with client cert request off -trying server command line[135]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d -trying client command line[135]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[136]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d -N -trying client command line[136]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[137]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -trying client command line[137]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[138]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -N -trying client command line[138]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[139]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -d -trying client command line[139]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[140]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -d -N -trying client command line[140]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[141]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -trying client command line[141]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[142]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -N -trying client command line[142]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[143]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -d -trying client command line[143]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[144]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -d -N -trying client command line[144]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[145]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -trying client command line[145]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[146]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -N -trying client command line[146]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[147]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -d -trying client command line[147]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[148]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -d -N -trying client command line[148]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[149]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[149]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with non blocking on -trying server command line[150]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[150]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[151]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[151]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[152]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[152]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1 -getting mac -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[153]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[153]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[154]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[154]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[155]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[155]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[156]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[156]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[157]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[157]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[158]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[158]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[159]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[159]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[160]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[160]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[161]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[161]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[162]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[162]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[163]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[163]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[164]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[164]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[165]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[165]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[166]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[166]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[167]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[167]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[168]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[168]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[169]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[169]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[170]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[170]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[171]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[171]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[172]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[172]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[173]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[173]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[174]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[174]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[175]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[175]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[176]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[176]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[177]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[177]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[178]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[178]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[179]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[179]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[180]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[180]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[181]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[181]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[182]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[182]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[183]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[183]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[184]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[184]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[185]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[185]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[186]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[186]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -... client would read block -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[187]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[187]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[188]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[188]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[189]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[189]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[190]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[190]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[191]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[191]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[192]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[192]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -... client would read block -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[193]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[193]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[194]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[194]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -Client message: hello cyassl! -getting mac -getting mac -repeating test with client cert request off -trying server command line[195]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[195]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[196]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[196]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[197]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[197]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[198]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[198]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[199]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[199]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[200]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[200]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[201]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[201]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[202]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[202]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[203]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[203]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[204]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[204]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[205]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[205]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[206]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[206]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -N -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[207]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[207]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[208]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[208]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -... client would read block -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[209]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[209]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[210]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[210]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -N -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[211]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[211]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -getting mac -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[212]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[212]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[213]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[213]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[214]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[214]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[215]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[215]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[216]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[216]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[217]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[217]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[218]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[218]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -N -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[219]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[219]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[220]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[220]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[221]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[221]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[222]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[222]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -N -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[223]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[223]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[224]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[224]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[225]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[225]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -getting mac -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with non blocking on -trying server command line[226]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[226]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -N -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[227]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[227]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -getting mac -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[228]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[228]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[229]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[229]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[230]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[230]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[231]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[231]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[232]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[232]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[233]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[233]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[234]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[234]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[235]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[235]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[236]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[236]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[237]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[237]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[238]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[238]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -repeating test with client cert request off -trying server command line[239]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[239]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[240]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[240]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[241]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[241]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[242]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[242]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[243]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[243]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[244]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[244]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[245]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[245]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[246]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[246]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[247]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[247]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[248]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[248]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[249]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[249]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[250]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[250]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[251]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[251]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[252]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[252]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[253]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[253]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[254]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[254]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[255]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[255]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[256]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[256]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[257]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[257]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[258]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[258]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[259]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[259]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[260]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[260]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[261]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[261]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[262]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[262]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -repeating test with client cert request off -trying server command line[263]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[263]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[264]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[264]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[265]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[265]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[266]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[266]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[267]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[267]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[268]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[268]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[269]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[269]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[270]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[270]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[271]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[271]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[272]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[272]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[273]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[273]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[274]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[274]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[275]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[275]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[276]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[276]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[277]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[277]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[278]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[278]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[279]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[279]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[280]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[280]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[281]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[281]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with non blocking on -trying server command line[282]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[282]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -getting mac -repeating test with client cert request off -trying server command line[283]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[283]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[284]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[284]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.1 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[285]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[285]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[286]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[286]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[287]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[287]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[288]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[288]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[289]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[289]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[290]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[290]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.2 -getting mac -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[291]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[291]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[292]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[292]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[293]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[293]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[294]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[294]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[295]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[295]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[296]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[296]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[297]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[297]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[298]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[298]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[299]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[299]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[300]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[300]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -trying server command line[301]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[301]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[302]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[302]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -trying server command line[303]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[303]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[304]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[304]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -... client would read block -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is TLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -starting dtls extra cipher suite tests -trying server command line[305]: SuiteTest -u -v 2 -l RC4-SHA -trying client command line[305]: SuiteTest -u -v 2 -l RC4-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[306]: SuiteTest -u -v 2 -l RC4-SHA -N -trying client command line[306]: SuiteTest -u -v 2 -l RC4-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[307]: SuiteTest -u -v 2 -l RC4-SHA -d -trying client command line[307]: SuiteTest -u -v 2 -l RC4-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[308]: SuiteTest -u -v 2 -l RC4-SHA -d -N -trying client command line[308]: SuiteTest -u -v 2 -l RC4-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[309]: SuiteTest -u -v 3 -l RC4-SHA -trying client command line[309]: SuiteTest -u -v 3 -l RC4-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[310]: SuiteTest -u -v 3 -l RC4-SHA -N -trying client command line[310]: SuiteTest -u -v 3 -l RC4-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[311]: SuiteTest -u -v 3 -l RC4-SHA -d -trying client command line[311]: SuiteTest -u -v 3 -l RC4-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[312]: SuiteTest -u -v 3 -l RC4-SHA -d -N -trying client command line[312]: SuiteTest -u -v 3 -l RC4-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[313]: SuiteTest -u -v 2 -l DES-CBC3-SHA -trying client command line[313]: SuiteTest -u -v 2 -l DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[314]: SuiteTest -u -v 2 -l DES-CBC3-SHA -N -trying client command line[314]: SuiteTest -u -v 2 -l DES-CBC3-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[315]: SuiteTest -u -v 2 -l DES-CBC3-SHA -d -trying client command line[315]: SuiteTest -u -v 2 -l DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[316]: SuiteTest -u -v 2 -l DES-CBC3-SHA -d -N -trying client command line[316]: SuiteTest -u -v 2 -l DES-CBC3-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[317]: SuiteTest -u -v 3 -l DES-CBC3-SHA -trying client command line[317]: SuiteTest -u -v 3 -l DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[318]: SuiteTest -u -v 3 -l DES-CBC3-SHA -N -trying client command line[318]: SuiteTest -u -v 3 -l DES-CBC3-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[319]: SuiteTest -u -v 3 -l DES-CBC3-SHA -d -trying client command line[319]: SuiteTest -u -v 3 -l DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[320]: SuiteTest -u -v 3 -l DES-CBC3-SHA -d -N -trying client command line[320]: SuiteTest -u -v 3 -l DES-CBC3-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[321]: SuiteTest -u -v 2 -l AES128-SHA -trying client command line[321]: SuiteTest -u -v 2 -l AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[322]: SuiteTest -u -v 2 -l AES128-SHA -N -trying client command line[322]: SuiteTest -u -v 2 -l AES128-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -repeating test with client cert request off -trying server command line[323]: SuiteTest -u -v 2 -l AES128-SHA -d -trying client command line[323]: SuiteTest -u -v 2 -l AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[324]: SuiteTest -u -v 2 -l AES128-SHA -d -N -trying client command line[324]: SuiteTest -u -v 2 -l AES128-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[325]: SuiteTest -u -v 3 -l AES128-SHA -trying client command line[325]: SuiteTest -u -v 3 -l AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[326]: SuiteTest -u -v 3 -l AES128-SHA -N -trying client command line[326]: SuiteTest -u -v 3 -l AES128-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[327]: SuiteTest -u -v 3 -l AES128-SHA -d -trying client command line[327]: SuiteTest -u -v 3 -l AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[328]: SuiteTest -u -v 3 -l AES128-SHA -d -N -trying client command line[328]: SuiteTest -u -v 3 -l AES128-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[329]: SuiteTest -u -v 2 -l AES256-SHA -trying client command line[329]: SuiteTest -u -v 2 -l AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[330]: SuiteTest -u -v 2 -l AES256-SHA -N -trying client command line[330]: SuiteTest -u -v 2 -l AES256-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[331]: SuiteTest -u -v 2 -l AES256-SHA -d -trying client command line[331]: SuiteTest -u -v 2 -l AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[332]: SuiteTest -u -v 2 -l AES256-SHA -d -N -trying client command line[332]: SuiteTest -u -v 2 -l AES256-SHA -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[333]: SuiteTest -u -v 3 -l AES256-SHA -trying client command line[333]: SuiteTest -u -v 3 -l AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[334]: SuiteTest -u -v 3 -l AES256-SHA -N -trying client command line[334]: SuiteTest -u -v 3 -l AES256-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[335]: SuiteTest -u -v 3 -l AES256-SHA -d -trying client command line[335]: SuiteTest -u -v 3 -l AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[336]: SuiteTest -u -v 3 -l AES256-SHA -d -N -trying client command line[336]: SuiteTest -u -v 3 -l AES256-SHA -N -... client would read block -... server would read block -... server would read block -... client would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[337]: SuiteTest -u -v 2 -l AES128-SHA256 -trying client command line[337]: SuiteTest -u -v 2 -l AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[338]: SuiteTest -u -v 2 -l AES128-SHA256 -N -trying client command line[338]: SuiteTest -u -v 2 -l AES128-SHA256 -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[339]: SuiteTest -u -v 2 -l AES128-SHA256 -d -trying client command line[339]: SuiteTest -u -v 2 -l AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[340]: SuiteTest -u -v 2 -l AES128-SHA256 -d -N -trying client command line[340]: SuiteTest -u -v 2 -l AES128-SHA256 -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[341]: SuiteTest -u -v 3 -l AES128-SHA256 -trying client command line[341]: SuiteTest -u -v 3 -l AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[342]: SuiteTest -u -v 3 -l AES128-SHA256 -N -trying client command line[342]: SuiteTest -u -v 3 -l AES128-SHA256 -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -Client message: hello cyassl! -getting mac -getting mac -repeating test with client cert request off -trying server command line[343]: SuiteTest -u -v 3 -l AES128-SHA256 -d -trying client command line[343]: SuiteTest -u -v 3 -l AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[344]: SuiteTest -u -v 3 -l AES128-SHA256 -d -N -trying client command line[344]: SuiteTest -u -v 3 -l AES128-SHA256 -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[345]: SuiteTest -u -v 2 -l AES256-SHA256 -trying client command line[345]: SuiteTest -u -v 2 -l AES256-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[346]: SuiteTest -u -v 2 -l AES256-SHA256 -N -trying client command line[346]: SuiteTest -u -v 2 -l AES256-SHA256 -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[347]: SuiteTest -u -v 2 -l AES256-SHA256 -d -trying client command line[347]: SuiteTest -u -v 2 -l AES256-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[348]: SuiteTest -u -v 2 -l AES256-SHA256 -d -N -trying client command line[348]: SuiteTest -u -v 2 -l AES256-SHA256 -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[349]: SuiteTest -u -v 3 -l AES256-SHA256 -trying client command line[349]: SuiteTest -u -v 3 -l AES256-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[350]: SuiteTest -u -v 3 -l AES256-SHA256 -N -trying client command line[350]: SuiteTest -u -v 3 -l AES256-SHA256 -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[351]: SuiteTest -u -v 3 -l AES256-SHA256 -d -trying client command line[351]: SuiteTest -u -v 3 -l AES256-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[352]: SuiteTest -u -v 3 -l AES256-SHA256 -d -N -trying client command line[352]: SuiteTest -u -v 3 -l AES256-SHA256 -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[353]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -trying client command line[353]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -getting mac -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[354]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -N -trying client command line[354]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[355]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -d -trying client command line[355]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[356]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -d -N -trying client command line[356]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[357]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -trying client command line[357]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[358]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N -trying client command line[358]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[359]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d -trying client command line[359]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[360]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d -N -trying client command line[360]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[361]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -trying client command line[361]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[362]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -N -trying client command line[362]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[363]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -d -trying client command line[363]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[364]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -d -N -trying client command line[364]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[365]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -trying client command line[365]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[366]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -N -trying client command line[366]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[367]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -d -trying client command line[367]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[368]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -d -N -trying client command line[368]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[369]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -trying client command line[369]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[370]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -N -trying client command line[370]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[371]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -d -trying client command line[371]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[372]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -d -N -trying client command line[372]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[373]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -trying client command line[373]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[374]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N -trying client command line[374]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[375]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d -trying client command line[375]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[376]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d -N -trying client command line[376]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[377]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -trying client command line[377]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[378]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -N -trying client command line[378]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[379]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -d -trying client command line[379]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[380]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -d -N -trying client command line[380]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[381]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -trying client command line[381]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[382]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -N -trying client command line[382]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -N -... client would read block -... server would read block -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[383]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -d -trying client command line[383]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[384]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -d -N -trying client command line[384]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -N -... client would read block -... server would read block -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[385]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -trying client command line[385]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[386]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -N -trying client command line[386]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[387]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -d -trying client command line[387]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[388]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -d -N -trying client command line[388]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[389]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[389]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[390]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[390]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[391]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[391]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[392]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[392]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[393]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[393]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[394]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[394]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[395]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[395]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[396]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[396]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[397]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[397]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[398]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[398]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[399]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[399]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[400]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[400]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[401]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[401]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[402]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[402]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[403]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[403]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[404]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[404]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[405]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[405]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[406]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[406]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[407]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[407]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[408]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[408]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[409]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[409]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[410]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[410]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[411]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[411]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[412]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[412]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[413]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[413]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[414]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[414]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[415]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[415]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[416]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[416]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[417]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[417]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[418]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[418]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -Client message: hello cyassl! -getting mac -getting mac -repeating test with client cert request off -trying server command line[419]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[419]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[420]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[420]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[421]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[421]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[422]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[422]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[423]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[423]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[424]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[424]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[425]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[425]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -getting mac -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[426]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[426]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[427]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[427]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -getting mac -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[428]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[428]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[429]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[429]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[430]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[430]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[431]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[431]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[432]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[432]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[433]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[433]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[434]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[434]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[435]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[435]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[436]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[436]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[437]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[437]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[438]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[438]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[439]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[439]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[440]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[440]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[441]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[441]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[442]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[442]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[443]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[443]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -getting mac -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[444]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[444]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[445]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[445]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[446]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[446]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[447]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[447]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[448]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[448]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[449]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[449]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[450]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[450]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[451]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[451]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[452]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[452]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[453]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[453]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[454]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[454]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[455]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[455]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[456]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[456]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[457]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -trying client command line[457]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[458]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N -trying client command line[458]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[459]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -trying client command line[459]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[460]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N -trying client command line[460]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -N -... client would read block -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[461]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[461]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[462]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[462]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[463]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[463]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[464]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[464]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[465]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[465]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[466]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[466]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[467]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[467]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[468]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[468]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[469]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[469]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[470]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[470]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[471]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[471]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[472]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[472]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[473]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[473]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with non blocking on -trying server command line[474]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[474]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[475]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[475]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[476]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[476]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLS -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -Client message: hello cyassl! -getting mac -getting mac -trying server command line[477]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[477]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[478]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[478]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[479]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[479]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[480]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[480]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[481]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[481]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[482]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[482]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[483]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[483]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[484]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[484]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[485]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[485]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[486]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[486]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[487]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[487]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[488]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[488]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[489]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[489]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[490]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[490]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[491]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[491]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -Server response: I hear you fa shizzle! -getting mac -repeating test with client cert request off -repeating test with non blocking on -trying server command line[492]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[492]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 -getting mac -getting mac -Server response: I hear you fa shizzle! -trying server command line[493]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -trying client command line[493]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with non blocking on -trying server command line[494]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N -trying client command line[494]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... server would read block -... client would read block -... server would read block -... server would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -trying server command line[495]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -trying client command line[495]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Client message: hello cyassl! -getting mac -getting mac -getting mac -Server response: I hear you fa shizzle! -repeating test with client cert request off -repeating test with non blocking on -trying server command line[496]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N -trying client command line[496]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N -... client would read block -... client would read block -... client would read block -... server would read block -getting mac -... client would read block -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -getting mac -SSL version is DTLSv1.2 -SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -getting mac -getting mac -Server response: I hear you fa shizzle! - End Cipher Suite Tests From 6c366a186378e78ac59637098d39b8c743b00cac Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 1 Jul 2014 15:19:55 -0600 Subject: [PATCH 03/21] progress on suite --- src/internal.c | 43 ------------------------------------------- 1 file changed, 43 deletions(-) diff --git a/src/internal.c b/src/internal.c index 68553ec32..ac203e0d4 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2461,7 +2461,6 @@ static int HashInput(CYASSL* ssl, const byte* input, int sz) #ifndef NO_MD5 Md5Update(&ssl->hashMd5, adj, sz); #endif -// Poly1305Update(&ssl->hashMd5, adj, sz); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -2975,25 +2974,6 @@ static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender) } -///* calculate POLY13055 hash for finished */ -//static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender) -//{ -// byte poly1305_result[POLY1305_DIGEST_SIZE]; -// -// /* make poly1305 inner */ -// Poly1305Update(&ssl->hashPoly1305, sender, SIZEOF_SENDER); -// Poly1305Update(&ssl->hashPoly1305, ssl->arrays->masterSecret, SECRET_LEN); -// Poly1305Update(&ssl->hashPoly1305, PAD1, PAD_POLY1305); -// Poly1305Final(&ssl->hashPoly1305, poly1305_result); -// -// /* make poly1305 outer */ -// Poly1305Update(&ssl->hashPoly1305, ssl->arrays->masterSecret, SECRET_LEN); -// Poly1305Update(&ssl->hashPoly1305, PAD2, PAD_POLY1305); -// Poly1305Update(&ssl->hashPoly1305, poly1305_result, POLY1305_DIGEST_SIZE); -// -// Poly1305Final(&ssl->hashPoly1305, hashes->poly1305); -//} - /* calculate SHA hash for finished */ static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender) { @@ -3022,9 +3002,6 @@ static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) #ifndef NO_MD5 Md5 md5 = ssl->hashMd5; #endif - -// Poly1305 poly1305 = ssl->hashPoly1305; - #ifndef NO_SHA Sha sha = ssl->hashSha; #endif @@ -3047,7 +3024,6 @@ static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) if (!ssl->options.tls) { BuildMD5(ssl, hashes, sender); BuildSHA(ssl, hashes, sender); -// BuildPOLY1305(ssl, hashes, sender); } #endif @@ -5749,7 +5725,6 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) /* store current states, building requires get_digest which resets state */ #ifndef NO_OLD_TLS Md5 md5 = ssl->hashMd5; -// Poly1305 poly1305 = ssl->hashPoly1305; Sha sha = ssl->hashSha; #endif #ifndef NO_SHA256 @@ -5762,7 +5737,6 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) if (ssl->options.tls) { #if ! defined( NO_OLD_TLS ) Md5Final(&ssl->hashMd5, hashes->md5); -// Poly1305Final(&ssl->hashPoly1305, hashes->poly1305); ShaFinal(&ssl->hashSha, hashes->sha); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -7126,14 +7100,6 @@ static const char* const cipher_names[] = "ECDHE-RSA-CHACHA20-256-POLY1305-SHA256", #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_CHACHA20_256_SHA - "ECDH-RSA-CHACHA20-256-SHA", -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_POLY1305 - "ECDH-RSA-RC4-128-POLY1305" -#endif - }; @@ -7461,14 +7427,6 @@ static int cipher_name_idx[] = #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256, #endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_CHACHA20_256_SHA - TLS_ECDH_RSA_WITH_CHACHA20_256_SHA, -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_POLY1305_SHA - TLS_ECDH_RSA_WITH_RC4_128_POLY1305 -#endif }; @@ -8338,7 +8296,6 @@ static void PickHashSigAlgo(CYASSL* ssl, { #ifndef NO_OLD_TLS Md5 md5; -// Poly1305 poly1305; Sha sha; #endif #ifndef NO_SHA256 From 53c63dd2576bbf40e00b4bd49a6c5899f472ba81 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 1 Jul 2014 16:08:52 -0600 Subject: [PATCH 04/21] progress on suite --- cyassl/ssl.h | 4 ++-- pre-commit.sh | 4 ++-- src/internal.c | 36 +++++++++++++++++++++++++++++------- 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 0679f38ed..645fd916b 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -1042,10 +1042,10 @@ enum BulkCipherAlgorithm { cyassl_aes, cyassl_aes_gcm, cyassl_aes_ccm, + cyassl_chacha, cyassl_camellia, cyassl_hc128, /* CyaSSL extensions */ - cyassl_rabbit, - cyassl_chacha + cyassl_rabbit }; diff --git a/pre-commit.sh b/pre-commit.sh index d570d381a..d670919cf 100755 --- a/pre-commit.sh +++ b/pre-commit.sh @@ -14,8 +14,8 @@ git stash -q --keep-index # do the commit tests echo "\n\nRunning commit tests...\n\n" -#./commit-tests.sh -#RESULT=$? +./commit-tests.sh +RESULT=$? # restore modified files not part of this commit echo "\n\nPopping any stashed modified files not part of commit\n" diff --git a/src/internal.c b/src/internal.c index ac203e0d4..df0289cf1 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2419,7 +2419,6 @@ static int HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz) #ifndef NO_MD5 Md5Update(&ssl->hashMd5, adj, sz); #endif -// Poly1305Update(&ssl->hashPoly1395, adj, sz); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -4313,7 +4312,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) return Hc128_Process(ssl->encrypt.hc128, out, input, sz); #endif - #ifdef BILD_RABBIT + #ifdef BUILD_RABBIT case cyassl_rabbit: return RabbitProcess(ssl->encrypt.rabbit, out, input, sz); #endif @@ -4381,8 +4380,19 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) /* add size of AD and size of cipher to poly input */ (p + CHACHA20_BLOCK_SIZE + padding2)[0] = (CHACHA20_BLOCK_SIZE); + + /* 32 bit size of cipher to 64 bit endian */ ((p + CHACHA20_BLOCK_SIZE + padding2))[8] = - (byte)(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); + (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) & 0xff; + + ((p + CHACHA20_BLOCK_SIZE + padding2))[9] = + ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >> 8) & 0xff; + + ((p + CHACHA20_BLOCK_SIZE + padding2))[10] = + ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >>16) & 0xff; + + ((p + CHACHA20_BLOCK_SIZE + padding2))[11] = + ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >>24) & 0xff; /* generate tag */ Poly1305SetKey(ssl->encrypt.poly1305, @@ -4556,8 +4566,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, + (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16; byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; - int i; - int ret; + int i, ret; XMEMSET(tag, 0, 16); XMEMSET(cipher, 0, sizeof(cipher)); @@ -4594,17 +4603,30 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, Chacha_SetIV(ssl->decrypt.chacha, nonce, 0); Chacha_Process(ssl->decrypt.chacha, cipher, cipher, 32); - /* create Poly1305 tag */ + /* create input for Poly1305 */ XMEMCPY(ssl->keys.server_write_MAC_secret, cipher, 32); XMEMCPY(p, additional, CHACHA20_BLOCK_SIZE); XMEMCPY((p + (CHACHA20_BLOCK_SIZE)), input + AEAD_EXP_IV_SZ, sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); + /* add size of AD and of cipher */ (p + CHACHA20_BLOCK_SIZE + padding2)[0] = (CHACHA20_BLOCK_SIZE); + + /* 32 bit size of cipher to 64 bit endian */ ((p + CHACHA20_BLOCK_SIZE + padding2))[8] = - (byte)(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); + (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) & 0xff; + + ((p + CHACHA20_BLOCK_SIZE + padding2))[9] = + ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >> 8) & 0xff; + + ((p + CHACHA20_BLOCK_SIZE + padding2))[10] = + ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >>16) & 0xff; + + ((p + CHACHA20_BLOCK_SIZE + padding2))[11] = + ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >>24) & 0xff; + /* create Poly1305 tag */ Poly1305SetKey(ssl->decrypt.poly1305, ssl->keys.server_write_MAC_secret, sizeof(ssl->keys.server_write_MAC_secret)); From 91af14544fa1251fa097aacb596ca4a18e7d740d Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 1 Jul 2014 16:14:57 -0600 Subject: [PATCH 05/21] Update poly1305.c --- ctaocrypt/src/poly1305.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ctaocrypt/src/poly1305.c b/ctaocrypt/src/poly1305.c index c246394f9..718d2fb7c 100644 --- a/ctaocrypt/src/poly1305.c +++ b/ctaocrypt/src/poly1305.c @@ -17,6 +17,8 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * + * Based off the implementation by Andrew Moon */ #ifdef HAVE_POLY1305 From a1e8eb0802b27ab9d3afcb4275466b8ea1d8fbc7 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 2 Jul 2014 12:49:14 -0600 Subject: [PATCH 06/21] progress on suite --- src/internal.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index df0289cf1..39605290c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4398,12 +4398,16 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) Poly1305SetKey(ssl->encrypt.poly1305, ssl->keys.server_write_MAC_secret, sizeof(ssl->keys.server_write_MAC_secret)); - Poly1305Update(ssl->encrypt.poly1305, p, sizeof(p)); + Poly1305Update(ssl->encrypt.poly1305, p, + CHACHA20_BLOCK_SIZE + padding2 + 16); Poly1305Final(ssl->encrypt.poly1305, tag); /* append Poly1305 tag to ciphertext */ XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag)); + AeadIncrementExpIV(ssl); + XMEMSET(nonce, 0, AEAD_NONCE_SZ); + #ifdef CHACHA_AEAD_TEST printf("output after encrypt : "); for (i = 0; i < sz; i++) { @@ -4630,7 +4634,8 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, Poly1305SetKey(ssl->decrypt.poly1305, ssl->keys.server_write_MAC_secret, sizeof(ssl->keys.server_write_MAC_secret)); - Poly1305Update(ssl->decrypt.poly1305, p, sizeof(p)); + Poly1305Update(ssl->decrypt.poly1305, p, + CHACHA20_BLOCK_SIZE + padding2 + 16); Poly1305Final(ssl->decrypt.poly1305, tag); /* check mac sent along with packet */ From 18119610fb8c1331ef68d45224c4c246aabcbff0 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 2 Jul 2014 16:06:41 -0600 Subject: [PATCH 07/21] Update tls.c --- src/tls.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/src/tls.c b/src/tls.c index 36195d934..1cbc27d63 100644 --- a/src/tls.c +++ b/src/tls.c @@ -560,30 +560,31 @@ int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, int content, int verify) { int ret; + Hmac hmac; + byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; if (ssl == NULL) return BAD_FUNC_ARG; - Hmac hmac; - byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; + - CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); + CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); - ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), + ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); - if (ret != 0) - return ret; - ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); - if (ret != 0) - return ret; - ret = HmacUpdate(&hmac, in, sz); /* content */ - if (ret != 0) - return ret; - ret = HmacFinal(&hmac, digest); - if (ret != 0) - return ret; + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, in, sz); /* content */ + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, digest); + if (ret != 0) + return ret; - return 0; + return 0; } #ifdef HAVE_TLS_EXTENSIONS From fb25db9c288182463a9be828385a906592dc066b Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 9 Jul 2014 15:48:40 -0600 Subject: [PATCH 08/21] progress on suite --- ctaocrypt/src/chacha.c | 7 +- ctaocrypt/src/poly1305.c | 278 ++++++++++++++++++------------------ cyassl/ctaocrypt/poly1305.h | 10 +- cyassl/internal.h | 2 - src/internal.c | 10 +- 5 files changed, 150 insertions(+), 157 deletions(-) diff --git a/ctaocrypt/src/chacha.c b/ctaocrypt/src/chacha.c index 86c94278c..2ea74082b 100644 --- a/ctaocrypt/src/chacha.c +++ b/ctaocrypt/src/chacha.c @@ -17,7 +17,8 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - * + * + * based from * chacha-ref.c version 20080118 * D. J. Bernstein * Public domain. @@ -90,7 +91,7 @@ int Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter) XMEMCPY(temp, inIv, 12); - ctx->X[12] = counter; /* block counter */ + ctx->X[12] = counter; /* block counter */ ctx->X[13] = temp[0]; /* fixed variable from nonce */ ctx->X[14] = temp[1]; /* counter from nonce */ ctx->X[15] = temp[2]; /* counter from nonce */ @@ -115,7 +116,7 @@ int Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz) return BAD_FUNC_ARG; #ifdef XSTREAM_ALIGN - word32 alignKey[4]; + word32 alignKey[keySz / 4]; if ((word)key % 4) { CYASSL_MSG("ChachaSetKey unaligned key"); XMEMCPY(alignKey, key, sizeof(alignKey)); diff --git a/ctaocrypt/src/poly1305.c b/ctaocrypt/src/poly1305.c index 718d2fb7c..1534e4d58 100644 --- a/ctaocrypt/src/poly1305.c +++ b/ctaocrypt/src/poly1305.c @@ -18,7 +18,8 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA * - * Based off the implementation by Andrew Moon + * Based off the public domain implementations by Andrew Moon + * and Daniel J. Bernstein */ #ifdef HAVE_POLY1305 @@ -48,146 +49,87 @@ #define LITTLE32(x) (x) #endif -#ifdef POLY130564 -#if defined(_MSC_VER) - #define POLY1305_NOINLINE __declspec(noinline) -#elif defined(__GNUC__) - #define POLY1305_NOINLINE __attribute__((noinline)) -#else - #define POLY1305_NOINLINE -#endif - -#if defined(_MSC_VER) - #include +#if defined(POLY130564) - typedef struct word128 { - word64 lo; - word64 hi; - } word128; - - #define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi) - #define ADD(out, in) { word64 t = out.lo; out.lo += in.lo; - out.hi += (out.lo < t) + in.hi; } - #define ADDLO(out, in) { word64 t = out.lo; out.lo += in; - out.hi += (out.lo < t); } - #define SHR(in, shift) (__shiftright128(in.lo, in.hi, (shift))) - #define LO(in) (in.lo) - -#elif defined(__GNUC__) - #if defined(__SIZEOF_INT128__) - typedef unsigned __int128 word128; + #if defined(_MSC_VER) + #define POLY1305_NOINLINE __declspec(noinline) + #elif defined(__GNUC__) + #define POLY1305_NOINLINE __attribute__((noinline)) #else - typedef unsigned word128 __attribute__((mode(TI))); + #define POLY1305_NOINLINE #endif - - #define MUL(out, x, y) out = ((word128)x * y) - #define ADD(out, in) out += in - #define ADDLO(out, in) out += in - #define SHR(in, shift) (word64)(in >> (shift)) - #define LO(in) (word64)(in) -#endif - -static word64 U8TO64(const byte* p) { - return - (((word64)(p[0] & 0xff) ) | - ((word64)(p[1] & 0xff) << 8) | - ((word64)(p[2] & 0xff) << 16) | - ((word64)(p[3] & 0xff) << 24) | - ((word64)(p[4] & 0xff) << 32) | - ((word64)(p[5] & 0xff) << 40) | - ((word64)(p[6] & 0xff) << 48) | - ((word64)(p[7] & 0xff) << 56)); -} - -static void U64TO8(byte* p, word64 v) { - p[0] = (v ) & 0xff; - p[1] = (v >> 8) & 0xff; - p[2] = (v >> 16) & 0xff; - p[3] = (v >> 24) & 0xff; - p[4] = (v >> 32) & 0xff; - p[5] = (v >> 40) & 0xff; - p[6] = (v >> 48) & 0xff; - p[7] = (v >> 56) & 0xff; -} -#else /* if not 64 bit then use 32 bit */ -static word32 U8TO32(const byte *p) { - return - (((word32)(p[0] & 0xff) ) | - ((word32)(p[1] & 0xff) << 8) | - ((word32)(p[2] & 0xff) << 16) | - ((word32)(p[3] & 0xff) << 24)); -} - -static void U32TO8(byte *p, word32 v) { - p[0] = (v ) & 0xff; - p[1] = (v >> 8) & 0xff; - p[2] = (v >> 16) & 0xff; - p[3] = (v >> 24) & 0xff; -} -#endif - -int Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) { - - if (keySz != 32) - return 1; - -#ifdef CHACHA_AEAD_TEST - int k; - printf("Poly key used: "); - for (k = 0; k < keySz; k++) - printf("%02x", key[k]); - printf("\n"); -#endif - -#ifdef POLY130564 - word64 t0,t1; - - /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ - t0 = U8TO64(key + 0); - t1 = U8TO64(key + 8); - - ctx->r[0] = ( t0 ) & 0xffc0fffffff; - ctx->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff; - ctx->r[2] = ((t1 >> 24) ) & 0x00ffffffc0f; - - /* h (accumulator) = 0 */ - ctx->h[0] = 0; - ctx->h[1] = 0; - ctx->h[2] = 0; - - /* save pad for later */ - ctx->pad[0] = U8TO64(key + 16); - ctx->pad[1] = U8TO64(key + 24); + + #if defined(_MSC_VER) + #include + + typedef struct word128 { + word64 lo; + word64 hi; + } word128; + + #define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi) + #define ADD(out, in) { word64 t = out.lo; out.lo += in.lo; + out.hi += (out.lo < t) + in.hi; } + #define ADDLO(out, in) { word64 t = out.lo; out.lo += in; + out.hi += (out.lo < t); } + #define SHR(in, shift) (__shiftright128(in.lo, in.hi, (shift))) + #define LO(in) (in.lo) + + #elif defined(__GNUC__) + #if defined(__SIZEOF_INT128__) + typedef unsigned __int128 word128; + #else + typedef unsigned word128 __attribute__((mode(TI))); + #endif + + #define MUL(out, x, y) out = ((word128)x * y) + #define ADD(out, in) out += in + #define ADDLO(out, in) out += in + #define SHR(in, shift) (word64)(in >> (shift)) + #define LO(in) (word64)(in) + #endif + + static word64 U8TO64(const byte* p) { + return + (((word64)(p[0] & 0xff) ) | + ((word64)(p[1] & 0xff) << 8) | + ((word64)(p[2] & 0xff) << 16) | + ((word64)(p[3] & 0xff) << 24) | + ((word64)(p[4] & 0xff) << 32) | + ((word64)(p[5] & 0xff) << 40) | + ((word64)(p[6] & 0xff) << 48) | + ((word64)(p[7] & 0xff) << 56)); + } + + static void U64TO8(byte* p, word64 v) { + p[0] = (v ) & 0xff; + p[1] = (v >> 8) & 0xff; + p[2] = (v >> 16) & 0xff; + p[3] = (v >> 24) & 0xff; + p[4] = (v >> 32) & 0xff; + p[5] = (v >> 40) & 0xff; + p[6] = (v >> 48) & 0xff; + p[7] = (v >> 56) & 0xff; + } #else /* if not 64 bit then use 32 bit */ - /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ - ctx->r[0] = (U8TO32(key + 0) ) & 0x3ffffff; - ctx->r[1] = (U8TO32(key + 3) >> 2) & 0x3ffff03; - ctx->r[2] = (U8TO32(key + 6) >> 4) & 0x3ffc0ff; - ctx->r[3] = (U8TO32(key + 9) >> 6) & 0x3f03fff; - ctx->r[4] = (U8TO32(key + 12) >> 8) & 0x00fffff; - - /* h = 0 */ - ctx->h[0] = 0; - ctx->h[1] = 0; - ctx->h[2] = 0; - ctx->h[3] = 0; - ctx->h[4] = 0; - - /* save pad for later */ - ctx->pad[0] = U8TO32(key + 16); - ctx->pad[1] = U8TO32(key + 20); - ctx->pad[2] = U8TO32(key + 24); - ctx->pad[3] = U8TO32(key + 28); + static word32 U8TO32(const byte *p) { + return + (((word32)(p[0] & 0xff) ) | + ((word32)(p[1] & 0xff) << 8) | + ((word32)(p[2] & 0xff) << 16) | + ((word32)(p[3] & 0xff) << 24)); + } + + static void U32TO8(byte *p, word32 v) { + p[0] = (v ) & 0xff; + p[1] = (v >> 8) & 0xff; + p[2] = (v >> 16) & 0xff; + p[3] = (v >> 24) & 0xff; + } #endif - ctx->leftover = 0; - ctx->final = 0; - - return 0; -} - static void poly1305_blocks(Poly1305* ctx, const unsigned char *m, size_t bytes) { #ifdef POLY130564 @@ -306,13 +248,78 @@ static void poly1305_blocks(Poly1305* ctx, const unsigned char *m, ctx->h[3] = h3; ctx->h[4] = h4; +#endif /* end of 64 bit cpu blocks or 32 bit cpu */ +} + + +int Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) { + + if (keySz != 32) + return 1; + +#ifdef CHACHA_AEAD_TEST + int k; + printf("Poly key used: "); + for (k = 0; k < keySz; k++) + printf("%02x", key[k]); + printf("\n"); #endif +#if defined(POLY130564) + + word64 t0,t1; + + /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ + t0 = U8TO64(key + 0); + t1 = U8TO64(key + 8); + + ctx->r[0] = ( t0 ) & 0xffc0fffffff; + ctx->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff; + ctx->r[2] = ((t1 >> 24) ) & 0x00ffffffc0f; + + /* h (accumulator) = 0 */ + ctx->h[0] = 0; + ctx->h[1] = 0; + ctx->h[2] = 0; + + /* save pad for later */ + ctx->pad[0] = U8TO64(key + 16); + ctx->pad[1] = U8TO64(key + 24); + +#else /* if not 64 bit then use 32 bit */ + + /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ + ctx->r[0] = (U8TO32(key + 0) ) & 0x3ffffff; + ctx->r[1] = (U8TO32(key + 3) >> 2) & 0x3ffff03; + ctx->r[2] = (U8TO32(key + 6) >> 4) & 0x3ffc0ff; + ctx->r[3] = (U8TO32(key + 9) >> 6) & 0x3f03fff; + ctx->r[4] = (U8TO32(key + 12) >> 8) & 0x00fffff; + + /* h = 0 */ + ctx->h[0] = 0; + ctx->h[1] = 0; + ctx->h[2] = 0; + ctx->h[3] = 0; + ctx->h[4] = 0; + + /* save pad for later */ + ctx->pad[0] = U8TO32(key + 16); + ctx->pad[1] = U8TO32(key + 20); + ctx->pad[2] = U8TO32(key + 24); + ctx->pad[3] = U8TO32(key + 28); + +#endif + + ctx->leftover = 0; + ctx->final = 0; + + return 0; } + int Poly1305Final(Poly1305* ctx, byte* mac) { -#ifdef POLY130564 +#if defined(POLY130564) word64 h0,h1,h2,c; word64 g0,g1,g2; @@ -476,7 +483,6 @@ int Poly1305Final(Poly1305* ctx, byte* mac) { int Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) { - size_t i; #ifdef CHACHA_AEAD_TEST int k; @@ -485,6 +491,7 @@ int Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) { printf("%02x", m[k]); printf("\n"); #endif + size_t i; /* handle leftover */ if (ctx->leftover) { @@ -516,7 +523,6 @@ int Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) { ctx->buffer[ctx->leftover + i] = m[i]; ctx->leftover += bytes; } - return 0; } #endif /* HAVE_POLY1305 */ diff --git a/cyassl/ctaocrypt/poly1305.h b/cyassl/ctaocrypt/poly1305.h index 9584305f9..8f5df5caa 100644 --- a/cyassl/ctaocrypt/poly1305.h +++ b/cyassl/ctaocrypt/poly1305.h @@ -31,8 +31,6 @@ extern "C" { #endif -//#define POLY1305_BLOCK_SIZE 16 - /* auto detect between 32bit / 64bit */ #define HAS_SIZEOF_INT128_64BIT (defined(__SIZEOF_INT128__) && defined(__LP64__)) #define HAS_MSVC_64BIT (defined(_MSC_VER) && defined(_M_X64)) @@ -51,24 +49,20 @@ enum { POLY1305_PAD_SIZE = 56 }; - /* Poly1305 state */ typedef struct Poly1305 { -#ifdef POLY130564 +#if defined(POLY130564) word64 r[3]; word64 h[3]; word64 pad[2]; - size_t leftover; - unsigned char buffer[POLY1305_BLOCK_SIZE]; - unsigned char final; #else word32 r[5]; word32 h[5]; word32 pad[4]; +#endif size_t leftover; unsigned char buffer[POLY1305_BLOCK_SIZE]; unsigned char final; -#endif } Poly1305; diff --git a/cyassl/internal.h b/cyassl/internal.h index 532f83c72..397d14f82 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -2111,8 +2111,6 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength); CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*); CYASSL_LOCAL int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, int content, int verify); - CYASSL_LOCAL int TLS_poly1305(CYASSL* ssl, byte* digest, const byte* in, - word32 sz, int content, int verify); #endif #ifndef NO_CYASSL_CLIENT diff --git a/src/internal.c b/src/internal.c index 39605290c..2ee09acb2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4329,7 +4329,8 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) + (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16; byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; - XMEMSET(tag, 0, 16); + XMEMSET(tag, 0, ssl->specs.aead_mac_size); + XMEMSET(nonce, 0, AEAD_NONCE_SZ); XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); @@ -8385,13 +8386,6 @@ static void PickHashSigAlgo(CYASSL* ssl, #endif - /* poly1305 */ - InitMd5(&md5); - Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN); - Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN); - Md5Update(&md5, messageVerify, verifySz); - Md5Final(&md5, hash); - #ifndef NO_SHA256 ret = InitSha256(&sha256); if (ret != 0) From 0a2a56db573f5882a35c953ef937c3c21c58c743 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 9 Jul 2014 16:33:25 -0600 Subject: [PATCH 09/21] fixed casting issue caught when using clang --- ctaocrypt/src/poly1305.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ctaocrypt/src/poly1305.c b/ctaocrypt/src/poly1305.c index 1534e4d58..a2d5fd499 100644 --- a/ctaocrypt/src/poly1305.c +++ b/ctaocrypt/src/poly1305.c @@ -450,10 +450,10 @@ int Poly1305Final(Poly1305* ctx, byte* mac) { h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff; /* mac = (h + pad) % (2^128) */ - f = (word64)h0 + ctx->pad[0] ; h0 = (word64)f; - f = (word64)h1 + ctx->pad[1] + (f >> 32); h1 = (word64)f; - f = (word64)h2 + ctx->pad[2] + (f >> 32); h2 = (word64)f; - f = (word64)h3 + ctx->pad[3] + (f >> 32); h3 = (word64)f; + f = (word64)h0 + ctx->pad[0] ; h0 = (word32)f; + f = (word64)h1 + ctx->pad[1] + (f >> 32); h1 = (word32)f; + f = (word64)h2 + ctx->pad[2] + (f >> 32); h2 = (word32)f; + f = (word64)h3 + ctx->pad[3] + (f >> 32); h3 = (word32)f; U32TO8(mac + 0, h0); U32TO8(mac + 4, h1); From c322cb05ad55149dd8faa05839914d34a059535c Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 10 Jul 2014 11:18:49 -0600 Subject: [PATCH 10/21] uses most recent version of cyassl --- certs/ca-cert.der | Bin 0 -> 1186 bytes certs/include.am | 6 +- certs/server-cert.der | Bin 0 -> 916 bytes certs/server-key.der | Bin 0 -> 1193 bytes certs/taoCert.txt | 10 +- certs/test/expired-ca.pem | 56 + certs/test/expired-cert.pem | 39 + certs/test/expired-key.pem | 9 + configure.ac | 70 +- ctaocrypt/benchmark/benchmark.c | 137 +- ctaocrypt/src/aes.c | 52 +- ctaocrypt/src/aes_asm.s | 2 + ctaocrypt/src/asn.c | 1501 ++++++++++++++-------- ctaocrypt/src/des3.c | 68 +- ctaocrypt/src/ecc.c | 26 +- ctaocrypt/src/error.c | 268 ++-- ctaocrypt/src/hmac.c | 5 + ctaocrypt/src/include.am | 3 +- ctaocrypt/src/integer.c | 16 +- ctaocrypt/src/md2.c | 28 + ctaocrypt/src/md5.c | 27 + ctaocrypt/src/misc.c | 2 + ctaocrypt/src/pkcs7.c | 914 ++++++++++---- ctaocrypt/src/random.c | 280 +++-- ctaocrypt/src/sha.c | 34 + ctaocrypt/src/sha256.c | 35 + ctaocrypt/src/sha512.c | 67 + ctaocrypt/test/test.c | 169 ++- cyassl/certs_test.h | 371 +++++- cyassl/ctaocrypt/aes.h | 2 + cyassl/ctaocrypt/asn.h | 11 +- cyassl/ctaocrypt/asn_public.h | 20 +- cyassl/ctaocrypt/des3.h | 6 +- cyassl/ctaocrypt/ecc.h | 2 + cyassl/ctaocrypt/error-crypt.h | 9 +- cyassl/ctaocrypt/hmac.h | 2 + cyassl/ctaocrypt/include.am | 2 +- cyassl/ctaocrypt/integer.h | 4 + cyassl/ctaocrypt/md2.h | 1 + cyassl/ctaocrypt/md5.h | 2 + cyassl/ctaocrypt/random.h | 26 +- cyassl/ctaocrypt/settings.h | 13 + cyassl/ctaocrypt/sha.h | 1 + cyassl/ctaocrypt/sha256.h | 7 +- cyassl/ctaocrypt/sha512.h | 2 + cyassl/ctaocrypt/tfm.h | 5 + cyassl/ctaocrypt/types.h | 2 +- cyassl/error-ssl.h | 173 +-- cyassl/internal.h | 98 +- cyassl/openssl/ssl.h | 1 + cyassl/ssl.h | 22 + cyassl/test.h | 23 +- cyassl/version.h | 4 +- examples/client/client.c | 10 +- examples/echoserver/echoserver.c | 4 +- examples/server/server.c | 4 +- gencertbuf.pl | 42 +- src/crl.c | 5 +- src/include.am | 2 +- src/internal.c | 1993 +++++++++++++++++++----------- src/keys.c | 274 +++- src/sniffer.c | 6 - src/ssl.c | 336 +++-- src/tls.c | 44 +- tests/api.c | 155 ++- tests/hash.c | 16 + 66 files changed, 5270 insertions(+), 2254 deletions(-) create mode 100644 certs/ca-cert.der create mode 100644 certs/server-cert.der create mode 100644 certs/server-key.der create mode 100644 certs/test/expired-ca.pem create mode 100644 certs/test/expired-cert.pem create mode 100644 certs/test/expired-key.pem diff --git a/certs/ca-cert.der b/certs/ca-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..5d7c48aded1f8d8eaa1f57e8405c2bc5da4b4350 GIT binary patch literal 1186 zcmXqLVwq>q#N4)knTe5!iId^wh2`;;s$Xmjc-c6$+C196^D;8BvN9MnPB7#);ACSC zWnmL$3Jo?CFyI4mIE2}K^Ycm)^Aceq?859$`Bka8iFt;C2K*p3T*4f|iRC5v`6U^K z!UlpMA#PzV=ls0l(wvgaymUh`0}+rQvoLRYdAVL?VsUYfUUGh}p{#*4+!36NVtko- zY55LtX#+WNUPD7e10xed3m`O&0&-0Z%#947+`;JNCPpRXfMsN5U~XdMXE11DCWr>lQOP{!Na^|94o}lS7Pqxo zZgRi5p|RO}?_0AI_43>v>0$O6-ZEFX&)i->w(x?ss+HCg+&#>tzP+>kYR z`r@iV<57^jGE3uLgT`GASk)|SoVKKK@*qqHO-T8S2jmT57FGjhM#lfhi36DHfQf^V zA-+xIOJMh&rG5st;?~Uik#kecd-Bi6GM)MJ-ff;+Zr7<$w)okLHc`dfkBm2&T)i;= z^T8$UlVW~e{BNM&$Gm5=4Uf^{3Gq@B2_lN;T;80^7W?x@gk;- literal 0 HcmV?d00001 diff --git a/certs/include.am b/certs/include.am index 197ebc46c..32a2bfd0d 100644 --- a/certs/include.am +++ b/certs/include.am @@ -26,13 +26,15 @@ EXTRA_DIST += \ EXTRA_DIST += \ certs/ca-key.der \ + certs/ca-cert.der \ certs/client-cert.der \ certs/client-key.der \ certs/dh2048.der \ certs/rsa2048.der \ certs/dsa2048.der \ - certs/ecc-key.der - + certs/ecc-key.der \ + certs/server-key.der \ + certs/server-cert.der dist_doc_DATA+= certs/taoCert.txt diff --git a/certs/server-cert.der b/certs/server-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..5f845ca3b56a800093a1263b7d258ff81b965953 GIT binary patch literal 916 zcmXqLVxC~o#8kn=$Yj9F#;Mij(e|B}k&%^^!Ju)1A-4f18*?ZNn=n&ou%UnfABe*t z%S)H;%{LiV_>Rk^MpBCxm>$TmOT6}Ab zbnwo2`|Fats{Rj?lLNcCQ|#9|?^r4mW3qW2!-C|a-|D#|Gb)Og^+>E_%3Xh0l2LDm zz~f_Q9JXXGb~Daw&pWbPeA(w0ch?s0sn%EA`Zq0*XK%>nhq>`Gdz6bWax!;{ToTxs za#-ua!f9T69$t}(KEB|Q(mI+I?Y{+zS z;(U37V~?@I<_M+bt6m>@_$;yc=%s1*Z(i_Ud!31yk%198gn)?-7($E;g?^Wl?w|4b zes+6a5O+@AgT04z*{>hikmoFCy2pSq;KTo!$~h8Jj@tyUU6D-u`=orjjOD}d)kj5> z%LUEiN*<|j%R5%A-QM_oi$hw&2k(gsa#!Tp2H)&Hr}dEAHMM==v~}<7I<5-ISBS6E zIa=&;&QDxhZKpr#fC=;`|yd8PRlK{crlzitS8nSC=R5eQ)(= HQ{q_w8_Zh~ literal 0 HcmV?d00001 diff --git a/certs/server-key.der b/certs/server-key.der new file mode 100644 index 0000000000000000000000000000000000000000..868f0543c9d09c857365dd50b3c21740eb8ca9f9 GIT binary patch literal 1193 zcmV;a1XlYnf&`@k0RRGm0RaHOl?dTiLGp2Jx6(yHCjn)~MXvI^Brv#@&M!{Z_8f@3 ze4qQMXMg@&oKbc6ipmG)H7}3hy?ekfe5+)r7yQayd%EBu<#H}>E{52ZbK0yMQ@LM1 z*BK2ZPvK)@QHu*?KdnQ!r5s!|v#tQ3W5xD=3t4D*bEb?KsRC`U!x;fCxDeyU%s{kh zqee4nhi=5X7pC**-K}%HdoLli{bo@Ny;QT|ZC@O`BXiLS1Bn#U5V>T-D$t>pO1$CJ z8e7Mpz`%`&aVS~lemfzXXPp#Ji0|5X50)hbn0GiM=4^maR8}MYxnp*`6TdK?D<3DaPA_eo%`tNj7f#P3u)4l&OgGF`vV|te^*0veOk|yLR z22fBAcrK}U4HTEO64)_7tDylw!Z7#;Ul!zHchX?;pN;7By6a=!Dwl!pOl;;=G*K%k zH1ty(#8?VHyRWtPN`*r$Jn>jqfdYYn0P-wUb~z(s$q+KPldZ458FiL{WahQFi9$iq zZO|MW_#3Qg%Qie@ecbdJxWizvS4dw{Pgy!ue=@)sLr_1i&Tkj<4xd2EPOTL?$$9C( zSvYfWoCmSK~EnCLK7oQ%lh;bq}BJHHhf#3s64@iUv$zr zE&tGj-}|#5dM=w6uI9Q6u3uB6QtcbWkph8%0PL9ByVd^rQc8USRY`AEZc;CVqbsw9 zVzX4zV^Z4Vh<2dwixs8Q7!-1MUdN*ZAD$UvwHq6r!}7H<`Aos8>kKA+)L%+bT%<(? za73q8z|GP!;=h5Fk}*MtIT}L?7^PDmIT~LdL%fG--)_?)0RAGFa84Q- zDFT6k0E$6YC{dnY)Se4Fn4?tkY*y5&>1i{CBn;Zr3@yaJPXcK;eAMRLOzqbe5yL(J z=fftzQ3Bq(b)0WjoO<()@6U?GE7IBqYDCF%{%)Cv_*=g5eCB1fPi*kX#s3z{iyIf> zSUsXQs{y>fK+aQ)j_vR6S)Jfx=6qiDj!W@7!2*GRO-1=YjKy2@DjJHk@*J#d=?qpj zw@z}F)#ZxP;{WmS7!y5)3AosHr^y^~Qj{=5;PH5L{b3tS3C!kbDsinG-$T4s+ohzw zHE^U}&rkdSRhc?HBhP1A^&oqP$zWt6EvR|mb88V^u+ymx(njZ{&sjv client-key.pem +1) openssl genrsa 1024 > client-key.pem -2) openssl req -new -x509 -nodes -md5 -days 1000 -key client-key.pem > client-cert.pem +2) openssl req -new -x509 -nodes -sha1 -days 1000 -key client-key.pem > client-cert.pem -3) note sha1 would be -sha1 +3) note md5 would be -md5 -- adding metadata to beginning @@ -21,13 +21,13 @@ same as self signed, use ca prefix instead of client ***** Create a cert signed by CA ************** -1) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem +1) openssl req -newkey rsa:1024 -sha1 -days 1000 -nodes -keyout server-key.pem > server-req.pem * note if using exisitng key do: -new -key keyName 2) copy ca-key.pem ca-cert.srl (why ????) -3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem +3) openssl x509 -req -in server-req.pem -days 1000 -sha1 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem ***** Adding Subject Key ID and Authentication Key ID extensions to a cert ***** diff --git a/certs/test/expired-ca.pem b/certs/test/expired-ca.pem new file mode 100644 index 000000000..6a0cf898e --- /dev/null +++ b/certs/test/expired-ca.pem @@ -0,0 +1,56 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 8a:37:22:65:73:f5:aa:e8 + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + Validity + Not Before: Jun 30 18:47:10 2010 GMT + Not After : Mar 26 18:47:10 2013 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a: + e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b: + c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71: + c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0: + aa:56:23:03:a3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09 + X509v3 Authority Key Identifier: + keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09 + DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + serial:8A:37:22:65:73:F5:AA:E8 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: md5WithRSAEncryption + 32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88: + 13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a: + 68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61: + f4:b0:34:6d:d1:d5:a4:64:24:f8 +-----BEGIN CERTIFICATE----- +MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD +VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G +A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3 +dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5 +YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG +A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP +BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3 +d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A +eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa +4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj +A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB +0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG +A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP +BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3 +d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A +eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF +AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9 +u07s6lX6pOMAYfSwNG3R1aRkJPg= +-----END CERTIFICATE----- diff --git a/certs/test/expired-cert.pem b/certs/test/expired-cert.pem new file mode 100644 index 000000000..1ec53c026 --- /dev/null +++ b/certs/test/expired-cert.pem @@ -0,0 +1,39 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 1 (0x1) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + Validity + Not Before: Jun 30 18:52:17 2010 GMT + Not After : Mar 26 18:52:17 2013 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a: + 66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38: + 9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36: + a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66: + 7e:16:77:e2:a7 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c: + 7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef: + 87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36: + 9b:0b:e0:74:58:11:c5:01:7b:4d +-----BEGIN CERTIFICATE----- +MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290 +aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv +bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x +MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G +A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx +EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq +hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB +AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+ +Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA +5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL +4HRYEcUBe00= +-----END CERTIFICATE----- diff --git a/certs/test/expired-key.pem b/certs/test/expired-key.pem new file mode 100644 index 000000000..154d661b1 --- /dev/null +++ b/certs/test/expired-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU +lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58 +viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli +dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4 +TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf +p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS +1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg== +-----END RSA PRIVATE KEY----- diff --git a/configure.ac b/configure.ac index ba20a229d..f56ebb4fc 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[3.0.0],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com]) +AC_INIT([cyassl],[3.0.3],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -81,6 +81,7 @@ AC_CHECK_HEADERS([errno.h]) AC_CHECK_LIB(network,socket) AC_CHECK_SIZEOF(long long, 8) AC_CHECK_SIZEOF(long, 4) +AC_CHECK_TYPES(__uint128_t) AC_C_BIGENDIAN # mktime check takes forever on some systems, if time supported it would be # highly unusual for mktime to be missing @@ -390,7 +391,10 @@ then then # GCC needs these flags, icc doesn't # opt levels greater than 2 may cause problems on systems w/o aesni - AM_CFLAGS="$AM_CFLAGS -maes -msse4" + if test "$CC" != "icc" + then + AM_CFLAGS="$AM_CFLAGS -maes -msse4" + fi fi fi @@ -783,9 +787,9 @@ AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"]) # DH AC_ARG_ENABLE([dh], - [ --enable-dh Enable DH (default: enabled)], + [ --enable-dh Enable DH (default: disabled)], [ ENABLED_DH=$enableval ], - [ ENABLED_DH=yes ] + [ ENABLED_DH=no ] ) if test "$ENABLED_DH" = "no" @@ -1235,21 +1239,44 @@ AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"]) # NTRU -ntruHome=`pwd`/NTRU_algorithm -ntruInclude=$ntruHome/cryptolib -ntruLib=$ntruHome -AC_ARG_ENABLE([ntru], - [ --enable-ntru Enable NTRU (default: disabled)], - [ ENABLED_NTRU=$enableval ], - [ ENABLED_NTRU=no ] - ) +ENABLED_NTRU="no" +tryntrudir="" +AC_ARG_WITH([ntru], + [ --with-ntru=PATH Path to NTRU install (default /usr/) ], + [ + AC_MSG_CHECKING([for NTRU]) + CPPFLAGS="$CPPFLAGS -DHAVE_NTRU" + LIBS="$LIBS -lNTRUEncrypt" -if test "$ENABLED_NTRU" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -I$ntruInclude" - AM_LDFLAGS="$AM_LDFLAGS -L$ntruLib" - LIBS="$LIBS -lntru_encrypt" -fi + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ]) + + if test "x$ntru_linked" == "xno" ; then + if test "x$withval" != "xno" ; then + tryntrudir=$withval + fi + if test "x$withval" == "xyes" ; then + tryntrudir="/usr" + fi + + LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib" + CPPFLAGS="$CPPFLAGS -I$tryntrudir/include" + + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ]) + + if test "x$ntru_linked" == "xno" ; then + AC_MSG_ERROR([NTRU isn't found. + If it's already installed, specify its path using --with-ntru=/dir/]) + fi + AC_MSG_RESULT([yes]) + AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib" + else + AC_MSG_RESULT([yes]) + fi + + AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU" + ENABLED_NTRU="yes" + ] +) AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"]) @@ -1665,6 +1692,13 @@ then fi fi +# ICC command line warning for non supported warning flags +if test "$CC" = "icc" +then + AM_CFLAGS="$AM_CFLAGS -wd10006" +fi + + LIB_SOCKET_NSL AX_HARDEN_CC_COMPILER_FLAGS diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 500dcefa5..60eb4a41c 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -53,6 +53,9 @@ #include "cavium_common.h" #include "cavium_ioctl.h" #endif +#ifdef HAVE_NTRU + #include "ntru_crypto.h" +#endif #if defined(CYASSL_MDK_ARM) extern FILE * CyaSSL_fopen(const char *fname, const char *mode) ; @@ -105,6 +108,9 @@ void bench_dh(void); void bench_eccKeyGen(void); void bench_eccKeyAgree(void); #endif +#ifdef HAVE_NTRU +void bench_ntruKeyGen(void); +#endif double current_time(int); @@ -132,6 +138,9 @@ static int OpenNitroxDevice(int dma_mode,int dev_id) #endif +#if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND) + CYASSL_API int CyaSSL_Debugging_ON(); +#endif /* so embedded projects can pull in tests on their own */ #if !defined(NO_MAIN_DRIVER) @@ -146,6 +155,10 @@ int benchmark_test(void *args) { #endif + #if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND) + CyaSSL_Debugging_ON(); + #endif + #ifdef HAVE_CAVIUM int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); if (ret != 0) { @@ -225,6 +238,10 @@ int benchmark_test(void *args) bench_rsaKeyGen(); #endif +#ifdef HAVE_NTRU + bench_ntruKeyGen(); +#endif + #ifdef HAVE_ECC bench_eccKeyGen(); bench_eccKeyAgree(); @@ -850,15 +867,14 @@ static RNG rng; #ifndef NO_RSA -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - defined(CYASSL_MDK_SHELL) -static char *certRSAname = "certs/rsa2048.der" ; -static void set_Bench_RSA_File(char * cert) { certRSAname = cert ; } - /* set by shell command */ -#elif defined(CYASSL_MDK_SHELL) - /* nothing */ -#else -static const char *certRSAname = "certs/rsa2048.der" ; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + #if defined(CYASSL_MDK_SHELL) + static char *certRSAname = "certs/rsa2048.der"; + /* set by shell command */ + static void set_Bench_RSA_File(char * cert) { certRSAname = cert ; } + #else + static const char *certRSAname = "certs/rsa2048.der"; + #endif #endif void bench_rsa(void) @@ -955,20 +971,22 @@ void bench_rsa(void) #ifndef NO_DH -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - defined(CYASSL_MDK_SHELL) -static char *certDHname = "certs/dh2048.der" ; -void set_Bench_DH_File(char * cert) { certDHname = cert ; } - /* set by shell command */ -#elif defined(CYASSL_MDK_SHELL) - /* nothing */ -#else -static const char *certDHname = "certs/dh2048.der" ; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + #if defined(CYASSL_MDK_SHELL) + static char *certDHname = "certs/dh2048.der"; + /* set by shell command */ + void set_Bench_DH_File(char * cert) { certDHname = cert ; } + #else + static const char *certDHname = "certs/dh2048.der"; + #endif #endif void bench_dh(void) { - int i, ret; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + int ret; +#endif + int i ; byte tmp[1024]; size_t bytes; word32 idx = 0, pubSz, privSz = 0, pubSz2, privSz2, agreeSz; @@ -1089,6 +1107,74 @@ void bench_rsaKeyGen(void) " iterations\n", milliEach, genTimes); } #endif /* CYASSL_KEY_GEN */ +#ifdef HAVE_NTRU +byte GetEntropy(ENTROPY_CMD cmd, byte* out); + +byte GetEntropy(ENTROPY_CMD cmd, byte* out) +{ + if (cmd == INIT) + return (InitRng(&rng) == 0) ? 1 : 0; + + if (out == NULL) + return 0; + + if (cmd == GET_BYTE_OF_ENTROPY) + return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0; + + if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) { + *out = 1; + return 1; + } + + return 0; +} +void bench_ntruKeyGen(void) +{ + double start, total, each, milliEach; + int i; + + byte public_key[5951]; /* 2048 key equivalent to rsa */ + word16 public_key_len; + byte private_key[5951]; + word16 private_key_len = sizeof(private_key); + + DRBG_HANDLE drbg; + static uint8_t const pers_str[] = { + 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't' + }; + + word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), GetEntropy, &drbg); + + if(rc != DRBG_OK) { + printf("NTRU drbg instantiate failed\n"); + return; + } + + start = current_time(1); + + for(i = 0; i < genTimes; i++) { + ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, + public_key, &private_key_len, private_key); + } + + total = current_time(0) - start; + + rc = ntru_crypto_drbg_uninstantiate(drbg); + + if (rc != NTRU_OK) { + printf("NTRU drbg uninstantiate failed\n"); + return; + } + + each = total / genTimes; + milliEach = each * 1000; + + printf("\n"); + printf("NTRU 112 key generation %6.3f milliseconds, avg over %d" + " iterations\n", milliEach, genTimes); + +} +#endif #ifdef HAVE_ECC void bench_eccKeyGen(void) @@ -1211,7 +1297,6 @@ void bench_eccKeyAgree(void) } #endif /* HAVE_ECC */ - #ifdef _WIN32 #define WIN32_LEAN_AND_MEAN @@ -1238,10 +1323,10 @@ void bench_eccKeyAgree(void) #elif defined MICROCHIP_PIC32 #if defined(CYASSL_MICROCHIP_PIC32MZ) - #define CLOCK 8000000.0 + #define CLOCK 80000000.0 #else #include - #define CLOCK 4000000.0 + #define CLOCK 40000000.0 #endif double current_time(int reset) @@ -1259,10 +1344,10 @@ void bench_eccKeyAgree(void) return ( ns / CLOCK * 2.0); } -#elif defined CYASSL_MDK_ARM - - extern double current_time(int reset) ; - +#elif defined(CYASSL_IAR_ARM) || defined (CYASSL_MDK_ARM) + #warning "Write your current_time()" + double current_time(int reset) { return 0.0 ; } + #elif defined FREERTOS double current_time(int reset) diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index bc38012a4..e25b5d873 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -804,6 +804,11 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, iv = (byte*)aes->reg; enc_key = (byte*)aes->key; + if ((word)out % CYASSL_MMCAU_ALIGNMENT) { + CYASSL_MSG("Bad cau_aes_encrypt alignment"); + return BAD_ALIGN_E; + } + while (len > 0) { XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); @@ -836,6 +841,11 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, iv = (byte*)aes->reg; dec_key = (byte*)aes->key; + if ((word)out % CYASSL_MMCAU_ALIGNMENT) { + CYASSL_MSG("Bad cau_aes_decrypt alignment"); + return BAD_ALIGN_E; + } + while (len > 0) { XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); @@ -1541,31 +1551,34 @@ static const word32 Td[5][256] = { #ifdef CYASSL_AESNI +/* Each platform needs to query info type 1 from cpuid to see if aesni is + * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts + */ + #ifndef _MSC_VER - #define cpuid(func,ax,bx,cx,dx)\ + #define cpuid(reg, func)\ __asm__ __volatile__ ("cpuid":\ - "=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func)); + "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\ + "a" (func)); + #define XASM_LINK(f) asm(f) #else - #define cpuid(func,ax,bx,cx,dx)\ - __asm mov eax, func \ - __asm cpuid \ - __asm mov ax, eax \ - __asm mov bx, ebx \ - __asm mov cx, ecx \ - __asm mov dx, edx + #include + #define cpuid(a,b) __cpuid((int*)a,b) + + #define XASM_LINK(f) #endif /* _MSC_VER */ static int Check_CPU_support_AES(void) { - unsigned int a,b,c,d; - cpuid(1,a,b,c,d); + unsigned int reg[4]; /* put a,b,c,d into 0,1,2,3 */ + cpuid(reg, 1); /* query info 1 */ - if (c & 0x2000000) + if (reg[2] & 0x2000000) return 1; return 0; @@ -1580,34 +1593,34 @@ static int haveAESNI = 0; void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned char* ivec, unsigned long length, const unsigned char* KS, int nr) - asm ("AES_CBC_encrypt"); + XASM_LINK("AES_CBC_encrypt"); void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned char* ivec, unsigned long length, const unsigned char* KS, int nr) - asm ("AES_CBC_decrypt"); + XASM_LINK("AES_CBC_decrypt"); void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long length, const unsigned char* KS, int nr) - asm ("AES_ECB_encrypt"); + XASM_LINK("AES_ECB_encrypt"); void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long length, const unsigned char* KS, int nr) - asm ("AES_ECB_decrypt"); + XASM_LINK("AES_ECB_decrypt"); void AES_128_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) - asm ("AES_128_Key_Expansion"); + XASM_LINK("AES_128_Key_Expansion"); void AES_192_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) - asm ("AES_192_Key_Expansion"); + XASM_LINK("AES_192_Key_Expansion"); void AES_256_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) - asm ("AES_256_Key_Expansion"); + XASM_LINK("AES_256_Key_Expansion"); static int AES_set_encrypt_key(const unsigned char *userKey, const int bits, @@ -2228,6 +2241,7 @@ int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) if ((word)in % 16) { #ifndef NO_CYASSL_ALLOC_ALIGN byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + CYASSL_MSG("AES-CBC encrypt with bad alignment"); if (tmp == NULL) return MEMORY_E; XMEMCPY(tmp, in, sz); diff --git a/ctaocrypt/src/aes_asm.s b/ctaocrypt/src/aes_asm.s index 382d9b313..b5f5bc9c1 100755 --- a/ctaocrypt/src/aes_asm.s +++ b/ctaocrypt/src/aes_asm.s @@ -24,6 +24,8 @@ * by Intel Mobility Group, Israel Development Center, Israel Shay Gueron */ +/* This file is in at&t asm syntax, see .asm for intel syntax */ + /* AES_CBC_encrypt (const unsigned char *in, diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index de4328df3..6d2d962e1 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -35,14 +35,11 @@ #include #include #include -#include -#include #include +#include #include #include #include -#include -#include #include #include @@ -53,7 +50,7 @@ #endif #ifdef HAVE_NTRU - #include "crypto_ntru.h" + #include "ntru_crypto.h" #endif #ifdef HAVE_ECC @@ -626,7 +623,7 @@ CYASSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, if (b == ASN_TAG_NULL) { b = input[i++]; - if (b != 0) + if (b != 0) return ASN_EXPECT_0_E; } else @@ -838,11 +835,15 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, int saltSz, int iterations, int id, byte* input, int length, int version, byte* cbcIv) { - byte key[MAX_KEY_SIZE]; - int typeH; - int derivedLen; - int decryptionType; - int ret = 0; + int typeH; + int derivedLen; + int decryptionType; + int ret = 0; +#ifdef CYASSL_SMALL_STACK + byte* key; +#else + byte key[MAX_KEY_SIZE]; +#endif switch (id) { case PBE_MD5_DES: @@ -873,6 +874,12 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, return ALGO_ID_E; } +#ifdef CYASSL_SMALL_STACK + key = (byte*)XMALLOC(MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + return MEMORY_E; +#endif + if (version == PKCS5v2) ret = PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations, derivedLen, typeH); @@ -883,8 +890,12 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, int i, idx = 0; byte unicodePasswd[MAX_UNICODE_SZ]; - if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) + if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) { +#ifdef CYASSL_SMALL_STACK + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return UNICODE_SIZE_E; + } for (i = 0; i < passwordSz; i++) { unicodePasswd[idx++] = 0x00; @@ -900,11 +911,19 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, ret += PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz, iterations, 8, typeH, 2); } - else + else { +#ifdef CYASSL_SMALL_STACK + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ALGO_ID_E; + } - if (ret != 0) + if (ret != 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; + } switch (decryptionType) { #ifndef NO_DES3 @@ -917,8 +936,12 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, desIv = cbcIv; ret = Des_SetKey(&dec, key, desIv, DES_DECRYPTION); - if (ret != 0) + if (ret != 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; + } Des_CbcDecrypt(&dec, input, input, length); break; @@ -932,11 +955,19 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, if (version == PKCS5v2 || version == PKCS12) desIv = cbcIv; ret = Des3_SetKey(&dec, key, desIv, DES_DECRYPTION); - if (ret != 0) + if (ret != 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; + } ret = Des3_CbcDecrypt(&dec, input, input, length); - if (ret != 0) + if (ret != 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; + } break; } #endif @@ -952,9 +983,16 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, #endif default: +#ifdef CYASSL_SMALL_STACK + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ALGO_ID_E; } +#ifdef CYASSL_SMALL_STACK + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return 0; } @@ -966,8 +1004,13 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) word32 inOutIdx = 0, oid; int first, second, length, version, saltSz, id; int iterations = 0; +#ifdef CYASSL_SMALL_STACK + byte* salt = NULL; + byte* cbcIv = NULL; +#else byte salt[MAX_SALT_SIZE]; byte cbcIv[MAX_IV_SIZE]; +#endif if (GetSequence(input, &inOutIdx, &length, sz) < 0) return ASN_PARSE_E; @@ -1005,39 +1048,97 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) if (saltSz > MAX_SALT_SIZE) return ASN_PARSE_E; +#ifdef CYASSL_SMALL_STACK + salt = (byte*)XMALLOC(MAX_SALT_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (salt == NULL) + return MEMORY_E; +#endif + XMEMCPY(salt, &input[inOutIdx], saltSz); inOutIdx += saltSz; - if (GetShortInt(input, &inOutIdx, &iterations) < 0) + if (GetShortInt(input, &inOutIdx, &iterations) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; + } + +#ifdef CYASSL_SMALL_STACK + cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (cbcIv == NULL) { + XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif if (version == PKCS5v2) { /* get encryption algo */ - if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0) + if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; + } - if (CheckAlgoV2(oid, &id) < 0) + if (CheckAlgoV2(oid, &id) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; /* PKCS v2 algo id error */ + } - if (input[inOutIdx++] != ASN_OCTET_STRING) + if (input[inOutIdx++] != ASN_OCTET_STRING) { +#ifdef CYASSL_SMALL_STACK + XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; + } - if (GetLength(input, &inOutIdx, &length, sz) < 0) + if (GetLength(input, &inOutIdx, &length, sz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; + } XMEMCPY(cbcIv, &input[inOutIdx], length); inOutIdx += length; } - if (input[inOutIdx++] != ASN_OCTET_STRING) + if (input[inOutIdx++] != ASN_OCTET_STRING) { +#ifdef CYASSL_SMALL_STACK + XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - - if (GetLength(input, &inOutIdx, &length, sz) < 0) + } + + if (GetLength(input, &inOutIdx, &length, sz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; + } if (DecryptKey(password, passwordSz, salt, saltSz, iterations, id, - input + inOutIdx, length, version, cbcIv) < 0) + input + inOutIdx, length, version, cbcIv) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_INPUT_E; /* decrypt failure */ + } + +#ifdef CYASSL_SMALL_STACK + XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif XMEMMOVE(input, input + inOutIdx, length); return ToTraditional(input, length); @@ -1163,8 +1264,6 @@ int DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz) } -#ifdef OPENSSL_EXTRA - int DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz, byte* g, word32* gInOutSz) { @@ -1213,7 +1312,6 @@ int DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz, return 0; } -#endif /* OPENSSL_EXTRA */ #endif /* NO_DH */ @@ -1270,6 +1368,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) cert->signature = 0; cert->subjectCN = 0; cert->subjectCNLen = 0; + cert->subjectCNEnc = CTC_UTF8; cert->subjectCNStored = 0; cert->altNames = NULL; #ifndef IGNORE_NAME_CONSTRAINTS @@ -1308,16 +1407,22 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) #ifdef CYASSL_CERT_GEN cert->subjectSN = 0; cert->subjectSNLen = 0; + cert->subjectSNEnc = CTC_UTF8; cert->subjectC = 0; cert->subjectCLen = 0; + cert->subjectCEnc = CTC_PRINTABLE; cert->subjectL = 0; cert->subjectLLen = 0; + cert->subjectLEnc = CTC_UTF8; cert->subjectST = 0; cert->subjectSTLen = 0; + cert->subjectSTEnc = CTC_UTF8; cert->subjectO = 0; cert->subjectOLen = 0; + cert->subjectOEnc = CTC_UTF8; cert->subjectOU = 0; cert->subjectOULen = 0; + cert->subjectOUEnc = CTC_UTF8; cert->subjectEmail = 0; cert->subjectEmailLen = 0; #endif /* CYASSL_CERT_GEN */ @@ -1429,9 +1534,14 @@ void FreeDecodedCert(DecodedCert* cert) static int GetCertHeader(DecodedCert* cert) { - int ret = 0, len; - byte serialTmp[EXTERNAL_SERIAL_SIZE]; - mp_int mpi; + int ret = 0, len; + byte serialTmp[EXTERNAL_SERIAL_SIZE]; +#if defined(CYASSL_SMALL_STACK) && defined(USE_FAST_MATH) + mp_int* mpi = NULL; +#else + mp_int stack_mpi; + mp_int* mpi = &stack_mpi; +#endif if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0) return ASN_PARSE_E; @@ -1445,17 +1555,32 @@ static int GetCertHeader(DecodedCert* cert) if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version) < 0) return ASN_PARSE_E; - if (GetInt(&mpi, cert->source, &cert->srcIdx, cert->maxIdx) < 0) - return ASN_PARSE_E; +#if defined(CYASSL_SMALL_STACK) && defined(USE_FAST_MATH) + mpi = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (mpi == NULL) + return MEMORY_E; +#endif - len = mp_unsigned_bin_size(&mpi); + if (GetInt(mpi, cert->source, &cert->srcIdx, cert->maxIdx) < 0) { +#if defined(CYASSL_SMALL_STACK) && defined(USE_FAST_MATH) + XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ASN_PARSE_E; + } + + len = mp_unsigned_bin_size(mpi); if (len < (int)sizeof(serialTmp)) { - if ( (ret = mp_to_unsigned_bin(&mpi, serialTmp)) == MP_OKAY) { + if ( (ret = mp_to_unsigned_bin(mpi, serialTmp)) == MP_OKAY) { XMEMCPY(cert->serial, serialTmp, len); cert->serialSz = len; } } - mp_clear(&mpi); + mp_clear(mpi); + +#if defined(CYASSL_SMALL_STACK) && defined(USE_FAST_MATH) + XFREE(mpi, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } @@ -1536,34 +1661,61 @@ static int GetKey(DecodedCert* cert) const byte* key = &cert->source[tmpIdx]; byte* next = (byte*)key; word16 keyLen; + word32 rc; + word32 remaining = cert->maxIdx - cert->srcIdx; +#ifdef CYASSL_SMALL_STACK + byte* keyBlob = NULL; +#else byte keyBlob[MAX_NTRU_KEY_SZ]; - - word32 rc = crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, - &keyLen, NULL, &next); - +#endif + rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, + &keyLen, NULL, &next, &remaining); if (rc != NTRU_OK) return ASN_NTRU_KEY_E; - if (keyLen > sizeof(keyBlob)) + if (keyLen > MAX_NTRU_KEY_SZ) return ASN_NTRU_KEY_E; - rc = crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key,&keyLen, - keyBlob, &next); - if (rc != NTRU_OK) - return ASN_NTRU_KEY_E; +#ifdef CYASSL_SMALL_STACK + keyBlob = (byte*)XMALLOC(MAX_NTRU_KEY_SZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (keyBlob == NULL) + return MEMORY_E; +#endif - if ( (next - key) < 0) + rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, + &keyLen, keyBlob, &next, &remaining); + if (rc != NTRU_OK) { +#ifdef CYASSL_SMALL_STACK + XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_NTRU_KEY_E; + } + + if ( (next - key) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ASN_NTRU_KEY_E; + } cert->srcIdx = tmpIdx + (int)(next - key); cert->publicKey = (byte*) XMALLOC(keyLen, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (cert->publicKey == NULL) + if (cert->publicKey == NULL) { +#ifdef CYASSL_SMALL_STACK + XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return MEMORY_E; + } XMEMCPY(cert->publicKey, keyBlob, keyLen); cert->pubKeyStored = 1; cert->pubKeySize = keyLen; +#ifdef CYASSL_SMALL_STACK + XFREE(keyBlob, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return 0; } #endif /* HAVE_NTRU */ @@ -1707,8 +1859,7 @@ static int GetName(DecodedCert* cert, int nameType) cert->srcIdx += 2; id = cert->source[cert->srcIdx++]; - b = cert->source[cert->srcIdx++]; /* strType */ - (void)b; /* may want to validate? */ + b = cert->source[cert->srcIdx++]; /* encoding */ if (GetLength(cert->source, &cert->srcIdx, &strLen, cert->maxIdx) < 0) @@ -1724,6 +1875,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectCN = (char *)&cert->source[cert->srcIdx]; cert->subjectCNLen = strLen; + cert->subjectCNEnc = b; } if (!tooBig) { @@ -1746,6 +1898,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectSN = (char*)&cert->source[cert->srcIdx]; cert->subjectSNLen = strLen; + cert->subjectSNEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1763,6 +1916,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectC = (char*)&cert->source[cert->srcIdx]; cert->subjectCLen = strLen; + cert->subjectCEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1780,6 +1934,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectL = (char*)&cert->source[cert->srcIdx]; cert->subjectLLen = strLen; + cert->subjectLEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1797,6 +1952,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectST = (char*)&cert->source[cert->srcIdx]; cert->subjectSTLen = strLen; + cert->subjectSTEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1814,6 +1970,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectO = (char*)&cert->source[cert->srcIdx]; cert->subjectOLen = strLen; + cert->subjectOEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1831,6 +1988,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectOU = (char*)&cert->source[cert->srcIdx]; cert->subjectOULen = strLen; + cert->subjectOUEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -2680,94 +2838,62 @@ word32 EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID) } -/* return true (1) for Confirmation */ +/* return true (1) or false (0) for Confirmation */ static int ConfirmSignature(const byte* buf, word32 bufSz, const byte* key, word32 keySz, word32 keyOID, const byte* sig, word32 sigSz, word32 sigOID, void* heap) { -#ifdef CYASSL_SHA512 - byte digest[SHA512_DIGEST_SIZE]; /* max size */ -#elif !defined(NO_SHA256) - byte digest[SHA256_DIGEST_SIZE]; /* max size */ + int typeH = 0, digestSz = 0, ret = 0; +#ifdef CYASSL_SMALL_STACK + byte* digest; #else - byte digest[SHA_DIGEST_SIZE]; /* max size */ + byte digest[MAX_DIGEST_SIZE]; +#endif + +#ifdef CYASSL_SMALL_STACK + digest = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (digest == NULL) + return 0; /* not confirmed */ #endif - int typeH, digestSz, ret = 0; (void)key; (void)keySz; (void)sig; (void)sigSz; (void)heap; - (void)ret; switch (sigOID) { -#ifndef NO_MD5 + #ifndef NO_MD5 case CTC_MD5wRSA: - { - Md5 md5; - InitMd5(&md5); - Md5Update(&md5, buf, bufSz); - Md5Final(&md5, digest); + if (Md5Hash(buf, bufSz, digest) == 0) { typeH = MD5h; digestSz = MD5_DIGEST_SIZE; } break; -#endif + #endif #if defined(CYASSL_MD2) case CTC_MD2wRSA: - { - Md2 md2; - InitMd2(&md2); - Md2Update(&md2, buf, bufSz); - Md2Final(&md2, digest); + if (Md2Hash(buf, bufSz, digest) == 0) { typeH = MD2h; digestSz = MD2_DIGEST_SIZE; } break; #endif -#ifndef NO_SHA + #ifndef NO_SHA case CTC_SHAwRSA: case CTC_SHAwDSA: case CTC_SHAwECDSA: - { - Sha sha; - ret = InitSha(&sha); - if (ret != 0) { - CYASSL_MSG("InitSha failed"); - return 0; /* not confirmed */ - } - ShaUpdate(&sha, buf, bufSz); - ShaFinal(&sha, digest); + if (ShaHash(buf, bufSz, digest) == 0) { typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + digestSz = SHA_DIGEST_SIZE; } break; -#endif + #endif #ifndef NO_SHA256 case CTC_SHA256wRSA: case CTC_SHA256wECDSA: - { - Sha256 sha256; - ret = InitSha256(&sha256); - if (ret != 0) { - CYASSL_MSG("InitSha256 failed"); - return 0; /* not confirmed */ - } - - ret = Sha256Update(&sha256, buf, bufSz); - if (ret != 0) { - CYASSL_MSG("Sha256Update failed"); - return 0; /* not confirmed */ - } - - ret = Sha256Final(&sha256, digest); - if (ret != 0) { - CYASSL_MSG("Sha256Final failed"); - return 0; /* not confirmed */ - } - + if (Sha256Hash(buf, bufSz, digest) == 0) { typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; } @@ -2776,26 +2902,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, #ifdef CYASSL_SHA512 case CTC_SHA512wRSA: case CTC_SHA512wECDSA: - { - Sha512 sha512; - ret = InitSha512(&sha512); - if (ret != 0) { - CYASSL_MSG("InitSha512 failed"); - return 0; /* not confirmed */ - } - - ret = Sha512Update(&sha512, buf, bufSz); - if (ret != 0) { - CYASSL_MSG("Sha512Update failed"); - return 0; /* not confirmed */ - } - - ret = Sha512Final(&sha512, digest); - if (ret != 0) { - CYASSL_MSG("Sha512Final failed"); - return 0; /* not confirmed */ - } - + if (Sha512Hash(buf, bufSz, digest) == 0) { typeH = SHA512h; digestSz = SHA512_DIGEST_SIZE; } @@ -2804,65 +2911,77 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, #ifdef CYASSL_SHA384 case CTC_SHA384wRSA: case CTC_SHA384wECDSA: - { - Sha384 sha384; - ret = InitSha384(&sha384); - if (ret != 0) { - CYASSL_MSG("InitSha384 failed"); - return 0; /* not confirmed */ - } - - ret = Sha384Update(&sha384, buf, bufSz); - if (ret != 0) { - CYASSL_MSG("Sha384Update failed"); - return 0; /* not confirmed */ - } - - ret = Sha384Final(&sha384, digest); - if (ret != 0) { - CYASSL_MSG("Sha384Final failed"); - return 0; /* not confirmed */ - } - + if (Sha384Hash(buf, bufSz, digest) == 0) { typeH = SHA384h; digestSz = SHA384_DIGEST_SIZE; - } + } break; #endif default: CYASSL_MSG("Verify Signautre has unsupported type"); - return 0; } - (void)typeH; /* some builds won't read */ + + if (typeH == 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return 0; /* not confirmed */ + } switch (keyOID) { #ifndef NO_RSA case RSAk: { - RsaKey pubKey; - byte encodedSig[MAX_ENCODED_SIG_SZ]; - byte plain[MAX_ENCODED_SIG_SZ]; word32 idx = 0; int encodedSigSz, verifySz; byte* out; +#ifdef CYASSL_SMALL_STACK + RsaKey* pubKey; + byte* plain; + byte* encodedSig; +#else + RsaKey pubKey[1]; + byte plain[MAX_ENCODED_SIG_SZ]; + byte encodedSig[MAX_ENCODED_SIG_SZ]; +#endif + +#ifdef CYASSL_SMALL_STACK + pubKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + plain = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + + if (pubKey == NULL || plain == NULL || encodedSig == NULL) { + CYASSL_MSG("Failed to allocate memory at ConfirmSignature"); + + if (pubKey) + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (plain) + XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (encodedSig) + XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + break; /* not confirmed */ + } +#endif if (sigSz > MAX_ENCODED_SIG_SZ) { CYASSL_MSG("Verify Signautre is too big"); - return 0; } - - ret = InitRsaKey(&pubKey, heap); - if (ret != 0) return ret; - if (RsaPublicKeyDecode(key, &idx, &pubKey, keySz) < 0) { + else if (InitRsaKey(pubKey, heap) != 0) { + CYASSL_MSG("InitRsaKey failed"); + } + else if (RsaPublicKeyDecode(key, &idx, pubKey, keySz) < 0) { CYASSL_MSG("ASN Key decode error RSA"); - ret = 0; } else { XMEMCPY(plain, sig, sigSz); - if ( (verifySz = RsaSSL_VerifyInline(plain, sigSz, &out, - &pubKey)) < 0) { + + if ((verifySz = RsaSSL_VerifyInline(plain, sigSz, &out, + pubKey)) < 0) { CYASSL_MSG("Rsa SSL verify error"); - ret = 0; } else { /* make sure we're right justified */ @@ -2871,61 +2990,97 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, if (encodedSigSz != verifySz || XMEMCMP(out, encodedSig, encodedSigSz) != 0) { CYASSL_MSG("Rsa SSL verify match encode error"); - ret = 0; } else ret = 1; /* match */ #ifdef CYASSL_DEBUG_ENCODING { - int x; - printf("cyassl encodedSig:\n"); - for (x = 0; x < encodedSigSz; x++) { - printf("%02x ", encodedSig[x]); - if ( (x % 16) == 15) - printf("\n"); - } - printf("\n"); - printf("actual digest:\n"); - for (x = 0; x < verifySz; x++) { - printf("%02x ", out[x]); - if ( (x % 16) == 15) - printf("\n"); - } - printf("\n"); + int x; + + printf("cyassl encodedSig:\n"); + + for (x = 0; x < encodedSigSz; x++) { + printf("%02x ", encodedSig[x]); + if ( (x % 16) == 15) + printf("\n"); + } + + printf("\n"); + printf("actual digest:\n"); + + for (x = 0; x < verifySz; x++) { + printf("%02x ", out[x]); + if ( (x % 16) == 15) + printf("\n"); + } + + printf("\n"); } #endif /* CYASSL_DEBUG_ENCODING */ + } + } - FreeRsaKey(&pubKey); - return ret; + + FreeRsaKey(pubKey); + +#ifdef CYASSL_SMALL_STACK + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif } #endif /* NO_RSA */ #ifdef HAVE_ECC case ECDSAk: { - ecc_key pubKey; - int verify = 0; - - if (ecc_import_x963(key, keySz, &pubKey) < 0) { - CYASSL_MSG("ASN Key import error ECC"); - return 0; - } - - ret = ecc_verify_hash(sig,sigSz,digest,digestSz,&verify,&pubKey); - ecc_free(&pubKey); - if (ret == 0 && verify == 1) - return 1; /* match */ + int verify = 0; +#ifdef CYASSL_SMALL_STACK + ecc_key* pubKey; +#else + ecc_key pubKey[1]; +#endif - CYASSL_MSG("ECC Verify didn't match"); - return 0; +#ifdef CYASSL_SMALL_STACK + pubKey = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (pubKey == NULL) { + CYASSL_MSG("Failed to allocate pubKey"); + break; /* not confirmed */ + } +#endif + + if (ecc_import_x963(key, keySz, pubKey) < 0) { + CYASSL_MSG("ASN Key import error ECC"); + } + else { + if (ecc_verify_hash(sig, sigSz, digest, digestSz, &verify, + pubKey) != 0) { + CYASSL_MSG("ECC verify hash error"); + } + else if (1 != verify) { + CYASSL_MSG("ECC Verify didn't match"); + } else + ret = 1; /* match */ + + ecc_free(pubKey); + } +#ifdef CYASSL_SMALL_STACK + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif } #endif /* HAVE_ECC */ default: CYASSL_MSG("Verify Key type unknown"); - return 0; } + +#ifdef CYASSL_SMALL_STACK + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } @@ -3486,8 +3641,8 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert) } if (input[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) { - CYASSL_MSG("\tfail: wanted OPTIONAL item 0, not available\n"); - return ASN_PARSE_E; + CYASSL_MSG("\tinfo: OPTIONAL item 0, not available\n"); + return 0; } if (GetLength(input, &idx, &length, sz) < 0) { @@ -4221,11 +4376,16 @@ CYASSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output) int DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz, int type) { +#ifdef CYASSL_SMALL_STACK + char* header = NULL; + char* footer = NULL; +#else char header[80]; char footer[80]; +#endif - int headerLen; - int footerLen; + int headerLen = 80; + int footerLen = 80; int i; int err; int outLen; /* return length or error */ @@ -4233,56 +4393,99 @@ int DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz, if (der == output) /* no in place conversion */ return BAD_FUNC_ARG; +#ifdef CYASSL_SMALL_STACK + header = (char*)XMALLOC(headerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (header == NULL) + return MEMORY_E; + + footer = (char*)XMALLOC(footerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (footer == NULL) { + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + if (type == CERT_TYPE) { - XSTRNCPY(header, "-----BEGIN CERTIFICATE-----\n", sizeof(header)); - XSTRNCPY(footer, "-----END CERTIFICATE-----\n", sizeof(footer)); + XSTRNCPY(header, "-----BEGIN CERTIFICATE-----\n", headerLen); + XSTRNCPY(footer, "-----END CERTIFICATE-----\n", footerLen); } else if (type == PRIVATEKEY_TYPE) { - XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----\n", sizeof(header)); - XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----\n", sizeof(footer)); + XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----\n", headerLen); + XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----\n", footerLen); } #ifdef HAVE_ECC else if (type == ECC_PRIVATEKEY_TYPE) { - XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----\n", sizeof(header)); - XSTRNCPY(footer, "-----END EC PRIVATE KEY-----\n", sizeof(footer)); + XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----\n", headerLen); + XSTRNCPY(footer, "-----END EC PRIVATE KEY-----\n", footerLen); } #endif #ifdef CYASSL_CERT_REQ else if (type == CERTREQ_TYPE) { XSTRNCPY(header, - "-----BEGIN CERTIFICATE REQUEST-----\n", sizeof(header)); - XSTRNCPY(footer, "-----END CERTIFICATE REQUEST-----\n", sizeof(footer)); + "-----BEGIN CERTIFICATE REQUEST-----\n", headerLen); + XSTRNCPY(footer, "-----END CERTIFICATE REQUEST-----\n", footerLen); } #endif - else + else { +#ifdef CYASSL_SMALL_STACK + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return BAD_FUNC_ARG; + } headerLen = (int)XSTRLEN(header); footerLen = (int)XSTRLEN(footer); - if (!der || !output) + if (!der || !output) { +#ifdef CYASSL_SMALL_STACK + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return BAD_FUNC_ARG; + } /* don't even try if outSz too short */ - if (outSz < headerLen + footerLen + derSz) + if (outSz < headerLen + footerLen + derSz) { +#ifdef CYASSL_SMALL_STACK + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return BAD_FUNC_ARG; + } /* header */ XMEMCPY(output, header, headerLen); i = headerLen; +#ifdef CYASSL_SMALL_STACK + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + /* body */ outLen = outSz - (headerLen + footerLen); /* input to Base64_Encode */ - if ( (err = Base64_Encode(der, derSz, output + i, (word32*)&outLen)) < 0) + if ( (err = Base64_Encode(der, derSz, output + i, (word32*)&outLen)) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return err; + } i += outLen; /* footer */ - if ( (i + footerLen) > (int)outSz) + if ( (i + footerLen) > (int)outSz) { +#ifdef CYASSL_SMALL_STACK + XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return BAD_FUNC_ARG; + } XMEMCPY(output + i, footer, footerLen); +#ifdef CYASSL_SMALL_STACK + XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return outLen + headerLen + footerLen; } @@ -4450,21 +4653,35 @@ void InitCert(Cert* cert) XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE); cert->issuer.country[0] = '\0'; + cert->issuer.countryEnc = CTC_PRINTABLE; cert->issuer.state[0] = '\0'; + cert->issuer.stateEnc = CTC_UTF8; cert->issuer.locality[0] = '\0'; + cert->issuer.localityEnc = CTC_UTF8; cert->issuer.sur[0] = '\0'; + cert->issuer.surEnc = CTC_UTF8; cert->issuer.org[0] = '\0'; + cert->issuer.orgEnc = CTC_UTF8; cert->issuer.unit[0] = '\0'; + cert->issuer.unitEnc = CTC_UTF8; cert->issuer.commonName[0] = '\0'; + cert->issuer.commonNameEnc = CTC_UTF8; cert->issuer.email[0] = '\0'; cert->subject.country[0] = '\0'; + cert->subject.countryEnc = CTC_PRINTABLE; cert->subject.state[0] = '\0'; + cert->subject.stateEnc = CTC_UTF8; cert->subject.locality[0] = '\0'; + cert->subject.localityEnc = CTC_UTF8; cert->subject.sur[0] = '\0'; + cert->subject.surEnc = CTC_UTF8; cert->subject.org[0] = '\0'; + cert->subject.orgEnc = CTC_UTF8; cert->subject.unit[0] = '\0'; + cert->subject.unitEnc = CTC_UTF8; cert->subject.commonName[0] = '\0'; + cert->subject.commonNameEnc = CTC_UTF8; cert->subject.email[0] = '\0'; #ifdef CYASSL_CERT_REQ @@ -4535,22 +4752,62 @@ static int SetSerial(const byte* serial, byte* output) /* Write a public ECC key to output */ static int SetEccPublicKey(byte* output, ecc_key* key) { - byte algo[MAX_ALGO_SZ]; - byte curve[MAX_ALGO_SZ]; byte len[MAX_LENGTH_SZ + 1]; /* trailing 0 */ - byte pub[ECC_BUFSIZE]; int algoSz; int curveSz; int lenSz; int idx; - word32 pubSz = sizeof(pub); + word32 pubSz = ECC_BUFSIZE; +#ifdef CYASSL_SMALL_STACK + byte* algo = NULL; + byte* curve = NULL; + byte* pub = NULL; +#else + byte algo[MAX_ALGO_SZ]; + byte curve[MAX_ALGO_SZ]; + byte pub[ECC_BUFSIZE]; +#endif + +#ifdef CYASSL_SMALL_STACK + pub = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (pub == NULL) + return MEMORY_E; +#endif int ret = ecc_export_x963(key, pub, &pubSz); - if (ret != 0) return ret; + if (ret != 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; + } + +#ifdef CYASSL_SMALL_STACK + curve = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (curve == NULL) { + XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif /* headers */ curveSz = SetCurve(key, curve); - if (curveSz <= 0) return curveSz; + if (curveSz <= 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return curveSz; + } + +#ifdef CYASSL_SMALL_STACK + algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (algo == NULL) { + XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif algoSz = SetAlgoID(ECDSAk, algo, keyType, curveSz); lenSz = SetLength(pubSz + 1, len); @@ -4574,6 +4831,12 @@ static int SetEccPublicKey(byte* output, ecc_key* key) XMEMCPY(output + idx, pub, pubSz); idx += pubSz; +#ifdef CYASSL_SMALL_STACK + XFREE(algo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return idx; } @@ -4584,9 +4847,15 @@ static int SetEccPublicKey(byte* output, ecc_key* key) /* Write a public RSA key to output */ static int SetRsaPublicKey(byte* output, RsaKey* key) { +#ifdef CYASSL_SMALL_STACK + byte* n = NULL; + byte* e = NULL; + byte* algo = NULL; +#else byte n[MAX_RSA_INT_SZ]; byte e[MAX_RSA_E_SZ]; byte algo[MAX_ALGO_SZ]; +#endif byte seq[MAX_SEQ_SZ]; byte len[MAX_LENGTH_SZ + 1]; /* trailing 0 */ int nSz; @@ -4600,40 +4869,83 @@ static int SetRsaPublicKey(byte* output, RsaKey* key) int err; /* n */ +#ifdef CYASSL_SMALL_STACK + n = (byte*)XMALLOC(MAX_RSA_INT_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (n == NULL) + return MEMORY_E; +#endif + leadingBit = mp_leading_bit(&key->n); rawLen = mp_unsigned_bin_size(&key->n) + leadingBit; n[0] = ASN_INTEGER; nSz = SetLength(rawLen, n + 1) + 1; /* int tag */ - if ( (nSz + rawLen) < (int)sizeof(n)) { + if ( (nSz + rawLen) < MAX_RSA_INT_SZ) { if (leadingBit) n[nSz] = 0; err = mp_to_unsigned_bin(&key->n, n + nSz + leadingBit); if (err == MP_OKAY) nSz += rawLen; - else + else { +#ifdef CYASSL_SMALL_STACK + XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return MP_TO_E; + } } - else + else { +#ifdef CYASSL_SMALL_STACK + XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return BUFFER_E; + } /* e */ +#ifdef CYASSL_SMALL_STACK + e = (byte*)XMALLOC(MAX_RSA_E_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (e == NULL) { +#ifdef CYASSL_SMALL_STACK + XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return MEMORY_E; + } +#endif + leadingBit = mp_leading_bit(&key->e); rawLen = mp_unsigned_bin_size(&key->e) + leadingBit; e[0] = ASN_INTEGER; eSz = SetLength(rawLen, e + 1) + 1; /* int tag */ - if ( (eSz + rawLen) < (int)sizeof(e)) { + if ( (eSz + rawLen) < MAX_RSA_E_SZ) { if (leadingBit) e[eSz] = 0; err = mp_to_unsigned_bin(&key->e, e + eSz + leadingBit); if (err == MP_OKAY) eSz += rawLen; - else + else { +#ifdef CYASSL_SMALL_STACK + XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return MP_TO_E; + } } - else + else { +#ifdef CYASSL_SMALL_STACK + XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return BUFFER_E; + } + +#ifdef CYASSL_SMALL_STACK + algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (algo == NULL) { + XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif /* headers */ algoSz = SetAlgoID(RSAk, algo, keyType, 0); @@ -4662,6 +4974,12 @@ static int SetRsaPublicKey(byte* output, RsaKey* key) XMEMCPY(output + idx, e, eSz); idx += eSz; +#ifdef CYASSL_SMALL_STACK + XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(algo, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return idx; } @@ -4823,6 +5141,37 @@ static const char* GetOneName(CertName* name, int idx) } +/* Get Which Name Encoding from index */ +static char GetNameType(CertName* name, int idx) +{ + switch (idx) { + case 0: + return name->countryEnc; + + case 1: + return name->stateEnc; + + case 2: + return name->localityEnc; + + case 3: + return name->surEnc; + + case 4: + return name->orgEnc; + + case 5: + return name->unitEnc; + + case 6: + return name->commonNameEnc; + + default: + return 0; + } +} + + /* Get ASN Name from index */ static byte GetNameId(int idx) { @@ -4898,8 +5247,19 @@ static int SetCa(byte* output) /* encode CertName into output, return total bytes written */ static int SetName(byte* output, CertName* name) { - int totalBytes = 0, i, idx; - EncodedName names[NAME_ENTRIES]; + int totalBytes = 0, i, idx; +#ifdef CYASSL_SMALL_STACK + EncodedName* names = NULL; +#else + EncodedName names[NAME_ENTRIES]; +#endif + +#ifdef CYASSL_SMALL_STACK + names = (EncodedName*)XMALLOC(sizeof(EncodedName) * NAME_ENTRIES, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (names == NULL) + return MEMORY_E; +#endif for (i = 0; i < NAME_ENTRIES; i++) { const char* nameStr = GetOneName(name, i); @@ -4941,8 +5301,12 @@ static int SetName(byte* output, CertName* name) setSz = SetSet(thisLen, set); thisLen += setSz; - if (thisLen > (int)sizeof(names[i].encoded)) + if (thisLen > (int)sizeof(names[i].encoded)) { +#ifdef CYASSL_SMALL_STACK + XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return BUFFER_E; + } /* store it */ idx = 0; @@ -4972,10 +5336,7 @@ static int SetName(byte* output, CertName* name) /* id type */ names[i].encoded[idx++] = bType; /* str type */ - if (bType == ASN_COUNTRY_NAME) - names[i].encoded[idx++] = 0x13; /* printable */ - else - names[i].encoded[idx++] = 0x0c; /* utf8 */ + names[i].encoded[idx++] = GetNameType(name, i); } /* second length */ XMEMCPY(names[i].encoded + idx, secondLen, secondSz); @@ -4995,8 +5356,12 @@ static int SetName(byte* output, CertName* name) /* header */ idx = SetSequence(totalBytes, output); totalBytes += idx; - if (totalBytes > ASN_NAME_MAX) + if (totalBytes > ASN_NAME_MAX) { +#ifdef CYASSL_SMALL_STACK + XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return BUFFER_E; + } for (i = 0; i < NAME_ENTRIES; i++) { if (names[i].used) { @@ -5004,6 +5369,11 @@ static int SetName(byte* output, CertName* name) idx += names[i].totalLen; } } + +#ifdef CYASSL_SMALL_STACK + XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return totalBytes; } @@ -5060,15 +5430,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, word32 rc; word16 encodedSz; - rc = crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, - ntruKey, &encodedSz, NULL); + rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, + ntruKey, &encodedSz, NULL); if (rc != NTRU_OK) return PUBLIC_KEY_E; if (encodedSz > MAX_PUBLIC_KEY_SZ) return PUBLIC_KEY_E; - rc = crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, - ntruKey, &encodedSz, der->publicKey); + rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, + ntruKey, &encodedSz, der->publicKey); if (rc != NTRU_OK) return PUBLIC_KEY_E; @@ -5184,73 +5554,95 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, RsaKey* rsaKey, ecc_key* eccKey, RNG* rng, int sigAlgoType) { - byte digest[SHA256_DIGEST_SIZE]; /* max size */ - byte encSig[MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ]; - int encSigSz, digestSz, typeH, ret = 0; + int encSigSz, digestSz, typeH = 0, ret = 0; + byte digest[SHA256_DIGEST_SIZE]; /* max size */ +#ifdef CYASSL_SMALL_STACK + byte* encSig; +#else + byte encSig[MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ]; +#endif + (void)digest; + (void)digestSz; + (void)encSig; + (void)encSigSz; + (void)typeH; + + (void)buffer; + (void)sz; + (void)sig; + (void)sigSz; + (void)rsaKey; (void)eccKey; + (void)rng; - if (sigAlgoType == CTC_MD5wRSA) { - Md5 md5; - - InitMd5(&md5); - Md5Update(&md5, buffer, sz); - Md5Final(&md5, digest); - - digestSz = MD5_DIGEST_SIZE; - typeH = MD5h; + switch (sigAlgoType) { + #ifndef NO_MD5 + case CTC_MD5wRSA: + if ((ret = Md5Hash(buffer, sz, digest)) == 0) { + typeH = MD5h; + digestSz = MD5_DIGEST_SIZE; + } + break; + #endif + #ifndef NO_SHA + case CTC_SHAwRSA: + case CTC_SHAwECDSA: + if ((ret = ShaHash(buffer, sz, digest)) == 0) { + typeH = SHAh; + digestSz = SHA_DIGEST_SIZE; + } + break; + #endif + #ifndef NO_SHA256 + case CTC_SHA256wRSA: + case CTC_SHA256wECDSA: + if ((ret = Sha256Hash(buffer, sz, digest)) == 0) { + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + } + break; + #endif + default: + CYASSL_MSG("MakeSignautre called with unsupported type"); + ret = ALGO_ID_E; } - else if (sigAlgoType == CTC_SHAwRSA || sigAlgoType == CTC_SHAwECDSA) { - Sha sha; - - ret = InitSha(&sha); - if (ret != 0) - return ret; - - ShaUpdate(&sha, buffer, sz); - ShaFinal(&sha, digest); - - digestSz = SHA_DIGEST_SIZE; - typeH = SHAh; - } - else if (sigAlgoType == CTC_SHA256wRSA || sigAlgoType == CTC_SHA256wECDSA) { - Sha256 sha256; - - ret = InitSha256(&sha256); - if (ret != 0) - return ret; - - ret = Sha256Update(&sha256, buffer, sz); - if (ret != 0) - return ret; - - ret = Sha256Final(&sha256, digest); - if (ret != 0) - return ret; - - digestSz = SHA256_DIGEST_SIZE; - typeH = SHA256h; - } - else - return ALGO_ID_E; - + + if (ret != 0) + return ret; + +#ifdef CYASSL_SMALL_STACK + encSig = (byte*)XMALLOC(MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (encSig == NULL) + return MEMORY_E; +#endif + + ret = ALGO_ID_E; + +#ifndef NO_RSA if (rsaKey) { /* signature */ encSigSz = EncodeSignature(encSig, digest, digestSz, typeH); - return RsaSSL_Sign(encSig, encSigSz, sig, sigSz, rsaKey, rng); + ret = RsaSSL_Sign(encSig, encSigSz, sig, sigSz, rsaKey, rng); } +#endif + #ifdef HAVE_ECC - else if (eccKey) { + if (!rsaKey && eccKey) { word32 outSz = sigSz; ret = ecc_sign_hash(digest, digestSz, sig, &outSz, rng, eccKey); - if (ret != 0) - return ret; - return outSz; + if (ret == 0) + ret = outSz; } -#endif /* HAVE_ECC */ +#endif - return ALGO_ID_E; +#ifdef CYASSL_SMALL_STACK + XFREE(encSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } @@ -5287,21 +5679,35 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey, RNG* rng, const byte* ntruKey, word16 ntruSz) { - DerCert der; - int ret; + int ret; +#ifdef CYASSL_SMALL_STACK + DerCert* der; +#else + DerCert der[1]; +#endif - if (eccKey) - cert->keyType = ECC_KEY; - else - cert->keyType = rsaKey ? RSA_KEY : NTRU_KEY; - ret = EncodeCert(cert, &der, rsaKey, eccKey, rng, ntruKey, ntruSz); - if (ret != 0) - return ret; + cert->keyType = eccKey ? ECC_KEY : (rsaKey ? RSA_KEY : NTRU_KEY); - if (der.total + MAX_SEQ_SZ * 2 > (int)derSz) - return BUFFER_E; +#ifdef CYASSL_SMALL_STACK + der = (DerCert*)XMALLOC(sizeof(DerCert), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) + return MEMORY_E; +#endif - return cert->bodySz = WriteCertBody(&der, derBuffer); + ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz); + + if (ret == 0) { + if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) + ret = BUFFER_E; + else + ret = cert->bodySz = WriteCertBody(der, derBuffer); + } + +#ifdef CYASSL_SMALL_STACK + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } @@ -5497,18 +5903,35 @@ static int WriteCertReqBody(DerCert* der, byte* buffer) int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey) { - DerCert der; - int ret; + int ret; +#ifdef CYASSL_SMALL_STACK + DerCert* der; +#else + DerCert der[1]; +#endif - cert->keyType = (eccKey != NULL) ? ECC_KEY : RSA_KEY; - ret = EncodeCertReq(cert, &der, rsaKey, eccKey); - if (ret != 0) - return ret; + cert->keyType = eccKey ? ECC_KEY : RSA_KEY; - if (der.total + MAX_SEQ_SZ * 2 > (int)derSz) - return BUFFER_E; +#ifdef CYASSL_SMALL_STACK + der = (DerCert*)XMALLOC(sizeof(DerCert), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) + return MEMORY_E; +#endif - return cert->bodySz = WriteCertReqBody(&der, derBuffer); + ret = EncodeCertReq(cert, der, rsaKey, eccKey); + + if (ret == 0) { + if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) + ret = BUFFER_E; + else + ret = cert->bodySz = WriteCertReqBody(der, derBuffer); + } + +#ifdef CYASSL_SMALL_STACK + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } #endif /* CYASSL_CERT_REQ */ @@ -5517,21 +5940,37 @@ int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, RsaKey* rsaKey, ecc_key* eccKey, RNG* rng) { - byte sig[MAX_ENCODED_SIG_SZ]; - int sigSz; + int sigSz; +#ifdef CYASSL_SMALL_STACK + byte* sig; +#else + byte sig[MAX_ENCODED_SIG_SZ]; +#endif if (requestSz < 0) return requestSz; - sigSz = MakeSignature(buffer, requestSz, sig, sizeof(sig), rsaKey, eccKey, - rng, sType); - if (sigSz < 0) - return sigSz; +#ifdef CYASSL_SMALL_STACK + sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sig == NULL) + return MEMORY_E; +#endif - if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz) - return BUFFER_E; + sigSz = MakeSignature(buffer, requestSz, sig, MAX_ENCODED_SIG_SZ, rsaKey, + eccKey, rng, sType); - return AddSignature(buffer, requestSz, sig, sigSz, sType); + if (sigSz >= 0) { + if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz) + sigSz = BUFFER_E; + else + sigSz = AddSignature(buffer, requestSz, sig, sigSz, sType); + } + +#ifdef CYASSL_SMALL_STACK + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return sigSz; } @@ -5551,127 +5990,149 @@ int MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng) /* Set Alt Names from der cert, return 0 on success */ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) { - DecodedCert decoded; - int ret; + int ret; +#ifdef CYASSL_SMALL_STACK + DecodedCert* decoded; +#else + DecodedCert decoded[1]; +#endif if (derSz < 0) return derSz; - InitDecodedCert(&decoded, (byte*)der, derSz, 0); - ret = ParseCertRelative(&decoded, CA_TYPE, NO_VERIFY, 0); +#ifdef CYASSL_SMALL_STACK + decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (decoded == NULL) + return MEMORY_E; +#endif + + InitDecodedCert(decoded, (byte*)der, derSz, 0); + ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { - FreeDecodedCert(&decoded); - return ret; + CYASSL_MSG("ParseCertRelative error"); } - - if (decoded.extensions) { + else if (decoded->extensions) { byte b; int length; word32 maxExtensionsIdx; - decoded.srcIdx = decoded.extensionsIdx; - b = decoded.source[decoded.srcIdx++]; + decoded->srcIdx = decoded->extensionsIdx; + b = decoded->source[decoded->srcIdx++]; + if (b != ASN_EXTENSIONS) { - FreeDecodedCert(&decoded); - return ASN_PARSE_E; + ret = ASN_PARSE_E; } - - if (GetLength(decoded.source, &decoded.srcIdx, &length, - decoded.maxIdx) < 0) { - FreeDecodedCert(&decoded); - return ASN_PARSE_E; + else if (GetLength(decoded->source, &decoded->srcIdx, &length, + decoded->maxIdx) < 0) { + ret = ASN_PARSE_E; } - - if (GetSequence(decoded.source, &decoded.srcIdx, &length, - decoded.maxIdx) < 0) { - FreeDecodedCert(&decoded); - return ASN_PARSE_E; + else if (GetSequence(decoded->source, &decoded->srcIdx, &length, + decoded->maxIdx) < 0) { + ret = ASN_PARSE_E; } + else { + maxExtensionsIdx = decoded->srcIdx + length; - maxExtensionsIdx = decoded.srcIdx + length; + while (decoded->srcIdx < maxExtensionsIdx) { + word32 oid; + word32 startIdx = decoded->srcIdx; + word32 tmpIdx; - while (decoded.srcIdx < maxExtensionsIdx) { - word32 oid; - word32 startIdx = decoded.srcIdx; - word32 tmpIdx; - - if (GetSequence(decoded.source, &decoded.srcIdx, &length, - decoded.maxIdx) < 0) { - FreeDecodedCert(&decoded); - return ASN_PARSE_E; - } - - tmpIdx = decoded.srcIdx; - decoded.srcIdx = startIdx; - - if (GetAlgoId(decoded.source, &decoded.srcIdx, &oid, - decoded.maxIdx) < 0) { - FreeDecodedCert(&decoded); - return ASN_PARSE_E; - } - - if (oid == ALT_NAMES_OID) { - cert->altNamesSz = length + (tmpIdx - startIdx); - - if (cert->altNamesSz < (int)sizeof(cert->altNames)) - XMEMCPY(cert->altNames, &decoded.source[startIdx], - cert->altNamesSz); - else { - cert->altNamesSz = 0; - CYASSL_MSG("AltNames extensions too big"); - FreeDecodedCert(&decoded); - return ALT_NAME_E; + if (GetSequence(decoded->source, &decoded->srcIdx, &length, + decoded->maxIdx) < 0) { + ret = ASN_PARSE_E; + break; } + + tmpIdx = decoded->srcIdx; + decoded->srcIdx = startIdx; + + if (GetAlgoId(decoded->source, &decoded->srcIdx, &oid, + decoded->maxIdx) < 0) { + ret = ASN_PARSE_E; + break; + } + + if (oid == ALT_NAMES_OID) { + cert->altNamesSz = length + (tmpIdx - startIdx); + + if (cert->altNamesSz < (int)sizeof(cert->altNames)) + XMEMCPY(cert->altNames, &decoded->source[startIdx], + cert->altNamesSz); + else { + cert->altNamesSz = 0; + CYASSL_MSG("AltNames extensions too big"); + ret = ALT_NAME_E; + break; + } + } + decoded->srcIdx = tmpIdx + length; } - decoded.srcIdx = tmpIdx + length; } } - FreeDecodedCert(&decoded); - return 0; + FreeDecodedCert(decoded); +#ifdef CYASSL_SMALL_STACK + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret < 0 ? ret : 0; } /* Set Dates from der cert, return 0 on success */ static int SetDatesFromCert(Cert* cert, const byte* der, int derSz) { - DecodedCert decoded; - int ret; + int ret; +#ifdef CYASSL_SMALL_STACK + DecodedCert* decoded; +#else + DecodedCert decoded[1]; +#endif CYASSL_ENTER("SetDatesFromCert"); if (derSz < 0) return derSz; + +#ifdef CYASSL_SMALL_STACK + decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (decoded == NULL) + return MEMORY_E; +#endif - InitDecodedCert(&decoded, (byte*)der, derSz, 0); - ret = ParseCertRelative(&decoded, CA_TYPE, NO_VERIFY, 0); + InitDecodedCert(decoded, (byte*)der, derSz, 0); + ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { CYASSL_MSG("ParseCertRelative error"); - FreeDecodedCert(&decoded); - return ret; } - - if (decoded.beforeDate == NULL || decoded.afterDate == NULL) { + else if (decoded->beforeDate == NULL || decoded->afterDate == NULL) { CYASSL_MSG("Couldn't extract dates"); - FreeDecodedCert(&decoded); - return -1; + ret = -1; } - - if (decoded.beforeDateLen > MAX_DATE_SIZE || decoded.afterDateLen > - MAX_DATE_SIZE) { + else if (decoded->beforeDateLen > MAX_DATE_SIZE || + decoded->afterDateLen > MAX_DATE_SIZE) { CYASSL_MSG("Bad date size"); - FreeDecodedCert(&decoded); - return -1; + ret = -1; + } + else { + XMEMCPY(cert->beforeDate, decoded->beforeDate, decoded->beforeDateLen); + XMEMCPY(cert->afterDate, decoded->afterDate, decoded->afterDateLen); + + cert->beforeDateSz = decoded->beforeDateLen; + cert->afterDateSz = decoded->afterDateLen; } - XMEMCPY(cert->beforeDate, decoded.beforeDate, decoded.beforeDateLen); - XMEMCPY(cert->afterDate, decoded.afterDate, decoded.afterDateLen); + FreeDecodedCert(decoded); - cert->beforeDateSz = decoded.beforeDateLen; - cert->afterDateSz = decoded.afterDateLen; +#ifdef CYASSL_SMALL_STACK + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif - return 0; + return ret < 0 ? ret : 0; } @@ -5681,71 +6142,94 @@ static int SetDatesFromCert(Cert* cert, const byte* der, int derSz) /* Set cn name from der buffer, return 0 on success */ static int SetNameFromCert(CertName* cn, const byte* der, int derSz) { - DecodedCert decoded; - int ret; - int sz; + int ret, sz; +#ifdef CYASSL_SMALL_STACK + DecodedCert* decoded; +#else + DecodedCert decoded[1]; +#endif if (derSz < 0) return derSz; - InitDecodedCert(&decoded, (byte*)der, derSz, 0); - ret = ParseCertRelative(&decoded, CA_TYPE, NO_VERIFY, 0); +#ifdef CYASSL_SMALL_STACK + decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (decoded == NULL) + return MEMORY_E; +#endif - if (ret < 0) - return ret; + InitDecodedCert(decoded, (byte*)der, derSz, 0); + ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); - if (decoded.subjectCN) { - sz = (decoded.subjectCNLen < CTC_NAME_SIZE) ? decoded.subjectCNLen : - CTC_NAME_SIZE - 1; - strncpy(cn->commonName, decoded.subjectCN, CTC_NAME_SIZE); - cn->commonName[sz] = 0; + if (ret < 0) { + CYASSL_MSG("ParseCertRelative error"); } - if (decoded.subjectC) { - sz = (decoded.subjectCLen < CTC_NAME_SIZE) ? decoded.subjectCLen : - CTC_NAME_SIZE - 1; - strncpy(cn->country, decoded.subjectC, CTC_NAME_SIZE); - cn->country[sz] = 0; - } - if (decoded.subjectST) { - sz = (decoded.subjectSTLen < CTC_NAME_SIZE) ? decoded.subjectSTLen : - CTC_NAME_SIZE - 1; - strncpy(cn->state, decoded.subjectST, CTC_NAME_SIZE); - cn->state[sz] = 0; - } - if (decoded.subjectL) { - sz = (decoded.subjectLLen < CTC_NAME_SIZE) ? decoded.subjectLLen : - CTC_NAME_SIZE - 1; - strncpy(cn->locality, decoded.subjectL, CTC_NAME_SIZE); - cn->locality[sz] = 0; - } - if (decoded.subjectO) { - sz = (decoded.subjectOLen < CTC_NAME_SIZE) ? decoded.subjectOLen : - CTC_NAME_SIZE - 1; - strncpy(cn->org, decoded.subjectO, CTC_NAME_SIZE); - cn->org[sz] = 0; - } - if (decoded.subjectOU) { - sz = (decoded.subjectOULen < CTC_NAME_SIZE) ? decoded.subjectOULen : - CTC_NAME_SIZE - 1; - strncpy(cn->unit, decoded.subjectOU, CTC_NAME_SIZE); - cn->unit[sz] = 0; - } - if (decoded.subjectSN) { - sz = (decoded.subjectSNLen < CTC_NAME_SIZE) ? decoded.subjectSNLen : - CTC_NAME_SIZE - 1; - strncpy(cn->sur, decoded.subjectSN, CTC_NAME_SIZE); - cn->sur[sz] = 0; - } - if (decoded.subjectEmail) { - sz = (decoded.subjectEmailLen < CTC_NAME_SIZE) ? - decoded.subjectEmailLen : CTC_NAME_SIZE - 1; - strncpy(cn->email, decoded.subjectEmail, CTC_NAME_SIZE); - cn->email[sz] = 0; + else { + if (decoded->subjectCN) { + sz = (decoded->subjectCNLen < CTC_NAME_SIZE) ? decoded->subjectCNLen + : CTC_NAME_SIZE - 1; + strncpy(cn->commonName, decoded->subjectCN, CTC_NAME_SIZE); + cn->commonName[sz] = 0; + cn->commonNameEnc = decoded->subjectCNEnc; + } + if (decoded->subjectC) { + sz = (decoded->subjectCLen < CTC_NAME_SIZE) ? decoded->subjectCLen + : CTC_NAME_SIZE - 1; + strncpy(cn->country, decoded->subjectC, CTC_NAME_SIZE); + cn->country[sz] = 0; + cn->countryEnc = decoded->subjectCEnc; + } + if (decoded->subjectST) { + sz = (decoded->subjectSTLen < CTC_NAME_SIZE) ? decoded->subjectSTLen + : CTC_NAME_SIZE - 1; + strncpy(cn->state, decoded->subjectST, CTC_NAME_SIZE); + cn->state[sz] = 0; + cn->stateEnc = decoded->subjectSTEnc; + } + if (decoded->subjectL) { + sz = (decoded->subjectLLen < CTC_NAME_SIZE) ? decoded->subjectLLen + : CTC_NAME_SIZE - 1; + strncpy(cn->locality, decoded->subjectL, CTC_NAME_SIZE); + cn->locality[sz] = 0; + cn->localityEnc = decoded->subjectLEnc; + } + if (decoded->subjectO) { + sz = (decoded->subjectOLen < CTC_NAME_SIZE) ? decoded->subjectOLen + : CTC_NAME_SIZE - 1; + strncpy(cn->org, decoded->subjectO, CTC_NAME_SIZE); + cn->org[sz] = 0; + cn->orgEnc = decoded->subjectOEnc; + } + if (decoded->subjectOU) { + sz = (decoded->subjectOULen < CTC_NAME_SIZE) ? decoded->subjectOULen + : CTC_NAME_SIZE - 1; + strncpy(cn->unit, decoded->subjectOU, CTC_NAME_SIZE); + cn->unit[sz] = 0; + cn->unitEnc = decoded->subjectOUEnc; + } + if (decoded->subjectSN) { + sz = (decoded->subjectSNLen < CTC_NAME_SIZE) ? decoded->subjectSNLen + : CTC_NAME_SIZE - 1; + strncpy(cn->sur, decoded->subjectSN, CTC_NAME_SIZE); + cn->sur[sz] = 0; + cn->surEnc = decoded->subjectSNEnc; + } + if (decoded->subjectEmail) { + sz = (decoded->subjectEmailLen < CTC_NAME_SIZE) + ? decoded->subjectEmailLen : CTC_NAME_SIZE - 1; + strncpy(cn->email, decoded->subjectEmail, CTC_NAME_SIZE); + cn->email[sz] = 0; + } } - FreeDecodedCert(&decoded); + FreeDecodedCert(decoded); - return 0; +#ifdef CYASSL_SMALL_STACK + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret < 0 ? ret : 0; } @@ -5929,8 +6413,14 @@ int EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, int version, length; int privSz, pubSz; byte b; - byte priv[ECC_MAXSIZE]; - byte pub[ECC_MAXSIZE * 2 + 1]; /* public key has two parts plus header */ + int ret = 0; +#ifdef CYASSL_SMALL_STACK + byte* priv; + byte* pub; +#else + byte priv[ECC_MAXSIZE]; + byte pub[ECC_MAXSIZE * 2 + 1]; /* public key has two parts plus header */ +#endif if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) return BAD_FUNC_ARG; @@ -5951,6 +6441,18 @@ int EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, if (GetLength(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; +#ifdef CYASSL_SMALL_STACK + priv = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (priv == NULL) + return MEMORY_E; + + pub = (byte*)XMALLOC(ECC_MAXSIZE * 2 + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (pub == NULL) { + XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + /* priv key */ privSz = length; XMEMCPY(priv, &input[*inOutIdx], privSz); @@ -5962,54 +6464,77 @@ int EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, *inOutIdx += 1; if (GetLength(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; + ret = ASN_PARSE_E; + else { + /* object id */ + b = input[*inOutIdx]; + *inOutIdx += 1; - /* object id */ + if (b != ASN_OBJECT_ID) { + ret = ASN_OBJECT_ID_E; + } + else if (GetLength(input, inOutIdx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + else { + while(length--) { + oid += input[*inOutIdx]; + *inOutIdx += 1; + } + if (CheckCurve(oid) < 0) + ret = ECC_CURVE_OID_E; + } + } + } + + if (ret == 0) { + /* prefix 1 */ b = input[*inOutIdx]; *inOutIdx += 1; - - if (b != ASN_OBJECT_ID) - return ASN_OBJECT_ID_E; - if (GetLength(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - while(length--) { - oid += input[*inOutIdx]; - *inOutIdx += 1; + if (b != ECC_PREFIX_1) { + ret = ASN_ECC_KEY_E; + } + else if (GetLength(input, inOutIdx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + else { + /* key header */ + b = input[*inOutIdx]; + *inOutIdx += 1; + + if (b != ASN_BIT_STRING) { + ret = ASN_BITSTR_E; + } + else if (GetLength(input, inOutIdx, &length, inSz) < 0) { + ret = ASN_PARSE_E; + } + else { + b = input[*inOutIdx]; + *inOutIdx += 1; + + if (b != 0x00) { + ret = ASN_EXPECT_0_E; + } + else { + /* pub key */ + pubSz = length - 1; /* null prefix */ + XMEMCPY(pub, &input[*inOutIdx], pubSz); + + *inOutIdx += length; + + ret = ecc_import_private_key(priv, privSz, pub, pubSz, key); + } + } } - if (CheckCurve(oid) < 0) - return ECC_CURVE_OID_E; } - - /* prefix 1 */ - b = input[*inOutIdx]; - *inOutIdx += 1; - if (b != ECC_PREFIX_1) - return ASN_ECC_KEY_E; - if (GetLength(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; +#ifdef CYASSL_SMALL_STACK + XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif - /* key header */ - b = input[*inOutIdx]; - *inOutIdx += 1; - if (b != ASN_BIT_STRING) - return ASN_BITSTR_E; - - if (GetLength(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - b = input[*inOutIdx]; - *inOutIdx += 1; - if (b != 0x00) - return ASN_EXPECT_0_E; - - pubSz = length - 1; /* null prefix */ - XMEMCPY(pub, &input[*inOutIdx], pubSz); - - *inOutIdx += length; - - return ecc_import_private_key(priv, privSz, pub, pubSz, key); + return ret; } #endif /* HAVE_ECC */ diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index a704b7910..4cd2a63ca 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -34,6 +34,7 @@ #include #include +#include #ifdef NO_INLINE #include @@ -169,19 +170,22 @@ CRYP_Cmd(DISABLE); } - void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_CBC); + return 0; } - void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des, out, in, sz, DES_DECRYPTION, DES_CBC); + return 0; } - void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) + int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_ECB); + return 0; } void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz, @@ -389,14 +393,16 @@ static void Des_Cbc(byte* out, const byte* in, word32 sz, } -void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) +int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_ENCRYPT) ; + return 0; } -void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) +int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_DECRYPT) ; + return 0; } int Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz) @@ -556,7 +562,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) return ret; } - void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { int i; int offset = 0; @@ -566,6 +572,11 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; + if ((word)out % CYASSL_MMCAU_ALIGNMENT) { + CYASSL_MSG("Bad cau_des_encrypt alignment"); + return BAD_ALIGN_E; + } + while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -583,10 +594,10 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); } - return; + return 0; } - void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { int i; int offset = 0; @@ -596,6 +607,11 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; + if ((word)out % CYASSL_MMCAU_ALIGNMENT) { + CYASSL_MSG("Bad cau_des_decrypt alignment"); + return BAD_ALIGN_E; + } + while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -613,7 +629,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) offset += DES_BLOCK_SIZE; } - return; + return 0; } int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) @@ -627,6 +643,11 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; + if ((word)out % CYASSL_MMCAU_ALIGNMENT) { + CYASSL_MSG("Bad 3ede cau_des_encrypt alignment"); + return BAD_ALIGN_E; + } + while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -660,6 +681,11 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; + if ((word)out % CYASSL_MMCAU_ALIGNMENT) { + CYASSL_MSG("Bad 3ede cau_des_decrypt alignment"); + return BAD_ALIGN_E; + } + while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -761,9 +787,9 @@ int Des3_SetIV(Des3* des, const byte* iv); bd_p->BD_CTRL.LAST_BD = 1; bd_p->BD_CTRL.DESC_EN = 1; - bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; // (unsigned int)sa_p ; - bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; // (unsigned int)in_p ; - bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); // (unsigned int)out_p ; + bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; /* (unsigned int)sa_p; */ + bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; /* (unsigned int)in_p; */ + bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); /* (unsigned int)out_p; */ bd_p->NXTPTR = (unsigned int)KVA_TO_PA(&bd); bd_p->MSGLEN = sz ; @@ -772,7 +798,7 @@ int Des3_SetIV(Des3* des, const byte* iv); while (CECON); /* Run the engine */ - CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; // (unsigned int)bd_p ; + CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; /* (unsigned int)bd_p ; */ CEINTEN = 0x07; CECON = 0x27; @@ -793,16 +819,18 @@ int Des3_SetIV(Des3* des, const byte* iv); ByteReverseWords((word32*)out, (word32 *)KVA0_TO_KVA1(out), sz); } - void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des->key, des->reg, out, in, sz, PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC ); + return 0; } - void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des->key, des->reg, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC); + return 0; } int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) @@ -1250,7 +1278,7 @@ static void Des3ProcessBlock(Des3* des, const byte* in, byte* out) } -void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) +int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; @@ -1262,10 +1290,11 @@ void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } + return 0; } -void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) +int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; byte hold[DES_BLOCK_SIZE]; @@ -1282,6 +1311,7 @@ void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } + return 0; } @@ -1332,7 +1362,7 @@ int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) #ifdef CYASSL_DES_ECB /* One block, compatibility only */ -void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) +int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; @@ -1342,6 +1372,7 @@ void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } + return 0; } #endif /* CYASSL_DES_ECB */ @@ -1370,7 +1401,6 @@ int Des3_SetIV(Des3* des, const byte* iv) #ifdef HAVE_CAVIUM -#include #include "cavium_common.h" /* Initiliaze Des3 for use with Nitrox device */ diff --git a/ctaocrypt/src/ecc.c b/ctaocrypt/src/ecc.c index 6d6da7346..8904f7289 100644 --- a/ctaocrypt/src/ecc.c +++ b/ctaocrypt/src/ecc.c @@ -3629,9 +3629,9 @@ enum ecSrvState { struct ecEncCtx { - byte* kdfSalt; /* optional salt for kdf */ - byte* kdfInfo; /* optional info for kdf */ - byte* macSalt; /* optional salt for mac */ + const byte* kdfSalt; /* optional salt for kdf */ + const byte* kdfInfo; /* optional info for kdf */ + const byte* macSalt; /* optional salt for mac */ word32 kdfSaltSz; /* size of kdfSalt */ word32 kdfInfoSz; /* size of kdfInfo */ word32 macSaltSz; /* size of macSalt */ @@ -3676,6 +3676,19 @@ const byte* ecc_ctx_get_own_salt(ecEncCtx* ctx) } +/* optional set info, can be called before or after set_peer_salt */ +int ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz) +{ + if (ctx == NULL || info == 0 || sz < 0) + return BAD_FUNC_ARG; + + ctx->kdfInfo = info; + ctx->kdfInfoSz = sz; + + return 0; +} + + static const char* exchange_info = "Secure Message Exchange"; int ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt) @@ -3717,8 +3730,11 @@ int ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt) ctx->macSalt = ctx->serverSalt; ctx->macSaltSz = EXCHANGE_SALT_SZ; - ctx->kdfInfo = (byte*)exchange_info; - ctx->kdfInfoSz = EXCHANGE_INFO_SZ; + if (ctx->kdfInfo == NULL) { + /* default info */ + ctx->kdfInfo = (const byte*)exchange_info; + ctx->kdfInfoSz = EXCHANGE_INFO_SZ; + } return 0; } diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c index 3b629ae08..00bfe309b 100644 --- a/ctaocrypt/src/error.c +++ b/ctaocrypt/src/error.c @@ -22,7 +22,7 @@ #ifdef HAVE_CONFIG_H #include #endif - + #include #include @@ -32,334 +32,264 @@ #pragma warning(disable: 4996) #endif - -void CTaoCryptErrorString(int error, char* buffer) +const char* CTaoCryptGetErrorString(int error) { - const int max = CYASSL_MAX_ERROR_SZ; /* shorthand */ - #ifdef NO_ERROR_STRINGS (void)error; - XSTRNCPY(buffer, "no support for error strings built in", max); + return "no support for error strings built in"; #else switch (error) { - case OPEN_RAN_E : - XSTRNCPY(buffer, "opening random device error", max); - break; + case OPEN_RAN_E : + return "opening random device error"; case READ_RAN_E : - XSTRNCPY(buffer, "reading random device error", max); - break; + return "reading random device error"; case WINCRYPT_E : - XSTRNCPY(buffer, "windows crypt init error", max); - break; + return "windows crypt init error"; - case CRYPTGEN_E : - XSTRNCPY(buffer, "windows crypt generation error", max); - break; + case CRYPTGEN_E : + return "windows crypt generation error"; - case RAN_BLOCK_E : - XSTRNCPY(buffer, "random device read would block error", max); - break; + case RAN_BLOCK_E : + return "random device read would block error"; - case BAD_MUTEX_E : - XSTRNCPY(buffer, "Bad mutex, operation failed", max); - break; + case BAD_MUTEX_E : + return "Bad mutex, operation failed"; case MP_INIT_E : - XSTRNCPY(buffer, "mp_init error state", max); - break; + return "mp_init error state"; case MP_READ_E : - XSTRNCPY(buffer, "mp_read error state", max); - break; + return "mp_read error state"; case MP_EXPTMOD_E : - XSTRNCPY(buffer, "mp_exptmod error state", max); - break; + return "mp_exptmod error state"; case MP_TO_E : - XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max); - break; + return "mp_to_xxx error state, can't convert"; case MP_SUB_E : - XSTRNCPY(buffer, "mp_sub error state, can't subtract", max); - break; + return "mp_sub error state, can't subtract"; case MP_ADD_E : - XSTRNCPY(buffer, "mp_add error state, can't add", max); - break; + return "mp_add error state, can't add"; case MP_MUL_E : - XSTRNCPY(buffer, "mp_mul error state, can't multiply", max); - break; + return "mp_mul error state, can't multiply"; case MP_MULMOD_E : - XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max); - break; + return "mp_mulmod error state, can't multiply mod"; case MP_MOD_E : - XSTRNCPY(buffer, "mp_mod error state, can't mod", max); - break; + return "mp_mod error state, can't mod"; case MP_INVMOD_E : - XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max); - break; - + return "mp_invmod error state, can't inv mod"; + case MP_CMP_E : - XSTRNCPY(buffer, "mp_cmp error state", max); - break; - + return "mp_cmp error state"; + case MP_ZERO_E : - XSTRNCPY(buffer, "mp zero result, not expected", max); - break; - + return "mp zero result, not expected"; + case MEMORY_E : - XSTRNCPY(buffer, "out of memory error", max); - break; + return "out of memory error"; case RSA_WRONG_TYPE_E : - XSTRNCPY(buffer, "RSA wrong block type for RSA function", max); - break; + return "RSA wrong block type for RSA function"; case RSA_BUFFER_E : - XSTRNCPY(buffer, "RSA buffer error, output too small or input too big", - max); - break; + return "RSA buffer error, output too small or input too big"; case BUFFER_E : - XSTRNCPY(buffer, "Buffer error, output too small or input too big",max); - break; + return "Buffer error, output too small or input too big"; case ALGO_ID_E : - XSTRNCPY(buffer, "Setting Cert AlogID error", max); - break; + return "Setting Cert AlogID error"; case PUBLIC_KEY_E : - XSTRNCPY(buffer, "Setting Cert Public Key error", max); - break; + return "Setting Cert Public Key error"; case DATE_E : - XSTRNCPY(buffer, "Setting Cert Date validity error", max); - break; + return "Setting Cert Date validity error"; case SUBJECT_E : - XSTRNCPY(buffer, "Setting Cert Subject name error", max); - break; + return "Setting Cert Subject name error"; case ISSUER_E : - XSTRNCPY(buffer, "Setting Cert Issuer name error", max); - break; + return "Setting Cert Issuer name error"; case CA_TRUE_E : - XSTRNCPY(buffer, "Setting basic constraint CA true error", max); - break; + return "Setting basic constraint CA true error"; case EXTENSIONS_E : - XSTRNCPY(buffer, "Setting extensions error", max); - break; + return "Setting extensions error"; case ASN_PARSE_E : - XSTRNCPY(buffer, "ASN parsing error, invalid input", max); - break; + return "ASN parsing error, invalid input"; case ASN_VERSION_E : - XSTRNCPY(buffer, "ASN version error, invalid number", max); - break; + return "ASN version error, invalid number"; case ASN_GETINT_E : - XSTRNCPY(buffer, "ASN get big int error, invalid data", max); - break; + return "ASN get big int error, invalid data"; case ASN_RSA_KEY_E : - XSTRNCPY(buffer, "ASN key init error, invalid input", max); - break; + return "ASN key init error, invalid input"; case ASN_OBJECT_ID_E : - XSTRNCPY(buffer, "ASN object id error, invalid id", max); - break; + return "ASN object id error, invalid id"; case ASN_TAG_NULL_E : - XSTRNCPY(buffer, "ASN tag error, not null", max); - break; + return "ASN tag error, not null"; case ASN_EXPECT_0_E : - XSTRNCPY(buffer, "ASN expect error, not zero", max); - break; + return "ASN expect error, not zero"; case ASN_BITSTR_E : - XSTRNCPY(buffer, "ASN bit string error, wrong id", max); - break; + return "ASN bit string error, wrong id"; case ASN_UNKNOWN_OID_E : - XSTRNCPY(buffer, "ASN oid error, unknown sum id", max); - break; + return "ASN oid error, unknown sum id"; case ASN_DATE_SZ_E : - XSTRNCPY(buffer, "ASN date error, bad size", max); - break; + return "ASN date error, bad size"; case ASN_BEFORE_DATE_E : - XSTRNCPY(buffer, "ASN date error, current date before", max); - break; + return "ASN date error, current date before"; case ASN_AFTER_DATE_E : - XSTRNCPY(buffer, "ASN date error, current date after", max); - break; + return "ASN date error, current date after"; case ASN_SIG_OID_E : - XSTRNCPY(buffer, "ASN signature error, mismatched oid", max); - break; + return "ASN signature error, mismatched oid"; case ASN_TIME_E : - XSTRNCPY(buffer, "ASN time error, unkown time type", max); - break; + return "ASN time error, unkown time type"; case ASN_INPUT_E : - XSTRNCPY(buffer, "ASN input error, not enough data", max); - break; + return "ASN input error, not enough data"; case ASN_SIG_CONFIRM_E : - XSTRNCPY(buffer, "ASN sig error, confirm failure", max); - break; + return "ASN sig error, confirm failure"; case ASN_SIG_HASH_E : - XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max); - break; + return "ASN sig error, unsupported hash type"; case ASN_SIG_KEY_E : - XSTRNCPY(buffer, "ASN sig error, unsupported key type", max); - break; + return "ASN sig error, unsupported key type"; case ASN_DH_KEY_E : - XSTRNCPY(buffer, "ASN key init error, invalid input", max); - break; + return "ASN key init error, invalid input"; case ASN_NTRU_KEY_E : - XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max); - break; + return "ASN NTRU key decode error, invalid input"; case ASN_CRIT_EXT_E: - XSTRNCPY(buffer, "X.509 Critical extension ignored", max); - break; + return "X.509 Critical extension ignored"; case ECC_BAD_ARG_E : - XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max); - break; + return "ECC input argument wrong type, invalid input"; case ASN_ECC_KEY_E : - XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max); - break; + return "ECC ASN1 bad key data, invalid input"; case ECC_CURVE_OID_E : - XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max); - break; + return "ECC curve sum OID unsupported, invalid input"; case BAD_FUNC_ARG : - XSTRNCPY(buffer, "Bad function argument", max); - break; + return "Bad function argument"; case NOT_COMPILED_IN : - XSTRNCPY(buffer, "Feature not compiled in", max); - break; + return "Feature not compiled in"; case UNICODE_SIZE_E : - XSTRNCPY(buffer, "Unicode password too big", max); - break; + return "Unicode password too big"; case NO_PASSWORD : - XSTRNCPY(buffer, "No password provided by user", max); - break; + return "No password provided by user"; case ALT_NAME_E : - XSTRNCPY(buffer, "Alt Name problem, too big", max); - break; + return "Alt Name problem, too big"; case AES_GCM_AUTH_E: - XSTRNCPY(buffer, "AES-GCM Authentication check fail", max); - break; + return "AES-GCM Authentication check fail"; case AES_CCM_AUTH_E: - XSTRNCPY(buffer, "AES-CCM Authentication check fail", max); - break; + return "AES-CCM Authentication check fail"; case CAVIUM_INIT_E: - XSTRNCPY(buffer, "Cavium Init type error", max); - break; + return "Cavium Init type error"; case COMPRESS_INIT_E: - XSTRNCPY(buffer, "Compress Init error", max); - break; + return "Compress Init error"; case COMPRESS_E: - XSTRNCPY(buffer, "Compress error", max); - break; + return "Compress error"; case DECOMPRESS_INIT_E: - XSTRNCPY(buffer, "DeCompress Init error", max); - break; + return "DeCompress Init error"; case DECOMPRESS_E: - XSTRNCPY(buffer, "DeCompress error", max); - break; + return "DeCompress error"; case BAD_ALIGN_E: - XSTRNCPY(buffer, "Bad alignment error, no alloc help", max); - break; + return "Bad alignment error, no alloc help"; case ASN_NO_SIGNER_E : - XSTRNCPY(buffer, "ASN no signer error to confirm failure", max); - break; + return "ASN no signer error to confirm failure"; case ASN_CRL_CONFIRM_E : - XSTRNCPY(buffer, "ASN CRL sig error, confirm failure", max); - break; + return "ASN CRL sig error, confirm failure"; case ASN_CRL_NO_SIGNER_E : - XSTRNCPY(buffer, "ASN CRL no signer error to confirm failure", max); - break; + return "ASN CRL no signer error to confirm failure"; case ASN_OCSP_CONFIRM_E : - XSTRNCPY(buffer, "ASN OCSP sig error, confirm failure", max); - break; + return "ASN OCSP sig error, confirm failure"; case BAD_ENC_STATE_E: - XSTRNCPY(buffer, "Bad ecc encrypt state operation", max); - break; + return "Bad ecc encrypt state operation"; case BAD_PADDING_E: - XSTRNCPY(buffer, "Bad padding, message wrong length", max); - break; + return "Bad padding, message wrong length"; case REQ_ATTRIBUTE_E: - XSTRNCPY(buffer, "Setting cert request attributes error", max); - break; + return "Setting cert request attributes error"; case PKCS7_OID_E: - XSTRNCPY(buffer, "PKCS#7 error: mismatched OID value", max); - break; + return "PKCS#7 error: mismatched OID value"; case PKCS7_RECIP_E: - XSTRNCPY(buffer, "PKCS#7 error: no matching recipient found", max); - break; + return "PKCS#7 error: no matching recipient found"; case FIPS_NOT_ALLOWED_E: - XSTRNCPY(buffer, "FIPS mode not allowed error", max); - break; + return "FIPS mode not allowed error"; case ASN_NAME_INVALID_E: - XSTRNCPY(buffer, "Name Constraint error", max); - break; + return "Name Constraint error"; + + case RNG_FAILURE_E: + return "Random Number Generator failed"; + + case HMAC_MIN_KEYLEN_E: + return "FIPS Mode HMAC Minimum Key Length error"; default: - XSTRNCPY(buffer, "unknown error number", max); + return "unknown error number"; } #endif /* NO_ERROR_STRINGS */ } + +void CTaoCryptErrorString(int error, char* buffer) +{ + XSTRNCPY(buffer, CTaoCryptGetErrorString(error), CYASSL_MAX_ERROR_SZ); +} diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index 0bd1c41d1..c5362db55 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -131,6 +131,11 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) if (ret != 0) return ret; +#ifdef HAVE_FIPS + if (length < HMAC_FIPS_MIN_KEY) + return HMAC_MIN_KEYLEN_E; +#endif + switch (hmac->macType) { #ifndef NO_MD5 case MD5: diff --git a/ctaocrypt/src/include.am b/ctaocrypt/src/include.am index 580d3f553..6664dab22 100644 --- a/ctaocrypt/src/include.am +++ b/ctaocrypt/src/include.am @@ -2,7 +2,8 @@ # All paths should be given relative to the root EXTRA_DIST += ctaocrypt/src/misc.c -EXTRA_DIST += ctaocrypt/src/asm.c +EXTRA_DIST += ctaocrypt/src/asm.c +EXTRA_DIST += ctaocrypt/src/aes_asm.asm EXTRA_DIST += \ ctaocrypt/src/ecc_fp.c \ diff --git a/ctaocrypt/src/integer.c b/ctaocrypt/src/integer.c index e885ca04b..b39a36f9f 100644 --- a/ctaocrypt/src/integer.c +++ b/ctaocrypt/src/integer.c @@ -1854,15 +1854,15 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, } /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times*/ - if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) { + if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { goto LBL_RES; } for (x = 0; x < (winsize - 1); x++) { - if ((err = mp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)])) != MP_OKAY) { + if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { goto LBL_RES; } - if ((err = redux (&M[1 << (winsize - 1)], P, mp)) != MP_OKAY) { + if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, mp)) != MP_OKAY) { goto LBL_RES; } } @@ -3250,19 +3250,19 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode) /* compute the value at M[1<<(winsize-1)] by squaring * M[1] (winsize-1) times */ - if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) { + if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { goto LBL_MU; } for (x = 0; x < (winsize - 1); x++) { /* square it */ - if ((err = mp_sqr (&M[1 << (winsize - 1)], - &M[1 << (winsize - 1)])) != MP_OKAY) { + if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], + &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { goto LBL_MU; } /* reduce modulo P */ - if ((err = redux (&M[1 << (winsize - 1)], P, &mu)) != MP_OKAY) { + if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, &mu)) != MP_OKAY) { goto LBL_MU; } } @@ -3765,7 +3765,7 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c) #endif -#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(CYASSL_SNIFFER) || defined(CYASSL_HAVE_WOLFSCEP) +#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(CYASSL_SNIFFER) || defined(CYASSL_HAVE_WOLFSCEP) || defined(CYASSL_KEY_GEN) /* single digit addition */ int mp_add_d (mp_int* a, mp_digit b, mp_int* c) diff --git a/ctaocrypt/src/md2.c b/ctaocrypt/src/md2.c index 178287eec..e129cf73c 100644 --- a/ctaocrypt/src/md2.c +++ b/ctaocrypt/src/md2.c @@ -29,6 +29,8 @@ #ifdef CYASSL_MD2 #include +#include + #ifdef NO_INLINE #include #else @@ -128,4 +130,30 @@ void Md2Final(Md2* md2, byte* hash) } +int Md2Hash(const byte* data, word32 len, byte* hash) +{ +#ifdef CYASSL_SMALL_STACK + Md2* md2; +#else + Md2 md2[1]; +#endif + +#ifdef CYASSL_SMALL_STACK + md2 = (Md2*)XMALLOC(sizeof(Md2), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (md2 == NULL) + return MEMORY_E; +#endif + + InitMd2(md2); + Md2Update(md2, data, len); + Md2Final(md2, hash); + +#ifdef CYASSL_SMALL_STACK + XFREE(md2, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return 0; +} + + #endif /* CYASSL_MD2 */ diff --git a/ctaocrypt/src/md5.c b/ctaocrypt/src/md5.c index 3da4cc6b6..4a375391d 100644 --- a/ctaocrypt/src/md5.c +++ b/ctaocrypt/src/md5.c @@ -35,6 +35,7 @@ #endif #include +#include #ifdef NO_INLINE #include @@ -361,4 +362,30 @@ void Md5Final(Md5* md5, byte* hash) #endif /* STM32F2_HASH */ + +int Md5Hash(const byte* data, word32 len, byte* hash) +{ +#ifdef CYASSL_SMALL_STACK + Md5* md5; +#else + Md5 md5[1]; +#endif + +#ifdef CYASSL_SMALL_STACK + md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (md5 == NULL) + return MEMORY_E; +#endif + + InitMd5(md5); + Md5Update(md5, data, len); + Md5Final(md5, hash); + +#ifdef CYASSL_SMALL_STACK + XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return 0; +} + #endif /* NO_MD5 */ diff --git a/ctaocrypt/src/misc.c b/ctaocrypt/src/misc.c index 69fd4a449..7d4d33594 100644 --- a/ctaocrypt/src/misc.c +++ b/ctaocrypt/src/misc.c @@ -45,6 +45,8 @@ #include /* get intrinsic definitions */ + /* for non visual studio probably need no long version, 32 bit only + * i.e., _rotl and _rotr */ #pragma intrinsic(_lrotl, _lrotr) STATIC INLINE word32 rotlFixed(word32 x, word32 y) diff --git a/ctaocrypt/src/pkcs7.c b/ctaocrypt/src/pkcs7.c index 1b0092797..9e3706da0 100644 --- a/ctaocrypt/src/pkcs7.c +++ b/ctaocrypt/src/pkcs7.c @@ -153,25 +153,43 @@ int PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) XMEMSET(pkcs7, 0, sizeof(PKCS7)); if (cert != NULL && certSz > 0) { - DecodedCert dCert; +#ifdef CYASSL_SMALL_STACK + DecodedCert* dCert; + + dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (dCert == NULL) + return MEMORY_E; +#else + DecodedCert stack_dCert; + DecodedCert* dCert = &stack_dCert; +#endif pkcs7->singleCert = cert; pkcs7->singleCertSz = certSz; - InitDecodedCert(&dCert, cert, certSz, 0); + InitDecodedCert(dCert, cert, certSz, 0); - ret = ParseCert(&dCert, CA_TYPE, NO_VERIFY, 0); + ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { - FreeDecodedCert(&dCert); + FreeDecodedCert(dCert); +#ifdef CYASSL_SMALL_STACK + XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; } - XMEMCPY(pkcs7->publicKey, dCert.publicKey, dCert.pubKeySize); - pkcs7->publicKeySz = dCert.pubKeySize; - XMEMCPY(pkcs7->issuerHash, dCert.issuerHash, SHA_SIZE); - pkcs7->issuer = dCert.issuerRaw; - pkcs7->issuerSz = dCert.issuerRawLen; - XMEMCPY(pkcs7->issuerSn, dCert.serial, dCert.serialSz); - pkcs7->issuerSnSz = dCert.serialSz; - FreeDecodedCert(&dCert); + + XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize); + pkcs7->publicKeySz = dCert->pubKeySize; + XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, SHA_SIZE); + pkcs7->issuer = dCert->issuerRaw; + pkcs7->issuerSz = dCert->issuerRawLen; + XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz); + pkcs7->issuerSnSz = dCert->serialSz; + FreeDecodedCert(dCert); + +#ifdef CYASSL_SMALL_STACK + XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif } return ret; @@ -325,7 +343,13 @@ int PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 }; - ESD esd; +#ifdef CYASSL_SMALL_STACK + ESD* esd = NULL; +#else + ESD stack_esd; + ESD* esd = &stack_esd; +#endif + word32 signerInfoSz = 0; word32 totalSz = 0; int idx = 0, ret = 0; @@ -341,41 +365,51 @@ int PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) output == NULL || outputSz == 0) return BAD_FUNC_ARG; - XMEMSET(&esd, 0, sizeof(esd)); - ret = InitSha(&esd.sha); - if (ret != 0) +#ifdef CYASSL_SMALL_STACK + esd = (ESD*)XMALLOC(sizeof(ESD), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (esd == NULL) + return MEMORY_E; +#endif + + XMEMSET(esd, 0, sizeof(ESD)); + ret = InitSha(&esd->sha); + if (ret != 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; + } if (pkcs7->contentSz != 0) { - ShaUpdate(&esd.sha, pkcs7->content, pkcs7->contentSz); - esd.contentDigest[0] = ASN_OCTET_STRING; - esd.contentDigest[1] = SHA_DIGEST_SIZE; - ShaFinal(&esd.sha, &esd.contentDigest[2]); + ShaUpdate(&esd->sha, pkcs7->content, pkcs7->contentSz); + esd->contentDigest[0] = ASN_OCTET_STRING; + esd->contentDigest[1] = SHA_DIGEST_SIZE; + ShaFinal(&esd->sha, &esd->contentDigest[2]); } - esd.innerOctetsSz = SetOctetString(pkcs7->contentSz, esd.innerOctets); - esd.innerContSeqSz = SetExplicit(0, esd.innerOctetsSz + pkcs7->contentSz, - esd.innerContSeq); - esd.contentInfoSeqSz = SetSequence(pkcs7->contentSz + esd.innerOctetsSz + - innerOidSz + esd.innerContSeqSz, - esd.contentInfoSeq); + esd->innerOctetsSz = SetOctetString(pkcs7->contentSz, esd->innerOctets); + esd->innerContSeqSz = SetExplicit(0, esd->innerOctetsSz + pkcs7->contentSz, + esd->innerContSeq); + esd->contentInfoSeqSz = SetSequence(pkcs7->contentSz + esd->innerOctetsSz + + innerOidSz + esd->innerContSeqSz, + esd->contentInfoSeq); - esd.issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz, - esd.issuerSn); - signerInfoSz += esd.issuerSnSz; - esd.issuerNameSz = SetSequence(pkcs7->issuerSz, esd.issuerName); - signerInfoSz += esd.issuerNameSz + pkcs7->issuerSz; - esd.issuerSnSeqSz = SetSequence(signerInfoSz, esd.issuerSnSeq); - signerInfoSz += esd.issuerSnSeqSz; - esd.signerVersionSz = SetMyVersion(1, esd.signerVersion, 0); - signerInfoSz += esd.signerVersionSz; - esd.signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd.signerDigAlgoId, + esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz, + esd->issuerSn); + signerInfoSz += esd->issuerSnSz; + esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName); + signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz; + esd->issuerSnSeqSz = SetSequence(signerInfoSz, esd->issuerSnSeq); + signerInfoSz += esd->issuerSnSeqSz; + esd->signerVersionSz = SetMyVersion(1, esd->signerVersion, 0); + signerInfoSz += esd->signerVersionSz; + esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId, hashType, 0); - signerInfoSz += esd.signerDigAlgoIdSz; - esd.digEncAlgoIdSz = SetAlgoID(pkcs7->encryptOID, esd.digEncAlgoId, + signerInfoSz += esd->signerDigAlgoIdSz; + esd->digEncAlgoIdSz = SetAlgoID(pkcs7->encryptOID, esd->digEncAlgoId, keyType, 0); - signerInfoSz += esd.digEncAlgoIdSz; + signerInfoSz += esd->digEncAlgoIdSz; if (pkcs7->signedAttribsSz != 0) { byte contentTypeOid[] = @@ -393,35 +427,45 @@ int PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) { contentTypeOid, sizeof(contentTypeOid), contentType, sizeof(contentType) }, { messageDigestOid, sizeof(messageDigestOid), - esd.contentDigest, sizeof(esd.contentDigest) } + esd->contentDigest, sizeof(esd->contentDigest) } }; word32 cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib); - esd.signedAttribsCount += cannedAttribsCount; - esd.signedAttribsSz += EncodeAttributes(&esd.signedAttribs[0], 2, + esd->signedAttribsCount += cannedAttribsCount; + esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[0], 2, cannedAttribs, cannedAttribsCount); - esd.signedAttribsCount += pkcs7->signedAttribsSz; - esd.signedAttribsSz += EncodeAttributes(&esd.signedAttribs[2], 4, + esd->signedAttribsCount += pkcs7->signedAttribsSz; + esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[2], 4, pkcs7->signedAttribs, pkcs7->signedAttribsSz); - flatSignedAttribs = (byte*)XMALLOC(esd.signedAttribsSz, 0, NULL); - flatSignedAttribsSz = esd.signedAttribsSz; - if (flatSignedAttribs == NULL) + flatSignedAttribs = (byte*)XMALLOC(esd->signedAttribsSz, 0, NULL); + flatSignedAttribsSz = esd->signedAttribsSz; + if (flatSignedAttribs == NULL) { +#ifdef CYASSL_SMALL_STACK + XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return MEMORY_E; + } FlattenAttributes(flatSignedAttribs, - esd.signedAttribs, esd.signedAttribsCount); - esd.signedAttribSetSz = SetImplicit(ASN_SET, 0, esd.signedAttribsSz, - esd.signedAttribSet); + esd->signedAttribs, esd->signedAttribsCount); + esd->signedAttribSetSz = SetImplicit(ASN_SET, 0, esd->signedAttribsSz, + esd->signedAttribSet); } /* Calculate the final hash and encrypt it. */ { - RsaKey privKey; int result; word32 scratch = 0; +#ifdef CYASSL_SMALL_STACK + byte* digestInfo; + RsaKey* privKey; +#else + RsaKey stack_privKey; + RsaKey* privKey = &stack_privKey; byte digestInfo[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ + SHA_DIGEST_SIZE]; +#endif byte digestInfoSeq[MAX_SEQ_SZ]; byte digestStr[MAX_OCTET_STR_SZ]; word32 digestInfoSeqSz, digestStrSz; @@ -433,145 +477,203 @@ int PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) attribSetSz = SetSet(flatSignedAttribsSz, attribSet); - ret = InitSha(&esd.sha); + ret = InitSha(&esd->sha); if (ret < 0) { XFREE(flatSignedAttribs, 0, NULL); +#ifdef CYASSL_SMALL_STACK + XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; } - ShaUpdate(&esd.sha, attribSet, attribSetSz); - ShaUpdate(&esd.sha, flatSignedAttribs, flatSignedAttribsSz); + ShaUpdate(&esd->sha, attribSet, attribSetSz); + ShaUpdate(&esd->sha, flatSignedAttribs, flatSignedAttribsSz); } - ShaFinal(&esd.sha, esd.contentAttribsDigest); + ShaFinal(&esd->sha, esd->contentAttribsDigest); digestStrSz = SetOctetString(SHA_DIGEST_SIZE, digestStr); - digestInfoSeqSz = SetSequence(esd.signerDigAlgoIdSz + + digestInfoSeqSz = SetSequence(esd->signerDigAlgoIdSz + digestStrSz + SHA_DIGEST_SIZE, digestInfoSeq); +#ifdef CYASSL_SMALL_STACK + digestInfo = (byte*)XMALLOC(MAX_SEQ_SZ + MAX_ALGO_SZ + + MAX_OCTET_STR_SZ + SHA_DIGEST_SIZE, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (digestInfo == NULL) { + if (pkcs7->signedAttribsSz != 0) + XFREE(flatSignedAttribs, 0, NULL); + XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz); digIdx += digestInfoSeqSz; XMEMCPY(digestInfo + digIdx, - esd.signerDigAlgoId, esd.signerDigAlgoIdSz); - digIdx += esd.signerDigAlgoIdSz; + esd->signerDigAlgoId, esd->signerDigAlgoIdSz); + digIdx += esd->signerDigAlgoIdSz; XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz); digIdx += digestStrSz; - XMEMCPY(digestInfo + digIdx, esd.contentAttribsDigest, SHA_DIGEST_SIZE); + XMEMCPY(digestInfo + digIdx, esd->contentAttribsDigest, + SHA_DIGEST_SIZE); digIdx += SHA_DIGEST_SIZE; - result = InitRsaKey(&privKey, NULL); +#ifdef CYASSL_SMALL_STACK + privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (privKey == NULL) { + if (pkcs7->signedAttribsSz != 0) + XFREE(flatSignedAttribs, 0, NULL); + XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + result = InitRsaKey(privKey, NULL); if (result == 0) - result = RsaPrivateKeyDecode(pkcs7->privateKey, &scratch, &privKey, + result = RsaPrivateKeyDecode(pkcs7->privateKey, &scratch, privKey, pkcs7->privateKeySz); if (result < 0) { - XFREE(flatSignedAttribs, 0, NULL); + if (pkcs7->signedAttribsSz != 0) + XFREE(flatSignedAttribs, 0, NULL); +#ifdef CYASSL_SMALL_STACK + XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return PUBLIC_KEY_E; } + result = RsaSSL_Sign(digestInfo, digIdx, - esd.encContentDigest, sizeof(esd.encContentDigest), - &privKey, pkcs7->rng); - FreeRsaKey(&privKey); + esd->encContentDigest, + sizeof(esd->encContentDigest), + privKey, pkcs7->rng); + + FreeRsaKey(privKey); + +#ifdef CYASSL_SMALL_STACK + XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + if (result < 0) { - XFREE(flatSignedAttribs, 0, NULL); + if (pkcs7->signedAttribsSz != 0) + XFREE(flatSignedAttribs, 0, NULL); +#ifdef CYASSL_SMALL_STACK + XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return result; } - esd.encContentDigestSz = (word32)result; + esd->encContentDigestSz = (word32)result; } - signerInfoSz += flatSignedAttribsSz + esd.signedAttribSetSz; + signerInfoSz += flatSignedAttribsSz + esd->signedAttribSetSz; - esd.signerDigestSz = SetOctetString(esd.encContentDigestSz, - esd.signerDigest); - signerInfoSz += esd.signerDigestSz + esd.encContentDigestSz; + esd->signerDigestSz = SetOctetString(esd->encContentDigestSz, + esd->signerDigest); + signerInfoSz += esd->signerDigestSz + esd->encContentDigestSz; - esd.signerInfoSeqSz = SetSequence(signerInfoSz, esd.signerInfoSeq); - signerInfoSz += esd.signerInfoSeqSz; - esd.signerInfoSetSz = SetSet(signerInfoSz, esd.signerInfoSet); - signerInfoSz += esd.signerInfoSetSz; + esd->signerInfoSeqSz = SetSequence(signerInfoSz, esd->signerInfoSeq); + signerInfoSz += esd->signerInfoSeqSz; + esd->signerInfoSetSz = SetSet(signerInfoSz, esd->signerInfoSet); + signerInfoSz += esd->signerInfoSetSz; - esd.certsSetSz = SetImplicit(ASN_SET, 0, pkcs7->singleCertSz, esd.certsSet); + esd->certsSetSz = SetImplicit(ASN_SET, 0, pkcs7->singleCertSz, + esd->certsSet); - esd.singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd.singleDigAlgoId, + esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId, hashType, 0); - esd.digAlgoIdSetSz = SetSet(esd.singleDigAlgoIdSz, esd.digAlgoIdSet); + esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet); - esd.versionSz = SetMyVersion(1, esd.version, 0); + esd->versionSz = SetMyVersion(1, esd->version, 0); - totalSz = esd.versionSz + esd.singleDigAlgoIdSz + esd.digAlgoIdSetSz + - esd.contentInfoSeqSz + esd.certsSetSz + pkcs7->singleCertSz + - esd.innerOctetsSz + esd.innerContSeqSz + + totalSz = esd->versionSz + esd->singleDigAlgoIdSz + esd->digAlgoIdSetSz + + esd->contentInfoSeqSz + esd->certsSetSz + pkcs7->singleCertSz + + esd->innerOctetsSz + esd->innerContSeqSz + innerOidSz + pkcs7->contentSz + signerInfoSz; - esd.innerSeqSz = SetSequence(totalSz, esd.innerSeq); - totalSz += esd.innerSeqSz; - esd.outerContentSz = SetExplicit(0, totalSz, esd.outerContent); - totalSz += esd.outerContentSz + outerOidSz; - esd.outerSeqSz = SetSequence(totalSz, esd.outerSeq); - totalSz += esd.outerSeqSz; + esd->innerSeqSz = SetSequence(totalSz, esd->innerSeq); + totalSz += esd->innerSeqSz; + esd->outerContentSz = SetExplicit(0, totalSz, esd->outerContent); + totalSz += esd->outerContentSz + outerOidSz; + esd->outerSeqSz = SetSequence(totalSz, esd->outerSeq); + totalSz += esd->outerSeqSz; - if (outputSz < totalSz) + if (outputSz < totalSz) { + if (pkcs7->signedAttribsSz != 0) + XFREE(flatSignedAttribs, 0, NULL); +#ifdef CYASSL_SMALL_STACK + XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return BUFFER_E; + } idx = 0; - XMEMCPY(output + idx, esd.outerSeq, esd.outerSeqSz); - idx += esd.outerSeqSz; + XMEMCPY(output + idx, esd->outerSeq, esd->outerSeqSz); + idx += esd->outerSeqSz; XMEMCPY(output + idx, outerOid, outerOidSz); idx += outerOidSz; - XMEMCPY(output + idx, esd.outerContent, esd.outerContentSz); - idx += esd.outerContentSz; - XMEMCPY(output + idx, esd.innerSeq, esd.innerSeqSz); - idx += esd.innerSeqSz; - XMEMCPY(output + idx, esd.version, esd.versionSz); - idx += esd.versionSz; - XMEMCPY(output + idx, esd.digAlgoIdSet, esd.digAlgoIdSetSz); - idx += esd.digAlgoIdSetSz; - XMEMCPY(output + idx, esd.singleDigAlgoId, esd.singleDigAlgoIdSz); - idx += esd.singleDigAlgoIdSz; - XMEMCPY(output + idx, esd.contentInfoSeq, esd.contentInfoSeqSz); - idx += esd.contentInfoSeqSz; + XMEMCPY(output + idx, esd->outerContent, esd->outerContentSz); + idx += esd->outerContentSz; + XMEMCPY(output + idx, esd->innerSeq, esd->innerSeqSz); + idx += esd->innerSeqSz; + XMEMCPY(output + idx, esd->version, esd->versionSz); + idx += esd->versionSz; + XMEMCPY(output + idx, esd->digAlgoIdSet, esd->digAlgoIdSetSz); + idx += esd->digAlgoIdSetSz; + XMEMCPY(output + idx, esd->singleDigAlgoId, esd->singleDigAlgoIdSz); + idx += esd->singleDigAlgoIdSz; + XMEMCPY(output + idx, esd->contentInfoSeq, esd->contentInfoSeqSz); + idx += esd->contentInfoSeqSz; XMEMCPY(output + idx, innerOid, innerOidSz); idx += innerOidSz; - XMEMCPY(output + idx, esd.innerContSeq, esd.innerContSeqSz); - idx += esd.innerContSeqSz; - XMEMCPY(output + idx, esd.innerOctets, esd.innerOctetsSz); - idx += esd.innerOctetsSz; + XMEMCPY(output + idx, esd->innerContSeq, esd->innerContSeqSz); + idx += esd->innerContSeqSz; + XMEMCPY(output + idx, esd->innerOctets, esd->innerOctetsSz); + idx += esd->innerOctetsSz; XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz); idx += pkcs7->contentSz; - XMEMCPY(output + idx, esd.certsSet, esd.certsSetSz); - idx += esd.certsSetSz; + XMEMCPY(output + idx, esd->certsSet, esd->certsSetSz); + idx += esd->certsSetSz; XMEMCPY(output + idx, pkcs7->singleCert, pkcs7->singleCertSz); idx += pkcs7->singleCertSz; - XMEMCPY(output + idx, esd.signerInfoSet, esd.signerInfoSetSz); - idx += esd.signerInfoSetSz; - XMEMCPY(output + idx, esd.signerInfoSeq, esd.signerInfoSeqSz); - idx += esd.signerInfoSeqSz; - XMEMCPY(output + idx, esd.signerVersion, esd.signerVersionSz); - idx += esd.signerVersionSz; - XMEMCPY(output + idx, esd.issuerSnSeq, esd.issuerSnSeqSz); - idx += esd.issuerSnSeqSz; - XMEMCPY(output + idx, esd.issuerName, esd.issuerNameSz); - idx += esd.issuerNameSz; + XMEMCPY(output + idx, esd->signerInfoSet, esd->signerInfoSetSz); + idx += esd->signerInfoSetSz; + XMEMCPY(output + idx, esd->signerInfoSeq, esd->signerInfoSeqSz); + idx += esd->signerInfoSeqSz; + XMEMCPY(output + idx, esd->signerVersion, esd->signerVersionSz); + idx += esd->signerVersionSz; + XMEMCPY(output + idx, esd->issuerSnSeq, esd->issuerSnSeqSz); + idx += esd->issuerSnSeqSz; + XMEMCPY(output + idx, esd->issuerName, esd->issuerNameSz); + idx += esd->issuerNameSz; XMEMCPY(output + idx, pkcs7->issuer, pkcs7->issuerSz); idx += pkcs7->issuerSz; - XMEMCPY(output + idx, esd.issuerSn, esd.issuerSnSz); - idx += esd.issuerSnSz; - XMEMCPY(output + idx, esd.signerDigAlgoId, esd.signerDigAlgoIdSz); - idx += esd.signerDigAlgoIdSz; + XMEMCPY(output + idx, esd->issuerSn, esd->issuerSnSz); + idx += esd->issuerSnSz; + XMEMCPY(output + idx, esd->signerDigAlgoId, esd->signerDigAlgoIdSz); + idx += esd->signerDigAlgoIdSz; /* SignerInfo:Attributes */ if (pkcs7->signedAttribsSz != 0) { - XMEMCPY(output + idx, esd.signedAttribSet, esd.signedAttribSetSz); - idx += esd.signedAttribSetSz; + XMEMCPY(output + idx, esd->signedAttribSet, esd->signedAttribSetSz); + idx += esd->signedAttribSetSz; XMEMCPY(output + idx, flatSignedAttribs, flatSignedAttribsSz); idx += flatSignedAttribsSz; XFREE(flatSignedAttribs, 0, NULL); } - XMEMCPY(output + idx, esd.digEncAlgoId, esd.digEncAlgoIdSz); - idx += esd.digEncAlgoIdSz; - XMEMCPY(output + idx, esd.signerDigest, esd.signerDigestSz); - idx += esd.signerDigestSz; - XMEMCPY(output + idx, esd.encContentDigest, esd.encContentDigestSz); - idx += esd.encContentDigestSz; + XMEMCPY(output + idx, esd->digEncAlgoId, esd->digEncAlgoIdSz); + idx += esd->digEncAlgoIdSz; + XMEMCPY(output + idx, esd->signerDigest, esd->signerDigestSz); + idx += esd->signerDigestSz; + XMEMCPY(output + idx, esd->encContentDigest, esd->encContentDigestSz); + idx += esd->encContentDigestSz; + +#ifdef CYASSL_SMALL_STACK + XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return idx; } @@ -707,11 +809,6 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) return ASN_PARSE_E; if (length > 0) { - RsaKey key; - word32 scratch = 0; - int plainSz = 0; - byte digest[MAX_SEQ_SZ+MAX_ALGO_SZ+MAX_OCTET_STR_SZ+SHA_DIGEST_SIZE]; - /* Get the sequence of the first signerInfo */ if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; @@ -770,21 +867,67 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) idx += length; } - XMEMSET(digest, 0, sizeof(digest)); pkcs7->content = content; pkcs7->contentSz = contentSz; - ret = InitRsaKey(&key, NULL); - if (ret != 0) return ret; - if (RsaPublicKeyDecode(pkcs7->publicKey, &scratch, &key, - pkcs7->publicKeySz) < 0) { - CYASSL_MSG("ASN RSA key decode error"); - return PUBLIC_KEY_E; + { + word32 scratch = 0; + int plainSz = 0; + int digestSz = MAX_SEQ_SZ + MAX_ALGO_SZ + + MAX_OCTET_STR_SZ + SHA_DIGEST_SIZE; + +#ifdef CYASSL_SMALL_STACK + byte* digest; + RsaKey* key; + + digest = (byte*)XMALLOC(digestSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (digest == NULL) + return MEMORY_E; + + key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) { + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#else + byte digest[digestSz]; + RsaKey stack_key; + RsaKey* key = &stack_key; +#endif + + XMEMSET(digest, 0, digestSz); + + ret = InitRsaKey(key, NULL); + if (ret != 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; + } + if (RsaPublicKeyDecode(pkcs7->publicKey, &scratch, key, + pkcs7->publicKeySz) < 0) { + CYASSL_MSG("ASN RSA key decode error"); +#ifdef CYASSL_SMALL_STACK + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return PUBLIC_KEY_E; + } + + plainSz = RsaSSL_Verify(sig, sigSz, digest, digestSz, key); + FreeRsaKey(key); + +#ifdef CYASSL_SMALL_STACK + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + if (plainSz < 0) + return plainSz; } - plainSz = RsaSSL_Verify(sig, sigSz, digest, sizeof(digest), &key); - FreeRsaKey(&key); - if (plainSz < 0) - return plainSz; } return 0; @@ -805,20 +948,49 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz, int encKeyOctetStrSz; byte ver[MAX_VERSION_SZ]; - byte serial[MAX_SN_SZ]; byte issuerSerialSeq[MAX_SEQ_SZ]; byte recipSeq[MAX_SEQ_SZ]; byte issuerSeq[MAX_SEQ_SZ]; - byte keyAlgArray[MAX_ALGO_SZ]; byte encKeyOctetStr[MAX_OCTET_STR_SZ]; - RsaKey pubKey; - DecodedCert decoded; +#ifdef CYASSL_SMALL_STACK + byte *serial; + byte *keyAlgArray; + + RsaKey* pubKey; + DecodedCert* decoded; - InitDecodedCert(&decoded, (byte*)cert, certSz, 0); - ret = ParseCert(&decoded, CA_TYPE, NO_VERIFY, 0); + serial = (byte*)XMALLOC(MAX_SN_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + keyAlgArray = (byte*)XMALLOC(MAX_SN_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + + if (decoded == NULL || serial == NULL || keyAlgArray == NULL) { + if (serial) XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (keyAlgArray) XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (decoded) XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + +#else + byte serial[MAX_SN_SZ]; + byte keyAlgArray[MAX_ALGO_SZ]; + + RsaKey stack_pubKey; + RsaKey* pubKey = &stack_pubKey; + DecodedCert stack_decoded; + DecodedCert* decoded = &stack_decoded; +#endif + + InitDecodedCert(decoded, (byte*)cert, certSz, 0); + ret = ParseCert(decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { - FreeDecodedCert(&decoded); + FreeDecodedCert(decoded); +#ifdef CYASSL_SMALL_STACK + XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; } @@ -826,46 +998,110 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz, verSz = SetMyVersion(0, ver, 0); /* IssuerAndSerialNumber */ - if (decoded.issuerRaw == NULL || decoded.issuerRawLen == 0) { + if (decoded->issuerRaw == NULL || decoded->issuerRawLen == 0) { CYASSL_MSG("DecodedCert lacks raw issuer pointer and length"); - FreeDecodedCert(&decoded); + FreeDecodedCert(decoded); +#ifdef CYASSL_SMALL_STACK + XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return -1; } - issuerSz = decoded.issuerRawLen; + issuerSz = decoded->issuerRawLen; issuerSeqSz = SetSequence(issuerSz, issuerSeq); - if (decoded.serial == NULL || decoded.serialSz == 0) { + if (decoded->serial == NULL || decoded->serialSz == 0) { CYASSL_MSG("DecodedCert missing serial number"); - FreeDecodedCert(&decoded); + FreeDecodedCert(decoded); +#ifdef CYASSL_SMALL_STACK + XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return -1; } - snSz = SetSerialNumber(decoded.serial, decoded.serialSz, serial); + snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial); issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz, issuerSerialSeq); /* KeyEncryptionAlgorithmIdentifier, only support RSA now */ - if (keyEncAlgo != RSAk) + if (keyEncAlgo != RSAk) { + FreeDecodedCert(decoded); +#ifdef CYASSL_SMALL_STACK + XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ALGO_ID_E; + } keyEncAlgSz = SetAlgoID(keyEncAlgo, keyAlgArray, keyType, 0); - if (keyEncAlgSz == 0) + if (keyEncAlgSz == 0) { + FreeDecodedCert(decoded); +#ifdef CYASSL_SMALL_STACK + XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return BAD_FUNC_ARG; + } + +#ifdef CYASSL_SMALL_STACK + pubKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (pubKey == NULL) { + FreeDecodedCert(decoded); + XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif /* EncryptedKey */ - ret = InitRsaKey(&pubKey, 0); - if (ret != 0) return ret; - if (RsaPublicKeyDecode(decoded.publicKey, &idx, &pubKey, - decoded.pubKeySize) < 0) { + ret = InitRsaKey(pubKey, 0); + if (ret != 0) { + FreeDecodedCert(decoded); +#ifdef CYASSL_SMALL_STACK + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; + } + + if (RsaPublicKeyDecode(decoded->publicKey, &idx, pubKey, + decoded->pubKeySize) < 0) { CYASSL_MSG("ASN RSA key decode error"); + FreeRsaKey(pubKey); + FreeDecodedCert(decoded); +#ifdef CYASSL_SMALL_STACK + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return PUBLIC_KEY_E; } *keyEncSz = RsaPublicEncrypt(contentKeyPlain, blockKeySz, contentKeyEnc, - MAX_ENCRYPTED_KEY_SZ, &pubKey, rng); - FreeRsaKey(&pubKey); + MAX_ENCRYPTED_KEY_SZ, pubKey, rng); + FreeRsaKey(pubKey); + +#ifdef CYASSL_SMALL_STACK + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + if (*keyEncSz < 0) { CYASSL_MSG("RSA Public Encrypt failed"); + FreeDecodedCert(decoded); +#ifdef CYASSL_SMALL_STACK + XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return *keyEncSz; } @@ -879,6 +1115,12 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz, if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz + keyEncAlgSz + encKeyOctetStrSz + *keyEncSz > (int)outSz) { CYASSL_MSG("RecipientInfo output buffer too small"); + FreeDecodedCert(decoded); +#ifdef CYASSL_SMALL_STACK + XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return BUFFER_E; } @@ -890,7 +1132,7 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz, totalSz += issuerSerialSeqSz; XMEMCPY(out + totalSz, issuerSeq, issuerSeqSz); totalSz += issuerSeqSz; - XMEMCPY(out + totalSz, decoded.issuerRaw, issuerSz); + XMEMCPY(out + totalSz, decoded->issuerRaw, issuerSz); totalSz += issuerSz; XMEMCPY(out + totalSz, serial, snSz); totalSz += snSz; @@ -901,7 +1143,13 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz, XMEMCPY(out + totalSz, contentKeyEnc, *keyEncSz); totalSz += *keyEncSz; - FreeDecodedCert(&decoded); + FreeDecodedCert(decoded); + +#ifdef CYASSL_SMALL_STACK + XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return totalSz; } @@ -926,12 +1174,20 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) int contentKeyEncSz, blockKeySz; int dynamicFlag = 0; byte contentKeyPlain[MAX_CONTENT_KEY_LEN]; +#ifdef CYASSL_SMALL_STACK + byte* contentKeyEnc; +#else byte contentKeyEnc[MAX_ENCRYPTED_KEY_SZ]; +#endif byte* plain; byte* encryptedContent; int recipSz, recipSetSz; +#ifdef CYASSL_SMALL_STACK + byte* recip; +#else byte recip[MAX_RECIP_SZ]; +#endif byte recipSet[MAX_SET_SZ]; int encContentOctetSz, encContentSeqSz, contentTypeSz; @@ -979,36 +1235,68 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) ret = RNG_GenerateBlock(&rng, contentKeyPlain, blockKeySz); if (ret != 0) return ret; + +#ifdef CYASSL_SMALL_STACK + recip = (byte*)XMALLOC(MAX_RECIP_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + contentKeyEnc = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (contentKeyEnc == NULL || recip == NULL) { + if (recip) XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (contentKeyEnc) XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + +#endif /* build RecipientInfo, only handle 1 for now */ recipSz = CreateRecipientInfo(pkcs7->singleCert, pkcs7->singleCertSz, RSAk, blockKeySz, &rng, contentKeyPlain, contentKeyEnc, &contentKeyEncSz, recip, MAX_RECIP_SZ); + + XMEMSET(contentKeyEnc, 0, MAX_ENCRYPTED_KEY_SZ); + +#ifdef CYASSL_SMALL_STACK + XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif if (recipSz < 0) { CYASSL_MSG("Failed to create RecipientInfo"); +#ifdef CYASSL_SMALL_STACK + XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); +#endif return recipSz; } recipSetSz = SetSet(recipSz, recipSet); /* generate IV for block cipher */ ret = RNG_GenerateBlock(&rng, tmpIv, DES_BLOCK_SIZE); - if (ret != 0) + if (ret != 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); +#endif return ret; + } /* EncryptedContentInfo */ contentTypeSz = SetContentType(pkcs7->contentOID, contentType); - if (contentTypeSz == 0) + if (contentTypeSz == 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); +#endif return BAD_FUNC_ARG; + } /* allocate encrypted content buffer, pad if necessary, PKCS#7 padding */ padSz = DES_BLOCK_SIZE - (pkcs7->contentSz % DES_BLOCK_SIZE); desOutSz = pkcs7->contentSz + padSz; if (padSz != 0) { - plain = XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + plain = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { +#ifdef CYASSL_SMALL_STACK + XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); +#endif return MEMORY_E; } XMEMCPY(plain, pkcs7->content, pkcs7->contentSz); @@ -1023,10 +1311,13 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) desOutSz = pkcs7->contentSz; } - encryptedContent = XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + encryptedContent = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (encryptedContent == NULL) { if (dynamicFlag) XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef CYASSL_SMALL_STACK + XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); +#endif return MEMORY_E; } @@ -1037,8 +1328,16 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) * adding (ivOctetStringSz + DES_BLOCK_SIZE) for IV OCTET STRING */ contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo, blkType, ivOctetStringSz + DES_BLOCK_SIZE); - if (contentEncAlgoSz == 0) + + if (contentEncAlgoSz == 0) { + XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (dynamicFlag) + XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef CYASSL_SMALL_STACK + XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); +#endif return BAD_FUNC_ARG; + } /* encrypt content */ if (pkcs7->encryptOID == DESb) { @@ -1053,6 +1352,9 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (dynamicFlag) XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef CYASSL_SMALL_STACK + XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); +#endif return ret; } } @@ -1068,6 +1370,9 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (dynamicFlag) XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef CYASSL_SMALL_STACK + XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); +#endif return ret; } } @@ -1102,6 +1407,9 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (dynamicFlag) XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef CYASSL_SMALL_STACK + XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); +#endif return BUFFER_E; } @@ -1139,11 +1447,14 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) #endif XMEMSET(contentKeyPlain, 0, MAX_CONTENT_KEY_LEN); - XMEMSET(contentKeyEnc, 0, MAX_ENCRYPTED_KEY_SZ); if (dynamicFlag) XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER); XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + +#ifdef CYASSL_SMALL_STACK + XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); +#endif return idx; } @@ -1158,14 +1469,23 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, word32 savedIdx = 0, idx = 0; word32 contentType, encOID; byte issuerHash[SHA_DIGEST_SIZE]; - mp_int serialNum; int encryptedKeySz, keySz; byte tmpIv[DES_BLOCK_SIZE]; - byte encryptedKey[MAX_ENCRYPTED_KEY_SZ]; byte* decryptedKey = NULL; - RsaKey privKey; +#ifdef CYASSL_SMALL_STACK + mp_int* serialNum; + byte* encryptedKey; + RsaKey* privKey; +#else + mp_int stack_serialNum; + mp_int* serialNum = &stack_serialNum; + byte encryptedKey[MAX_ENCRYPTED_KEY_SZ]; + + RsaKey stack_privKey; + RsaKey* privKey = &stack_privKey; +#endif int encryptedContentSz; byte padLen; byte* encryptedContent = NULL; @@ -1179,18 +1499,6 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, output == NULL || outputSz == 0) return BAD_FUNC_ARG; - /* load private key */ - ret = InitRsaKey(&privKey, 0); - if (ret != 0) return ret; - ret = RsaPrivateKeyDecode(pkcs7->privateKey, &idx, &privKey, - pkcs7->privateKeySz); - if (ret != 0) { - CYASSL_MSG("Failed to decode RSA private key"); - return ret; - } - - idx = 0; - /* read past ContentInfo, verify type is envelopedData */ if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; @@ -1224,7 +1532,14 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, /* walk through RecipientInfo set, find correct recipient */ if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; - + +#ifdef CYASSL_SMALL_STACK + encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (encryptedKey == NULL) + return MEMORY_E; +#endif + savedIdx = idx; recipFound = 0; @@ -1244,39 +1559,86 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, break; } - if (version != 0) + if (version != 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_VERSION_E; - + } + /* remove IssuerAndSerialNumber */ - if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) + if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - - if (GetNameHash(pkiMsg, &idx, issuerHash, pkiMsgSz) < 0) + } + + if (GetNameHash(pkiMsg, &idx, issuerHash, pkiMsgSz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - + } + /* if we found correct recipient, issuer hashes will match */ if (XMEMCMP(issuerHash, pkcs7->issuerHash, SHA_DIGEST_SIZE) == 0) { recipFound = 1; } - - if (GetInt(&serialNum, pkiMsg, &idx, pkiMsgSz) < 0) + +#ifdef CYASSL_SMALL_STACK + serialNum = (mp_int*)XMALLOC(sizeof(mp_int), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (serialNum == NULL) { + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + if (GetInt(serialNum, pkiMsg, &idx, pkiMsgSz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serialNum, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - mp_clear(&serialNum); - - if (GetAlgoId(pkiMsg, &idx, &encOID, pkiMsgSz) < 0) + } + + mp_clear(serialNum); + +#ifdef CYASSL_SMALL_STACK + XFREE(serialNum, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + if (GetAlgoId(pkiMsg, &idx, &encOID, pkiMsgSz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - + } + /* key encryption algorithm must be RSA for now */ - if (encOID != RSAk) + if (encOID != RSAk) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ALGO_ID_E; - + } + /* read encryptedKey */ - if (pkiMsg[idx++] != ASN_OCTET_STRING) + if (pkiMsg[idx++] != ASN_OCTET_STRING) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - - if (GetLength(pkiMsg, &idx, &encryptedKeySz, pkiMsgSz) < 0) + } + + if (GetLength(pkiMsg, &idx, &encryptedKeySz, pkiMsgSz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - + } + if (recipFound == 1) XMEMCPY(encryptedKey, &pkiMsg[idx], encryptedKeySz); idx += encryptedKeySz; @@ -1287,28 +1649,54 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, if (recipFound == 0) { CYASSL_MSG("No recipient found in envelopedData that matches input"); +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return PKCS7_RECIP_E; } /* remove EncryptedContentInfo */ - if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) + if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - - if (GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) + } + + if (GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; + } - if (GetAlgoId(pkiMsg, &idx, &encOID, pkiMsgSz) < 0) + if (GetAlgoId(pkiMsg, &idx, &encOID, pkiMsgSz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - + } + /* get block cipher IV, stored in OPTIONAL parameter of AlgoID */ - if (pkiMsg[idx++] != ASN_OCTET_STRING) + if (pkiMsg[idx++] != ASN_OCTET_STRING) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - - if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) + } + + if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - + } + if (length != DES_BLOCK_SIZE) { CYASSL_MSG("Incorrect IV length, must be of DES_BLOCK_SIZE"); +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; } @@ -1316,23 +1704,80 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, idx += length; /* read encryptedContent, cont[0] */ - if (pkiMsg[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) + if (pkiMsg[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; + } - if (GetLength(pkiMsg, &idx, &encryptedContentSz, pkiMsgSz) < 0) + if (GetLength(pkiMsg, &idx, &encryptedContentSz, pkiMsgSz) < 0) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ASN_PARSE_E; - - encryptedContent = XMALLOC(encryptedContentSz, NULL, - DYNAMIC_TYPE_TMP_BUFFER); + } + + encryptedContent = (byte*)XMALLOC(encryptedContentSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (encryptedContent == NULL) { +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return MEMORY_E; + } XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz); + /* load private key */ +#ifdef CYASSL_SMALL_STACK + privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (privKey == NULL) { + XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; + } +#endif + + ret = InitRsaKey(privKey, 0); + if (ret != 0) { + XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef CYASSL_SMALL_STACK + XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; + } + + idx = 0; + + ret = RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, + pkcs7->privateKeySz); + if (ret != 0) { + CYASSL_MSG("Failed to decode RSA private key"); + XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef CYASSL_SMALL_STACK + XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; + } + /* decrypt encryptedKey */ keySz = RsaPrivateDecryptInline(encryptedKey, encryptedKeySz, - &decryptedKey, &privKey); - FreeRsaKey(&privKey); - if (keySz <= 0) + &decryptedKey, privKey); + FreeRsaKey(privKey); + +#ifdef CYASSL_SMALL_STACK + XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + if (keySz <= 0) { + XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return keySz; + } /* decrypt encryptedContent */ if (encOID == DESb) { @@ -1345,6 +1790,9 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, if (ret != 0) { XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; } } @@ -1357,10 +1805,17 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, if (ret != 0) { XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; } } else { CYASSL_MSG("Unsupported content encryption OID type"); + XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ALGO_ID_E; } @@ -1373,7 +1828,10 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, XMEMSET(encryptedKey, 0, MAX_ENCRYPTED_KEY_SZ); XMEMSET(encryptedContent, 0, encryptedContentSz); XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); - +#ifdef CYASSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return encryptedContentSz - padLen; } diff --git a/ctaocrypt/src/random.c b/ctaocrypt/src/random.c index 22643e3ad..7442fe123 100644 --- a/ctaocrypt/src/random.c +++ b/ctaocrypt/src/random.c @@ -30,10 +30,16 @@ */ +#ifdef HAVE_FIPS + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS +#endif + #include #include #if defined(HAVE_HASHDRBG) || defined(NO_RC4) + #include #ifdef NO_INLINE @@ -74,9 +80,16 @@ #define NONCE_SZ (ENTROPY_SZ/2) #define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ) -#define DRBG_SUCCESS 0 -#define DRBG_ERROR 1 -#define DRBG_NEED_RESEED 2 +/* Internal return codes */ +#define DRBG_SUCCESS 0 +#define DRBG_ERROR 1 +#define DRBG_FAILURE 2 +#define DRBG_NEED_RESEED 3 + +/* RNG health states */ +#define DRBG_NOT_INIT 0 +#define DRBG_OK 1 +#define DRBG_FAILED 2 enum { @@ -88,10 +101,11 @@ enum { }; +/* Hash Derivation Function */ +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, - byte* inA, word32 inASz, - byte* inB, word32 inBSz, - byte* inC, word32 inCSz) + const byte* inA, word32 inASz, + const byte* inB, word32 inBSz) { byte ctr; int i; @@ -107,33 +121,29 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, for (i = 0, ctr = 1; i < len; i++, ctr++) { if (InitSha256(&rng->sha) != 0) - return DRBG_ERROR; + return DRBG_FAILURE; if (Sha256Update(&rng->sha, &ctr, sizeof(ctr)) != 0) - return DRBG_ERROR; + return DRBG_FAILURE; if (Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits)) != 0) - return DRBG_ERROR; + return DRBG_FAILURE; /* churning V is the only string that doesn't have * the type added */ if (type != drbgInitV) if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0) - return DRBG_ERROR; + return DRBG_FAILURE; if (Sha256Update(&rng->sha, inA, inASz) != 0) - return DRBG_ERROR; + return DRBG_FAILURE; if (inB != NULL && inBSz > 0) if (Sha256Update(&rng->sha, inB, inBSz) != 0) - return DRBG_ERROR; - - if (inC != NULL && inCSz > 0) - if (Sha256Update(&rng->sha, inC, inCSz) != 0) - return DRBG_ERROR; + return DRBG_FAILURE; if (Sha256Final(&rng->sha, rng->digest) != 0) - return DRBG_ERROR; + return DRBG_FAILURE; if (outSz > OUTPUT_BLOCK_LEN) { XMEMCPY(out, rng->digest, OUTPUT_BLOCK_LEN); @@ -149,26 +159,26 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, } -static int Hash_DRBG_Reseed(RNG* rng, byte* entropy, word32 entropySz) +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_DRBG_Reseed(RNG* rng, const byte* entropy, word32 entropySz) { - int ret; byte seed[DRBG_SEED_LEN]; - ret = Hash_df(rng, seed, sizeof(seed), drbgReseed, rng->V, sizeof(rng->V), - entropy, entropySz, NULL, 0); - if (ret != 0) - return ret; + if (Hash_df(rng, seed, sizeof(seed), drbgReseed, rng->V, sizeof(rng->V), + entropy, entropySz) != DRBG_SUCCESS) { + return DRBG_FAILURE; + } XMEMCPY(rng->V, seed, sizeof(rng->V)); XMEMSET(seed, 0, sizeof(seed)); - ret = Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, - sizeof(rng->V), NULL, 0, NULL, 0); - if (ret != 0) - return ret; + if (Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, + sizeof(rng->V), NULL, 0) != DRBG_SUCCESS) { + return DRBG_FAILURE; + } rng->reseedCtr = 1; - return 0; + return DRBG_SUCCESS; } static INLINE void array_add_one(byte* data, word32 dataSz) @@ -182,26 +192,23 @@ static INLINE void array_add_one(byte* data, word32 dataSz) } } -static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V) + +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_gen(RNG* rng, byte* out, word32 outSz, const byte* V) { byte data[DRBG_SEED_LEN]; - int i, ret; + int i; int len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); XMEMCPY(data, V, sizeof(data)); for (i = 0; i < len; i++) { - ret = InitSha256(&rng->sha); - if (ret != 0) - return ret; + if (InitSha256(&rng->sha) != 0 || + Sha256Update(&rng->sha, data, sizeof(data)) != 0 || + Sha256Final(&rng->sha, rng->digest) != 0) { - ret = Sha256Update(&rng->sha, data, sizeof(data)); - if (ret != 0) - return ret; - - ret = Sha256Final(&rng->sha, rng->digest); - if (ret != 0) - return ret; + return DRBG_FAILURE; + } if (outSz > OUTPUT_BLOCK_LEN) { XMEMCPY(out, rng->digest, OUTPUT_BLOCK_LEN); @@ -215,11 +222,11 @@ static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V) } XMEMSET(data, 0, sizeof(data)); - return 0; + return DRBG_SUCCESS; } -static INLINE void array_add(byte* d, word32 dLen, byte* s, word32 sLen) +static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) { word16 carry = 0; @@ -238,74 +245,67 @@ static INLINE void array_add(byte* d, word32 dLen, byte* s, word32 sLen) } +/* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */ static int Hash_DRBG_Generate(RNG* rng, byte* out, word32 outSz) { - int ret; + int ret = DRBG_NEED_RESEED; if (rng->reseedCtr != RESEED_INTERVAL) { byte type = drbgGenerateH; word32 reseedCtr = rng->reseedCtr; rng->reseedCtr++; - if (Hash_gen(rng, out, outSz, rng->V) != 0) - return DRBG_ERROR; - if (InitSha256(&rng->sha) != 0) - return DRBG_ERROR; - if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0) - return DRBG_ERROR; - if (Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0) - return DRBG_ERROR; - if (Sha256Final(&rng->sha, rng->digest) != 0) - return DRBG_ERROR; + if (Hash_gen(rng, out, outSz, rng->V) != 0 || + InitSha256(&rng->sha) != 0 || + Sha256Update(&rng->sha, &type, sizeof(type)) != 0 || + Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0 || + Sha256Final(&rng->sha, rng->digest) != 0) { - array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest)); - array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C)); - #ifdef LITTLE_ENDIAN_ORDER - reseedCtr = ByteReverseWord32(reseedCtr); - #endif - array_add(rng->V, sizeof(rng->V), (byte*)&reseedCtr, sizeof(reseedCtr)); - ret = DRBG_SUCCESS; - } - else { - ret = DRBG_NEED_RESEED; + ret = DRBG_FAILURE; + } + else { + array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest)); + array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C)); + #ifdef LITTLE_ENDIAN_ORDER + reseedCtr = ByteReverseWord32(reseedCtr); + #endif + array_add(rng->V, sizeof(rng->V), + (byte*)&reseedCtr, sizeof(reseedCtr)); + ret = DRBG_SUCCESS; + } } + return ret; } -static int Hash_DRBG_Instantiate(RNG* rng, byte* seed, word32 seedSz, - byte* nonce, word32 nonceSz, byte* personal, word32 personalSz) +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_DRBG_Instantiate(RNG* rng, const byte* seed, word32 seedSz, + const byte* nonce, word32 nonceSz) { - int ret; + int ret = DRBG_FAILURE; XMEMSET(rng, 0, sizeof(*rng)); - ret = Hash_df(rng, rng->V, sizeof(rng->V), drbgInitV, seed, seedSz, - nonce, nonceSz, personal, personalSz); - if (ret != 0) - return ret; + if (Hash_df(rng, rng->V, sizeof(rng->V), drbgInitV, seed, seedSz, + nonce, nonceSz) == DRBG_SUCCESS && + Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, + sizeof(rng->V), NULL, 0) == DRBG_SUCCESS) { - ret = Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, - sizeof(rng->V), NULL, 0, NULL, 0); - if (ret != 0) - return ret; + rng->reseedCtr = 1; + ret = DRBG_SUCCESS; + } - rng->reseedCtr = 1; - - return 0; + return ret; } +/* Returns: DRBG_SUCCESS */ static int Hash_DRBG_Uninstantiate(RNG* rng) { - int result = DRBG_ERROR; + XMEMSET(rng, 0, sizeof(*rng)); - if (rng != NULL) { - XMEMSET(rng, 0, sizeof(*rng)); - result = DRBG_SUCCESS; - } - - return result; + return DRBG_SUCCESS; } /* End NIST DRBG Code */ @@ -314,17 +314,27 @@ static int Hash_DRBG_Uninstantiate(RNG* rng) /* Get seed and key cipher */ int InitRng(RNG* rng) { - byte entropy[ENTROPY_NONCE_SZ]; - int ret = DRBG_ERROR; + int ret = BAD_FUNC_ARG; - /* This doesn't use a separate nonce. The entropy input will be - * the default size plus the size of the nonce making the seed - * size. */ - if (GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0) - ret = Hash_DRBG_Instantiate(rng, entropy, ENTROPY_NONCE_SZ, - NULL, 0, NULL, 0); + if (rng != NULL) { + byte entropy[ENTROPY_NONCE_SZ]; - XMEMSET(entropy, 0, ENTROPY_NONCE_SZ); + /* This doesn't use a separate nonce. The entropy input will be + * the default size plus the size of the nonce making the seed + * size. */ + if (GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0 && + Hash_DRBG_Instantiate(rng, entropy, ENTROPY_NONCE_SZ, + NULL, 0) == DRBG_SUCCESS) { + rng->status = DRBG_OK; + ret = 0; + } + else { + rng->status = DRBG_FAILED; + ret = RNG_FAILURE_E; + } + + XMEMSET(entropy, 0, ENTROPY_NONCE_SZ); + } return ret; } @@ -335,24 +345,36 @@ int RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) { int ret; - XMEMSET(output, 0, sz); - ret = Hash_DRBG_Generate(rng, output, sz); + if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN) + return BAD_FUNC_ARG; - if (ret == DRBG_NEED_RESEED) { + if (rng->status != DRBG_OK) + return RNG_FAILURE_E; + + ret = Hash_DRBG_Generate(rng, output, sz); + if (ret == DRBG_SUCCESS) { + ret = 0; + } + else if (ret == DRBG_NEED_RESEED) { byte entropy[ENTROPY_SZ]; - ret = GenerateSeed(&rng->seed, entropy, ENTROPY_SZ); - if (ret == 0) { - ret = Hash_DRBG_Reseed(rng, entropy, ENTROPY_SZ); + if (GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 && + Hash_DRBG_Reseed(rng, entropy, ENTROPY_SZ) == DRBG_SUCCESS && + Hash_DRBG_Generate(rng, output, sz) == DRBG_SUCCESS) { - if (ret == 0) - ret = Hash_DRBG_Generate(rng, output, sz); + ret = 0; + } + else { + ret = RNG_FAILURE_E; + rng->status = DRBG_FAILED; } - else - ret = DRBG_ERROR; XMEMSET(entropy, 0, ENTROPY_SZ); } + else { + ret = RNG_FAILURE_E; + rng->status = DRBG_FAILED; + } return ret; } @@ -364,11 +386,59 @@ int RNG_GenerateByte(RNG* rng, byte* b) } -void FreeRng(RNG* rng) +int FreeRng(RNG* rng) { - Hash_DRBG_Uninstantiate(rng); + int ret = BAD_FUNC_ARG; + + if (rng != NULL) { + if (Hash_DRBG_Uninstantiate(rng) == DRBG_SUCCESS) + ret = 0; + else + ret = RNG_FAILURE_E; + } + + return ret; } + +int RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, + const byte* entropyB, word32 entropyBSz, + const byte* output, word32 outputSz) +{ + RNG rng; + byte check[SHA256_DIGEST_SIZE * 4]; + + if (Hash_DRBG_Instantiate(&rng, entropyA, entropyASz, NULL, 0) != 0) + return -1; + + if (reseed) { + if (Hash_DRBG_Reseed(&rng, entropyB, entropyBSz) != 0) { + Hash_DRBG_Uninstantiate(&rng); + return -1; + } + } + + if (Hash_DRBG_Generate(&rng, check, sizeof(check)) != 0) { + Hash_DRBG_Uninstantiate(&rng); + return -1; + } + + if (Hash_DRBG_Generate(&rng, check, sizeof(check)) != 0) { + Hash_DRBG_Uninstantiate(&rng); + return -1; + } + + if (outputSz != sizeof(check) || XMEMCMP(output, check, sizeof(check))) { + Hash_DRBG_Uninstantiate(&rng); + return -1; + } + + Hash_DRBG_Uninstantiate(&rng); + + return 0; +} + + #else /* HAVE_HASHDRBG || NO_RC4 */ /* Get seed and key cipher */ diff --git a/ctaocrypt/src/sha.c b/ctaocrypt/src/sha.c index 9797b5317..7501312d5 100644 --- a/ctaocrypt/src/sha.c +++ b/ctaocrypt/src/sha.c @@ -40,6 +40,9 @@ #endif #include +#include +#include + #ifdef NO_INLINE #include #else @@ -392,4 +395,35 @@ int ShaFinal(Sha* sha, byte* hash) #endif /* STM32F2_HASH */ + +int ShaHash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef CYASSL_SMALL_STACK + Sha* sha; +#else + Sha sha[1]; +#endif + +#ifdef CYASSL_SMALL_STACK + sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha == NULL) + return MEMORY_E; +#endif + + if ((ret = InitSha(sha)) != 0) { + CYASSL_MSG("InitSha failed"); + } + else { + ShaUpdate(sha, data, len); + ShaFinal(sha, hash); + } + +#ifdef CYASSL_SMALL_STACK + XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + #endif /* NO_SHA */ diff --git a/ctaocrypt/src/sha256.c b/ctaocrypt/src/sha256.c index 2a0d1f979..a90fb19b5 100644 --- a/ctaocrypt/src/sha256.c +++ b/ctaocrypt/src/sha256.c @@ -42,7 +42,9 @@ #endif #include +#include #include + #ifdef NO_INLINE #include #else @@ -283,5 +285,38 @@ int Sha256Final(Sha256* sha256, byte* hash) } +int Sha256Hash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef CYASSL_SMALL_STACK + Sha256* sha256; +#else + Sha256 sha256[1]; +#endif + +#ifdef CYASSL_SMALL_STACK + sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha256 == NULL) + return MEMORY_E; +#endif + + if ((ret = InitSha256(sha256)) != 0) { + CYASSL_MSG("InitSha256 failed"); + } + else if ((ret = Sha256Update(sha256, data, len)) != 0) { + CYASSL_MSG("Sha256Update failed"); + } + else if ((ret = Sha256Final(sha256, hash)) != 0) { + CYASSL_MSG("Sha256Final failed"); + } + +#ifdef CYASSL_SMALL_STACK + XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + #endif /* NO_SHA256 */ diff --git a/ctaocrypt/src/sha512.c b/ctaocrypt/src/sha512.c index ceb5a7e72..40086949b 100644 --- a/ctaocrypt/src/sha512.c +++ b/ctaocrypt/src/sha512.c @@ -33,7 +33,9 @@ #endif #include +#include #include + #ifdef NO_INLINE #include #else @@ -296,6 +298,38 @@ int Sha512Final(Sha512* sha512, byte* hash) } +int Sha512Hash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef CYASSL_SMALL_STACK + Sha512* sha512; +#else + Sha512 sha512[1]; +#endif + +#ifdef CYASSL_SMALL_STACK + sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha512 == NULL) + return MEMORY_E; +#endif + + if ((ret = InitSha512(sha512)) != 0) { + CYASSL_MSG("InitSha512 failed"); + } + else if ((ret = Sha512Update(sha512, data, len)) != 0) { + CYASSL_MSG("Sha512Update failed"); + } + else if ((ret = Sha512Final(sha512, hash)) != 0) { + CYASSL_MSG("Sha512Final failed"); + } + +#ifdef CYASSL_SMALL_STACK + XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + #ifdef CYASSL_SHA384 @@ -470,6 +504,39 @@ int Sha384Final(Sha384* sha384, byte* hash) return InitSha384(sha384); /* reset state */ } + +int Sha384Hash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef CYASSL_SMALL_STACK + Sha384* sha384; +#else + Sha384 sha384[1]; +#endif + +#ifdef CYASSL_SMALL_STACK + sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha384 == NULL) + return MEMORY_E; +#endif + + if ((ret = InitSha384(sha384)) != 0) { + CYASSL_MSG("InitSha384 failed"); + } + else if ((ret = Sha384Update(sha384, data, len)) != 0) { + CYASSL_MSG("Sha384Update failed"); + } + else if ((ret = Sha384Final(sha384, hash)) != 0) { + CYASSL_MSG("Sha384Final failed"); + } + +#ifdef CYASSL_SMALL_STACK + XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + #endif /* CYASSL_SHA384 */ #endif /* CYASSL_SHA512 */ diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 0a3b2e11a..73011d6da 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -103,7 +103,7 @@ #endif #ifdef HAVE_NTRU - #include "crypto_ntru.h" + #include "ntru_crypto.h" #endif #ifdef HAVE_CAVIUM #include "cavium_sysdep.h" @@ -1167,9 +1167,11 @@ int hmac_md5_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { -#ifdef HAVE_CAVIUM +#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) if (i == 1) - continue; /* driver can't handle keys <= bytes */ + continue; /* cavium can't handle short keys, fips not allowed */ +#endif +#ifdef HAVE_CAVIUM if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) return -20009; #endif @@ -1242,9 +1244,11 @@ int hmac_sha_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { -#ifdef HAVE_CAVIUM +#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) if (i == 1) - continue; /* driver can't handle keys <= bytes */ + continue; /* cavium can't handle short keys, fips not allowed */ +#endif +#ifdef HAVE_CAVIUM if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) return -20010; #endif @@ -1321,9 +1325,11 @@ int hmac_sha256_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { -#ifdef HAVE_CAVIUM +#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) if (i == 1) - continue; /* driver can't handle keys <= bytes */ + continue; /* cavium can't handle short keys, fips not allowed */ +#endif +#ifdef HAVE_CAVIUM if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) return -20011; #endif @@ -1400,9 +1406,11 @@ int hmac_blake2b_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { -#ifdef HAVE_CAVIUM +#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) if (i == 1) - continue; /* driver can't handle keys <= bytes */ + continue; /* cavium can't handle short keys, fips not allowed */ +#endif +#ifdef HAVE_CAVIUM if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) return -20011; #endif @@ -1483,6 +1491,10 @@ int hmac_sha384_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) + if (i == 1) + continue; /* fips not allowed */ +#endif ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i])); if (ret != 0) return -4027; @@ -1559,6 +1571,10 @@ int hmac_sha512_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) + if (i == 1) + continue; /* fips not allowed */ +#endif ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i])); if (ret != 0) return -4030; @@ -2790,6 +2806,74 @@ int camellia_test(void) #endif /* HAVE_CAMELLIA */ +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + +int random_test(void) +{ + const byte test1Entropy[] = + { + 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3, + 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19, + 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31, + 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e + }; + const byte test1Output[] = + { + 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64, + 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5, + 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3, + 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11, + 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81, + 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63, + 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7, + 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c, + 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91, + 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d, + 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf + }; + const byte test2EntropyA[] = + { + 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4, + 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00, + 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f, + 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68 + }; + const byte test2EntropyB[] = + { + 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3, + 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22, + 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3 + }; + const byte test2Output[] = + { + 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb, + 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79, + 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc, + 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac, + 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71, + 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0, + 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8, + 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d, + 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22, + 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07, + 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17 + }; + int ret; + + ret = RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0, + test1Output, sizeof(test1Output)); + if (ret != 0) return -39; + + ret = RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA), + test2EntropyB, sizeof(test2EntropyB), + test2Output, sizeof(test2Output)); + if (ret != 0) return -40; + + return 0; +} + +#else /* HAVE_HASHDRBG || NO_RC4 */ + int random_test(void) { RNG rng; @@ -2809,6 +2893,8 @@ int random_test(void) return 0; } +#endif /* HAVE_HASHDRBG || NO_RC4 */ + #ifdef HAVE_NTRU @@ -2997,8 +3083,8 @@ int rsa_test(void) int pemSz = 0; RsaKey derIn; RsaKey genKey; - FILE* keyFile; - FILE* pemFile; + FILE* keyFile; + FILE* pemFile; ret = InitRsaKey(&genKey, 0); if (ret != 0) @@ -3192,7 +3278,7 @@ int rsa_test(void) int pemSz; size_t bytes3; word32 idx3 = 0; - FILE* file3 ; + FILE* file3 ; #ifdef CYASSL_TEST_CERT DecodedCert decode; #endif @@ -3493,38 +3579,46 @@ int rsa_test(void) static uint8_t const pers_str[] = { 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't' }; - word32 rc = crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), - GetEntropy, &drbg); + word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, + sizeof(pers_str), GetEntropy, &drbg); if (rc != DRBG_OK) { + free(derCert); + free(pem); + return -448; + } + + rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, + &public_key_len, NULL, + &private_key_len, NULL); + if (rc != NTRU_OK) { + free(derCert); + free(pem); + return -449; + } + + rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, + &public_key_len, public_key, + &private_key_len, private_key); + if (rc != NTRU_OK) { free(derCert); free(pem); return -450; } - rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, - NULL, &private_key_len, NULL); + rc = ntru_crypto_drbg_uninstantiate(drbg); + if (rc != NTRU_OK) { free(derCert); free(pem); return -451; } - rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, - public_key, &private_key_len, private_key); - crypto_drbg_uninstantiate(drbg); - - if (rc != NTRU_OK) { - free(derCert); - free(pem); - return -452; - } - caFile = fopen(caKeyFile, "rb"); if (!caFile) { free(derCert); free(pem); - return -453; + return -452; } bytes = fread(tmp, 1, FOURK_BUF, caFile); @@ -3534,7 +3628,7 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); - return -459; + return -453; } ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); if (ret != 0) { @@ -3911,7 +4005,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_md5()); - EVP_DigestUpdate(&md_ctx, a.input, a.inLen); + EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0) @@ -3928,7 +4022,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha1()); - EVP_DigestUpdate(&md_ctx, b.input, b.inLen); + EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0) @@ -3945,7 +4039,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha256()); - EVP_DigestUpdate(&md_ctx, d.input, d.inLen); + EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, d.output, SHA256_DIGEST_SIZE) != 0) @@ -3989,7 +4083,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha512()); - EVP_DigestUpdate(&md_ctx, f.input, f.inLen); + EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0) @@ -4264,6 +4358,8 @@ int hkdf_test(void) (void)res2; (void)res3; (void)res4; + (void)salt1; + (void)info1; #ifndef NO_SHA ret = HKDF(SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L); @@ -4273,12 +4369,15 @@ int hkdf_test(void) if (memcmp(okm1, res1, L) != 0) return -2002; +#ifndef HAVE_FIPS + /* fips can't have key size under 14 bytes, salt is key too */ ret = HKDF(SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L); if (ret != 0) return -2003; if (memcmp(okm1, res2, L) != 0) return -2004; +#endif /* HAVE_FIPS */ #endif /* NO_SHA */ #ifndef NO_SHA256 @@ -4289,12 +4388,15 @@ int hkdf_test(void) if (memcmp(okm1, res3, L) != 0) return -2006; +#ifndef HAVE_FIPS + /* fips can't have key size under 14 bytes, salt is key too */ ret = HKDF(SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L); if (ret != 0) return -2007; if (memcmp(okm1, res4, L) != 0) return -2007; +#endif /* HAVE_FIPS */ #endif /* NO_SHA256 */ return 0; @@ -4473,6 +4575,9 @@ int ecc_encrypt_test(void) ret = ecc_ctx_set_peer_salt(cliCtx, srvSalt); ret += ecc_ctx_set_peer_salt(srvCtx, cliSalt); + ret += ecc_ctx_set_info(cliCtx, (byte*)"CyaSSL MSGE", 11); + ret += ecc_ctx_set_info(srvCtx, (byte*)"CyaSSL MSGE", 11); + if (ret != 0) return -3008; diff --git a/cyassl/certs_test.h b/cyassl/certs_test.h index 5d10679a6..cd3341f4b 100644 --- a/cyassl/certs_test.h +++ b/cyassl/certs_test.h @@ -70,7 +70,7 @@ const unsigned char client_key_der_1024[] = 0xA2, 0xFE, 0xBF, 0x08, 0x6B, 0x1A, 0x5D, 0x3F, 0x90, 0x12, 0xB1, 0x05, 0x86, 0x31, 0x29, 0xDB, 0xD9, 0xE2 }; -const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024) ; +const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024); /* ./certs/1024/client-cert.der, 1024-bit */ const unsigned char client_cert_der_1024[] = @@ -152,7 +152,7 @@ const unsigned char client_cert_der_1024[] = 0x1B, 0x4E, 0x5D, 0xBC, 0x4E, 0x9A, 0x7C, 0x1F, 0xAB, 0x56, 0x47, 0x4A }; -const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024) ; +const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024); /* ./certs/1024/dh1024.der, 1024-bit */ const unsigned char dh_key_der_1024[] = @@ -172,7 +172,7 @@ const unsigned char dh_key_der_1024[] = 0x8C, 0x63, 0x0A, 0xAD, 0xC7, 0x10, 0xEA, 0xC7, 0xA1, 0xB9, 0x9D, 0xF2, 0xA8, 0x37, 0x73, 0x02, 0x01, 0x02 }; -const int sizeof_dh_key_der_1024 = sizeof(dh_key_der_1024) ; +const int sizeof_dh_key_der_1024 = sizeof(dh_key_der_1024); /* ./certs/1024/dsa1024.der, 1024-bit */ const unsigned char dsa_key_der_1024[] = @@ -223,7 +223,7 @@ const unsigned char dsa_key_der_1024[] = 0x3B, 0xA1, 0x19, 0x75, 0xDF, 0x9B, 0xF5, 0x72, 0x53, 0x4F, 0x39, 0xE1, 0x1C, 0xEC, 0x13, 0x84, 0x82, 0x18 }; -const int sizeof_dsa_key_der_1024 = sizeof(dsa_key_der_1024) ; +const int sizeof_dsa_key_der_1024 = sizeof(dsa_key_der_1024); /* ./certs/1024/rsa1024.der, 1024-bit */ const unsigned char rsa_key_der_1024[] = @@ -290,7 +290,7 @@ const unsigned char rsa_key_der_1024[] = 0xB9, 0x9E, 0xD5, 0x5B, 0x2E, 0x87, 0x1C, 0x58, 0xD0, 0x37, 0x89, 0x96, 0xEC, 0x48, 0x54, 0xF5, 0x9F, 0x0F, 0xB3 }; -const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024) ; +const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024); #elif defined(USE_CERT_BUFFERS_2048) @@ -418,7 +418,7 @@ const unsigned char client_key_der_2048[] = 0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, 0xF5, 0xBF }; -const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048) ; +const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048); /* ./certs/client-cert.der, 2048-bit */ const unsigned char client_cert_der_2048[] = @@ -543,11 +543,11 @@ const unsigned char client_cert_der_2048[] = 0xC9, 0xB1, 0x71, 0x7E, 0x1B, 0x2B, 0xE1, 0xE3, 0xAF, 0xC0 }; -const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048) ; +const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048); /* ./certs/dh2048.der, 2048-bit */ const unsigned char dh_key_der_2048[] = -{ +{ 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB0, 0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C, 0xBC, 0x30, 0xD5, 0xF5, 0x00, 0xC1, 0x4F, 0x44, 0xA7, 0xD6, @@ -576,7 +576,7 @@ const unsigned char dh_key_der_2048[] = 0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E, 0x7E, 0xAF, 0x00, 0x3F, 0x93, 0x02, 0x01, 0x02 }; -const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048) ; +const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048); /* ./certs/dsa2048.der, 2048-bit */ const unsigned char dsa_key_der_2048[] = @@ -666,7 +666,7 @@ const unsigned char dsa_key_der_2048[] = 0x3E, 0x75, 0x13, 0x13, 0x06, 0x8F, 0x94, 0xD3, 0xE6, 0xE9, 0x00, 0xCB, 0x62, 0x6D, 0x9A }; -const int sizeof_dsa_key_der_2048 = sizeof(dsa_key_der_2048) ; +const int sizeof_dsa_key_der_2048 = sizeof(dsa_key_der_2048); /* ./certs/rsa2048.der, 2048-bit */ const unsigned char rsa_key_der_2048[] = @@ -792,7 +792,356 @@ const unsigned char rsa_key_der_2048[] = 0x83, 0x0B, 0xD4, 0x74, 0x80, 0xB6, 0x7D, 0x62, 0x45, 0xBF, 0x56 }; -const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048) ; +const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048); + +/* ./certs/ca-cert.der, 2048-bit */ +const unsigned char ca_cert_der_2048[] = +{ + 0x30, 0x82, 0x04, 0x9E, 0x30, 0x82, 0x03, 0x86, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE9, 0xD0, 0xA7, 0x5F, + 0x79, 0x25, 0xF4, 0x3C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, + 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x13, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x13, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, + 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, + 0x67, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x13, 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, + 0x16, 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, + 0x31, 0x31, 0x31, 0x30, 0x32, 0x34, 0x31, 0x38, 0x31, 0x38, + 0x31, 0x35, 0x5A, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x32, + 0x30, 0x31, 0x38, 0x31, 0x38, 0x31, 0x35, 0x5A, 0x30, 0x81, + 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x13, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, + 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A, + 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, + 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, + 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, + 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, + 0xCA, 0x2D, 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, + 0x1F, 0x4A, 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, + 0xDF, 0xCA, 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, + 0xEE, 0x2A, 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, + 0x10, 0x98, 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, + 0x4F, 0xDE, 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, + 0x90, 0xBB, 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, + 0xC5, 0xF1, 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, + 0x10, 0x41, 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, + 0xD2, 0x70, 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, + 0x7C, 0xED, 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, + 0xC7, 0xED, 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, + 0x5C, 0x38, 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, + 0x94, 0x3C, 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, + 0x1D, 0x13, 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, + 0xB8, 0x7D, 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, + 0x21, 0xDC, 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, + 0xFC, 0x7D, 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, + 0x05, 0x67, 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, + 0xB5, 0x68, 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, + 0x63, 0xF5, 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, + 0x5A, 0x17, 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, + 0xFE, 0xC3, 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, + 0x00, 0x52, 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, + 0x1D, 0xB9, 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, + 0xBD, 0xED, 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, + 0x81, 0xF8, 0x30, 0x81, 0xF5, 0x30, 0x1D, 0x06, 0x03, 0x55, + 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11, + 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, + 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC5, 0x06, + 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xBD, 0x30, 0x81, 0xBA, + 0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, + 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, + 0xE8, 0xD5, 0xA1, 0x81, 0x96, 0xA4, 0x81, 0x93, 0x30, 0x81, + 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x13, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, + 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A, + 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, + 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, + 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xE9, 0xD0, + 0xA7, 0x5F, 0x79, 0x25, 0xF4, 0x3C, 0x30, 0x0C, 0x06, 0x03, + 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x5F, 0x86, 0x14, 0xF4, 0x51, 0x8B, 0xBC, 0xA5, 0x4E, 0x30, + 0xDA, 0x5E, 0xAC, 0x9A, 0xF8, 0x6C, 0xD9, 0x26, 0x4B, 0x93, + 0xF9, 0xE3, 0x1C, 0x89, 0x6F, 0x9E, 0xEE, 0xB3, 0x9D, 0x77, + 0x3E, 0x89, 0x20, 0x76, 0xA3, 0xE6, 0xE8, 0x86, 0x15, 0x21, + 0xDB, 0xE2, 0x33, 0xB2, 0x34, 0xD5, 0xD0, 0x9F, 0xF3, 0xC1, + 0xA4, 0x87, 0x92, 0x5C, 0xF9, 0xD1, 0xFF, 0x30, 0x2F, 0x8E, + 0x03, 0xBC, 0xB3, 0x3C, 0x0C, 0x32, 0xA3, 0x90, 0x5F, 0x1A, + 0x90, 0x1E, 0xAF, 0x9D, 0xF3, 0x9E, 0xD7, 0x07, 0x02, 0xA9, + 0x7D, 0x27, 0x66, 0x63, 0x2F, 0xAF, 0x18, 0xD7, 0xAC, 0x18, + 0x98, 0x8C, 0x83, 0x8F, 0x38, 0xF3, 0x0B, 0xAC, 0x36, 0x10, + 0x75, 0xFB, 0xCA, 0x76, 0x13, 0x50, 0x5B, 0x02, 0x8F, 0x73, + 0xBF, 0xE3, 0xA0, 0xEE, 0x83, 0x52, 0x25, 0x54, 0xCE, 0x26, + 0xCE, 0x9C, 0xBD, 0x2F, 0x79, 0xAB, 0x1B, 0x60, 0xB8, 0x92, + 0xF1, 0x03, 0xC0, 0xFC, 0x3B, 0x08, 0xD9, 0xC0, 0xAD, 0xD5, + 0x72, 0x08, 0x25, 0x80, 0x61, 0x2D, 0xDC, 0x9F, 0xA7, 0x83, + 0x62, 0x07, 0x47, 0xE0, 0x07, 0x4C, 0x4B, 0x07, 0x30, 0x04, + 0xA9, 0x87, 0x1C, 0x55, 0x7F, 0x07, 0x12, 0xD0, 0xCB, 0x42, + 0x5D, 0xCB, 0xCF, 0x66, 0x01, 0x1A, 0x17, 0xEE, 0xF9, 0x0F, + 0x60, 0xB7, 0xDB, 0x6F, 0x68, 0xE5, 0x4E, 0x41, 0x62, 0x6E, + 0xD3, 0x6F, 0x60, 0x4F, 0x4B, 0x27, 0xDE, 0xCF, 0x18, 0x07, + 0xF1, 0x13, 0x5D, 0xCB, 0x3F, 0xA9, 0x25, 0x44, 0xDA, 0x52, + 0x5C, 0xC8, 0x04, 0xE1, 0x56, 0x12, 0xF5, 0x2A, 0x90, 0x4E, + 0xD1, 0xE2, 0xAF, 0x01, 0xB5, 0x23, 0xA1, 0xEC, 0x31, 0xDA, + 0x7B, 0x63, 0x69, 0xC4, 0xB8, 0xF3, 0xE7, 0xCE, 0xA1, 0x3D, + 0xC0, 0xDB, 0x6D, 0xF3, 0xB2, 0xD9, 0x46, 0xC8, 0x9F, 0xC3, + 0xB8, 0x70, 0x5A, 0x1F, 0x7F, 0xCA +}; +const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); + +/* ./certs/server-key.der, 2048-bit */ +const unsigned char server_key_der_2048[] = +{ + 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, + 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xC6, 0x45, + 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F, 0x4E, + 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, + 0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, + 0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, + 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, 0xBA, 0xE0, + 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, + 0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, + 0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, + 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3, 0xAE, 0x00, + 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73, + 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, + 0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, + 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17, 0xA6, 0xF3, + 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5, 0xFD, + 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, + 0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, + 0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A, 0xBC, 0xE1, + 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, 0x78, 0x0F, + 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, + 0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, + 0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, + 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58, + 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, + 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, + 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50, 0x01, 0xEF, 0x9F, 0xED, + 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7, 0x92, + 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, + 0xC6, 0x79, 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, + 0x95, 0x77, 0xCB, 0xC3, 0x9A, 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, + 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA, 0x67, 0x16, + 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, + 0xFB, 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, + 0x98, 0x6B, 0x65, 0x9A, 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, + 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22, 0x60, 0x2A, 0x73, + 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4, + 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, + 0x25, 0x4E, 0x9F, 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, + 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64, 0xCA, 0x9A, 0x5B, 0x05, + 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32, 0x22, + 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, + 0x74, 0xD3, 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, + 0x7A, 0x97, 0x2E, 0xD6, 0xB6, 0x19, 0xC6, 0x92, 0x26, 0xE4, + 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9, 0x78, 0x0D, + 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, + 0x41, 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, + 0xD2, 0x60, 0xF2, 0x9F, 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, + 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C, 0xE6, 0x55, 0x34, + 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A, + 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, + 0xF1, 0x58, 0x58, 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, + 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9, 0x10, 0x32, 0xB7, 0x93, + 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6, 0xB5, + 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, + 0x1B, 0xAC, 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, + 0x19, 0xB8, 0xC3, 0x60, 0xB1, 0x57, 0x48, 0x5F, 0x52, 0x4F, + 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43, 0x50, 0x3F, + 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, + 0xAD, 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, + 0x70, 0x9C, 0x0A, 0x7C, 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, + 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD, 0x15, 0x73, 0xDA, + 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0, + 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, + 0xC6, 0xB1, 0x53, 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, + 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D, 0xB7, 0x5C, 0x5C, 0x7C, + 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63, 0xB3, + 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, + 0x8E, 0x7B, 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, + 0x7D, 0xEA, 0xFE, 0x76, 0xA1, 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, + 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B, 0x5B, 0x0F, + 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, + 0xED, 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, + 0x13, 0x23, 0x4C, 0xCB, 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, + 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C, 0xC1, 0x85, 0x5F, + 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3, + 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, + 0x5F, 0x53, 0xA4, 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, + 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB, 0xD5, 0xFE, 0xF9, 0x52, + 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52, 0x2F, + 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, + 0x52, 0xDA, 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, + 0xD3, 0x18, 0x14, 0x72, 0x77, 0x5E, 0xC7, 0xA3, 0x04, 0x1F, + 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3, 0xF2, 0xB5, + 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, + 0x5F, 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, + 0x56, 0xC0, 0xD4, 0x22, 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, + 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95, 0x92, 0x31, 0x41, + 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39, + 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, + 0x22, 0x00, 0xFE, 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, + 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41, 0x56, 0x28, 0x51, 0x9E, + 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2, 0x6C, + 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, + 0xD4, 0x0C, 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, + 0xD4, 0xE6, 0xDC, 0x4C, 0xED, 0xD7, 0x16, 0x11, 0xC3, 0x3E, + 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE, 0xBB, 0x75, + 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, + 0xC5, 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, + 0x6E, 0x99, 0x87, 0xF8, 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, + 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF, 0x16, 0xCA, 0x8B, + 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC, + 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, + 0x9D, 0xE0, 0x63, 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, + 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D, 0x45, 0xF9, 0x40, 0x8C, + 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C, 0xAC, + 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, + 0xE5, 0x8A, 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, + 0x86, 0x09, 0xB8, 0xD8, 0x76, 0xA7, 0xC9, 0x1C, 0x71, 0x52, + 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD, 0x61, 0x1B, + 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, + 0x43, 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, + 0x5E, 0xCF, 0x4F, 0xFC, 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, + 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5, 0x29, 0xD0, 0x44, + 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2, + 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, + 0x7C, 0x9A, 0x1F, 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, + 0x3B, 0xF1, 0xB0 +}; +const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048); + +/* ./certs/server-cert.der, 2048-bit */ +const unsigned char server_cert_der_2048[] = +{ + 0x30, 0x82, 0x03, 0x90, 0x30, 0x82, 0x02, 0x78, 0x02, 0x01, + 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x90, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, + 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x08, 0x53, + 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A, 0x43, 0x6F, + 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x16, + 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0D, 0x77, + 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, + 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x31, 0x31, + 0x30, 0x32, 0x34, 0x31, 0x38, 0x32, 0x37, 0x31, 0x33, 0x5A, + 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x32, 0x30, 0x31, 0x38, + 0x32, 0x37, 0x31, 0x33, 0x5A, 0x30, 0x81, 0x8A, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, + 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0E, 0x30, + 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x05, 0x79, 0x61, + 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x13, 0x07, 0x53, 0x75, 0x70, 0x70, 0x6F, 0x72, + 0x74, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x13, 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, + 0x16, 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, + 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0, + 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, + 0x45, 0x41, 0x27, 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, + 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F, 0x4E, 0xD6, 0xF6, 0x1C, + 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE, 0x5C, + 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, + 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, + 0x17, 0xFC, 0xCA, 0x5D, 0x7B, 0xBA, 0xE0, 0x21, 0xE5, 0x72, + 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA, 0xAC, 0x1B, + 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, + 0x63, 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, + 0xA5, 0x1C, 0x5C, 0x34, 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, + 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73, 0xA6, 0x8C, 0x18, + 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10, + 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, + 0x87, 0x6E, 0xC4, 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, + 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5, 0xFD, 0x66, 0x51, 0x0C, + 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23, 0x73, + 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, + 0x2A, 0xD0, 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, + 0xC7, 0xA0, 0xC0, 0xC1, 0x63, 0x78, 0x0F, 0x44, 0x37, 0x30, + 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77, 0xBA, 0x13, + 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, + 0x39, 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, + 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, + 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, 0xD2, 0x96, 0xDF, + 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x71, 0x4E, 0xD3, 0x62, 0xDF, 0xCC, 0x4C, 0xF7, 0xCD, 0xB7, + 0x6E, 0x52, 0x0B, 0x6C, 0x6E, 0xE0, 0xBD, 0xC2, 0x2D, 0x07, + 0xD7, 0xC0, 0xB0, 0x6E, 0x43, 0x1E, 0x35, 0xBC, 0x30, 0x01, + 0x50, 0xF0, 0xFF, 0x99, 0x23, 0x6C, 0x18, 0x1A, 0x41, 0xB6, + 0x11, 0xD6, 0xD4, 0x19, 0x61, 0xFD, 0xE4, 0x77, 0x97, 0x1C, + 0x39, 0xE1, 0x57, 0xAB, 0xC5, 0x15, 0x63, 0x77, 0x11, 0x36, + 0x5E, 0x74, 0xE2, 0x24, 0x0B, 0x1F, 0x41, 0x78, 0xAD, 0xB7, + 0x81, 0xE7, 0xB4, 0x40, 0x66, 0x80, 0xF0, 0x4B, 0x91, 0xA0, + 0x6D, 0xA8, 0x6E, 0x3D, 0x53, 0xD9, 0x8B, 0xCE, 0x2A, 0xE1, + 0x0B, 0x45, 0x65, 0x87, 0xA1, 0x96, 0xAE, 0xEE, 0x3E, 0x88, + 0xD5, 0x12, 0x1F, 0x78, 0x17, 0xAE, 0x2C, 0xC5, 0x73, 0x44, + 0xD8, 0xDC, 0xF4, 0xAF, 0xD8, 0xCC, 0xAE, 0x4C, 0xE1, 0x0C, + 0xBE, 0x55, 0xA4, 0x99, 0xF7, 0x6E, 0x96, 0xC0, 0xC8, 0x45, + 0x87, 0xBF, 0xDC, 0x51, 0x57, 0xFF, 0x9E, 0x73, 0x37, 0x6A, + 0x18, 0x9C, 0xC3, 0xF9, 0x22, 0x7A, 0xF4, 0xB0, 0x52, 0xBD, + 0xFC, 0x21, 0x30, 0xF8, 0xC5, 0xFF, 0x1E, 0x87, 0x7D, 0xAD, + 0xA2, 0x5A, 0x35, 0xF5, 0x22, 0xA8, 0xB4, 0x0A, 0x76, 0x38, + 0xE6, 0x76, 0xB0, 0x98, 0xAF, 0x1B, 0xEC, 0x8A, 0x0A, 0x43, + 0x74, 0xD2, 0x85, 0x34, 0x37, 0x84, 0x07, 0xE1, 0xF6, 0x23, + 0xB2, 0x29, 0xDE, 0xA6, 0xB6, 0xB7, 0x4C, 0x57, 0x7E, 0x96, + 0x06, 0xCB, 0xA9, 0x16, 0x25, 0x29, 0x3A, 0x03, 0x2D, 0x55, + 0x7D, 0xA6, 0x8C, 0xA4, 0xF7, 0x9E, 0x81, 0xC9, 0x95, 0xB6, + 0x7C, 0xC1, 0x4A, 0xCE, 0x94, 0x66, 0x0C, 0xCA, 0x88, 0xEB, + 0xD2, 0x09, 0xF5, 0x5B, 0x19, 0x58, 0x82, 0xDF, 0x27, 0xFD, + 0x67, 0x95, 0x78, 0xB7, 0x02, 0x06, 0xD5, 0xA7, 0x61, 0xBD, + 0xEF, 0x3A, 0xFC, 0xB2, 0x61, 0xCD +}; +const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048); #endif /* USE_CERT_BUFFERS_1024 */ diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index c36dfd5f5..69d86abf3 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -41,6 +41,8 @@ #if defined (__GNUC__) #define ALIGN16 __attribute__ ( (aligned (16))) #elif defined(_MSC_VER) + /* disable align warning, we want alignment ! */ + #pragma warning(disable: 4324) #define ALIGN16 __declspec (align (16)) #else #define ALIGN16 diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index 239c07491..bc51e529c 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -189,7 +189,7 @@ enum Block_Sum { enum Key_Sum { DSAk = 515, RSAk = 645, - NTRUk = 364, + NTRUk = 274, ECDSAk = 518 }; @@ -340,7 +340,8 @@ struct DecodedCert { #endif /* HAVE_OCSP */ byte* signature; /* not owned, points into raw cert */ char* subjectCN; /* CommonName */ - int subjectCNLen; + int subjectCNLen; /* CommonName Length */ + char subjectCNEnc; /* CommonName Encoding */ int subjectCNStored; /* have we saved a copy we own */ char issuer[ASN_NAME_MAX]; /* full name including common name */ char subject[ASN_NAME_MAX]; /* full name including common name */ @@ -411,16 +412,22 @@ struct DecodedCert { /* easy access to subject info for other sign */ char* subjectSN; int subjectSNLen; + char subjectSNEnc; char* subjectC; int subjectCLen; + char subjectCEnc; char* subjectL; int subjectLLen; + char subjectLEnc; char* subjectST; int subjectSTLen; + char subjectSTEnc; char* subjectO; int subjectOLen; + char subjectOEnc; char* subjectOU; int subjectOULen; + char subjectOUEnc; char* subjectEmail; int subjectEmailLen; #endif /* CYASSL_CERT_GEN */ diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index 3ad601709..34c899dc0 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -62,6 +62,11 @@ enum Ctc_SigType { CTC_SHA512wECDSA = 526 }; +enum Ctc_Encoding { + CTC_UTF8 = 0x0c, /* utf8 */ + CTC_PRINTABLE = 0x13 /* printable */ +}; + #ifdef CYASSL_CERT_GEN @@ -70,20 +75,27 @@ enum Ctc_SigType { #endif enum Ctc_Misc { - CTC_NAME_SIZE = 64, - CTC_DATE_SIZE = 32, - CTC_MAX_ALT_SIZE = 8192, /* may be huge */ - CTC_SERIAL_SIZE = 8 + CTC_NAME_SIZE = 64, + CTC_DATE_SIZE = 32, + CTC_MAX_ALT_SIZE = 16384, /* may be huge */ + CTC_SERIAL_SIZE = 8 }; typedef struct CertName { char country[CTC_NAME_SIZE]; + char countryEnc; char state[CTC_NAME_SIZE]; + char stateEnc; char locality[CTC_NAME_SIZE]; + char localityEnc; char sur[CTC_NAME_SIZE]; + char surEnc; char org[CTC_NAME_SIZE]; + char orgEnc; char unit[CTC_NAME_SIZE]; + char unitEnc; char commonName[CTC_NAME_SIZE]; + char commonNameEnc; char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */ } CertName; diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index 13da7e28a..0c8f64006 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -82,9 +82,9 @@ typedef struct Des3 { CYASSL_API int Des_SetKey(Des* des, const byte* key, const byte* iv, int dir); CYASSL_API void Des_SetIV(Des* des, const byte* iv); -CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz); -CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); -CYASSL_API void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz); +CYASSL_API int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz); +CYASSL_API int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); +CYASSL_API int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz); CYASSL_API int Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir); CYASSL_API int Des3_SetIV(Des3* des, const byte* iv); diff --git a/cyassl/ctaocrypt/ecc.h b/cyassl/ctaocrypt/ecc.h index 0c44a4f0a..a885abf63 100644 --- a/cyassl/ctaocrypt/ecc.h +++ b/cyassl/ctaocrypt/ecc.h @@ -164,6 +164,8 @@ CYASSL_API const byte* ecc_ctx_get_own_salt(ecEncCtx*); CYASSL_API int ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt); +CYASSL_API +int ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz); CYASSL_API int ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, diff --git a/cyassl/ctaocrypt/error-crypt.h b/cyassl/ctaocrypt/error-crypt.h index 113d2d73a..c75d37ceb 100644 --- a/cyassl/ctaocrypt/error-crypt.h +++ b/cyassl/ctaocrypt/error-crypt.h @@ -33,7 +33,7 @@ /* error codes */ enum { - MAX_CODE_E = -100, /* errors -101 - -199 */ + MAX_CODE_E = -100, /* errors -101 - -299 */ OPEN_RAN_E = -101, /* opening random device error */ READ_RAN_E = -102, /* reading random device error */ WINCRYPT_E = -103, /* windows crypt init error */ @@ -125,11 +125,16 @@ enum { FIPS_NOT_ALLOWED_E = -197, /* FIPS not allowed error */ ASN_NAME_INVALID_E = -198, /* ASN name constraint error */ - MIN_CODE_E = -200 /* errors -101 - -199 */ + RNG_FAILURE_E = -199, /* RNG Failed, Reinitialize */ + + HMAC_MIN_KEYLEN_E = -200, /* FIPS Mode HMAC Minimum Key Length error */ + + MIN_CODE_E = -300 /* errors -101 - -299 */ }; CYASSL_API void CTaoCryptErrorString(int err, char* buff); +CYASSL_API const char* CTaoCryptGetErrorString(int error); #ifdef __cplusplus diff --git a/cyassl/ctaocrypt/hmac.h b/cyassl/ctaocrypt/hmac.h index 68627efcd..78cc9556c 100644 --- a/cyassl/ctaocrypt/hmac.h +++ b/cyassl/ctaocrypt/hmac.h @@ -60,6 +60,8 @@ #define CYASSL_HMAC_CAVIUM_MAGIC 0xBEEF0005 enum { + HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */ + IPAD = 0x36, OPAD = 0x5C, diff --git a/cyassl/ctaocrypt/include.am b/cyassl/ctaocrypt/include.am index 2f71f6ebd..f03b67334 100644 --- a/cyassl/ctaocrypt/include.am +++ b/cyassl/ctaocrypt/include.am @@ -24,7 +24,7 @@ nobase_include_HEADERS+= \ cyassl/ctaocrypt/md5.h \ cyassl/ctaocrypt/misc.h \ cyassl/ctaocrypt/pkcs7.h \ - cyassl/ctaocrypt/port.h \ + cyassl/ctaocrypt/wc_port.h \ cyassl/ctaocrypt/pwdbased.h \ cyassl/ctaocrypt/rabbit.h \ cyassl/ctaocrypt/chacha.h \ diff --git a/cyassl/ctaocrypt/integer.h b/cyassl/ctaocrypt/integer.h index 8f20f901b..77b5552c7 100644 --- a/cyassl/ctaocrypt/integer.h +++ b/cyassl/ctaocrypt/integer.h @@ -70,6 +70,10 @@ extern "C" { #define MP_64BIT #endif #endif +/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */ +#if defined(MP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T) + #undef MP_64BIT +#endif /* some default configurations. * diff --git a/cyassl/ctaocrypt/md2.h b/cyassl/ctaocrypt/md2.h index 0b99c43ba..2d55cd9ea 100644 --- a/cyassl/ctaocrypt/md2.h +++ b/cyassl/ctaocrypt/md2.h @@ -54,6 +54,7 @@ typedef struct Md2 { CYASSL_API void InitMd2(Md2*); CYASSL_API void Md2Update(Md2*, const byte*, word32); CYASSL_API void Md2Final(Md2*, byte*); +CYASSL_API int Md2Hash(const byte*, word32, byte*); #ifdef __cplusplus diff --git a/cyassl/ctaocrypt/md5.h b/cyassl/ctaocrypt/md5.h index 418d7b14d..f62ede96c 100644 --- a/cyassl/ctaocrypt/md5.h +++ b/cyassl/ctaocrypt/md5.h @@ -63,6 +63,8 @@ typedef struct Md5 { CYASSL_API void InitMd5(Md5*); CYASSL_API void Md5Update(Md5*, const byte*, word32); CYASSL_API void Md5Final(Md5*, byte*); +CYASSL_API int Md5Hash(const byte*, word32, byte*); + #ifdef __cplusplus } /* extern "C" */ diff --git a/cyassl/ctaocrypt/random.h b/cyassl/ctaocrypt/random.h index 8111ac494..728c22209 100644 --- a/cyassl/ctaocrypt/random.h +++ b/cyassl/ctaocrypt/random.h @@ -84,6 +84,7 @@ typedef struct RNG { byte V[DRBG_SEED_LEN]; byte C[DRBG_SEED_LEN]; word32 reseedCtr; + byte status; } RNG; @@ -119,10 +120,33 @@ CYASSL_API int RNG_GenerateByte(RNG*, byte*); #if defined(HAVE_HASHDRBG) || defined(NO_RC4) - CYASSL_API void FreeRng(RNG*); + CYASSL_API int FreeRng(RNG*); + CYASSL_API int RNG_HealthTest(int reseed, + const byte* entropyA, word32 entropyASz, + const byte* entropyB, word32 entropyBSz, + const byte* output, word32 outputSz); #endif /* HAVE_HASHDRBG || NO_RC4 */ +#ifdef HAVE_FIPS + /* fips wrapper calls, user can call direct */ + CYASSL_API int InitRng_fips(RNG* rng); + CYASSL_API int FreeRng_fips(RNG* rng); + CYASSL_API int RNG_GenerateBlock_fips(RNG* rng, byte* buf, word32 bufSz); + CYASSL_API int RNG_HealthTest_fips(int reseed, + const byte* entropyA, word32 entropyASz, + const byte* entropyB, word32 entropyBSz, + const byte* output, word32 outputSz); + #ifndef FIPS_NO_WRAPPERS + /* if not impl or fips.c impl wrapper force fips calls if fips build */ + #define InitRng InitRng_fips + #define FreeRng FreeRng_fips + #define RNG_GenerateBlock RNG_GenerateBlock_fips + #define RNG_HealthTest RNG_HealthTest_fips + #endif /* FIPS_NO_WRAPPERS */ +#endif /* HAVE_FIPS */ + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index c8bd28f14..57bb8290e 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -647,6 +647,11 @@ #endif +/* FreeScale MMCAU hardware crypto has 4 byte alignment */ +#ifdef FREESCALE_MMCAU + #define CYASSL_MMCAU_ALIGNMENT 4 +#endif + /* if using hardware crypto and have alignment requirements, specify the requirement here. The record header of SSL/TLS will prvent easy alignment. This hint tries to help as much as possible. */ @@ -655,6 +660,8 @@ #define CYASSL_GENERAL_ALIGNMENT 16 #elif defined(XSTREAM_ALIGNMENT) #define CYASSL_GENERAL_ALIGNMENT 4 + #elif defined(FREESCALE_MMCAU) + #define CYASSL_GENERAL_ALIGNMENT CYASSL_MMCAU_ALIGNMENT #else #define CYASSL_GENERAL_ALIGNMENT 0 #endif @@ -666,6 +673,12 @@ #define NO_SKID #endif + +#ifdef __INTEL_COMPILER + #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */ +#endif + + /* Place any other flags or defines here */ diff --git a/cyassl/ctaocrypt/sha.h b/cyassl/ctaocrypt/sha.h index 749b728a5..f1820a6d9 100644 --- a/cyassl/ctaocrypt/sha.h +++ b/cyassl/ctaocrypt/sha.h @@ -65,6 +65,7 @@ typedef struct Sha { CYASSL_API int InitSha(Sha*); CYASSL_API int ShaUpdate(Sha*, const byte*, word32); CYASSL_API int ShaFinal(Sha*, byte*); +CYASSL_API int ShaHash(const byte*, word32, byte*); #ifdef HAVE_FIPS diff --git a/cyassl/ctaocrypt/sha256.h b/cyassl/ctaocrypt/sha256.h index 5b709c23e..c619461a3 100644 --- a/cyassl/ctaocrypt/sha256.h +++ b/cyassl/ctaocrypt/sha256.h @@ -61,9 +61,10 @@ typedef struct Sha256 { } Sha256; -CYASSL_API int InitSha256(Sha256*); -CYASSL_API int Sha256Update(Sha256*, const byte*, word32); -CYASSL_API int Sha256Final(Sha256*, byte*); +CYASSL_API int InitSha256(Sha256*); +CYASSL_API int Sha256Update(Sha256*, const byte*, word32); +CYASSL_API int Sha256Final(Sha256*, byte*); +CYASSL_API int Sha256Hash(const byte*, word32, byte*); #ifdef HAVE_FIPS diff --git a/cyassl/ctaocrypt/sha512.h b/cyassl/ctaocrypt/sha512.h index 5a49942cb..143402439 100644 --- a/cyassl/ctaocrypt/sha512.h +++ b/cyassl/ctaocrypt/sha512.h @@ -54,6 +54,7 @@ typedef struct Sha512 { CYASSL_API int InitSha512(Sha512*); CYASSL_API int Sha512Update(Sha512*, const byte*, word32); CYASSL_API int Sha512Final(Sha512*, byte*); +CYASSL_API int Sha512Hash(const byte*, word32, byte*); #if defined(CYASSL_SHA384) || defined(HAVE_AESGCM) @@ -80,6 +81,7 @@ typedef struct Sha384 { CYASSL_API int InitSha384(Sha384*); CYASSL_API int Sha384Update(Sha384*, const byte*, word32); CYASSL_API int Sha384Final(Sha384*, byte*); +CYASSL_API int Sha384Hash(const byte*, word32, byte*); #ifdef HAVE_FIPS diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index abb588f78..f4e98c152 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -73,6 +73,11 @@ #if defined(__x86_64__) && !defined(FP_64BIT) #define FP_64BIT #endif +/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */ +#if defined(FP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T) + #undef FP_64BIT + #undef TFM_X86_64 +#endif #endif /* NO_64BIT */ /* try to detect x86-32 */ diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 194b50b76..33cdb780e 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -24,7 +24,7 @@ #define CTAO_CRYPT_TYPES_H #include -#include +#include #ifdef __cplusplus extern "C" { diff --git a/cyassl/error-ssl.h b/cyassl/error-ssl.h index 74445b40c..71778ec15 100644 --- a/cyassl/error-ssl.h +++ b/cyassl/error-ssl.h @@ -30,98 +30,99 @@ #endif enum CyaSSL_ErrorCodes { - INPUT_CASE_ERROR = -201, /* process input state error */ - PREFIX_ERROR = -202, /* bad index to key rounds */ - MEMORY_ERROR = -203, /* out of memory */ - VERIFY_FINISHED_ERROR = -204, /* verify problem on finished */ - VERIFY_MAC_ERROR = -205, /* verify mac problem */ - PARSE_ERROR = -206, /* parse error on header */ - UNKNOWN_HANDSHAKE_TYPE = -207, /* weird handshake type */ - SOCKET_ERROR_E = -208, /* error state on socket */ - SOCKET_NODATA = -209, /* expected data, not there */ - INCOMPLETE_DATA = -210, /* don't have enough data to + INPUT_CASE_ERROR = -301, /* process input state error */ + PREFIX_ERROR = -302, /* bad index to key rounds */ + MEMORY_ERROR = -303, /* out of memory */ + VERIFY_FINISHED_ERROR = -304, /* verify problem on finished */ + VERIFY_MAC_ERROR = -305, /* verify mac problem */ + PARSE_ERROR = -306, /* parse error on header */ + UNKNOWN_HANDSHAKE_TYPE = -307, /* weird handshake type */ + SOCKET_ERROR_E = -308, /* error state on socket */ + SOCKET_NODATA = -309, /* expected data, not there */ + INCOMPLETE_DATA = -310, /* don't have enough data to complete task */ - UNKNOWN_RECORD_TYPE = -211, /* unknown type in record hdr */ - DECRYPT_ERROR = -212, /* error during decryption */ - FATAL_ERROR = -213, /* recvd alert fatal error */ - ENCRYPT_ERROR = -214, /* error during encryption */ - FREAD_ERROR = -215, /* fread problem */ - NO_PEER_KEY = -216, /* need peer's key */ - NO_PRIVATE_KEY = -217, /* need the private key */ - RSA_PRIVATE_ERROR = -218, /* error during rsa priv op */ - NO_DH_PARAMS = -219, /* server missing DH params */ - BUILD_MSG_ERROR = -220, /* build message failure */ + UNKNOWN_RECORD_TYPE = -311, /* unknown type in record hdr */ + DECRYPT_ERROR = -312, /* error during decryption */ + FATAL_ERROR = -313, /* recvd alert fatal error */ + ENCRYPT_ERROR = -314, /* error during encryption */ + FREAD_ERROR = -315, /* fread problem */ + NO_PEER_KEY = -316, /* need peer's key */ + NO_PRIVATE_KEY = -317, /* need the private key */ + RSA_PRIVATE_ERROR = -318, /* error during rsa priv op */ + NO_DH_PARAMS = -319, /* server missing DH params */ + BUILD_MSG_ERROR = -320, /* build message failure */ - BAD_HELLO = -221, /* client hello malformed */ - DOMAIN_NAME_MISMATCH = -222, /* peer subject name mismatch */ - WANT_READ = -223, /* want read, call again */ - NOT_READY_ERROR = -224, /* handshake layer not ready */ - PMS_VERSION_ERROR = -225, /* pre m secret version error */ - VERSION_ERROR = -226, /* record layer version error */ - WANT_WRITE = -227, /* want write, call again */ - BUFFER_ERROR = -228, /* malformed buffer input */ - VERIFY_CERT_ERROR = -229, /* verify cert error */ - VERIFY_SIGN_ERROR = -230, /* verify sign error */ - CLIENT_ID_ERROR = -231, /* psk client identity error */ - SERVER_HINT_ERROR = -232, /* psk server hint error */ - PSK_KEY_ERROR = -233, /* psk key error */ - ZLIB_INIT_ERROR = -234, /* zlib init error */ - ZLIB_COMPRESS_ERROR = -235, /* zlib compression error */ - ZLIB_DECOMPRESS_ERROR = -236, /* zlib decompression error */ + BAD_HELLO = -321, /* client hello malformed */ + DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */ + WANT_READ = -323, /* want read, call again */ + NOT_READY_ERROR = -324, /* handshake layer not ready */ + PMS_VERSION_ERROR = -325, /* pre m secret version error */ + VERSION_ERROR = -326, /* record layer version error */ + WANT_WRITE = -327, /* want write, call again */ + BUFFER_ERROR = -328, /* malformed buffer input */ + VERIFY_CERT_ERROR = -329, /* verify cert error */ + VERIFY_SIGN_ERROR = -330, /* verify sign error */ + CLIENT_ID_ERROR = -331, /* psk client identity error */ + SERVER_HINT_ERROR = -332, /* psk server hint error */ + PSK_KEY_ERROR = -333, /* psk key error */ + ZLIB_INIT_ERROR = -334, /* zlib init error */ + ZLIB_COMPRESS_ERROR = -335, /* zlib compression error */ + ZLIB_DECOMPRESS_ERROR = -336, /* zlib decompression error */ - GETTIME_ERROR = -237, /* gettimeofday failed ??? */ - GETITIMER_ERROR = -238, /* getitimer failed ??? */ - SIGACT_ERROR = -239, /* sigaction failed ??? */ - SETITIMER_ERROR = -240, /* setitimer failed ??? */ - LENGTH_ERROR = -241, /* record layer length error */ - PEER_KEY_ERROR = -242, /* can't decode peer key */ - ZERO_RETURN = -243, /* peer sent close notify */ - SIDE_ERROR = -244, /* wrong client/server type */ - NO_PEER_CERT = -245, /* peer didn't send key */ - NTRU_KEY_ERROR = -246, /* NTRU key error */ - NTRU_DRBG_ERROR = -247, /* NTRU drbg error */ - NTRU_ENCRYPT_ERROR = -248, /* NTRU encrypt error */ - NTRU_DECRYPT_ERROR = -249, /* NTRU decrypt error */ - ECC_CURVETYPE_ERROR = -250, /* Bad ECC Curve Type */ - ECC_CURVE_ERROR = -251, /* Bad ECC Curve */ - ECC_PEERKEY_ERROR = -252, /* Bad Peer ECC Key */ - ECC_MAKEKEY_ERROR = -253, /* Bad Make ECC Key */ - ECC_EXPORT_ERROR = -254, /* Bad ECC Export Key */ - ECC_SHARED_ERROR = -255, /* Bad ECC Shared Secret */ - NOT_CA_ERROR = -257, /* Not a CA cert error */ - BAD_PATH_ERROR = -258, /* Bad path for opendir */ - BAD_CERT_MANAGER_ERROR = -259, /* Bad Cert Manager */ - OCSP_CERT_REVOKED = -260, /* OCSP Certificate revoked */ - CRL_CERT_REVOKED = -261, /* CRL Certificate revoked */ - CRL_MISSING = -262, /* CRL Not loaded */ - MONITOR_RUNNING_E = -263, /* CRL Monitor already running */ - THREAD_CREATE_E = -264, /* Thread Create Error */ - OCSP_NEED_URL = -265, /* OCSP need an URL for lookup */ - OCSP_CERT_UNKNOWN = -266, /* OCSP responder doesn't know */ - OCSP_LOOKUP_FAIL = -267, /* OCSP lookup not successful */ - MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */ - COOKIE_ERROR = -269, /* dtls cookie error */ - SEQUENCE_ERROR = -270, /* dtls sequence error */ - SUITES_ERROR = -271, /* suites pointer error */ - SSL_NO_PEM_HEADER = -272, /* no PEM header found */ - OUT_OF_ORDER_E = -273, /* out of order message */ - BAD_KEA_TYPE_E = -274, /* bad KEA type found */ - SANITY_CIPHER_E = -275, /* sanity check on cipher error */ - RECV_OVERFLOW_E = -276, /* RXCB returned more than rqed */ - GEN_COOKIE_E = -277, /* Generate Cookie Error */ - NO_PEER_VERIFY = -278, /* Need peer cert verify Error */ - FWRITE_ERROR = -279, /* fwrite problem */ - CACHE_MATCH_ERROR = -280, /* chache hdr match error */ - UNKNOWN_SNI_HOST_NAME_E = -281, /* Unrecognized host name Error */ - UNKNOWN_MAX_FRAG_LEN_E = -282, /* Unrecognized max frag len Error */ + GETTIME_ERROR = -337, /* gettimeofday failed ??? */ + GETITIMER_ERROR = -338, /* getitimer failed ??? */ + SIGACT_ERROR = -339, /* sigaction failed ??? */ + SETITIMER_ERROR = -340, /* setitimer failed ??? */ + LENGTH_ERROR = -341, /* record layer length error */ + PEER_KEY_ERROR = -342, /* can't decode peer key */ + ZERO_RETURN = -343, /* peer sent close notify */ + SIDE_ERROR = -344, /* wrong client/server type */ + NO_PEER_CERT = -345, /* peer didn't send key */ + NTRU_KEY_ERROR = -346, /* NTRU key error */ + NTRU_DRBG_ERROR = -347, /* NTRU drbg error */ + NTRU_ENCRYPT_ERROR = -348, /* NTRU encrypt error */ + NTRU_DECRYPT_ERROR = -349, /* NTRU decrypt error */ + ECC_CURVETYPE_ERROR = -350, /* Bad ECC Curve Type */ + ECC_CURVE_ERROR = -351, /* Bad ECC Curve */ + ECC_PEERKEY_ERROR = -352, /* Bad Peer ECC Key */ + ECC_MAKEKEY_ERROR = -353, /* Bad Make ECC Key */ + ECC_EXPORT_ERROR = -354, /* Bad ECC Export Key */ + ECC_SHARED_ERROR = -355, /* Bad ECC Shared Secret */ + NOT_CA_ERROR = -357, /* Not a CA cert error */ + BAD_PATH_ERROR = -358, /* Bad path for opendir */ + BAD_CERT_MANAGER_ERROR = -359, /* Bad Cert Manager */ + OCSP_CERT_REVOKED = -360, /* OCSP Certificate revoked */ + CRL_CERT_REVOKED = -361, /* CRL Certificate revoked */ + CRL_MISSING = -362, /* CRL Not loaded */ + MONITOR_RUNNING_E = -363, /* CRL Monitor already running */ + THREAD_CREATE_E = -364, /* Thread Create Error */ + OCSP_NEED_URL = -365, /* OCSP need an URL for lookup */ + OCSP_CERT_UNKNOWN = -366, /* OCSP responder doesn't know */ + OCSP_LOOKUP_FAIL = -367, /* OCSP lookup not successful */ + MAX_CHAIN_ERROR = -368, /* max chain depth exceeded */ + COOKIE_ERROR = -369, /* dtls cookie error */ + SEQUENCE_ERROR = -370, /* dtls sequence error */ + SUITES_ERROR = -371, /* suites pointer error */ + SSL_NO_PEM_HEADER = -372, /* no PEM header found */ + OUT_OF_ORDER_E = -373, /* out of order message */ + BAD_KEA_TYPE_E = -374, /* bad KEA type found */ + SANITY_CIPHER_E = -375, /* sanity check on cipher error */ + RECV_OVERFLOW_E = -376, /* RXCB returned more than rqed */ + GEN_COOKIE_E = -377, /* Generate Cookie Error */ + NO_PEER_VERIFY = -378, /* Need peer cert verify Error */ + FWRITE_ERROR = -379, /* fwrite problem */ + CACHE_MATCH_ERROR = -380, /* chache hdr match error */ + UNKNOWN_SNI_HOST_NAME_E = -381, /* Unrecognized host name Error */ + UNKNOWN_MAX_FRAG_LEN_E = -382, /* Unrecognized max frag len Error */ + KEYUSE_SIGNATURE_E = -383, /* KeyUse digSignature error */ + KEYUSE_ENCIPHER_E = -385, /* KeyUse keyEncipher error */ + EXTKEYUSE_AUTH_E = -386, /* ExtKeyUse server|client_auth */ + SEND_OOB_READ_E = -387, /* Send Cb out of bounds read */ /* add strings to SetErrorString !!!!! */ - KEYUSE_SIGNATURE_E = -283, /* KeyUse digSignature error */ - KEYUSE_ENCIPHER_E = -285, /* KeyUse keyEncipher error */ - EXTKEYUSE_AUTH_E = -286, /* ExtKeyUse server|client_auth */ /* begin negotiation parameter errors */ - UNSUPPORTED_SUITE = -290, /* unsupported cipher suite */ - MATCH_SUITE_ERROR = -291 /* can't match cipher suite */ + UNSUPPORTED_SUITE = -390, /* unsupported cipher suite */ + MATCH_SUITE_ERROR = -391 /* can't match cipher suite */ /* end negotiation parameter errors only 10 for now */ /* add strings to SetErrorString !!!!! */ }; diff --git a/cyassl/internal.h b/cyassl/internal.h index 397d14f82..8a74fc749 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -216,7 +216,7 @@ void c32to24(word32 in, word24 out); #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 #endif - #if !defined(NO_DH) && defined(OPENSSL_EXTRA) + #if !defined(NO_DH) #if !defined(NO_SHA) #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA @@ -242,6 +242,14 @@ void c32to24(word32 in, word24 out); #ifdef HAVE_AESCCM #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 + #define BUILD_TLS_PSK_WITH_AES_128_CCM + #define BUILD_TLS_PSK_WITH_AES_256_CCM + #endif + #endif + #ifdef CYASSL_SHA384 + #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + #ifdef HAVE_AESGCM + #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 #endif #endif #endif @@ -262,6 +270,9 @@ void c32to24(word32 in, word24 out); #ifndef NO_SHA256 #define BUILD_TLS_PSK_WITH_NULL_SHA256 #endif + #ifdef CYASSL_SHA384 + #define BUILD_TLS_PSK_WITH_NULL_SHA384 + #endif #endif #endif @@ -282,7 +293,7 @@ void c32to24(word32 in, word24 out); #endif #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ - !defined(NO_RSA) && defined(OPENSSL_EXTRA) + !defined(NO_RSA) #if !defined(NO_SHA) #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA @@ -299,6 +310,32 @@ void c32to24(word32 in, word24 out); #endif #endif + +#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) + #ifndef NO_SHA256 + #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + #ifdef HAVE_NULL_CIPHER + #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + #endif + #ifdef HAVE_AESGCM + #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + #endif + #ifdef HAVE_AESCCM + #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + #endif + #endif + #ifdef CYASSL_SHA384 + #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + #ifdef HAVE_NULL_CIPHER + #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + #endif + #ifdef HAVE_AESGCM + #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + #endif + #endif +#endif + #if defined(HAVE_ECC) && !defined(NO_TLS) #if !defined(NO_AES) #if !defined(NO_SHA) @@ -439,7 +476,6 @@ void c32to24(word32 in, word24 out); #endif - /* actual cipher values, 2nd byte */ enum { TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, @@ -449,8 +485,10 @@ enum { TLS_RSA_WITH_NULL_SHA = 0x02, TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, + TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, TLS_PSK_WITH_NULL_SHA256 = 0xb0, + TLS_PSK_WITH_NULL_SHA384 = 0xb1, TLS_PSK_WITH_NULL_SHA = 0x2c, SSL_RSA_WITH_RC4_128_SHA = 0x05, SSL_RSA_WITH_RC4_128_MD5 = 0x04, @@ -484,7 +522,6 @@ enum { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, - /* CyaSSL extension - eSTREAM */ TLS_RSA_WITH_HC_128_MD5 = 0xFB, TLS_RSA_WITH_HC_128_SHA = 0xFC, @@ -498,7 +535,7 @@ enum { /* CyaSSL extension - NTRU */ TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, - TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */ + TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, /* SHA256 */ @@ -507,12 +544,22 @@ enum { TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, TLS_RSA_WITH_NULL_SHA256 = 0x3b, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, + TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, + + /* SHA384 */ + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, + TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, /* AES-GCM */ TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, + TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, + TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, @@ -536,7 +583,10 @@ enum { TLS_PSK_WITH_AES_256_CCM = 0xa5, TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, + TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, + TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, + /* Camellia */ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, @@ -644,7 +694,7 @@ enum Misc { TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ - MAX_PRF_HALF = 128, /* Maximum half secret len */ + MAX_PRF_HALF = 256, /* Maximum half secret len */ MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ MAX_PRF_DIG = 224, /* Maximum digest len */ MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ @@ -953,32 +1003,6 @@ int SetCipherList(Suites*, const char* list); #endif /* PSK_TYPES_DEFINED */ -#ifndef CYASSL_USER_IO - /* default IO callbacks */ - CYASSL_LOCAL - int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx); - CYASSL_LOCAL - int EmbedSend(CYASSL *ssl, char *buf, int sz, void *ctx); - - #ifdef HAVE_OCSP - CYASSL_LOCAL - int EmbedOcspLookup(void*, const char*, int, byte*, int, byte**); - CYASSL_LOCAL - void EmbedOcspRespFree(void*, byte*); - #endif - - #ifdef CYASSL_DTLS - CYASSL_LOCAL - int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx); - CYASSL_LOCAL - int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx); - CYASSL_LOCAL - int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx); - CYASSL_LOCAL - int IsUDP(void*); - #endif /* CYASSL_DTLS */ -#endif /* CYASSL_USER_IO */ - #ifdef HAVE_NETX CYASSL_LOCAL int NetX_Receive(CYASSL *ssl, char *buf, int sz, void *ctx); CYASSL_LOCAL int NetX_Send(CYASSL *ssl, char *buf, int sz, void *ctx); @@ -1146,6 +1170,7 @@ typedef struct TLSX { CYASSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); CYASSL_LOCAL void TLSX_FreeAll(TLSX* list); +CYASSL_LOCAL int TLSX_SupportExtensions(CYASSL* ssl); #ifndef NO_CYASSL_CLIENT CYASSL_LOCAL word16 TLSX_GetRequestSize(CYASSL* ssl); @@ -1360,6 +1385,7 @@ enum KeyExchangeAlgorithm { diffie_hellman_kea, fortezza_kea, psk_kea, + dhe_psk_kea, ntru_kea, ecc_diffie_hellman_kea, ecc_static_diffie_hellman_kea /* for verify suite only */ @@ -1401,7 +1427,10 @@ enum ClientCertificateType { dss_fixed_dh = 4, rsa_ephemeral_dh = 5, dss_ephemeral_dh = 6, - fortezza_kea_cert = 20 + fortezza_kea_cert = 20, + ecdsa_sign = 64, + rsa_fixed_ecdh = 65, + ecdsa_fixed_ecdh = 66 }; @@ -1597,7 +1626,7 @@ typedef struct Buffers { #ifndef NO_CERTS buffer certificate; /* CYASSL_CTX owns, unless we own */ buffer key; /* CYASSL_CTX owns, unless we own */ - buffer certChain; /* CYASSL_CTX owns */ + buffer certChain; /* CYASSL_CTX owns, unless we own */ /* chain after self, in DER, with leading size for each cert */ buffer serverDH_P; /* CYASSL_CTX owns, unless we own */ buffer serverDH_G; /* CYASSL_CTX owns, unless we own */ @@ -1613,6 +1642,7 @@ typedef struct Buffers { int plainSz; /* plain text bytes in buffer to send when got WANT_WRITE */ byte weOwnCert; /* SSL own cert flag */ + byte weOwnCertChain; /* SSL own cert chain flag */ byte weOwnKey; /* SSL own key flag */ byte weOwnDH; /* SSL own dh (p,g) flag */ #ifdef CYASSL_DTLS diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index 0fb6d453a..acb6b0104 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -142,6 +142,7 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX; #define ERR_error_string CyaSSL_ERR_error_string #define ERR_error_string_n CyaSSL_ERR_error_string_n +#define ERR_reason_error_string CyaSSL_ERR_reason_error_string #define SSL_set_ex_data CyaSSL_set_ex_data #define SSL_get_shutdown CyaSSL_get_shutdown diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 645fd916b..19a19a15a 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -312,6 +312,7 @@ CYASSL_API int CyaSSL_ERR_GET_REASON(int err); CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*); CYASSL_API void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long sz); +CYASSL_API const char* CyaSSL_ERR_reason_error_string(unsigned long); /* extras */ @@ -937,6 +938,27 @@ CYASSL_API void* CyaSSL_GetIOWriteCtx(CYASSL* ssl); CYASSL_API void CyaSSL_SetIOReadFlags( CYASSL* ssl, int flags); CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags); + +#ifndef CYASSL_USER_IO + /* default IO callbacks */ + CYASSL_API int EmbedReceive(CYASSL* ssl, char* buf, int sz, void* ctx); + CYASSL_API int EmbedSend(CYASSL* ssl, char* buf, int sz, void* ctx); + + #ifdef HAVE_OCSP + CYASSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*, + int, unsigned char**); + CYASSL_API void EmbedOcspRespFree(void*, unsigned char*); + #endif + + #ifdef CYASSL_DTLS + CYASSL_API int EmbedReceiveFrom(CYASSL* ssl, char* buf, int sz, void*); + CYASSL_API int EmbedSendTo(CYASSL* ssl, char* buf, int sz, void* ctx); + CYASSL_API int EmbedGenerateCookie(CYASSL* ssl, unsigned char* buf, + int sz, void*); + #endif /* CYASSL_DTLS */ +#endif /* CYASSL_USER_IO */ + + #ifdef HAVE_NETX CYASSL_API void CyaSSL_SetIO_NetX(CYASSL* ssl, NX_TCP_SOCKET* nxsocket, ULONG waitoption); diff --git a/cyassl/test.h b/cyassl/test.h index 667476ed2..179e049ec 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -9,6 +9,7 @@ #include #include #include +#include #ifdef ATOMIC_USER #include @@ -894,6 +895,25 @@ static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store) #endif /* VERIFY_CALLBACK */ +static INLINE int myDateCb(int preverify, CYASSL_X509_STORE_CTX* store) +{ + (void)preverify; + char buffer[CYASSL_MAX_ERROR_SZ]; + + printf("In verification callback, error = %d, %s\n", store->error, + CyaSSL_ERR_error_string(store->error, buffer)); + printf("Subject's domain name is %s\n", store->domain); + + if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) { + printf("Overriding cert date error as example for bad clock testing\n"); + return 1; + } + printf("Cert error is not date error, not overriding\n"); + + return 0; +} + + #ifdef HAVE_CRL static INLINE void CRL_CallBack(const char* url) @@ -912,6 +932,7 @@ static INLINE void CaCb(unsigned char* der, int sz, int type) } +#ifndef NO_DH static INLINE void SetDH(CYASSL* ssl) { /* dh1024 p */ @@ -965,7 +986,7 @@ static INLINE void SetDHCtx(CYASSL_CTX* ctx) CyaSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g)); } - +#endif /* NO_DH */ #endif /* !NO_CERTS */ #ifdef HAVE_CAVIUM diff --git a/cyassl/version.h b/cyassl/version.h index 9df3246e7..f520844e6 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBCYASSL_VERSION_STRING "3.0.0" -#define LIBCYASSL_VERSION_HEX 0x03000000 +#define LIBCYASSL_VERSION_STRING "3.0.3" +#define LIBCYASSL_VERSION_HEX 0x03000003 #ifdef __cplusplus } diff --git a/examples/client/client.c b/examples/client/client.c index 1c4041850..6c268e65d 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -128,6 +128,7 @@ static void Usage(void) printf("-s Use pre Shared keys\n"); printf("-t Track CyaSSL memory use\n"); printf("-d Disable peer checks\n"); + printf("-D Override Date Errors example\n"); printf("-g Send server HTTP GET\n"); printf("-u Use UDP DTLS," " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n"); @@ -197,6 +198,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) int fewerPackets = 0; int atomicUser = 0; int pkCallbacks = 0; + int overrideDateErrors = 0; char* cipherList = NULL; const char* verifyCert = caCert; const char* ourCert = cliCert; @@ -238,7 +240,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) StackTrap(); while ((ch = mygetopt(argc, argv, - "?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) { + "?gdDusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) { switch (ch) { case '?' : Usage(); @@ -252,6 +254,10 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) doPeerCheck = 0; break; + case 'D' : + overrideDateErrors = 1; + break; + case 'u' : doDTLS = 1; break; @@ -545,6 +551,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) #if !defined(NO_CERTS) if (!usePsk && doPeerCheck == 0) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); + if (!usePsk && overrideDateErrors == 1) + CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb); #endif #ifdef HAVE_CAVIUM diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 33f6df3df..214284eb8 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -227,9 +227,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) ssl = CyaSSL_new(ctx); if (ssl == NULL) err_sys("SSL_new failed"); CyaSSL_set_fd(ssl, clientfd); - #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); - #elif !defined(NO_CERTS) + #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher than PSK */ #endif if (CyaSSL_accept(ssl) != SSL_SUCCESS) { diff --git a/examples/server/server.c b/examples/server/server.c index 6e1358e8c..43a5ad7fb 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -481,9 +481,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) SSL_set_fd(ssl, clientfd); if (usePsk == 0 || cipherList != NULL) { - #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); - #elif !defined(NO_CERTS) + #elif !defined(NO_DH) SetDH(ssl); /* repick suites with DHE, higher priority than PSK */ #endif } diff --git a/gencertbuf.pl b/gencertbuf.pl index 6fb1929a1..9e12c8209 100755 --- a/gencertbuf.pl +++ b/gencertbuf.pl @@ -1,10 +1,10 @@ #!/usr/bin/perl # gencertbuf.pl -# version 1.0 -# Updated 01/28/2013 +# version 1.1 +# Updated 07/01/2014 # -# Copyright (C) 2006-2013 wolfSSL +# Copyright (C) 2006-2014 wolfSSL Inc. # use strict; @@ -34,7 +34,10 @@ my @fileList_2048 = ( [ "./certs/client-cert.der", "client_cert_der_2048" ], [ "./certs/dh2048.der", "dh_key_der_2048" ], [ "./certs/dsa2048.der", "dsa_key_der_2048" ], - [ "./certs/rsa2048.der", "rsa_key_der_2048" ] + [ "./certs/rsa2048.der", "rsa_key_der_2048" ], + [ "./certs/ca-cert.der", "ca_cert_der_2048" ], + [ "./certs/server-key.der", "server_key_der_2048" ], + [ "./certs/server-cert.der", "server_cert_der_2048" ] ); # ---------------------------------------------------------------------------- @@ -51,22 +54,32 @@ print OUT_FILE "#define CYASSL_CERTS_TEST_H\n\n"; # convert and print 1024-bit cert/keys print OUT_FILE "#ifdef USE_CERT_BUFFERS_1024\n\n"; -for(my $i = 0; $i < $num_1024; $i++) { - print OUT_FILE "/* $fileList_1024[$i][0], 1024-bit */\n"; - print OUT_FILE "const unsigned char $fileList_1024[$i][1]\[] =\n"; +for (my $i = 0; $i < $num_1024; $i++) { + + my $fname = $fileList_1024[$i][0]; + my $sname = $fileList_1024[$i][1]; + + print OUT_FILE "/* $fname, 1024-bit */\n"; + print OUT_FILE "const unsigned char $sname\[] =\n"; print OUT_FILE "{\n"; - file_to_hex($fileList_1024[$i][0]); - print OUT_FILE "};\n\n"; + file_to_hex($fname); + print OUT_FILE "};\n"; + print OUT_FILE "const int sizeof_$sname = sizeof($sname);\n\n"; } # convert and print 2048-bit certs/keys print OUT_FILE "#elif defined(USE_CERT_BUFFERS_2048)\n\n"; -for(my $i = 0; $i < $num_2048; $i++) { - print OUT_FILE "/* $fileList_2048[$i][0], 2048-bit */\n"; - print OUT_FILE "const unsigned char $fileList_2048[$i][1]\[] =\n"; +for (my $i = 0; $i < $num_2048; $i++) { + + my $fname = $fileList_2048[$i][0]; + my $sname = $fileList_2048[$i][1]; + + print OUT_FILE "/* $fname, 2048-bit */\n"; + print OUT_FILE "const unsigned char $sname\[] =\n"; print OUT_FILE "{\n"; - file_to_hex($fileList_2048[$i][0]); - print OUT_FILE "};\n\n"; + file_to_hex($fname); + print OUT_FILE "};\n"; + print OUT_FILE "const int sizeof_$sname = sizeof($sname);\n\n"; } print OUT_FILE "#endif /* USE_CERT_BUFFERS_1024 */\n\n"; @@ -108,3 +121,4 @@ sub file_to_hex { close($fp); } + diff --git a/src/crl.c b/src/crl.c index 42591b997..9b94aab7b 100644 --- a/src/crl.c +++ b/src/crl.c @@ -501,7 +501,7 @@ static int StopMonitor(int mfd) static void* DoMonitor(void* arg) { int notifyFd; - int wd; + int wd = -1; CYASSL_CRL* crl = (CYASSL_CRL*)arg; CYASSL_ENTER("DoMonitor"); @@ -575,7 +575,8 @@ static void* DoMonitor(void* arg) } } - inotify_rm_watch(notifyFd, wd); + if (wd > 0) + inotify_rm_watch(notifyFd, wd); close(crl->mfd); close(notifyFd); diff --git a/src/include.am b/src/include.am index bd6fc8b3f..48b895d13 100644 --- a/src/include.am +++ b/src/include.am @@ -19,7 +19,7 @@ src_libcyassl_la_SOURCES += \ ctaocrypt/src/random.c \ ctaocrypt/src/sha256.c \ ctaocrypt/src/logging.c \ - ctaocrypt/src/port.c \ + ctaocrypt/src/wc_port.c \ ctaocrypt/src/error.c src_libcyassl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${CYASSL_LIBRARY_VERSION} src_libcyassl_la_LIBADD = $(LIBM) diff --git a/src/internal.c b/src/internal.c index 2ee09acb2..58cc15ee5 100644 --- a/src/internal.c +++ b/src/internal.c @@ -35,7 +35,7 @@ #endif #ifdef HAVE_NTRU - #include "crypto_ntru.h" + #include "ntru_crypto.h" #endif #if defined(DEBUG_CYASSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) @@ -58,10 +58,6 @@ #endif -#if defined(OPENSSL_EXTRA) && defined(NO_DH) - #error OPENSSL_EXTRA needs DH, please remove NO_DH -#endif - #if defined(CYASSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS) #error \ CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS @@ -979,7 +975,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif - #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA if (tls && haveDH && haveRSA) { suites->suites[idx++] = 0; @@ -1050,6 +1045,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + if (tls1_2 && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384; + } +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 + if (tls1_2 && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1057,6 +1066,41 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + if (tls && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384; + } +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + if (tls && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384; + } +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + if (tls1_2 && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256; + } +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + if (tls1_2 && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256; + } +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + if (tls && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1071,6 +1115,34 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + if (tls && haveDH && havePSK) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM; + } +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + if (tls && haveDH && havePSK) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CCM; + } +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM + if (tls && havePSK) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM; + } +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM + if (tls && havePSK) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 if (tls && havePSK) { suites->suites[idx++] = ECC_BYTE; @@ -1085,6 +1157,27 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + if (tls && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384; + } +#endif + +#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 + if (tls && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384; + } +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + if (tls && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1573,9 +1666,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->buffers.serverDH_G = ctx->serverDH_G; } #endif - ssl->buffers.weOwnCert = 0; - ssl->buffers.weOwnKey = 0; - ssl->buffers.weOwnDH = 0; + ssl->buffers.weOwnCert = 0; + ssl->buffers.weOwnCertChain = 0; + ssl->buffers.weOwnKey = 0; + ssl->buffers.weOwnDH = 0; #ifdef CYASSL_DTLS ssl->buffers.dtlsCtx.fd = -1; @@ -1800,9 +1894,10 @@ void SSL_ResourceFree(CYASSL* ssl) XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH); } - /* CYASSL_CTX always owns certChain */ if (ssl->buffers.weOwnCert) XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT); + if (ssl->buffers.weOwnCertChain) + XFREE(ssl->buffers.certChain.buffer, ssl->heap, DYNAMIC_TYPE_CERT); if (ssl->buffers.weOwnKey) XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); #endif @@ -2008,7 +2103,7 @@ int DtlsPoolSave(CYASSL* ssl, const byte *src, int sz) DtlsPool *pool = ssl->dtls_pool; if (pool != NULL && pool->used < DTLS_POOL_SZ) { buffer *pBuf = &pool->buf[pool->used]; - pBuf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); + pBuf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_DTLS_POOL); if (pBuf->buffer == NULL) { CYASSL_MSG("DTLS Buffer Memory error"); return MEMORY_ERROR; @@ -2030,7 +2125,7 @@ void DtlsPoolReset(CYASSL* ssl) used = pool->used; for (i = 0, pBuf = &pool->buf[0]; i < used; i++, pBuf++) { - XFREE(pBuf->buffer, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); + XFREE(pBuf->buffer, ssl->heap, DYNAMIC_TYPE_DTLS_POOL); pBuf->buffer = NULL; pBuf->length = 0; } @@ -2706,6 +2801,11 @@ int SendBuffered(CYASSL* ssl) return SOCKET_ERROR_E; } + if (sent > (int)ssl->buffers.outputBuffer.length) { + CYASSL_MSG("SendBuffered() out of bounds read"); + return SEND_OOB_READ_E; + } + ssl->buffers.outputBuffer.idx += sent; ssl->buffers.outputBuffer.length -= sent; } @@ -3048,12 +3148,446 @@ static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) } + /* cipher requirements */ + enum { + REQUIRES_RSA, + REQUIRES_DHE, + REQUIRES_ECC_DSA, + REQUIRES_ECC_STATIC, + REQUIRES_PSK, + REQUIRES_NTRU, + REQUIRES_RSA_SIG + }; + + + + /* Does this cipher suite (first, second) have the requirement + an ephemeral key exchange will still require the key for signing + the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */ + static int CipherRequires(byte first, byte second, int requirement) + { + + if (first == CHACHA_BYTE) { + + switch (second) { + + case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + break; + } + } + /* ECC extensions */ + if (first == ECC_BYTE) { + + switch (second) { + +#ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + break; + +#ifndef NO_DES3 + case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + break; +#endif + +#ifndef NO_RC4 + case TLS_ECDHE_RSA_WITH_RC4_128_SHA : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_ECDH_RSA_WITH_RC4_128_SHA : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + break; +#endif +#endif /* NO_RSA */ + +#ifndef NO_DES3 + case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + + case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + break; +#endif +#ifndef NO_RC4 + case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + + case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + break; +#endif +#ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + break; +#endif + + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + break; + + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + break; + + case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + + case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + + case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + break; + + case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + break; + +#ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + break; + + case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : + if (requirement == REQUIRES_ECC_STATIC) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + break; + + case TLS_RSA_WITH_AES_128_CCM_8 : + case TLS_RSA_WITH_AES_256_CCM_8 : + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + break; + + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + break; + + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : + if (requirement == REQUIRES_RSA_SIG) + return 1; + if (requirement == REQUIRES_ECC_STATIC) + return 1; + break; +#endif + + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : + case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : + if (requirement == REQUIRES_ECC_DSA) + return 1; + if (requirement == REQUIRES_ECC_STATIC) + return 1; + break; + + case TLS_PSK_WITH_AES_128_CCM: + case TLS_PSK_WITH_AES_256_CCM: + case TLS_PSK_WITH_AES_128_CCM_8: + case TLS_PSK_WITH_AES_256_CCM_8: + if (requirement == REQUIRES_PSK) + return 1; + break; + + case TLS_DHE_PSK_WITH_AES_128_CCM: + case TLS_DHE_PSK_WITH_AES_256_CCM: + if (requirement == REQUIRES_PSK) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; + + default: + CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); + return 0; + } /* switch */ + } /* if */ + if (first != ECC_BYTE) { /* normal suites */ + switch (second) { + +#ifndef NO_RSA + case SSL_RSA_WITH_RC4_128_SHA : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_NTRU_RSA_WITH_RC4_128_SHA : + if (requirement == REQUIRES_NTRU) + return 1; + break; + + case SSL_RSA_WITH_RC4_128_MD5 : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case SSL_RSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == REQUIRES_NTRU) + return 1; + break; + + case TLS_RSA_WITH_AES_128_CBC_SHA : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_RSA_WITH_AES_128_CBC_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : + if (requirement == REQUIRES_NTRU) + return 1; + break; + + case TLS_RSA_WITH_AES_256_CBC_SHA : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_RSA_WITH_AES_256_CBC_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_RSA_WITH_NULL_SHA : + case TLS_RSA_WITH_NULL_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : + if (requirement == REQUIRES_NTRU) + return 1; + break; +#endif + + case TLS_PSK_WITH_AES_128_GCM_SHA256 : + case TLS_PSK_WITH_AES_256_GCM_SHA384 : + case TLS_PSK_WITH_AES_128_CBC_SHA256 : + case TLS_PSK_WITH_AES_256_CBC_SHA384 : + case TLS_PSK_WITH_AES_128_CBC_SHA : + case TLS_PSK_WITH_AES_256_CBC_SHA : + case TLS_PSK_WITH_NULL_SHA384 : + case TLS_PSK_WITH_NULL_SHA256 : + case TLS_PSK_WITH_NULL_SHA : + if (requirement == REQUIRES_PSK) + return 1; + break; + + case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : + case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : + case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : + case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : + case TLS_DHE_PSK_WITH_NULL_SHA384 : + case TLS_DHE_PSK_WITH_NULL_SHA256 : + if (requirement == REQUIRES_DHE) + return 1; + if (requirement == REQUIRES_PSK) + return 1; + break; + +#ifndef NO_RSA + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; + + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; + + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; + + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; + + case TLS_RSA_WITH_HC_128_MD5 : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_RSA_WITH_HC_128_SHA : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_RSA_WITH_HC_128_B2B256: + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_RSA_WITH_AES_128_CBC_B2B256: + case TLS_RSA_WITH_AES_256_CBC_B2B256: + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_RSA_WITH_RABBIT_SHA : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_RSA_WITH_AES_128_GCM_SHA256 : + case TLS_RSA_WITH_AES_256_GCM_SHA384 : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : + case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; + + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; +#endif + + default: + CYASSL_MSG("Unsupported cipher suite, CipherRequires"); + return 0; + } /* switch */ + } /* if ECC / Normal suites else */ + + return 0; + } + + #ifndef NO_CERTS /* Match names with wildcards, each wildcard can represent a single name component or fragment but not mulitple names, i.e., - *.z.com matches y.z.com but not x.y.z.com + *.z.com matches y.z.com but not x.y.z.com return 1 on success */ static int MatchDomainName(const char* pattern, int len, const char* str) @@ -3118,7 +3652,7 @@ static int CheckAltNames(DecodedCert* dCert, char* domain) match = 1; break; } - + altName = altName->next; } @@ -3500,7 +4034,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, if (doCrlLookup) { CYASSL_MSG("Doing Leaf CRL check"); ret = CheckCertCRL(ssl->ctx->cm->crl, &dCert); - + if (ret != 0) { CYASSL_MSG("\tCRL check not ok"); fatal = 0; @@ -3517,7 +4051,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, if (copyRet == MEMORY_E) fatal = 1; } -#endif +#endif #ifndef IGNORE_KEY_EXTENSIONS if (dCert.extKeyUsageSet) { @@ -3567,7 +4101,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, domain[0] = '\0'; if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) { - if (MatchDomainName(dCert.subjectCN, dCert.subjectCNLen, + if (MatchDomainName(dCert.subjectCN, dCert.subjectCNLen, (char*)ssl->buffers.domainName.buffer) == 0) { CYASSL_MSG("DomainName match on common name failed"); if (CheckAltNames(&dCert, @@ -3600,7 +4134,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, else { XMEMCPY(ssl->buffers.peerRsaKey.buffer, dCert.publicKey, dCert.pubKeySize); - ssl->buffers.peerRsaKey.length = + ssl->buffers.peerRsaKey.length = dCert.pubKeySize; } #endif /* NO_RSA */ @@ -3642,7 +4176,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, else { XMEMCPY(ssl->buffers.peerEccDsaKey.buffer, dCert.publicKey, dCert.pubKeySize); - ssl->buffers.peerEccDsaKey.length = + ssl->buffers.peerEccDsaKey.length = dCert.pubKeySize; } #endif /* HAVE_ECC */ @@ -3657,12 +4191,10 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, FreeDecodedCert(&dCert); } - + if (anyError != 0 && ret == 0) ret = anyError; - if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END) - ssl->options.serverState = SERVER_CERT_COMPLETE; if (ret != 0) { if (!ssl->options.verifyNone) { @@ -3688,7 +4220,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, #endif ok = ssl->verifyCallback(0, &store); if (ok) { - CYASSL_MSG("Verify callback overriding error!"); + CYASSL_MSG("Verify callback overriding error!"); ret = 0; } #ifdef SESSION_CERTS @@ -3738,6 +4270,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, } #endif + if (ssl->options.verifyNone && + (ret == CRL_MISSING || ret == CRL_CERT_REVOKED)) { + CYASSL_MSG("Ignoring CRL problem based on verify setting"); + ret = ssl->error = 0; + } + + if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END) + ssl->options.serverState = SERVER_CERT_COMPLETE; + return ret; } @@ -3767,10 +4308,8 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx, /* access beyond input + size should be checked against totalSz */ if ((word32) (*inOutIdx + ssl->specs.hash_size + padSz) > totalSz) - { - printf("line 3799\n"); - return INCOMPLETE_DATA; - } + return INCOMPLETE_DATA; + /* verify */ if (XMEMCMP(input + *inOutIdx, verify, ssl->specs.hash_size) != 0) { CYASSL_MSG(" hello_request verify mac error"); @@ -3811,9 +4350,8 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size, /* increment beyond input + size should be checked against totalSz */ if (*inOutIdx + size + ssl->keys.padSz > totalSz) - { printf("line 3842\n"); return INCOMPLETE_DATA; - } + /* force input exhaustion at ProcessReply consuming padSz */ *inOutIdx += size + ssl->keys.padSz; @@ -3860,9 +4398,8 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, /* make sure can read the message */ if (*inOutIdx + size > totalSz) - {printf("line 3891\n"); return INCOMPLETE_DATA; - } + ret = HashInput(ssl, input + *inOutIdx, size); if (ret != 0) return ret; @@ -3918,7 +4455,7 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, CYASSL_MSG("processing hello verify request"); ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size); break; - + case server_hello: CYASSL_MSG("processing server hello"); ret = DoServerHello(ssl, input, inOutIdx, size); @@ -3947,7 +4484,7 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, case server_hello_done: CYASSL_MSG("processing server hello done"); #ifdef CYASSL_CALLBACKS - if (ssl->hsInfoOn) + if (ssl->hsInfoOn) AddPacketName("ServerHelloDone", &ssl->handShakeInfo); if (ssl->toInfoOn) AddLateName("ServerHelloDone", &ssl->timeoutInfo); @@ -4035,7 +4572,7 @@ static INLINE int DtlsCheckWindow(DtlsState* state) if ((next > DTLS_SEQ_BITS) && (cur < next - DTLS_SEQ_BITS)) { return 0; } - else if ((cur < next) && (window & (1 << (next - cur - 1)))) { + else if ((cur < next) && (window & ((DtlsSeq)1 << (next - cur - 1)))) { return 0; } @@ -4061,7 +4598,7 @@ static INLINE int DtlsUpdateWindow(DtlsState* state) cur = state->curSeq; if (cur < *next) { - *window |= (1 << (*next - cur - 1)); + *window |= ((DtlsSeq)1 << (*next - cur - 1)); } else { *window <<= (1 + cur - *next); @@ -4112,9 +4649,8 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, return PARSE_ERROR; if (*inOutIdx + fragSz > totalSz) - {printf("line 4143\n"); return INCOMPLETE_DATA; - } + /* Check the handshake sequence number first. If out of order, * add the current message to the list. If the message is in order, * but it is a fragment, add the current message to the list, then @@ -4170,9 +4706,9 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify) { if (verify) - return ssl->keys.peer_sequence_number++; + return ssl->keys.peer_sequence_number++; else - return ssl->keys.sequence_number++; + return ssl->keys.sequence_number++; } @@ -4197,6 +4733,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) CYASSL_MSG("Encrypt ciphers not setup"); return ENCRYPT_ERROR; } + switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 case cyassl_rc4: @@ -4217,11 +4754,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) #ifdef BUILD_AESGCM case cyassl_aes_gcm: { - byte additional[AES_BLOCK_SIZE]; + byte additional[AEAD_AUTH_DATA_SZ]; byte nonce[AEAD_NONCE_SZ]; const byte* additionalSrc = input - 5; - XMEMSET(additional, 0, AES_BLOCK_SIZE); + XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 0), @@ -4230,8 +4767,10 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) /* Store the type, version. Unfortunately, they are in * the input buffer ahead of the plaintext. */ #ifdef CYASSL_DTLS - if (ssl->options.dtls) + if (ssl->options.dtls) { + c16toa(ssl->keys.dtls_epoch, additional); additionalSrc -= DTLS_HANDSHAKE_EXTRA; + } #endif XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); @@ -4248,8 +4787,8 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, nonce, AEAD_NONCE_SZ, out + sz - ssl->specs.aead_mac_size, - ssl->specs.aead_mac_size, additional, - AEAD_AUTH_DATA_SZ); + ssl->specs.aead_mac_size, + additional, AEAD_AUTH_DATA_SZ); AeadIncrementExpIV(ssl); XMEMSET(nonce, 0, AEAD_NONCE_SZ); } @@ -4259,11 +4798,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) #ifdef HAVE_AESCCM case cyassl_aes_ccm: { - byte additional[AES_BLOCK_SIZE]; + byte additional[AEAD_AUTH_DATA_SZ]; byte nonce[AEAD_NONCE_SZ]; const byte* additionalSrc = input - 5; - XMEMSET(additional, 0, AES_BLOCK_SIZE); + XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 0), @@ -4296,9 +4835,8 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) additional, AEAD_AUTH_DATA_SZ); AeadIncrementExpIV(ssl); XMEMSET(nonce, 0, AEAD_NONCE_SZ); - - break; } + break; #endif #ifdef HAVE_CAMELLIA @@ -4470,14 +5008,19 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, #ifdef BUILD_AESGCM case cyassl_aes_gcm: { - byte additional[AES_BLOCK_SIZE]; + byte additional[AEAD_AUTH_DATA_SZ]; byte nonce[AEAD_NONCE_SZ]; - XMEMSET(additional, 0, AES_BLOCK_SIZE); + XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); - + + #ifdef CYASSL_DTLS + if (ssl->options.dtls) + c16toa(ssl->keys.dtls_state.curEpoch, additional); + #endif + additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; @@ -4499,17 +5042,17 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, return VERIFY_MAC_ERROR; } XMEMSET(nonce, 0, AEAD_NONCE_SZ); - break; } + break; #endif #ifdef HAVE_AESCCM case cyassl_aes_ccm: { - byte additional[AES_BLOCK_SIZE]; + byte additional[AEAD_AUTH_DATA_SZ]; byte nonce[AEAD_NONCE_SZ]; - XMEMSET(additional, 0, AES_BLOCK_SIZE); + XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); @@ -4540,8 +5083,8 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, return VERIFY_MAC_ERROR; } XMEMSET(nonce, 0, AEAD_NONCE_SZ); - break; } + break; #endif #ifdef HAVE_CAMELLIA @@ -4575,6 +5118,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, XMEMSET(tag, 0, 16); XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(nonce, 0, AEAD_NONCE_SZ); XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); @@ -5726,6 +6270,7 @@ static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest) Md5Final(&ssl->hashMd5, digest); } + static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest) { byte sha_result[SHA_DIGEST_SIZE]; @@ -5789,8 +6334,8 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) } /* restore */ - ssl->hashMd5 = md5; - ssl->hashSha = sha; + ssl->hashMd5 = md5; + ssl->hashSha = sha; #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 @@ -5807,8 +6352,8 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) #endif /* CYASSL_LEANPSK */ /* Build SSL Message, encrypted */ -static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, - int type) +static int BuildMessage(CYASSL* ssl, byte* output, int outSz, + const byte* input, int inSz, int type) { #ifdef HAVE_TRUNCATED_HMAC word32 digestSz = min(ssl->specs.hash_size, @@ -5863,6 +6408,10 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); } #endif + if (sz > (word32)outSz) { + CYASSL_MSG("Oops, want to write past output buffer size"); + return BUFFER_E; + } size = (word16)(sz - headerSz); /* include mac and digest */ AddRecordHeader(output, size, (byte)type, ssl); @@ -5931,6 +6480,7 @@ int SendFinished(CYASSL* ssl) Hashes* hashes; int ret; int headerSz = HANDSHAKE_HEADER_SZ; + int outputSz; #ifdef CYASSL_DTLS word32 sequence_number = ssl->keys.dtls_sequence_number; @@ -5939,7 +6489,8 @@ int SendFinished(CYASSL* ssl) /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sizeof(input) + MAX_MSG_EXTRA)) != 0) + outputSz = sizeof(input) + MAX_MSG_EXTRA; + if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) return ret; #ifdef CYASSL_DTLS @@ -5964,7 +6515,10 @@ int SendFinished(CYASSL* ssl) ssl->options.side == CYASSL_CLIENT_END ? client : server); if (ret != 0) return ret; - sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake); + sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz, + handshake); + if (sendSz < 0) + return BUILD_MSG_ERROR; #ifdef CYASSL_DTLS if (ssl->options.dtls) { @@ -5973,9 +6527,6 @@ int SendFinished(CYASSL* ssl) } #endif - if (sendSz < 0) - return BUILD_MSG_ERROR; - if (!ssl->options.resuming) { #ifndef NO_SESSION_CACHE AddSession(ssl); /* just try */ @@ -6133,7 +6684,7 @@ int SendCertificateRequest(CYASSL* ssl) int sendSz; word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - int typeTotal = 1; /* only rsa for now */ + int typeTotal = 1; /* only 1 for now */ int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */ if (IsAtLeastTLSv1_2(ssl)) @@ -6161,7 +6712,15 @@ int SendCertificateRequest(CYASSL* ssl) /* write to output */ output[i++] = (byte)typeTotal; /* # of types */ - output[i++] = rsa_sign; +#ifdef HAVE_ECC + if (ssl->options.cipherSuite0 == ECC_BYTE && + ssl->specs.sig_algo == ecc_dsa_sa_algo) { + output[i++] = ecdsa_sign; + } else +#endif /* HAVE_ECC */ + { + output[i++] = rsa_sign; + } /* supported hash/sig */ if (IsAtLeastTLSv1_2(ssl)) { @@ -6208,7 +6767,8 @@ int SendData(CYASSL* ssl, const void* data, int sz) { int sent = 0, /* plainText size */ sendSz, - ret; + ret, + dtlsExtra = 0; if (ssl->error == WANT_WRITE) ssl->error = 0; @@ -6236,6 +6796,12 @@ int SendData(CYASSL* ssl, const void* data, int sz) } } +#ifdef CYASSL_DTLS + if (ssl->options.dtls) { + dtlsExtra = DTLS_RECORD_EXTRA; + } +#endif + for (;;) { #ifdef HAVE_MAX_FRAGMENT int len = min(sz - sent, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)); @@ -6244,7 +6810,8 @@ int SendData(CYASSL* ssl, const void* data, int sz) #endif byte* out; byte* sendBuffer = (byte*)data + sent; /* may switch on comp */ - int buffSz = len; /* may switch on comp */ + int buffSz = len; /* may switch on comp */ + int outputSz; #ifdef HAVE_LIBZ byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif @@ -6259,8 +6826,8 @@ int SendData(CYASSL* ssl, const void* data, int sz) #endif /* check for available size */ - if ((ret = CheckAvailableSize(ssl, len + COMP_EXTRA + - MAX_MSG_EXTRA)) != 0) + outputSz = len + COMP_EXTRA + dtlsExtra + MAX_MSG_EXTRA; + if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) return ssl->error = ret; /* get ouput buffer */ @@ -6276,8 +6843,10 @@ int SendData(CYASSL* ssl, const void* data, int sz) sendBuffer = comp; } #endif - sendSz = BuildMessage(ssl, out, sendBuffer, buffSz, + sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz, application_data); + if (sendSz < 0) + return BUILD_MSG_ERROR; ssl->buffers.outputBuffer.length += sendSz; @@ -6370,6 +6939,7 @@ int SendAlert(CYASSL* ssl, int severity, int type) byte *output; int sendSz; int ret; + int outputSz; int dtlsExtra = 0; /* if sendalert is called again for nonbloking */ @@ -6386,8 +6956,8 @@ int SendAlert(CYASSL* ssl, int severity, int type) #endif /* check for available size */ - if ((ret = CheckAvailableSize(ssl, - ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra)) != 0) + outputSz = ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra; + if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) return ret; /* get ouput buffer */ @@ -6405,7 +6975,7 @@ int SendAlert(CYASSL* ssl, int severity, int type) /* only send encrypted alert if handshake actually complete, otherwise other side may not be able to handle it */ if (ssl->keys.encryptionOn && ssl->options.handShakeState == HANDSHAKE_DONE) - sendSz = BuildMessage(ssl, output, input, ALERT_SIZE, alert); + sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE, alert); else { AddRecordHeader(output, ALERT_SIZE, alert, ssl); @@ -6422,6 +6992,8 @@ int SendAlert(CYASSL* ssl, int severity, int type) sendSz += DTLS_RECORD_EXTRA; #endif } + if (sendSz < 0) + return BUILD_MSG_ERROR; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -6436,377 +7008,296 @@ int SendAlert(CYASSL* ssl, int severity, int type) return SendBuffered(ssl); } - - -void SetErrorString(int error, char* str) +const char* CyaSSL_ERR_reason_error_string(unsigned long e) { - const int max = CYASSL_MAX_ERROR_SZ; /* shorthand */ - #ifdef NO_ERROR_STRINGS - (void)error; - XSTRNCPY(str, "no support for error strings built in", max); + (void)e; + return "no support for error strings built in"; #else + int error = (int)e; + /* pass to CTaoCrypt */ if (error < MAX_CODE_E && error > MIN_CODE_E) { - CTaoCryptErrorString(error, str); - return; + return CTaoCryptGetErrorString(error); } switch (error) { case UNSUPPORTED_SUITE : - XSTRNCPY(str, "unsupported cipher suite", max); - break; + return "unsupported cipher suite"; case INPUT_CASE_ERROR : - XSTRNCPY(str, "input state error", max); - break; + return "input state error"; case PREFIX_ERROR : - XSTRNCPY(str, "bad index to key rounds", max); - break; + return "bad index to key rounds"; case MEMORY_ERROR : - XSTRNCPY(str, "out of memory", max); - break; + return "out of memory"; case VERIFY_FINISHED_ERROR : - XSTRNCPY(str, "verify problem on finished", max); - break; + return "verify problem on finished"; case VERIFY_MAC_ERROR : - XSTRNCPY(str, "verify mac problem", max); - break; + return "verify mac problem"; case PARSE_ERROR : - XSTRNCPY(str, "parse error on header", max); - break; + return "parse error on header"; case SIDE_ERROR : - XSTRNCPY(str, "wrong client/server type", max); - break; + return "wrong client/server type"; case NO_PEER_CERT : - XSTRNCPY(str, "peer didn't send cert", max); - break; + return "peer didn't send cert"; case UNKNOWN_HANDSHAKE_TYPE : - XSTRNCPY(str, "weird handshake type", max); - break; + return "weird handshake type"; case SOCKET_ERROR_E : - XSTRNCPY(str, "error state on socket", max); - break; + return "error state on socket"; case SOCKET_NODATA : - XSTRNCPY(str, "expected data, not there", max); - break; + return "expected data, not there"; case INCOMPLETE_DATA : - XSTRNCPY(str, "don't have enough data to complete task", max); - break; + return "don't have enough data to complete task"; case UNKNOWN_RECORD_TYPE : - XSTRNCPY(str, "unknown type in record hdr", max); - break; + return "unknown type in record hdr"; case DECRYPT_ERROR : - XSTRNCPY(str, "error during decryption", max); - break; + return "error during decryption"; case FATAL_ERROR : - XSTRNCPY(str, "revcd alert fatal error", max); - break; + return "revcd alert fatal error"; case ENCRYPT_ERROR : - XSTRNCPY(str, "error during encryption", max); - break; + return "error during encryption"; case FREAD_ERROR : - XSTRNCPY(str, "fread problem", max); - break; + return "fread problem"; case NO_PEER_KEY : - XSTRNCPY(str, "need peer's key", max); - break; + return "need peer's key"; case NO_PRIVATE_KEY : - XSTRNCPY(str, "need the private key", max); - break; + return "need the private key"; case NO_DH_PARAMS : - XSTRNCPY(str, "server missing DH params", max); - break; + return "server missing DH params"; case RSA_PRIVATE_ERROR : - XSTRNCPY(str, "error during rsa priv op", max); - break; + return "error during rsa priv op"; case MATCH_SUITE_ERROR : - XSTRNCPY(str, "can't match cipher suite", max); - break; + return "can't match cipher suite"; case BUILD_MSG_ERROR : - XSTRNCPY(str, "build message failure", max); - break; + return "build message failure"; case BAD_HELLO : - XSTRNCPY(str, "client hello malformed", max); - break; + return "client hello malformed"; case DOMAIN_NAME_MISMATCH : - XSTRNCPY(str, "peer subject name mismatch", max); - break; + return "peer subject name mismatch"; case WANT_READ : case SSL_ERROR_WANT_READ : - XSTRNCPY(str, "non-blocking socket wants data to be read", max); - break; + return "non-blocking socket wants data to be read"; case NOT_READY_ERROR : - XSTRNCPY(str, "handshake layer not ready yet, complete first", max); - break; + return "handshake layer not ready yet, complete first"; case PMS_VERSION_ERROR : - XSTRNCPY(str, "premaster secret version mismatch error", max); - break; + return "premaster secret version mismatch error"; case VERSION_ERROR : - XSTRNCPY(str, "record layer version error", max); - break; + return "record layer version error"; case WANT_WRITE : case SSL_ERROR_WANT_WRITE : - XSTRNCPY(str, "non-blocking socket write buffer full", max); - break; + return "non-blocking socket write buffer full"; case BUFFER_ERROR : - XSTRNCPY(str, "malformed buffer input error", max); - break; + return "malformed buffer input error"; case VERIFY_CERT_ERROR : - XSTRNCPY(str, "verify problem on certificate", max); - break; + return "verify problem on certificate"; case VERIFY_SIGN_ERROR : - XSTRNCPY(str, "verify problem based on signature", max); - break; + return "verify problem based on signature"; case CLIENT_ID_ERROR : - XSTRNCPY(str, "psk client identity error", max); - break; + return "psk client identity error"; case SERVER_HINT_ERROR: - XSTRNCPY(str, "psk server hint error", max); - break; + return "psk server hint error"; case PSK_KEY_ERROR: - XSTRNCPY(str, "psk key callback error", max); - break; + return "psk key callback error"; case NTRU_KEY_ERROR: - XSTRNCPY(str, "NTRU key error", max); - break; + return "NTRU key error"; case NTRU_DRBG_ERROR: - XSTRNCPY(str, "NTRU drbg error", max); - break; + return "NTRU drbg error"; case NTRU_ENCRYPT_ERROR: - XSTRNCPY(str, "NTRU encrypt error", max); - break; + return "NTRU encrypt error"; case NTRU_DECRYPT_ERROR: - XSTRNCPY(str, "NTRU decrypt error", max); - break; + return "NTRU decrypt error"; case ZLIB_INIT_ERROR: - XSTRNCPY(str, "zlib init error", max); - break; + return "zlib init error"; case ZLIB_COMPRESS_ERROR: - XSTRNCPY(str, "zlib compress error", max); - break; + return "zlib compress error"; case ZLIB_DECOMPRESS_ERROR: - XSTRNCPY(str, "zlib decompress error", max); - break; + return "zlib decompress error"; case GETTIME_ERROR: - XSTRNCPY(str, "gettimeofday() error", max); - break; + return "gettimeofday() error"; case GETITIMER_ERROR: - XSTRNCPY(str, "getitimer() error", max); - break; + return "getitimer() error"; case SIGACT_ERROR: - XSTRNCPY(str, "sigaction() error", max); - break; + return "sigaction() error"; case SETITIMER_ERROR: - XSTRNCPY(str, "setitimer() error", max); - break; + return "setitimer() error"; case LENGTH_ERROR: - XSTRNCPY(str, "record layer length error", max); - break; + return "record layer length error"; case PEER_KEY_ERROR: - XSTRNCPY(str, "cant decode peer key", max); - break; + return "cant decode peer key"; case ZERO_RETURN: case SSL_ERROR_ZERO_RETURN: - XSTRNCPY(str, "peer sent close notify alert", max); - break; + return "peer sent close notify alert"; case ECC_CURVETYPE_ERROR: - XSTRNCPY(str, "Bad ECC Curve Type or unsupported", max); - break; + return "Bad ECC Curve Type or unsupported"; case ECC_CURVE_ERROR: - XSTRNCPY(str, "Bad ECC Curve or unsupported", max); - break; + return "Bad ECC Curve or unsupported"; case ECC_PEERKEY_ERROR: - XSTRNCPY(str, "Bad ECC Peer Key", max); - break; + return "Bad ECC Peer Key"; case ECC_MAKEKEY_ERROR: - XSTRNCPY(str, "ECC Make Key failure", max); - break; + return "ECC Make Key failure"; case ECC_EXPORT_ERROR: - XSTRNCPY(str, "ECC Export Key failure", max); - break; + return "ECC Export Key failure"; case ECC_SHARED_ERROR: - XSTRNCPY(str, "ECC DHE shared failure", max); - break; + return "ECC DHE shared failure"; case NOT_CA_ERROR: - XSTRNCPY(str, "Not a CA by basic constraint error", max); - break; + return "Not a CA by basic constraint error"; case BAD_PATH_ERROR: - XSTRNCPY(str, "Bad path for opendir error", max); - break; + return "Bad path for opendir error"; case BAD_CERT_MANAGER_ERROR: - XSTRNCPY(str, "Bad Cert Manager error", max); - break; + return "Bad Cert Manager error"; case OCSP_CERT_REVOKED: - XSTRNCPY(str, "OCSP Cert revoked", max); - break; + return "OCSP Cert revoked"; case CRL_CERT_REVOKED: - XSTRNCPY(str, "CRL Cert revoked", max); - break; + return "CRL Cert revoked"; case CRL_MISSING: - XSTRNCPY(str, "CRL missing, not loaded", max); - break; + return "CRL missing, not loaded"; case MONITOR_RUNNING_E: - XSTRNCPY(str, "CRL monitor already running", max); - break; + return "CRL monitor already running"; case THREAD_CREATE_E: - XSTRNCPY(str, "Thread creation problem", max); - break; + return "Thread creation problem"; case OCSP_NEED_URL: - XSTRNCPY(str, "OCSP need URL", max); - break; + return "OCSP need URL"; case OCSP_CERT_UNKNOWN: - XSTRNCPY(str, "OCSP Cert unknown", max); - break; + return "OCSP Cert unknown"; case OCSP_LOOKUP_FAIL: - XSTRNCPY(str, "OCSP Responder lookup fail", max); - break; + return "OCSP Responder lookup fail"; case MAX_CHAIN_ERROR: - XSTRNCPY(str, "Maximum Chain Depth Exceeded", max); - break; + return "Maximum Chain Depth Exceeded"; case COOKIE_ERROR: - XSTRNCPY(str, "DTLS Cookie Error", max); - break; + return "DTLS Cookie Error"; case SEQUENCE_ERROR: - XSTRNCPY(str, "DTLS Sequence Error", max); - break; + return "DTLS Sequence Error"; case SUITES_ERROR: - XSTRNCPY(str, "Suites Pointer Error", max); - break; + return "Suites Pointer Error"; case SSL_NO_PEM_HEADER: - XSTRNCPY(str, "No PEM Header Error", max); - break; + return "No PEM Header Error"; case OUT_OF_ORDER_E: - XSTRNCPY(str, "Out of order message, fatal", max); - break; + return "Out of order message, fatal"; case BAD_KEA_TYPE_E: - XSTRNCPY(str, "Bad KEA type found", max); - break; + return "Bad KEA type found"; case SANITY_CIPHER_E: - XSTRNCPY(str, "Sanity check on ciphertext failed", max); - break; + return "Sanity check on ciphertext failed"; case RECV_OVERFLOW_E: - XSTRNCPY(str, "Receive callback returned more than requested", max); - break; + return "Receive callback returned more than requested"; case GEN_COOKIE_E: - XSTRNCPY(str, "Generate Cookie Error", max); - break; + return "Generate Cookie Error"; case NO_PEER_VERIFY: - XSTRNCPY(str, "Need peer certificate verify Error", max); - break; + return "Need peer certificate verify Error"; case FWRITE_ERROR: - XSTRNCPY(str, "fwrite Error", max); - break; + return "fwrite Error"; case CACHE_MATCH_ERROR: - XSTRNCPY(str, "Cache restore header match Error", max); - break; + return "Cache restore header match Error"; case UNKNOWN_SNI_HOST_NAME_E: - XSTRNCPY(str, "Unrecognized host name Error", max); - break; + return "Unrecognized host name Error"; case KEYUSE_SIGNATURE_E: - XSTRNCPY(str, "Key Use digitalSignature not set Error", max); - break; + return "Key Use digitalSignature not set Error"; case KEYUSE_ENCIPHER_E: - XSTRNCPY(str, "Key Use keyEncipherment not set Error", max); - break; + return "Key Use keyEncipherment not set Error"; case EXTKEYUSE_AUTH_E: - XSTRNCPY(str, "Ext Key Use server/client auth not set Error", max); - break; + return "Ext Key Use server/client auth not set Error"; + + case SEND_OOB_READ_E: + return "Send Callback Out of Bounds Read Error"; default : - XSTRNCPY(str, "unknown error number", max); + return "unknown error number"; } #endif /* NO_ERROR_STRINGS */ } +void SetErrorString(int error, char* str) +{ + XSTRNCPY(str, CyaSSL_ERR_reason_error_string(error), CYASSL_MAX_ERROR_SZ); +} /* be sure to add to cipher_name_idx too !!!! */ @@ -6848,6 +7339,34 @@ static const char* const cipher_names[] = "DHE-RSA-AES256-SHA", #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + "DHE-PSK-AES256-GCM-SHA384", +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + "DHE-PSK-AES128-GCM-SHA256", +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 + "PSK-AES256-GCM-SHA384", +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + "PSK-AES128-GCM-SHA256", +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + "DHE-PSK-AES256-CBC-SHA384", +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + "DHE-PSK-AES128-CBC-SHA256", +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + "PSK-AES256-CBC-SHA384", +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256", #endif @@ -6860,6 +7379,22 @@ static const char* const cipher_names[] = "PSK-AES256-CBC-SHA", #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + "DHE-PSK-AES128-CCM", +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + "DHE-PSK-AES256-CCM", +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM + "PSK-AES128-CCM", +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM + "PSK-AES256-CCM", +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM-8", #endif @@ -6868,6 +7403,18 @@ static const char* const cipher_names[] = "PSK-AES256-CCM-8", #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + "DHE-PSK-NULL-SHA384", +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + "DHE-PSK-NULL-SHA256", +#endif + +#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 + "PSK-NULL-SHA384", +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256", #endif @@ -7172,6 +7719,34 @@ static int cipher_name_idx[] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA, #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 + TLS_PSK_WITH_AES_256_GCM_SHA384, +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + TLS_PSK_WITH_AES_128_GCM_SHA256, +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + TLS_PSK_WITH_AES_256_CBC_SHA384, +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 TLS_PSK_WITH_AES_128_CBC_SHA256, #endif @@ -7184,6 +7759,22 @@ static int cipher_name_idx[] = TLS_PSK_WITH_AES_256_CBC_SHA, #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + TLS_DHE_PSK_WITH_AES_128_CCM, +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + TLS_DHE_PSK_WITH_AES_256_CCM, +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM + TLS_PSK_WITH_AES_128_CCM, +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM + TLS_PSK_WITH_AES_256_CCM, +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 TLS_PSK_WITH_AES_128_CCM_8, #endif @@ -7192,6 +7783,18 @@ static int cipher_name_idx[] = TLS_PSK_WITH_AES_256_CCM_8, #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + TLS_DHE_PSK_WITH_NULL_SHA384, +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + TLS_DHE_PSK_WITH_NULL_SHA256, +#endif + +#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 + TLS_PSK_WITH_NULL_SHA384, +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 TLS_PSK_WITH_NULL_SHA256, #endif @@ -7448,10 +8051,6 @@ static int cipher_name_idx[] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, #endif -#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_128_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_CHACHA20_128_POLY1305_SHA256, -#endif - #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256, #endif @@ -7500,10 +8099,10 @@ int SetCipherList(Suites* s, const char* list) for (i = 0; i < suiteSz; i++) if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) { - if (XSTRSTR(name, "EC") || XSTRSTR(name, "CCM")) { - if (XSTRSTR(name, "CHACHA")) - s->suites[idx++] = CHACHA_BYTE; - else + if (XSTRSTR(name, "CHACHA")) + s->suites[idx++] = CHACHA_BYTE; + else if (XSTRSTR(name, "EC") || XSTRSTR(name, "CCM")) { + s->suites[idx++] = ECC_BYTE; /* ECC suite */ } else @@ -8028,7 +8627,7 @@ static void PickHashSigAlgo(CYASSL* ssl, /* tls extensions */ if ( (i - begin) < helloSz) { #ifdef HAVE_TLS_EXTENSIONS - if (IsTLS(ssl)) { + if (TLSX_SupportExtensions(ssl)) { int ret = 0; word16 totalExtSz; Suites clSuites; /* just for compatibility right now */ @@ -8098,6 +8697,31 @@ static void PickHashSigAlgo(CYASSL* ssl, } + /* Make sure client setup is valid for this suite, true on success */ + int VerifyClientSuite(CYASSL* ssl) + { + int havePSK = 0; + byte first = ssl->options.cipherSuite0; + byte second = ssl->options.cipherSuite; + + CYASSL_ENTER("VerifyClientSuite"); + + #ifndef NO_PSK + havePSK = ssl->options.havePSK; + #endif + + if (CipherRequires(first, second, REQUIRES_PSK)) { + CYASSL_MSG("Requires PSK"); + if (havePSK == 0) { + CYASSL_MSG("Don't have PSK"); + return 0; + } + } + + return 1; /* success */ + } + + #ifndef NO_CERTS /* just read in and ignore for now TODO: */ static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32* @@ -8219,7 +8843,7 @@ static void PickHashSigAlgo(CYASSL* ssl, return 0; } #endif - #ifdef OPENSSL_EXTRA + #ifndef NO_DH if (ssl->specs.kea == diffie_hellman_kea) { /* p */ @@ -8285,7 +8909,7 @@ static void PickHashSigAlgo(CYASSL* ssl, XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); *inOutIdx += length; } /* dh_kea */ - #endif /* OPENSSL_EXTRA */ + #endif /* NO_DH */ #ifdef HAVE_ECC if (ssl->specs.kea == ecc_diffie_hellman_kea) @@ -8320,11 +8944,95 @@ static void PickHashSigAlgo(CYASSL* ssl, } #endif /* HAVE_ECC */ - #if defined(OPENSSL_EXTRA) || defined(HAVE_ECC) + #if !defined(NO_DH) && !defined(NO_PSK) + if (ssl->specs.kea == dhe_psk_kea) { + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &length); + *inOutIdx += OPAQUE16_LEN; + + if ((*inOutIdx - begin) + length > size) + return BUFFER_ERROR; + + XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx, + min(length, MAX_PSK_ID_LEN)); + + ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0; + *inOutIdx += length; + + /* p */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &length); + *inOutIdx += OPAQUE16_LEN; + + if ((*inOutIdx - begin) + length > size) + return BUFFER_ERROR; + + ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap, + DYNAMIC_TYPE_DH); + + if (ssl->buffers.serverDH_P.buffer) + ssl->buffers.serverDH_P.length = length; + else + return MEMORY_ERROR; + + XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length); + *inOutIdx += length; + + /* g */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &length); + *inOutIdx += OPAQUE16_LEN; + + if ((*inOutIdx - begin) + length > size) + return BUFFER_ERROR; + + ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap, + DYNAMIC_TYPE_DH); + + if (ssl->buffers.serverDH_G.buffer) + ssl->buffers.serverDH_G.length = length; + else + return MEMORY_ERROR; + + XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length); + *inOutIdx += length; + + /* pub */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &length); + *inOutIdx += OPAQUE16_LEN; + + if ((*inOutIdx - begin) + length > size) + return BUFFER_ERROR; + + ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap, + DYNAMIC_TYPE_DH); + + if (ssl->buffers.serverDH_Pub.buffer) + ssl->buffers.serverDH_Pub.length = length; + else + return MEMORY_ERROR; + + XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); + *inOutIdx += length; + } + #endif /* !NO_DH || !NO_PSK */ + + #if !defined(NO_DH) || defined(HAVE_ECC) + if (ssl->specs.kea == ecc_diffie_hellman_kea || + ssl->specs.kea == diffie_hellman_kea) { #ifndef NO_OLD_TLS - Md5 md5; - Sha sha; + Md5 md5; + Sha sha; #endif #ifndef NO_SHA256 Sha256 sha256; @@ -8383,7 +9091,6 @@ static void PickHashSigAlgo(CYASSL* ssl, ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN); ShaUpdate(&sha, messageVerify, verifySz); ShaFinal(&sha, hash + MD5_DIGEST_SIZE); - #endif #ifndef NO_SHA256 @@ -8564,12 +9271,11 @@ static void PickHashSigAlgo(CYASSL* ssl, *inOutIdx += length; ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; - - return 0; } -#else /* HAVE_OPENSSL or HAVE_ECC */ + return 0; +#else /* !NO_DH or HAVE_ECC */ return NOT_COMPILED_IN; /* not supported by build */ -#endif /* HAVE_OPENSSL or HAVE_ECC */ +#endif /* !NO_DH or HAVE_ECC */ } @@ -8630,7 +9336,7 @@ static void PickHashSigAlgo(CYASSL* ssl, } break; #endif - #ifdef OPENSSL_EXTRA + #ifndef NO_DH case diffie_hellman_kea: { buffer serverP = ssl->buffers.serverDH_P; @@ -8658,7 +9364,7 @@ static void PickHashSigAlgo(CYASSL* ssl, FreeDhKey(&key); } break; - #endif /* OPENSSL_EXTRA */ + #endif /* NO_DH */ #ifndef NO_PSK case psk_kea: { @@ -8689,6 +9395,73 @@ static void PickHashSigAlgo(CYASSL* ssl, } break; #endif /* NO_PSK */ + #if !defined(NO_DH) && !defined(NO_PSK) + case dhe_psk_kea: + { + byte* pms = ssl->arrays->preMasterSecret; + byte* es = encSecret; + buffer serverP = ssl->buffers.serverDH_P; + buffer serverG = ssl->buffers.serverDH_G; + buffer serverPub = ssl->buffers.serverDH_Pub; + byte priv[ENCRYPT_LEN]; + word32 privSz = 0; + word32 pubSz = 0; + word32 esSz = 0; + DhKey key; + + if (serverP.buffer == 0 || serverG.buffer == 0 || + serverPub.buffer == 0) + return NO_PEER_KEY; + + ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl, + ssl->arrays->server_hint, ssl->arrays->client_identity, + MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); + if (ssl->arrays->psk_keySz == 0 || + ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) + return PSK_KEY_ERROR; + esSz = (word32)XSTRLEN(ssl->arrays->client_identity); + + if (esSz > MAX_PSK_ID_LEN) + return CLIENT_ID_ERROR; + c16toa((word16)esSz, es); + es += OPAQUE16_LEN; + XMEMCPY(es, ssl->arrays->client_identity, esSz); + es += esSz; + encSz = esSz + OPAQUE16_LEN; + + InitDhKey(&key); + ret = DhSetKey(&key, serverP.buffer, serverP.length, + serverG.buffer, serverG.length); + if (ret == 0) + /* for DH, encSecret is Yc, agree is pre-master */ + ret = DhGenerateKeyPair(&key, ssl->rng, priv, &privSz, + es + OPAQUE16_LEN, &pubSz); + if (ret == 0) + ret = DhAgree(&key, pms + OPAQUE16_LEN, + &ssl->arrays->preMasterSz, priv, privSz, + serverPub.buffer, serverPub.length); + FreeDhKey(&key); + if (ret != 0) + return ret; + + c16toa((word16)pubSz, es); + encSz += pubSz + OPAQUE16_LEN; + c16toa((word16)ssl->arrays->preMasterSz, pms); + ssl->arrays->preMasterSz += OPAQUE16_LEN; + pms += ssl->arrays->preMasterSz; + + /* make psk pre master secret */ + /* length of key + length 0s + length of key + key */ + c16toa((word16)ssl->arrays->psk_keySz, pms); + pms += OPAQUE16_LEN; + XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); + ssl->arrays->preMasterSz += + ssl->arrays->psk_keySz + OPAQUE16_LEN; + XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); + ssl->arrays->psk_keySz = 0; /* No further need */ + } + break; + #endif /* !NO_DH && !NO_PSK */ #ifdef HAVE_NTRU case ntru_kea: { @@ -8709,18 +9482,18 @@ static void PickHashSigAlgo(CYASSL* ssl, if (ssl->peerNtruKeyPresent == 0) return NO_PEER_KEY; - rc = crypto_drbg_instantiate(MAX_NTRU_BITS, cyasslStr, - sizeof(cyasslStr), GetEntropy, - &drbg); + rc = ntru_crypto_drbg_instantiate(MAX_NTRU_BITS, cyasslStr, + sizeof(cyasslStr), GetEntropy, + &drbg); if (rc != DRBG_OK) return NTRU_DRBG_ERROR; - rc = crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen, - ssl->peerNtruKey, - ssl->arrays->preMasterSz, - ssl->arrays->preMasterSecret, - &cipherLen, encSecret); - crypto_drbg_uninstantiate(drbg); + rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen, + ssl->peerNtruKey, + ssl->arrays->preMasterSz, + ssl->arrays->preMasterSecret, + &cipherLen, encSecret); + ntru_crypto_drbg_uninstantiate(drbg); if (rc != NTRU_OK) return NTRU_ENCRYPT_ERROR; @@ -8788,7 +9561,8 @@ static void PickHashSigAlgo(CYASSL* ssl, if (ssl->options.tls || ssl->specs.kea == diffie_hellman_kea) tlsSz = 2; - if (ssl->specs.kea == ecc_diffie_hellman_kea) /* always off */ + if (ssl->specs.kea == ecc_diffie_hellman_kea || + ssl->specs.kea == dhe_psk_kea) /* always off */ tlsSz = 0; sendSz = encSz + tlsSz + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; @@ -9215,8 +9989,7 @@ static void PickHashSigAlgo(CYASSL* ssl, /* last, extensions */ #ifdef HAVE_TLS_EXTENSIONS - if (IsTLS(ssl)) - TLSX_WriteResponse(ssl, output + idx); + TLSX_WriteResponse(ssl, output + idx); #endif ssl->buffers.outputBuffer.length += sendSz; @@ -9334,6 +10107,126 @@ static void PickHashSigAlgo(CYASSL* ssl, } #endif /*NO_PSK */ + #if !defined(NO_DH) && !defined(NO_PSK) + if (ssl->specs.kea == dhe_psk_kea) { + byte *output; + word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + word32 hintLen; + int sendSz; + DhKey dhKey; + + if (ssl->buffers.serverDH_P.buffer == NULL || + ssl->buffers.serverDH_G.buffer == NULL) + return NO_DH_PARAMS; + + if (ssl->buffers.serverDH_Pub.buffer == NULL) { + ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( + ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, + DYNAMIC_TYPE_DH); + if (ssl->buffers.serverDH_Pub.buffer == NULL) + return MEMORY_E; + } + + if (ssl->buffers.serverDH_Priv.buffer == NULL) { + ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( + ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, + DYNAMIC_TYPE_DH); + if (ssl->buffers.serverDH_Priv.buffer == NULL) + return MEMORY_E; + } + + InitDhKey(&dhKey); + ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + if (ret == 0) + ret = DhGenerateKeyPair(&dhKey, ssl->rng, + ssl->buffers.serverDH_Priv.buffer, + &ssl->buffers.serverDH_Priv.length, + ssl->buffers.serverDH_Pub.buffer, + &ssl->buffers.serverDH_Pub.length); + FreeDhKey(&dhKey); + if (ret != 0) + return ret; + + length = LENGTH_SZ * 3 + /* p, g, pub */ + ssl->buffers.serverDH_P.length + + ssl->buffers.serverDH_G.length + + ssl->buffers.serverDH_Pub.length; + + /* include size part */ + hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); + if (hintLen > MAX_PSK_ID_LEN) + return SERVER_HINT_ERROR; + length += hintLen + HINT_LEN_SZ; + sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; + + #ifdef CYASSL_DTLS + if (ssl->options.dtls) { + sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + } + #endif + /* check for available size */ + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) + return ret; + + /* get ouput buffer */ + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + + AddHeaders(output, length, server_key_exchange, ssl); + + /* key data */ + c16toa((word16)hintLen, output + idx); + idx += HINT_LEN_SZ; + XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen); + idx += hintLen; + + /* add p, g, pub */ + c16toa((word16)ssl->buffers.serverDH_P.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length); + idx += ssl->buffers.serverDH_P.length; + + /* g */ + c16toa((word16)ssl->buffers.serverDH_G.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + idx += ssl->buffers.serverDH_G.length; + + /* pub */ + c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer, + ssl->buffers.serverDH_Pub.length); + idx += ssl->buffers.serverDH_Pub.length; + + ret = HashOutput(ssl, output, sendSz, 0); + + if (ret != 0) + return ret; + + #ifdef CYASSL_CALLBACKS + if (ssl->hsInfoOn) + AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); + if (ssl->toInfoOn) + AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, + output, sendSz, ssl->heap); + #endif + + ssl->buffers.outputBuffer.length += sendSz; + if (ssl->options.groupMessages) + ret = 0; + else + ret = SendBuffered(ssl); + ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; + } + #endif /* !NO_DH && !NO_PSK */ + #ifdef HAVE_ECC if (ssl->specs.kea == ecc_diffie_hellman_kea) { @@ -9676,7 +10569,7 @@ static void PickHashSigAlgo(CYASSL* ssl, } #endif /* HAVE_ECC */ - #ifdef OPENSSL_EXTRA + #if !defined(NO_DH) && !defined(NO_RSA) if (ssl->specs.kea == diffie_hellman_kea) { byte *output; word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; @@ -9957,447 +10850,12 @@ static void PickHashSigAlgo(CYASSL* ssl, ret = SendBuffered(ssl); ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; } - #endif /* OPENSSL_EXTRA */ + #endif /* NO_DH */ return ret; } - /* cipher requirements */ - enum { - REQUIRES_RSA, - REQUIRES_DHE, - REQUIRES_ECC_DSA, - REQUIRES_ECC_STATIC, - REQUIRES_PSK, - REQUIRES_NTRU, - REQUIRES_RSA_SIG - }; - - - - /* Does this cipher suite (first, second) have the requirement - an ephemeral key exchange will still require the key for signing - the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */ - static int CipherRequires(byte first, byte second, int requirement) - { - - if (first == CHACHA_BYTE) { - - switch (second) { - - case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 : - if (requirement == REQUIRES_RSA) - return 1; - break; - } - } - - /* ECC extensions */ - if (first == ECC_BYTE) { - - switch (second) { -#ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - if (requirement == REQUIRES_RSA_SIG) - return 1; - break; - -#ifndef NO_DES3 - case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - if (requirement == REQUIRES_RSA_SIG) - return 1; - break; -#endif - -#ifndef NO_RC4 - case TLS_ECDHE_RSA_WITH_RC4_128_SHA : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_ECDH_RSA_WITH_RC4_128_SHA : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - if (requirement == REQUIRES_RSA_SIG) - return 1; - break; -#endif -#endif /* NO_RSA */ - -#ifndef NO_DES3 - case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : - if (requirement == REQUIRES_ECC_DSA) - return 1; - break; - - case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - break; -#endif -#ifndef NO_RC4 - case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : - if (requirement == REQUIRES_ECC_DSA) - return 1; - break; - - case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - break; -#endif -#ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - if (requirement == REQUIRES_RSA_SIG) - return 1; - break; -#endif - - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : - if (requirement == REQUIRES_ECC_DSA) - return 1; - break; - - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - break; - - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : - if (requirement == REQUIRES_ECC_DSA) - return 1; - break; - - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - break; - - case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : - if (requirement == REQUIRES_ECC_DSA) - return 1; - break; - - case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : - if (requirement == REQUIRES_ECC_DSA) - return 1; - break; - - case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - break; - - case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - break; - -#ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - if (requirement == REQUIRES_RSA_SIG) - return 1; - break; - - case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : - if (requirement == REQUIRES_ECC_STATIC) - return 1; - if (requirement == REQUIRES_RSA_SIG) - return 1; - break; - - case TLS_RSA_WITH_AES_128_CCM_8 : - case TLS_RSA_WITH_AES_256_CCM_8 : - if (requirement == REQUIRES_RSA) - return 1; - if (requirement == REQUIRES_RSA_SIG) - return 1; - break; - - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : - if (requirement == REQUIRES_RSA) - return 1; - if (requirement == REQUIRES_RSA_SIG) - return 1; - break; - - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : - if (requirement == REQUIRES_RSA_SIG) - return 1; - if (requirement == REQUIRES_ECC_STATIC) - return 1; - break; -#endif - - case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : - case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : - if (requirement == REQUIRES_ECC_DSA) - return 1; - break; - - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : - if (requirement == REQUIRES_ECC_DSA) - return 1; - break; - - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : - if (requirement == REQUIRES_ECC_DSA) - return 1; - if (requirement == REQUIRES_ECC_STATIC) - return 1; - break; - - case TLS_PSK_WITH_AES_128_CCM: - case TLS_PSK_WITH_AES_256_CCM: - case TLS_PSK_WITH_AES_128_CCM_8: - case TLS_PSK_WITH_AES_256_CCM_8: - if (requirement == REQUIRES_PSK) - return 1; - break; - - default: - CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); - return 0; - } /* switch */ - } /* if */ - if (first != ECC_BYTE && first != CHACHA_BYTE) { /* normal suites */ - switch (second) { - -#ifndef NO_RSA - case SSL_RSA_WITH_RC4_128_SHA : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_NTRU_RSA_WITH_RC4_128_SHA : - if (requirement == REQUIRES_NTRU) - return 1; - break; - - case SSL_RSA_WITH_RC4_128_MD5 : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case SSL_RSA_WITH_3DES_EDE_CBC_SHA : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : - if (requirement == REQUIRES_NTRU) - return 1; - break; - - case TLS_RSA_WITH_AES_128_CBC_SHA : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_RSA_WITH_AES_128_CBC_SHA256 : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : - if (requirement == REQUIRES_NTRU) - return 1; - break; - - case TLS_RSA_WITH_AES_256_CBC_SHA : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_RSA_WITH_AES_256_CBC_SHA256 : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_RSA_WITH_NULL_SHA : - case TLS_RSA_WITH_NULL_SHA256 : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : - if (requirement == REQUIRES_NTRU) - return 1; - break; -#endif - - case TLS_PSK_WITH_AES_128_CBC_SHA256 : - case TLS_PSK_WITH_AES_128_CBC_SHA : - case TLS_PSK_WITH_AES_256_CBC_SHA : - case TLS_PSK_WITH_NULL_SHA256 : - case TLS_PSK_WITH_NULL_SHA : - if (requirement == REQUIRES_PSK) - return 1; - break; - -#ifndef NO_RSA - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : - if (requirement == REQUIRES_RSA) - return 1; - if (requirement == REQUIRES_DHE) - return 1; - break; - - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : - if (requirement == REQUIRES_RSA) - return 1; - if (requirement == REQUIRES_DHE) - return 1; - break; - - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : - if (requirement == REQUIRES_RSA) - return 1; - if (requirement == REQUIRES_DHE) - return 1; - break; - - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : - if (requirement == REQUIRES_RSA) - return 1; - if (requirement == REQUIRES_DHE) - return 1; - break; - - case TLS_RSA_WITH_HC_128_MD5 : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_RSA_WITH_HC_128_SHA : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_RSA_WITH_HC_128_B2B256: - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_RSA_WITH_AES_128_CBC_B2B256: - case TLS_RSA_WITH_AES_256_CBC_B2B256: - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_RSA_WITH_RABBIT_SHA : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_RSA_WITH_AES_128_GCM_SHA256 : - case TLS_RSA_WITH_AES_256_GCM_SHA384 : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : - case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : - if (requirement == REQUIRES_RSA) - return 1; - if (requirement == REQUIRES_DHE) - return 1; - break; - - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - if (requirement == REQUIRES_RSA) - return 1; - break; - - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : - if (requirement == REQUIRES_RSA) - return 1; - if (requirement == REQUIRES_RSA_SIG) - return 1; - if (requirement == REQUIRES_DHE) - return 1; - break; -#endif - - default: - CYASSL_MSG("Unsupported cipher suite, CipherRequires"); - return 0; - } /* switch */ - } /* if ECC / Normal suites else */ - - return 0; - } - - - /* Make sure client setup is valid for this suite, true on success */ - int VerifyClientSuite(CYASSL* ssl) - { - int havePSK = 0; - byte first = ssl->options.cipherSuite0; - byte second = ssl->options.cipherSuite; - - CYASSL_ENTER("VerifyClientSuite"); - - #ifndef NO_PSK - havePSK = ssl->options.havePSK; - #endif - - if (CipherRequires(first, second, REQUIRES_PSK)) { - CYASSL_MSG("Requires PSK"); - if (havePSK == 0) { - CYASSL_MSG("Don't have PSK"); - return 0; - } - } - - return 1; /* success */ - } - - /* Make sure server cert/key are valid for this suite, true on success */ static int VerifyServerSuite(CYASSL* ssl, word16 idx) { @@ -10883,7 +11341,7 @@ static void PickHashSigAlgo(CYASSL* ssl, /* tls extensions */ if ((i - begin) < helloSz) { #ifdef HAVE_TLS_EXTENSIONS - if (IsTLS(ssl)) { + if (TLSX_SupportExtensions(ssl)) { int ret = 0; #else if (IsAtLeastTLSv1_2(ssl)) { @@ -11260,6 +11718,7 @@ static void PickHashSigAlgo(CYASSL* ssl, (void)out; (void)input; (void)size; + (void)begin; if (ssl->options.side != CYASSL_SERVER_END) { CYASSL_MSG("Client received client keyexchange, attack?"); @@ -11444,7 +11903,7 @@ static void PickHashSigAlgo(CYASSL* ssl, if ((*inOutIdx - begin) + cipherLen > size) return BUFFER_ERROR; - if (NTRU_OK != crypto_ntru_decrypt( + if (NTRU_OK != ntru_crypto_ntru_decrypt( (word16) ssl->buffers.key.length, ssl->buffers.key.buffer, cipherLen, input + *inOutIdx, &plainLen, @@ -11506,7 +11965,7 @@ static void PickHashSigAlgo(CYASSL* ssl, } break; #endif /* HAVE_ECC */ - #ifdef OPENSSL_EXTRA + #ifndef NO_DH case diffie_hellman_kea: { word16 clientPubSz; @@ -11540,7 +11999,85 @@ static void PickHashSigAlgo(CYASSL* ssl, ret = MakeMasterSecret(ssl); } break; - #endif /* OPENSSL_EXTRA */ + #endif /* NO_DH */ + #if !defined(NO_DH) && !defined(NO_PSK) + case dhe_psk_kea: + { + byte* pms = ssl->arrays->preMasterSecret; + word16 clientSz; + DhKey dhKey; + + /* Read in the PSK hint */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &clientSz); + *inOutIdx += OPAQUE16_LEN; + if (clientSz > MAX_PSK_ID_LEN) + return CLIENT_ID_ERROR; + + if ((*inOutIdx - begin) + clientSz > size) + return BUFFER_ERROR; + + XMEMCPY(ssl->arrays->client_identity, + input + *inOutIdx, clientSz); + *inOutIdx += clientSz; + ssl->arrays->client_identity[min(clientSz, MAX_PSK_ID_LEN-1)] = + 0; + + /* Read in the DHE business */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &clientSz); + *inOutIdx += OPAQUE16_LEN; + + if ((*inOutIdx - begin) + clientSz > size) + return BUFFER_ERROR; + + InitDhKey(&dhKey); + ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + if (ret == 0) + ret = DhAgree(&dhKey, pms + OPAQUE16_LEN, + &ssl->arrays->preMasterSz, + ssl->buffers.serverDH_Priv.buffer, + ssl->buffers.serverDH_Priv.length, + input + *inOutIdx, clientSz); + FreeDhKey(&dhKey); + + *inOutIdx += clientSz; + c16toa((word16)ssl->arrays->preMasterSz, pms); + ssl->arrays->preMasterSz += OPAQUE16_LEN; + pms += ssl->arrays->preMasterSz; + + /* Use the PSK hint to look up the PSK and add it to the + * preMasterSecret here. */ + ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, + ssl->arrays->client_identity, ssl->arrays->psk_key, + MAX_PSK_KEY_LEN); + + if (ssl->arrays->psk_keySz == 0 || + ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) + return PSK_KEY_ERROR; + + c16toa((word16) ssl->arrays->psk_keySz, pms); + pms += OPAQUE16_LEN; + + XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); + ssl->arrays->preMasterSz += + ssl->arrays->psk_keySz + OPAQUE16_LEN; + if (ret == 0) + ret = MakeMasterSecret(ssl); + + /* No further need for PSK */ + XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); + ssl->arrays->psk_keySz = 0; + } + break; + #endif /* !NO_DH && !NO_PSK */ default: { CYASSL_MSG("Bad kea type"); diff --git a/src/keys.c b/src/keys.c index 704a0eb04..510f825c0 100644 --- a/src/keys.c +++ b/src/keys.c @@ -39,6 +39,7 @@ int SetCipherSpecs(CYASSL* ssl) { +#ifndef NO_CYASSL_CLIENT if (ssl->options.side == CYASSL_CLIENT_END) { /* server side verified before SetCipherSpecs call */ if (VerifyClientSuite(ssl) != 1) { @@ -46,6 +47,7 @@ int SetCipherSpecs(CYASSL* ssl) return UNSUPPORTED_SUITE; } } +#endif /* NO_CYASSL_CLIENT */ /* Chacha extensions, 0xcc */ if (ssl->options.cipherSuite0 == CHACHA_BYTE) { @@ -81,7 +83,7 @@ int SetCipherSpecs(CYASSL* ssl) switch (ssl->options.cipherSuite) { #ifdef HAVE_ECC - + #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -737,6 +739,82 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM + case TLS_PSK_WITH_AES_128_CCM : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM + case TLS_PSK_WITH_AES_256_CCM : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + case TLS_DHE_PSK_WITH_AES_128_CCM : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + case TLS_DHE_PSK_WITH_AES_256_CCM : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + default: CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC"); return UNSUPPORTED_SUITE; @@ -967,6 +1045,82 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + case TLS_PSK_WITH_AES_128_GCM_SHA256 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 + case TLS_PSK_WITH_AES_256_GCM_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 case TLS_PSK_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -985,6 +1139,60 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + case TLS_PSK_WITH_AES_256_CBC_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA case TLS_PSK_WITH_AES_128_CBC_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -1039,6 +1247,24 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 + case TLS_PSK_WITH_NULL_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = 0; + ssl->specs.block_size = 0; + ssl->specs.iv_size = 0; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA case TLS_PSK_WITH_NULL_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; @@ -1057,6 +1283,42 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + case TLS_DHE_PSK_WITH_NULL_SHA256 : + ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = 0; + ssl->specs.block_size = 0; + ssl->specs.iv_size = 0; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + case TLS_DHE_PSK_WITH_NULL_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = 0; + ssl->specs.block_size = 0; + ssl->specs.iv_size = 0; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -1299,10 +1561,6 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif - - - - #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_camellia; @@ -1932,9 +2190,7 @@ int StoreKeys(CYASSL* ssl, const byte* keyData) /* Initialize the AES-GCM/CCM explicit IV to a zero. */ XMEMSET(ssl->keys.aead_exp_IV, 0, AEAD_EXP_IV_SZ); } - #endif - return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs, ssl->options.side, ssl->heap, devId); @@ -2040,8 +2296,8 @@ static int MakeSslMasterSecret(CYASSL* ssl) XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz); for (i = 0; i < MASTER_ROUNDS; ++i) { - byte prefix[PREFIX]; - if (!SetPrefix(prefix, i)) { + byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */ + if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */ return PREFIX_ERROR; } diff --git a/src/sniffer.c b/src/sniffer.c index 3596fc4e9..2c6860c83 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1594,12 +1594,6 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) break; #endif - #ifdef BUILD_CHACHA - case cyassl_chacha: - Chacha_Process(ssl->decrypt.chacha, output, input, sz); - break; - #endif - #ifdef HAVE_CAMELLIA case cyassl_camellia: CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz); diff --git a/src/ssl.c b/src/ssl.c index 3e9492b80..010116ad2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -365,8 +365,8 @@ int CyaSSL_GetObjectSize(void) } #endif -/* XXX should be NO_DH */ -#ifndef NO_CERTS + +#ifndef NO_DH /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz, const unsigned char* g, int gSz) @@ -418,7 +418,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz, CYASSL_LEAVE("CyaSSL_SetTmpDH", 0); return SSL_SUCCESS; } -#endif /* !NO_CERTS */ +#endif /* !NO_DH */ int CyaSSL_write(CYASSL* ssl, const void* data, int sz) @@ -1774,7 +1774,7 @@ int CyaSSL_Init(void) { /* remove encrypted header if there */ char encHeader[] = "Proc-Type"; - char* line = XSTRNSTR((char*)buff, encHeader, PEM_LINE_LEN); + char* line = XSTRNSTR(headerEnd, encHeader, PEM_LINE_LEN); if (line) { char* newline; char* finish; @@ -1908,6 +1908,9 @@ int CyaSSL_Init(void) && format != SSL_FILETYPE_RAW) return SSL_BAD_FILETYPE; + if (ctx == NULL && ssl == NULL) + return BAD_FUNC_ARG; + if (type == CA_TYPE) dynamicType = DYNAMIC_TYPE_CA; else if (type == CERT_TYPE) @@ -1927,6 +1930,8 @@ int CyaSSL_Init(void) if (userChain && type == CERT_TYPE && info.consumed < sz) { byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */ byte* chainBuffer = staticBuffer; + byte* shrinked = NULL; /* shrinked to size chainBuffer + * or staticBuffer */ int dynamicBuffer = 0; word32 bufferSz = sizeof(staticBuffer); long consumed = info.consumed; @@ -1989,22 +1994,30 @@ int CyaSSL_Init(void) } CYASSL_MSG("Finished Processing Cert Chain"); - if (ctx == NULL) { - CYASSL_MSG("certChain needs context"); - if (dynamicBuffer) - XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); - XFREE(der.buffer, heap, dynamicType); - return BAD_FUNC_ARG; - } - ctx->certChain.buffer = (byte*)XMALLOC(idx, heap, - dynamicType); - if (ctx->certChain.buffer) { - ctx->certChain.length = idx; - XMEMCPY(ctx->certChain.buffer, chainBuffer, idx); + /* only retain actual size used */ + shrinked = (byte*)XMALLOC(idx, heap, dynamicType); + if (shrinked) { + if (ssl) { + if (ssl->buffers.certChain.buffer && + ssl->buffers.weOwnCertChain) { + XFREE(ssl->buffers.certChain.buffer, heap, + dynamicType); + } + ssl->buffers.certChain.buffer = shrinked; + ssl->buffers.certChain.length = idx; + XMEMCPY(ssl->buffers.certChain.buffer, chainBuffer,idx); + ssl->buffers.weOwnCertChain = 1; + } else if (ctx) { + if (ctx->certChain.buffer) + XFREE(ctx->certChain.buffer, heap, dynamicType); + ctx->certChain.buffer = shrinked; + ctx->certChain.length = idx; + XMEMCPY(ctx->certChain.buffer, chainBuffer, idx); + } } if (dynamicBuffer) XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); - if (ctx->certChain.buffer == NULL) { + if (shrinked == NULL) { XFREE(der.buffer, heap, dynamicType); return MEMORY_E; } @@ -3095,42 +3108,7 @@ int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file) } -#ifdef OPENSSL_EXTRA -/* put SSL type in extra for now, not very common */ - -int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format) -{ - CYASSL_ENTER("CyaSSL_use_certificate_file"); - if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL) - == SSL_SUCCESS) - return SSL_SUCCESS; - - return SSL_FAILURE; -} - - -int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format) -{ - CYASSL_ENTER("CyaSSL_use_PrivateKey_file"); - if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL) - == SSL_SUCCESS) - return SSL_SUCCESS; - - return SSL_FAILURE; -} - - -int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file) -{ - /* procces up to MAX_CHAIN_DEPTH plus subject cert */ - CYASSL_ENTER("CyaSSL_use_certificate_chain_file"); - if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL) - == SSL_SUCCESS) - return SSL_SUCCESS; - - return SSL_FAILURE; -} - +#ifndef NO_DH /* server wrapper for ctx or ssl Diffie-Hellman parameters */ static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl, @@ -3175,6 +3153,7 @@ static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl, return ret; } + /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */ int CyaSSL_SetTmpDH_buffer(CYASSL* ssl, const unsigned char* buf, long sz, int format) @@ -3191,34 +3170,6 @@ int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX* ctx, const unsigned char* buf, } -#ifdef HAVE_ECC - -/* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */ -int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz) -{ - if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE) - return BAD_FUNC_ARG; - - ctx->eccTempKeySz = sz; - - return SSL_SUCCESS; -} - - -/* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */ -int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz) -{ - if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE) - return BAD_FUNC_ARG; - - ssl->eccTempKeySz = sz; - - return SSL_SUCCESS; -} - -#endif /* HAVE_ECC */ - - /* server Diffie-Hellman parameters */ static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl, const char* fname, int format) @@ -3278,6 +3229,108 @@ int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format) } + /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */ + int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz, + const unsigned char* g, int gSz) + { + CYASSL_ENTER("CyaSSL_CTX_SetTmpDH"); + if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG; + + XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); + XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH); + + ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH); + if (ctx->serverDH_P.buffer == NULL) + return MEMORY_E; + + ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH); + if (ctx->serverDH_G.buffer == NULL) { + XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); + return MEMORY_E; + } + + ctx->serverDH_P.length = pSz; + ctx->serverDH_G.length = gSz; + + XMEMCPY(ctx->serverDH_P.buffer, p, pSz); + XMEMCPY(ctx->serverDH_G.buffer, g, gSz); + + ctx->haveDH = 1; + + CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0); + return SSL_SUCCESS; + } +#endif /* NO_DH */ + + +#ifdef OPENSSL_EXTRA +/* put SSL type in extra for now, not very common */ + +int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format) +{ + CYASSL_ENTER("CyaSSL_use_certificate_file"); + if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL) + == SSL_SUCCESS) + return SSL_SUCCESS; + + return SSL_FAILURE; +} + + +int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format) +{ + CYASSL_ENTER("CyaSSL_use_PrivateKey_file"); + if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL) + == SSL_SUCCESS) + return SSL_SUCCESS; + + return SSL_FAILURE; +} + + +int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file) +{ + /* procces up to MAX_CHAIN_DEPTH plus subject cert */ + CYASSL_ENTER("CyaSSL_use_certificate_chain_file"); + if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL) + == SSL_SUCCESS) + return SSL_SUCCESS; + + return SSL_FAILURE; +} + + + +#ifdef HAVE_ECC + +/* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */ +int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz) +{ + if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE) + return BAD_FUNC_ARG; + + ctx->eccTempKeySz = sz; + + return SSL_SUCCESS; +} + + +/* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */ +int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz) +{ + if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE) + return BAD_FUNC_ARG; + + ssl->eccTempKeySz = sz; + + return SSL_SUCCESS; +} + +#endif /* HAVE_ECC */ + + + + int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file, int format) { @@ -5869,6 +5922,14 @@ int CyaSSL_set_compression(CYASSL* ssl) ssl->buffers.certificate.buffer = NULL; } + if (ssl->buffers.weOwnCertChain) { + CYASSL_MSG("Unloading cert chain"); + XFREE(ssl->buffers.certChain.buffer, ssl->heap,DYNAMIC_TYPE_CERT); + ssl->buffers.weOwnCertChain = 0; + ssl->buffers.certChain.length = 0; + ssl->buffers.certChain.buffer = NULL; + } + if (ssl->buffers.weOwnKey) { CYASSL_MSG("Unloading key"); XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); @@ -8304,6 +8365,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) CYASSL_ENTER("SSL_CIPHER_get_name"); #ifndef NO_ERROR_STRINGS if (cipher) { +#if defined(HAVE_CHACHA) if (cipher->ssl->options.cipherSuite0 == CHACHA_BYTE) { /* ChaCha suites */ switch (cipher->ssl->options.cipherSuite) { @@ -8315,10 +8377,16 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) #endif } } -#ifdef HAVE_ECC +#endif + +#if defined(HAVE_ECC) || defined(HAVE_AESCCM) + /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected, + * but the AES-CCM cipher suites also use it, even the ones that + * aren't ECC. */ if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) { /* ECC suites */ switch (cipher->ssl->options.cipherSuite) { +#ifdef HAVE_ECC #ifndef NO_RSA case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; @@ -8385,7 +8453,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) #ifndef NO_RSA case TLS_ECDH_RSA_WITH_RC4_128_SHA : return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; - #endif case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; @@ -8422,6 +8489,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; #endif +#endif /* HAVE_ECC */ #ifdef HAVE_AESCCM #ifndef NO_RSA @@ -8430,10 +8498,26 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) case TLS_RSA_WITH_AES_256_CCM_8 : return "TLS_RSA_WITH_AES_256_CCM_8"; #endif + #ifndef NO_PSK + case TLS_PSK_WITH_AES_128_CCM_8 : + return "TLS_PSK_WITH_AES_128_CCM_8"; + case TLS_PSK_WITH_AES_256_CCM_8 : + return "TLS_PSK_WITH_AES_256_CCM_8"; + case TLS_PSK_WITH_AES_128_CCM : + return "TLS_PSK_WITH_AES_128_CCM"; + case TLS_PSK_WITH_AES_256_CCM : + return "TLS_PSK_WITH_AES_256_CCM"; + case TLS_DHE_PSK_WITH_AES_128_CCM : + return "TLS_DHE_PSK_WITH_AES_128_CCM"; + case TLS_DHE_PSK_WITH_AES_256_CCM : + return "TLS_DHE_PSK_WITH_AES_256_CCM"; + #endif + #ifdef HAVE_ECC case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"; case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"; + #endif #endif default: @@ -8483,8 +8567,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_RSA_WITH_NULL_SHA256"; #endif /* NO_RSA */ #ifndef NO_PSK - case TLS_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_PSK_WITH_AES_128_CBC_SHA256"; #ifndef NO_SHA case TLS_PSK_WITH_AES_128_CBC_SHA : return "TLS_PSK_WITH_AES_128_CBC_SHA"; @@ -8492,14 +8574,36 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_PSK_WITH_AES_256_CBC_SHA"; #endif #ifndef NO_SHA256 - #ifdef HAVE_AESCCM - case TLS_PSK_WITH_AES_128_CCM_8 : - return "TLS_PSK_WITH_AES_128_CCM_8"; - case TLS_PSK_WITH_AES_256_CCM_8 : - return "TLS_PSK_WITH_AES_256_CCM_8"; - #endif + case TLS_PSK_WITH_AES_128_CBC_SHA256 : + return "TLS_PSK_WITH_AES_128_CBC_SHA256"; case TLS_PSK_WITH_NULL_SHA256 : return "TLS_PSK_WITH_NULL_SHA256"; + case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : + return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"; + case TLS_DHE_PSK_WITH_NULL_SHA256 : + return "TLS_DHE_PSK_WITH_NULL_SHA256"; + #ifdef HAVE_AESGCM + case TLS_PSK_WITH_AES_128_GCM_SHA256 : + return "TLS_PSK_WITH_AES_128_GCM_SHA256"; + case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : + return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"; + #endif + #endif + #ifdef CYASSL_SHA384 + case TLS_PSK_WITH_AES_256_CBC_SHA384 : + return "TLS_PSK_WITH_AES_256_CBC_SHA384"; + case TLS_PSK_WITH_NULL_SHA384 : + return "TLS_PSK_WITH_NULL_SHA384"; + case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : + return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"; + case TLS_DHE_PSK_WITH_NULL_SHA384 : + return "TLS_DHE_PSK_WITH_NULL_SHA384"; + #ifdef HAVE_AESGCM + case TLS_PSK_WITH_AES_256_GCM_SHA384 : + return "TLS_PSK_WITH_AES_256_GCM_SHA384"; + case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : + return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"; + #endif #endif #ifndef NO_SHA case TLS_PSK_WITH_NULL_SHA : @@ -8598,40 +8702,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) #ifdef OPENSSL_EXTRA -/* XXX shuld be NO_DH */ -#ifndef NO_CERTS - /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */ - int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz, - const unsigned char* g, int gSz) - { - CYASSL_ENTER("CyaSSL_CTX_SetTmpDH"); - if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG; - - XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); - XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH); - - ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH); - if (ctx->serverDH_P.buffer == NULL) - return MEMORY_E; - - ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH); - if (ctx->serverDH_G.buffer == NULL) { - XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); - return MEMORY_E; - } - - ctx->serverDH_P.length = pSz; - ctx->serverDH_G.length = gSz; - - XMEMCPY(ctx->serverDH_P.buffer, p, pSz); - XMEMCPY(ctx->serverDH_G.buffer, g, gSz); - - ctx->haveDH = 1; - - CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0); - return SSL_SUCCESS; - } -#endif /* !NO_CERTS */ char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len) @@ -8915,7 +8985,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) NULL, DYNAMIC_TYPE_CERT); if (derCert.buffer != NULL) { derCert.length = x509->derCert.length; - // AddCA() frees the buffer. + /* AddCA() frees the buffer. */ XMEMCPY(derCert.buffer, x509->derCert.buffer, x509->derCert.length); result = AddCA(store->cm, derCert, CYASSL_USER_CA, 1); @@ -10027,6 +10097,8 @@ static int initGlobalRNG = 0; } + #ifndef NO_DH + static void InitCyaSSL_DH(CYASSL_DH* dh) { if (dh) { @@ -10265,6 +10337,7 @@ static int initGlobalRNG = 0; CYASSL_MSG("CyaSSL_compute_key success"); return (int)keySz; } + #endif /* NO_DH */ #ifndef NO_DSA @@ -10362,6 +10435,7 @@ static int initGlobalRNG = 0; } #endif /* NO_DSA */ +#ifndef NO_RSA static void InitCyaSSL_Rsa(CYASSL_RSA* rsa) { if (rsa) { @@ -10437,8 +10511,10 @@ static int initGlobalRNG = 0; XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); } } +#endif /* NO_RSA */ +#if !defined(NO_RSA) || !defined(NO_DSA) static int SetIndividualExternal(CYASSL_BIGNUM** bn, mp_int* mpi) { CYASSL_MSG("Entering SetIndividualExternal"); @@ -10463,6 +10539,7 @@ static int initGlobalRNG = 0; return 0; } +#endif /* !NO_RSA && !NO_DSA */ #ifndef NO_DSA @@ -10510,6 +10587,7 @@ static int initGlobalRNG = 0; #endif /* NO_DSA */ +#ifndef NO_RSA static int SetRsaExternal(CYASSL_RSA* rsa) { RsaKey* key; @@ -10659,6 +10737,7 @@ static int initGlobalRNG = 0; return CyaSSL_BN_num_bytes(rsa->n); } +#endif /* NO_RSA */ #ifndef NO_DSA @@ -10700,6 +10779,7 @@ static int initGlobalRNG = 0; #endif /* NO_DSA */ +#ifndef NO_RSA /* return SSL_SUCCES on ok, 0 otherwise */ int CyaSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, @@ -10831,6 +10911,7 @@ static int initGlobalRNG = 0; else return SSL_FATAL_ERROR; } +#endif /* NO_RSA */ void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key, int keylen, @@ -11191,7 +11272,7 @@ static int initGlobalRNG = 0; - +#ifndef NO_RSA /* Load RSA from Der, SSL_SUCCESS on success < 0 on error */ int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz) { @@ -11220,6 +11301,7 @@ int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz) return SSL_SUCCESS; } +#endif /* NO_RSA */ #ifndef NO_DSA diff --git a/src/tls.c b/src/tls.c index 1cbc27d63..edac823a9 100644 --- a/src/tls.c +++ b/src/tls.c @@ -23,17 +23,13 @@ #include #endif -#ifdef CHACHA_AEAD_TEST - #include -#endif - #include #include #include #include #include -#include + #ifndef NO_TLS @@ -485,7 +481,6 @@ int CyaSSL_GetHmacType(CYASSL* ssl) if (ssl == NULL) return BAD_FUNC_ARG; - printf("getting mac \n"); switch (ssl->specs.mac_algorithm) { #ifndef NO_MD5 case md5_mac: @@ -493,13 +488,6 @@ int CyaSSL_GetHmacType(CYASSL* ssl) return MD5; } #endif - #ifdef HAVE_POLY1305 - case poly1305_mac: - { - printf("poly1305 selected\n"); - return POLY1305; - } - #endif #ifndef NO_SHA256 case sha256_mac: { @@ -559,15 +547,13 @@ int CyaSSL_SetTlsHmacInner(CYASSL* ssl, byte* inner, word32 sz, int content, int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, int content, int verify) { - int ret; Hmac hmac; + int ret; byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; - + if (ssl == NULL) return BAD_FUNC_ARG; - - CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), @@ -577,7 +563,7 @@ int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); if (ret != 0) return ret; - ret = HmacUpdate(&hmac, in, sz); /* content */ + ret = HmacUpdate(&hmac, in, sz); /* content */ if (ret != 0) return ret; ret = HmacFinal(&hmac, digest); @@ -1011,7 +997,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, if (helloSz < offset + len16) return BUFFER_ERROR; - while (len16 > OPAQUE16_LEN + OPAQUE16_LEN) { + while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) { word16 extType; word16 extLen; @@ -1061,7 +1047,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, len16 -= min(2 * OPAQUE16_LEN + extLen, len16); } - return len16 ? BUFFER_ERROR : SSL_SUCCESS; + return len16 ? BUFFER_ERROR : 0; } #endif @@ -1228,8 +1214,8 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length, #ifdef HAVE_SUPPORTED_CURVES #ifndef HAVE_ECC -#error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \ -Use --enable-ecc in the configure script or define HAVE_ECC." +#error Elliptic Curves Extension requires Elliptic Curve Cryptography. \ + Use --enable-ecc in the configure script or define HAVE_ECC. #endif static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list) @@ -1550,6 +1536,10 @@ void TLSX_FreeAll(TLSX* list) } } +int TLSX_SupportExtensions(CYASSL* ssl) { + return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR); +} + static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) { TLSX* extension; @@ -1649,7 +1639,7 @@ word16 TLSX_GetRequestSize(CYASSL* ssl) { word16 length = 0; - if (ssl && IsTLS(ssl)) { + if (TLSX_SupportExtensions(ssl)) { byte semaphore[16] = {0}; EC_VALIDATE_REQUEST(ssl, semaphore); @@ -1674,7 +1664,7 @@ word16 TLSX_WriteRequest(CYASSL* ssl, byte* output) { word16 offset = 0; - if (ssl && IsTLS(ssl) && output) { + if (TLSX_SupportExtensions(ssl) && output) { byte semaphore[16] = {0}; offset += OPAQUE16_LEN; /* extensions length */ @@ -1725,7 +1715,7 @@ word16 TLSX_GetResponseSize(CYASSL* ssl) word16 length = 0; byte semaphore[16] = {0}; - if (ssl && IsTLS(ssl)) + if (TLSX_SupportExtensions(ssl)) length += TLSX_GetSize(ssl->extensions, semaphore, 0); /* All the response data is set at the ssl object only, so no ctx here. */ @@ -1740,7 +1730,7 @@ word16 TLSX_WriteResponse(CYASSL *ssl, byte* output) { word16 offset = 0; - if (ssl && IsTLS(ssl) && output) { + if (TLSX_SupportExtensions(ssl) && output) { byte semaphore[16] = {0}; offset += OPAQUE16_LEN; /* extensions length */ @@ -1843,7 +1833,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest, || defined(HAVE_TRUNCATED_HMAC) \ || defined(HAVE_SUPPORTED_CURVES) -#error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined." +#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. #endif /* HAVE_TLS_EXTENSIONS */ diff --git a/tests/api.c b/tests/api.c index 200fca2e1..8342da249 100644 --- a/tests/api.c +++ b/tests/api.c @@ -24,6 +24,7 @@ #endif #include +#include #include #include @@ -252,7 +253,8 @@ static void use_SNI_at_ctx(CYASSL_CTX* ctx) byte type = CYASSL_SNI_HOST_NAME; char name[] = "www.yassl.com"; - AssertIntEQ(1, CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name))); + AssertIntEQ(SSL_SUCCESS, + CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name))); } static void use_SNI_at_ssl(CYASSL* ssl) @@ -260,7 +262,8 @@ static void use_SNI_at_ssl(CYASSL* ssl) byte type = CYASSL_SNI_HOST_NAME; char name[] = "www.yassl.com"; - AssertIntEQ(1, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); + AssertIntEQ(SSL_SUCCESS, + CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); } static void different_SNI_at_ssl(CYASSL* ssl) @@ -268,7 +271,8 @@ static void different_SNI_at_ssl(CYASSL* ssl) byte type = CYASSL_SNI_HOST_NAME; char name[] = "ww2.yassl.com"; - AssertIntEQ(1, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); + AssertIntEQ(SSL_SUCCESS, + CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); } static void use_SNI_WITH_CONTINUE_at_ssl(CYASSL* ssl) @@ -291,14 +295,12 @@ static void use_SNI_WITH_FAKE_ANSWER_at_ssl(CYASSL* ssl) static void verify_SNI_abort_on_client(CYASSL* ssl) { - /* FATAL_ERROR */ - AssertIntEQ(-213, CyaSSL_get_error(ssl, 0)); + AssertIntEQ(FATAL_ERROR, CyaSSL_get_error(ssl, 0)); } static void verify_SNI_abort_on_server(CYASSL* ssl) { - /* UNKNOWN_SNI_HOST_NAME_E */ - AssertIntEQ(-281, CyaSSL_get_error(ssl, 0)); + AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, CyaSSL_get_error(ssl, 0)); } static void verify_SNI_no_matching(CYASSL* ssl) @@ -385,40 +387,63 @@ static void test_CyaSSL_SNI_GetFromBuffer(void) 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01 }; + byte buffer4[] = { /* last extension has zero size */ + 0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00, + 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45, + 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2, + 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00, + 0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, + 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11, + 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35, + 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01, + 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, + 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, + 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06, + 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, + 0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, + 0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02, + 0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00, + 0x12, 0x00, 0x00 + }; + byte result[32] = {0}; word32 length = 32; - AssertIntEQ(SSL_SUCCESS, CyaSSL_SNI_GetFromBuffer(buffer3, sizeof(buffer3), + AssertIntEQ(0, CyaSSL_SNI_GetFromBuffer(buffer4, sizeof(buffer4), 0, result, &length)); - AssertIntEQ(SSL_SUCCESS, CyaSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2), + AssertIntEQ(0, CyaSSL_SNI_GetFromBuffer(buffer3, sizeof(buffer3), + 0, result, &length)); + + AssertIntEQ(0, CyaSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2), 1, result, &length)); - AssertIntEQ(-228, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0, - result, &length)); + AssertIntEQ(BUFFER_ERROR, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), + 0, result, &length)); buffer[0] = 0x16; - AssertIntEQ(-228, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0, - result, &length)); + AssertIntEQ(BUFFER_ERROR, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), + 0, result, &length)); buffer[1] = 0x03; - AssertIntEQ(-228, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0, - result, &length)); + AssertIntEQ(BUFFER_ERROR, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), + 0, result, &length)); buffer[2] = 0x03; - AssertIntEQ(-210, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0, - result, &length)); + AssertIntEQ(INCOMPLETE_DATA, CyaSSL_SNI_GetFromBuffer(buffer, + sizeof(buffer), 0, result, &length)); buffer[4] = 0x64; - AssertIntEQ(1, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0, - result, &length)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), + 0, result, &length)); result[length] = 0; AssertStrEQ("www.paypal.com", (const char*) result); length = 32; - AssertIntEQ(1, CyaSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2), 0, - result, &length)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2), + 0, result, &length)); result[length] = 0; AssertStrEQ("api.textmate.org", (const char*) result); } @@ -435,16 +460,24 @@ void test_CyaSSL_UseSNI(void) AssertNotNull(ssl); /* error cases */ - AssertIntNE(1, CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx"))); - AssertIntNE(1, CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl"))); - AssertIntNE(1, CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx"))); - AssertIntNE(1, CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl"))); - AssertIntNE(1, CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx"))); - AssertIntNE(1, CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl"))); + AssertIntNE(SSL_SUCCESS, + CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx"))); + AssertIntNE(SSL_SUCCESS, + CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl"))); + AssertIntNE(SSL_SUCCESS, + CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx"))); + AssertIntNE(SSL_SUCCESS, + CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl"))); + AssertIntNE(SSL_SUCCESS, + CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx"))); + AssertIntNE(SSL_SUCCESS, + CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl"))); /* success case */ - AssertIntEQ(1, CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx"))); - AssertIntEQ(1, CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl"))); + AssertIntEQ(SSL_SUCCESS, + CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx"))); + AssertIntEQ(SSL_SUCCESS, + CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl"))); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); @@ -500,24 +533,24 @@ static void test_CyaSSL_UseMaxFragment(void) AssertNotNull(ssl); /* error cases */ - AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9)); - AssertIntNE(1, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9)); - AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(ctx, 0)); - AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(ctx, 6)); - AssertIntNE(1, CyaSSL_UseMaxFragment(ssl, 0)); - AssertIntNE(1, CyaSSL_UseMaxFragment(ssl, 6)); + AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9)); + AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9)); + AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, 0)); + AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, 6)); + AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment(ssl, 0)); + AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment(ssl, 6)); /* success case */ - AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9)); - AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10)); - AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11)); - AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12)); - AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13)); - AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9)); - AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10)); - AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11)); - AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12)); - AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13)); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); @@ -534,12 +567,12 @@ static void test_CyaSSL_UseTruncatedHMAC(void) AssertNotNull(ssl); /* error cases */ - AssertIntNE(1, CyaSSL_CTX_UseTruncatedHMAC(NULL)); - AssertIntNE(1, CyaSSL_UseTruncatedHMAC(NULL)); + AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseTruncatedHMAC(NULL)); + AssertIntNE(SSL_SUCCESS, CyaSSL_UseTruncatedHMAC(NULL)); /* success case */ - AssertIntEQ(1, CyaSSL_CTX_UseTruncatedHMAC(ctx)); - AssertIntEQ(1, CyaSSL_UseTruncatedHMAC(ssl)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseTruncatedHMAC(ctx)); + AssertIntEQ(SSL_SUCCESS, CyaSSL_UseTruncatedHMAC(ssl)); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); @@ -557,15 +590,19 @@ static void test_CyaSSL_UseSupportedCurve(void) #ifndef NO_CYASSL_CLIENT /* error cases */ - AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1)); - AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(ctx, 0)); + AssertIntNE(SSL_SUCCESS, + CyaSSL_CTX_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1)); + AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseSupportedCurve(ctx, 0)); - AssertIntNE(1, CyaSSL_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1)); - AssertIntNE(1, CyaSSL_UseSupportedCurve(ssl, 0)); + AssertIntNE(SSL_SUCCESS, + CyaSSL_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1)); + AssertIntNE(SSL_SUCCESS, CyaSSL_UseSupportedCurve(ssl, 0)); /* success case */ - AssertIntEQ(1, CyaSSL_CTX_UseSupportedCurve(ctx, CYASSL_ECC_SECP160R1)); - AssertIntEQ(1, CyaSSL_UseSupportedCurve(ssl, CYASSL_ECC_SECP160R1)); + AssertIntEQ(SSL_SUCCESS, + CyaSSL_CTX_UseSupportedCurve(ctx, CYASSL_ECC_SECP160R1)); + AssertIntEQ(SSL_SUCCESS, + CyaSSL_UseSupportedCurve(ssl, CYASSL_ECC_SECP160R1)); #endif CyaSSL_free(ssl); @@ -1009,9 +1046,9 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) CyaSSL_set_fd(ssl, clientfd); #ifdef NO_PSK - #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); - #else + #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif @@ -1232,9 +1269,9 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args) CyaSSL_set_fd(ssl, cfd); #ifdef NO_PSK - #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); - #else + #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif diff --git a/tests/hash.c b/tests/hash.c index 03bf4bcb0..e8a7e6df5 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -608,6 +608,10 @@ int hmac_md5_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) + if (i == 1) + continue; /* fips not allowed */ +#endif ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) return -4014; @@ -674,6 +678,10 @@ int hmac_sha_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) + if (i == 1) + continue; /* fips not allowed */ +#endif ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) return -4017; @@ -743,6 +751,10 @@ int hmac_sha256_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) + if (i == 1) + continue; /* fips not allowed */ +#endif ret = HmacSetKey(&hmac,SHA256, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) return -4020; @@ -816,6 +828,10 @@ int hmac_sha384_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) + if (i == 1) + continue; /* fips not allowed */ +#endif ret = HmacSetKey(&hmac,SHA384, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) return -4023; From e62fbdd49f6322e81595ec139a736f86038c9f63 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 10 Jul 2014 16:35:56 -0600 Subject: [PATCH 11/21] added ECDSA and DHE_RSA support for chacha-poly --- ctaocrypt/src/port.c | 436 ---------------------------------------- cyassl/ctaocrypt/port.h | 195 ------------------ cyassl/internal.h | 8 +- src/internal.c | 55 ++++- src/keys.c | 39 +++- src/ssl.c | 15 +- 6 files changed, 103 insertions(+), 645 deletions(-) delete mode 100644 ctaocrypt/src/port.c delete mode 100644 cyassl/ctaocrypt/port.h diff --git a/ctaocrypt/src/port.c b/ctaocrypt/src/port.c deleted file mode 100644 index c51062185..000000000 --- a/ctaocrypt/src/port.c +++ /dev/null @@ -1,436 +0,0 @@ -/* port.c - * - * Copyright (C) 2006-2014 wolfSSL Inc. - * - * This file is part of CyaSSL. - * - * CyaSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * CyaSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include - - -#ifdef _MSC_VER - /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ - #pragma warning(disable: 4996) -#endif - - - -#ifdef SINGLE_THREADED - -int InitMutex(CyaSSL_Mutex* m) -{ - (void)m; - return 0; -} - - -int FreeMutex(CyaSSL_Mutex *m) -{ - (void)m; - return 0; -} - - -int LockMutex(CyaSSL_Mutex *m) -{ - (void)m; - return 0; -} - - -int UnLockMutex(CyaSSL_Mutex *m) -{ - (void)m; - return 0; -} - -#else /* MULTI_THREAD */ - - #if defined(FREERTOS) - - int InitMutex(CyaSSL_Mutex* m) - { - int iReturn; - - *m = ( CyaSSL_Mutex ) xSemaphoreCreateMutex(); - if( *m != NULL ) - iReturn = 0; - else - iReturn = BAD_MUTEX_E; - - return iReturn; - } - - int FreeMutex(CyaSSL_Mutex* m) - { - vSemaphoreDelete( *m ); - return 0; - } - - int LockMutex(CyaSSL_Mutex* m) - { - /* Assume an infinite block, or should there be zero block? */ - xSemaphoreTake( *m, portMAX_DELAY ); - return 0; - } - - int UnLockMutex(CyaSSL_Mutex* m) - { - xSemaphoreGive( *m ); - return 0; - } - - #elif defined(CYASSL_SAFERTOS) - - int InitMutex(CyaSSL_Mutex* m) - { - vSemaphoreCreateBinary(m->mutexBuffer, m->mutex); - if (m->mutex == NULL) - return BAD_MUTEX_E; - - return 0; - } - - int FreeMutex(CyaSSL_Mutex* m) - { - (void)m; - return 0; - } - - int LockMutex(CyaSSL_Mutex* m) - { - /* Assume an infinite block */ - xSemaphoreTake(m->mutex, portMAX_DELAY); - return 0; - } - - int UnLockMutex(CyaSSL_Mutex* m) - { - xSemaphoreGive(m->mutex); - return 0; - } - - - #elif defined(USE_WINDOWS_API) - - int InitMutex(CyaSSL_Mutex* m) - { - InitializeCriticalSection(m); - return 0; - } - - - int FreeMutex(CyaSSL_Mutex* m) - { - DeleteCriticalSection(m); - return 0; - } - - - int LockMutex(CyaSSL_Mutex* m) - { - EnterCriticalSection(m); - return 0; - } - - - int UnLockMutex(CyaSSL_Mutex* m) - { - LeaveCriticalSection(m); - return 0; - } - - #elif defined(CYASSL_PTHREADS) - - int InitMutex(CyaSSL_Mutex* m) - { - if (pthread_mutex_init(m, 0) == 0) - return 0; - else - return BAD_MUTEX_E; - } - - - int FreeMutex(CyaSSL_Mutex* m) - { - if (pthread_mutex_destroy(m) == 0) - return 0; - else - return BAD_MUTEX_E; - } - - - int LockMutex(CyaSSL_Mutex* m) - { - if (pthread_mutex_lock(m) == 0) - return 0; - else - return BAD_MUTEX_E; - } - - - int UnLockMutex(CyaSSL_Mutex* m) - { - if (pthread_mutex_unlock(m) == 0) - return 0; - else - return BAD_MUTEX_E; - } - - #elif defined(THREADX) - - int InitMutex(CyaSSL_Mutex* m) - { - if (tx_mutex_create(m, "CyaSSL Mutex", TX_NO_INHERIT) == 0) - return 0; - else - return BAD_MUTEX_E; - } - - - int FreeMutex(CyaSSL_Mutex* m) - { - if (tx_mutex_delete(m) == 0) - return 0; - else - return BAD_MUTEX_E; - } - - - int LockMutex(CyaSSL_Mutex* m) - { - if (tx_mutex_get(m, TX_WAIT_FOREVER) == 0) - return 0; - else - return BAD_MUTEX_E; - } - - - int UnLockMutex(CyaSSL_Mutex* m) - { - if (tx_mutex_put(m) == 0) - return 0; - else - return BAD_MUTEX_E; - } - - #elif defined(MICRIUM) - - int InitMutex(CyaSSL_Mutex* m) - { - #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) - if (NetSecure_OS_MutexCreate(m) == 0) - return 0; - else - return BAD_MUTEX_E; - #else - return 0; - #endif - } - - - int FreeMutex(CyaSSL_Mutex* m) - { - #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) - if (NetSecure_OS_FreeMutex(m) == 0) - return 0; - else - return BAD_MUTEX_E; - #else - return 0; - #endif - } - - - int LockMutex(CyaSSL_Mutex* m) - { - #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) - if (NetSecure_OS_LockMutex(m) == 0) - return 0; - else - return BAD_MUTEX_E; - #else - return 0; - #endif - } - - - int UnLockMutex(CyaSSL_Mutex* m) - { - #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) - if (NetSecure_OS_UnLockMutex(m) == 0) - return 0; - else - return BAD_MUTEX_E; - #else - return 0; - #endif - - } - - #elif defined(EBSNET) - - int InitMutex(CyaSSL_Mutex* m) - { - if (rtp_sig_mutex_alloc(m, "CyaSSL Mutex") == -1) - return BAD_MUTEX_E; - else - return 0; - } - - int FreeMutex(CyaSSL_Mutex* m) - { - rtp_sig_mutex_free(*m); - return 0; - } - - int LockMutex(CyaSSL_Mutex* m) - { - if (rtp_sig_mutex_claim_timed(*m, RTIP_INF) == 0) - return 0; - else - return BAD_MUTEX_E; - } - - int UnLockMutex(CyaSSL_Mutex* m) - { - rtp_sig_mutex_release(*m); - return 0; - } - - #elif defined(FREESCALE_MQX) - - int InitMutex(CyaSSL_Mutex* m) - { - if (_mutex_init(m, NULL) == MQX_EOK) - return 0; - else - return BAD_MUTEX_E; - } - - int FreeMutex(CyaSSL_Mutex* m) - { - if (_mutex_destroy(m) == MQX_EOK) - return 0; - else - return BAD_MUTEX_E; - } - - int LockMutex(CyaSSL_Mutex* m) - { - if (_mutex_lock(m) == MQX_EOK) - return 0; - else - return BAD_MUTEX_E; - } - - int UnLockMutex(CyaSSL_Mutex* m) - { - if (_mutex_unlock(m) == MQX_EOK) - return 0; - else - return BAD_MUTEX_E; - } - - #elif defined(CYASSL_MDK_ARM)|| defined(CYASSL_CMSIS_RTOS) - - #if defined(CYASSL_CMSIS_RTOS) - #include "cmsis_os.h" - #define CMSIS_NMUTEX 10 - osMutexDef(CyaSSL_mt0) ; osMutexDef(CyaSSL_mt1) ; osMutexDef(CyaSSL_mt2) ; - osMutexDef(CyaSSL_mt3) ; osMutexDef(CyaSSL_mt4) ; osMutexDef(CyaSSL_mt5) ; - osMutexDef(CyaSSL_mt6) ; osMutexDef(CyaSSL_mt7) ; osMutexDef(CyaSSL_mt8) ; - osMutexDef(CyaSSL_mt9) ; - - static const osMutexDef_t *CMSIS_mutex[] = { osMutex(CyaSSL_mt0), - osMutex(CyaSSL_mt1), osMutex(CyaSSL_mt2), osMutex(CyaSSL_mt3), - osMutex(CyaSSL_mt4), osMutex(CyaSSL_mt5), osMutex(CyaSSL_mt6), - osMutex(CyaSSL_mt7), osMutex(CyaSSL_mt8), osMutex(CyaSSL_mt9) } ; - - static osMutexId CMSIS_mutexID[CMSIS_NMUTEX] = {0} ; - - int InitMutex(CyaSSL_Mutex* m) - { - int i ; - for (i=0; i - #endif - #include - #endif -#elif defined(THREADX) - #ifndef SINGLE_THREADED - #include "tx_api.h" - #endif -#elif defined(MICRIUM) - /* do nothing, just don't pick Unix */ -#elif defined(FREERTOS) || defined(CYASSL_SAFERTOS) - /* do nothing */ -#elif defined(EBSNET) - /* do nothing */ -#elif defined(FREESCALE_MQX) - /* do nothing */ -#elif defined(CYASSL_MDK_ARM) - #if defined(CYASSL_MDK5) - #include "cmsis_os.h" - #else - #include - #endif -#elif defined(CYASSL_CMSIS_RTOS) - #include "cmsis_os.h" -#else - #ifndef SINGLE_THREADED - #define CYASSL_PTHREADS - #include - #endif - #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) - #include /* for close of BIO */ - #endif -#endif - - -#ifdef SINGLE_THREADED - typedef int CyaSSL_Mutex; -#else /* MULTI_THREADED */ - /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */ - #ifdef FREERTOS - typedef xSemaphoreHandle CyaSSL_Mutex; - #elif defined(CYASSL_SAFERTOS) - typedef struct CyaSSL_Mutex { - signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES]; - xSemaphoreHandle mutex; - } CyaSSL_Mutex; - #elif defined(USE_WINDOWS_API) - typedef CRITICAL_SECTION CyaSSL_Mutex; - #elif defined(CYASSL_PTHREADS) - typedef pthread_mutex_t CyaSSL_Mutex; - #elif defined(THREADX) - typedef TX_MUTEX CyaSSL_Mutex; - #elif defined(MICRIUM) - typedef OS_MUTEX CyaSSL_Mutex; - #elif defined(EBSNET) - typedef RTP_MUTEX CyaSSL_Mutex; - #elif defined(FREESCALE_MQX) - typedef MUTEX_STRUCT CyaSSL_Mutex; - #elif defined(CYASSL_MDK_ARM) - #if defined(CYASSL_CMSIS_RTOS) - typedef osMutexId CyaSSL_Mutex; - #else - typedef OS_MUT CyaSSL_Mutex; - #endif - #elif defined(CYASSL_CMSIS_RTOS) - typedef osMutexId CyaSSL_Mutex; - #else - #error Need a mutex type in multithreaded mode - #endif /* USE_WINDOWS_API */ -#endif /* SINGLE_THREADED */ - -CYASSL_LOCAL int InitMutex(CyaSSL_Mutex*); -CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*); -CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*); -CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*); - - -/* filesystem abstraction layer, used by ssl.c */ -#ifndef NO_FILESYSTEM - -#if defined(EBSNET) - #define XFILE int - #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0); - #define XFSEEK vf_lseek - #define XFTELL vf_tell - #define XREWIND vf_rewind - #define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT) - #define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT) - #define XFCLOSE vf_close - #define XSEEK_END VSEEK_END - #define XBADFILE -1 -#elif defined(LSR_FS) - #include - #define XFILE struct fs_file* - #define XFOPEN(NAME, MODE) fs_open((char*)NAME); - #define XFSEEK(F, O, W) (void)F - #define XFTELL(F) (F)->len - #define XREWIND(F) (void)F - #define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT) - #define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT) - #define XFCLOSE fs_close - #define XSEEK_END 0 - #define XBADFILE NULL -#elif defined(FREESCALE_MQX) - #define XFILE MQX_FILE_PTR - #define XFOPEN fopen - #define XFSEEK fseek - #define XFTELL ftell - #define XREWIND(F) fseek(F, 0, IO_SEEK_SET) - #define XFREAD fread - #define XFWRITE fwrite - #define XFCLOSE fclose - #define XSEEK_END IO_SEEK_END - #define XBADFILE NULL -#elif defined(MICRIUM) - #include - #define XFILE FS_FILE* - #define XFOPEN fs_fopen - #define XFSEEK fs_fseek - #define XFTELL fs_ftell - #define XREWIND fs_rewind - #define XFREAD fs_fread - #define XFWRITE fs_fwrite - #define XFCLOSE fs_fclose - #define XSEEK_END FS_SEEK_END - #define XBADFILE NULL -#else - /* stdio, default case */ - #define XFILE FILE* - #if defined(CYASSL_MDK_ARM) - #include - extern FILE * CyaSSL_fopen(const char *name, const char *mode) ; - #define XFOPEN CyaSSL_fopen - #else - #define XFOPEN fopen - #endif - #define XFSEEK fseek - #define XFTELL ftell - #define XREWIND rewind - #define XFREAD fread - #define XFWRITE fwrite - #define XFCLOSE fclose - #define XSEEK_END SEEK_END - #define XBADFILE NULL -#endif - -#endif /* NO_FILESYSTEM */ - - -#ifdef __cplusplus - } /* extern "C" */ -#endif - -#endif /* CTAO_CRYPT_PORT_H */ - diff --git a/cyassl/internal.h b/cyassl/internal.h index 8a74fc749..7a1446408 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -468,7 +468,9 @@ void c32to24(word32 in, word24 out); #ifdef HAVE_CHACHA #define CHACHA20_BLOCK_SIZE 16 - #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 + #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 #endif #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_CHACHA) @@ -596,7 +598,9 @@ enum { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, - TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 = 0x13, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x13, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x14, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x15, /* Renegotiation Indication Extension Special Suite */ TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff diff --git a/src/internal.c b/src/internal.c index 58cc15ee5..0500f64d2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -905,13 +905,27 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif -#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 if (tls && haveRSA) { suites->suites[idx++] = CHACHA_BYTE; - suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256; + suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256; } #endif +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + if (tls1_2 && haveECDSAsig) { + suites->suites[idx++] = CHACHA_BYTE; + suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256; + } +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + if (tls && haveRSA) { + suites->suites[idx++] = CHACHA_BYTE; + suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256; + } +#endif + #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA if (tls && haveRSAsig && haveStaticECC) { suites->suites[idx++] = ECC_BYTE; @@ -3171,12 +3185,25 @@ static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) switch (second) { - case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 : + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : if (requirement == REQUIRES_RSA) return 1; break; + + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + + case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; } } + /* ECC extensions */ if (first == ECC_BYTE) { @@ -7671,10 +7698,18 @@ static const char* const cipher_names[] = "ECDH-ECDSA-AES256-SHA384", #endif -#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 "ECDHE-RSA-CHACHA20-256-POLY1305-SHA256", #endif +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + "ECDHE-ECDSA-CHACHA20-256-POLY1305-SHA256", +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + "DHE-RSA-CHACHA20-256-POLY1305-SHA256", +#endif + }; @@ -8051,8 +8086,16 @@ static int cipher_name_idx[] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, #endif -#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256, +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, #endif }; diff --git a/src/keys.c b/src/keys.c index 510f825c0..9905bd313 100644 --- a/src/keys.c +++ b/src/keys.c @@ -53,8 +53,8 @@ int SetCipherSpecs(CYASSL* ssl) if (ssl->options.cipherSuite0 == CHACHA_BYTE) { switch (ssl->options.cipherSuite) { -#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 - case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256: +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: ssl->specs.bulk_cipher_algorithm = cyassl_chacha; ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha256_mac; @@ -71,6 +71,41 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = cyassl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + + break; +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = cyassl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + + break; +#endif default: CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha"); return UNSUPPORTED_SUITE; diff --git a/src/ssl.c b/src/ssl.c index 010116ad2..dd99d8f30 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8371,9 +8371,14 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) switch (cipher->ssl->options.cipherSuite) { #ifdef HAVE_CHACHA #ifndef NO_RSA - case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 : - return "TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256"; + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; + + case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; #endif + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; #endif } } @@ -8525,8 +8530,10 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) } } #endif /* ECC */ - if (cipher->ssl->options.cipherSuite0 != ECC_BYTE && cipher->ssl->options.cipherSuite0 != CHACHA_BYTE) { - /* normal suites */ + if (cipher->ssl->options.cipherSuite0 != ECC_BYTE && + cipher->ssl->options.cipherSuite0 != CHACHA_BYTE) { + + /* normal suites */ switch (cipher->ssl->options.cipherSuite) { #ifndef NO_RSA #ifndef NO_RC4 From 4250955003dc786dbd1befffdd71d25abbdc8612 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 11 Jul 2014 16:06:29 -0600 Subject: [PATCH 12/21] arg error checking and CHACHA_AEAD_TEST update --- ctaocrypt/src/chacha.c | 23 ++++++++++++++--------- ctaocrypt/src/poly1305.c | 37 +++++++++++++++++++++++-------------- src/internal.c | 16 ++++++++++------ tests/test.conf | 27 +++++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 29 deletions(-) diff --git a/ctaocrypt/src/chacha.c b/ctaocrypt/src/chacha.c index 2ea74082b..9fc8e7be1 100644 --- a/ctaocrypt/src/chacha.c +++ b/ctaocrypt/src/chacha.c @@ -80,13 +80,16 @@ int Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter) word32 temp[3]; /* used for alignment of memory */ XMEMSET(temp, 0, 12); + if (ctx == NULL) + return BAD_FUNC_ARG; + #ifdef CHACHA_AEAD_TEST - int k; + word32 i; printf("NONCE : "); - for (k = 0; k < 12; k++) { - printf("%02x", nonce[k]); + for (i = 0; i < 12; i++) { + printf("%02x", inIv[i]); } - printf("\n"); + printf("\n\n"); #endif XMEMCPY(temp, inIv, 12); @@ -130,12 +133,14 @@ int Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz) #endif /* XSTREAM_ALIGN */ #ifdef CHACHA_AEAD_TEST - int k; - printf("ChaCha key used : "); - for (k = 0; k < keySz; k++) { - printf("%02x", key[k]); + word32 i; + printf("ChaCha key used :\n"); + for (i = 0; i < keySz; i++) { + printf("%02x", key[i]); + if ((i + 1) % 8 == 0) + printf("\n"); } - printf("\n"); + printf("\n\n"); #endif ctx->X[4] = U8TO32_LITTLE(k + 0); diff --git a/ctaocrypt/src/poly1305.c b/ctaocrypt/src/poly1305.c index a2d5fd499..c73a9cb49 100644 --- a/ctaocrypt/src/poly1305.c +++ b/ctaocrypt/src/poly1305.c @@ -37,18 +37,15 @@ #else #include #endif +#ifdef CHACHA_AEAD_TEST + #include +#endif #ifdef _MSC_VER /* 4127 warning constant while(1) */ #pragma warning(disable: 4127) #endif -#ifdef BIG_ENDIAN_ORDER - #define LITTLE32(x) ByteReverseWord32(x) -#else - #define LITTLE32(x) (x) -#endif - #if defined(POLY130564) #if defined(_MSC_VER) @@ -254,14 +251,17 @@ static void poly1305_blocks(Poly1305* ctx, const unsigned char *m, int Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) { - if (keySz != 32) - return 1; + if (keySz != 32 || ctx == NULL) + return BAD_FUNC_ARG; #ifdef CHACHA_AEAD_TEST - int k; - printf("Poly key used: "); - for (k = 0; k < keySz; k++) + word32 k; + printf("Poly key used:\n"); + for (k = 0; k < keySz; k++) { printf("%02x", key[k]); + if ((k+1) % 8 == 0) + printf("\n"); + } printf("\n"); #endif @@ -319,6 +319,9 @@ int Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) { int Poly1305Final(Poly1305* ctx, byte* mac) { + if (ctx == NULL) + return BAD_FUNC_ARG; + #if defined(POLY130564) word64 h0,h1,h2,c; @@ -484,11 +487,17 @@ int Poly1305Final(Poly1305* ctx, byte* mac) { int Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) { + if (ctx == NULL) + return BAD_FUNC_ARG; + #ifdef CHACHA_AEAD_TEST - int k; - printf("Raw input to poly: "); - for (k = 0; k < bytes; k++) + word32 k; + printf("Raw input to poly:\n"); + for (k = 0; k < bytes; k++) { printf("%02x", m[k]); + if ((k+1) % 16 == 0) + printf("\n"); + } printf("\n"); #endif size_t i; diff --git a/src/internal.c b/src/internal.c index 0500f64d2..24c4a70a3 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4891,7 +4891,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) byte nonce[AEAD_NONCE_SZ]; byte cipher[32]; /* generated key for poly1305 */ int padding2 = (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) - + (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16; + +(16 - (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16); byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; XMEMSET(tag, 0, ssl->specs.aead_mac_size); @@ -4920,7 +4920,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { printf("%02x", additional[i]); } - printf("\n"); + printf("\n\n"); #endif /* get nonce using implicit and explicit IV */ @@ -4975,9 +4975,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) XMEMSET(nonce, 0, AEAD_NONCE_SZ); #ifdef CHACHA_AEAD_TEST - printf("output after encrypt : "); + printf("output after encrypt :\n"); for (i = 0; i < sz; i++) { printf("%02x", out[i]); + if ((i + 1) % 16 == 0) + printf("\n"); } printf("\n"); #endif @@ -5138,7 +5140,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, byte tag[16]; byte cipher[32]; int padding2 = (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) - + (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16; + +(16 - (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16); byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; int i, ret; @@ -5172,7 +5174,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { printf("%02x", additional[i]); } - printf("\n"); + printf("\n\n"); #endif /* set nonce and get poly1305 key */ @@ -5229,9 +5231,11 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, ssl->specs.aead_mac_size); #ifdef CHACHA_AEAD_TEST - printf("plain after decrypt : "); + printf("plain after decrypt :\n"); for (i = 0; i < sz; i++) { printf("%02x", plain[i]); + if ((i + 1) % 16 == 0) + printf("\n"); } printf("\n"); #endif diff --git a/tests/test.conf b/tests/test.conf index 71735d2cd..83d70aacd 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -349,6 +349,17 @@ -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +# server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305 +#-v 2 +#-l ECDHE-ECDSA-CHACHA20-256-POLY1305-SHA256 +#-c ./certs/server-ecc.pem +#-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305 +#-v 2 +#-l ECDHE-ECDSA-CHACHA20-256-POLY1305-SHA256 +#-A ./certs/server-ecc.pem + # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA @@ -718,6 +729,14 @@ -v 3 -l ECDHE-RSA-AES256-SHA384 +# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305 +#-v 2 +#-l ECDHE-RSA-CHACHA20-256-POLY1305-SHA256 + +# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305 +#-v 2 +#-l ECDHE-RSA-CHACHA20-256-POLY1305-SHA256 + # server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l ECDHE-ECDSA-AES256-SHA384 @@ -1034,6 +1053,14 @@ -v 1 -l DHE-RSA-AES128-SHA +# server TLSv1 DHE-RSA-CHACHA20-POLY1305 +#-v 1 +#-l DHE-RSA-CHACHA20-256-POLY1305-SHA256 + +# server TLSv1 DHE-RSA-CHACHA20-POLY1305 +#-v 1 +#-l DHE-RSA-CHACHA20-256-POLY1305-SHA256 + # server TLSv1 DHE AES256 -v 1 -l DHE-RSA-AES256-SHA From 5b08cb35d78bb56fbc483a0c4b258656f87ce6ee Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 14 Jul 2014 16:13:24 -0600 Subject: [PATCH 13/21] updated sequence number in AD and unit tests --- src/internal.c | 26 ++++++++++++++++++-------- tests/test.conf | 30 +++++++++++++++--------------- 2 files changed, 33 insertions(+), 23 deletions(-) diff --git a/src/internal.c b/src/internal.c index 24c4a70a3..aa72835d2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4921,6 +4921,13 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) printf("%02x", additional[i]); } printf("\n\n"); + printf("input before encryption :\n"); + for (i = 0; i < sz; i++) { + printf("%02x", input[i]); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); #endif /* get nonce using implicit and explicit IV */ @@ -4961,9 +4968,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >>24) & 0xff; /* generate tag */ - Poly1305SetKey(ssl->encrypt.poly1305, - ssl->keys.server_write_MAC_secret, - sizeof(ssl->keys.server_write_MAC_secret)); + Poly1305SetKey(ssl->encrypt.poly1305, cipher, sizeof(cipher)); Poly1305Update(ssl->encrypt.poly1305, p, CHACHA20_BLOCK_SIZE + padding2 + 16); Poly1305Final(ssl->encrypt.poly1305, tag); @@ -4975,7 +4980,13 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) XMEMSET(nonce, 0, AEAD_NONCE_SZ); #ifdef CHACHA_AEAD_TEST - printf("output after encrypt :\n"); + printf("mac tag :\n"); + for (i = 0; i < 16; i++) { + printf("%02x", tag[i]); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n\noutput after encrypt :\n"); for (i = 0; i < sz; i++) { printf("%02x", out[i]); if ((i + 1) % 16 == 0) @@ -5152,7 +5163,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); /* sequence number field is 64-bits, we only use 32-bits */ - c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET); + c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); /* get AD info */ additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; @@ -5205,9 +5216,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >>24) & 0xff; /* create Poly1305 tag */ - Poly1305SetKey(ssl->decrypt.poly1305, - ssl->keys.server_write_MAC_secret, - sizeof(ssl->keys.server_write_MAC_secret)); + Poly1305SetKey(ssl->decrypt.poly1305, cipher, sizeof(cipher)); Poly1305Update(ssl->decrypt.poly1305, p, CHACHA20_BLOCK_SIZE + padding2 + 16); Poly1305Final(ssl->decrypt.poly1305, tag); @@ -5220,6 +5229,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, } if (ret == 1) { + CYASSL_MSG("Mac did not match"); SendAlert(ssl, alert_fatal, bad_record_mac); XMEMSET(nonce, 0, AEAD_NONCE_SZ); return VERIFY_MAC_ERROR; diff --git a/tests/test.conf b/tests/test.conf index 83d70aacd..c5de20a15 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -350,15 +350,15 @@ -A ./certs/server-ecc.pem # server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305 -#-v 2 -#-l ECDHE-ECDSA-CHACHA20-256-POLY1305-SHA256 -#-c ./certs/server-ecc.pem -#-k ./certs/ecc-key.pem +-v 2 +-l ECDHE-ECDSA-CHACHA20-256-POLY1305-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem # client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305 -#-v 2 -#-l ECDHE-ECDSA-CHACHA20-256-POLY1305-SHA256 -#-A ./certs/server-ecc.pem +-v 2 +-l ECDHE-ECDSA-CHACHA20-256-POLY1305-SHA256 +-A ./certs/server-ecc.pem # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 @@ -730,12 +730,12 @@ -l ECDHE-RSA-AES256-SHA384 # server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305 -#-v 2 -#-l ECDHE-RSA-CHACHA20-256-POLY1305-SHA256 +-v 2 +-l ECDHE-RSA-CHACHA20-256-POLY1305-SHA256 # server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305 -#-v 2 -#-l ECDHE-RSA-CHACHA20-256-POLY1305-SHA256 +-v 2 +-l ECDHE-RSA-CHACHA20-256-POLY1305-SHA256 # server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 @@ -1054,12 +1054,12 @@ -l DHE-RSA-AES128-SHA # server TLSv1 DHE-RSA-CHACHA20-POLY1305 -#-v 1 -#-l DHE-RSA-CHACHA20-256-POLY1305-SHA256 +-v 1 +-l DHE-RSA-CHACHA20-256-POLY1305-SHA256 # server TLSv1 DHE-RSA-CHACHA20-POLY1305 -#-v 1 -#-l DHE-RSA-CHACHA20-256-POLY1305-SHA256 +-v 1 +-l DHE-RSA-CHACHA20-256-POLY1305-SHA256 # server TLSv1 DHE AES256 -v 1 From 7eb8f571edeac48b95507b0f5b0bf76c3204dc9e Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 16 Jul 2014 14:55:38 -0600 Subject: [PATCH 14/21] reverse compatibility --- Makefile.am | 2 +- configure.ac | 2 +- cyassl/internal.h | 1 - src/internal.c | 257 ++++++++++++++++++++++++++++++---------------- 4 files changed, 172 insertions(+), 90 deletions(-) diff --git a/Makefile.am b/Makefile.am index 5918a4dc5..c2d916e49 100644 --- a/Makefile.am +++ b/Makefile.am @@ -96,7 +96,7 @@ TESTS_ENVIRONMENT=./valgrind-error.sh endif TEST_EXTENSIONS=.test -TESTS += $(check_PROGRAMS) +TESTS += $(check_PROGRAMS) ./client-test.sh test: check tests/unit.log: testsuite/testsuite.log diff --git a/configure.ac b/configure.ac index f56ebb4fc..e9faab304 100644 --- a/configure.ac +++ b/configure.ac @@ -1747,7 +1747,7 @@ echo "Generating user options header..." OPTION_FILE="cyassl/options.h" rm -f $OPTION_FILE -echo "/* cyassl options.h" >> $OPTION_FILE +echo "/* cyassl options.h" > $OPTION_FILE echo " * generated from configure options" >> $OPTION_FILE echo " *" >> $OPTION_FILE echo " * Copyright (C) 2006-2014 wolfSSL Inc." >> $OPTION_FILE diff --git a/cyassl/internal.h b/cyassl/internal.h index 7a1446408..689ca6a9d 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1371,7 +1371,6 @@ void InitCipherSpecs(CipherSpecs* cs); enum MACAlgorithm { no_mac, md5_mac, - poly1305_mac, sha_mac, sha224_mac, sha256_mac, diff --git a/src/internal.c b/src/internal.c index aa72835d2..52d60a4f9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3012,8 +3012,10 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, static int GetHandShakeHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, byte *type, word32 *size) { + const byte *ptr = input + *inOutIdx; (void)ssl; + *inOutIdx += HANDSHAKE_HEADER_SZ; *type = ptr[0]; @@ -4377,7 +4379,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size, /* increment beyond input + size should be checked against totalSz */ if (*inOutIdx + size + ssl->keys.padSz > totalSz) - return INCOMPLETE_DATA; + return INCOMPLETE_DATA; /* force input exhaustion at ProcessReply consuming padSz */ *inOutIdx += size + ssl->keys.padSz; @@ -4425,8 +4427,9 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, /* make sure can read the message */ if (*inOutIdx + size > totalSz) + { return INCOMPLETE_DATA; - + } ret = HashInput(ssl, input + *inOutIdx, size); if (ret != 0) return ret; @@ -4564,6 +4567,10 @@ static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, CYASSL_ENTER("DoHandShakeMsg()"); + /* changes the pointer for CHACHA aead */ + if (ssl->specs.bulk_cipher_algorithm == cyassl_chacha && *inOutIdx > 7) + *inOutIdx -= 8; + if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size) != 0) return PARSE_ERROR; @@ -4747,6 +4754,108 @@ static INLINE void AeadIncrementExpIV(CYASSL* ssl) if (++ssl->keys.aead_exp_IV[i]) return; } } + +#ifdef HAVE_POLY1305 + +#ifndef OLD_POLY /*more recent rfc's concatonate input for poly1305 differently*/ + +static int Poly1305Tag(CYASSL* ssl, byte* additional, const byte* out, byte* cipher, + word16 sz, byte* tag) +{ + int padding2 = (sz - ssl->specs.aead_mac_size); + if ((sz - ssl->specs.aead_mac_size) % 16 != 0) { + padding2 += + (16 - (sz - ssl->specs.aead_mac_size) % 16); + } + + byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; + XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); + + /* create input to poly1305 */ + XMEMCPY(p, additional, CHACHA20_BLOCK_SIZE); + XMEMCPY((p + CHACHA20_BLOCK_SIZE), out, + sz - ssl->specs.aead_mac_size); + + /* add size of AD and size of cipher to poly input */ + (p + CHACHA20_BLOCK_SIZE + padding2)[0] = + (CHACHA20_BLOCK_SIZE); + + /* 32 bit size of cipher to 64 bit endian */ + ((p + CHACHA20_BLOCK_SIZE + padding2))[8] = + (sz - ssl->specs.aead_mac_size) & 0xff; + + ((p + CHACHA20_BLOCK_SIZE + padding2))[9] = + ((sz - ssl->specs.aead_mac_size) >> 8) & 0xff; + + ((p + CHACHA20_BLOCK_SIZE + padding2))[10] = + ((sz - ssl->specs.aead_mac_size) >>16) & 0xff; + + ((p + CHACHA20_BLOCK_SIZE + padding2))[11] = + ((sz - ssl->specs.aead_mac_size) >>24) & 0xff; + + /* generate tag */ + Poly1305SetKey(ssl->encrypt.poly1305, cipher, 32); + Poly1305Update(ssl->encrypt.poly1305, p, + CHACHA20_BLOCK_SIZE + padding2 + 16); + Poly1305Final(ssl->encrypt.poly1305, tag); + + return 0; +} + +#else + +/** + * Used for the older version of creating AEAD tags with Poly1305 + */ +static int Poly1305Tag(CYASSL* ssl, byte* additional, const byte* out, byte* cipher, + word16 sz, byte* tag) +{ + byte p[AEAD_AUTH_DATA_SZ + 16 + + (sz - ssl->specs.aead_mac_size)]; + XMEMSET(p, 0, sizeof(p)); + +#ifdef CHACHA_AEAD_TEST + printf("Using old version of poly1305 input.\n"); +#endif + + /* create input to poly1305 */ + XMEMCPY(p, additional, AEAD_AUTH_DATA_SZ); + + (p + AEAD_AUTH_DATA_SZ - 2)[0] = ((sz - ssl->specs.aead_mac_size)>>8) & 0xff; + (p + AEAD_AUTH_DATA_SZ - 2)[1] = (sz - ssl->specs.aead_mac_size) & 0xff; + + (p + AEAD_AUTH_DATA_SZ)[0] = AEAD_AUTH_DATA_SZ; + + XMEMCPY((p + AEAD_AUTH_DATA_SZ + 8), out, + sz - ssl->specs.aead_mac_size); + + + /* 32 bit size of cipher to 64 bit endian */ + (p + AEAD_AUTH_DATA_SZ + sz - ssl->specs.aead_mac_size + + 8)[0] = + (sz - ssl->specs.aead_mac_size) & 0xff; + + (p + AEAD_AUTH_DATA_SZ + sz - ssl->specs.aead_mac_size + + 8)[1] = + ((sz - ssl->specs.aead_mac_size) >> 8) & 0xff; + + (p + AEAD_AUTH_DATA_SZ + sz - ssl->specs.aead_mac_size + + 8)[2] = + ((sz - ssl->specs.aead_mac_size) >>16) & 0xff; + + (p + AEAD_AUTH_DATA_SZ + sz - ssl->specs.aead_mac_size + + 8)[3] = + ((sz - ssl->specs.aead_mac_size) >>24) & 0xff; + + /* generate tag */ + Poly1305SetKey(ssl->encrypt.poly1305, cipher, 32); + Poly1305Update(ssl->encrypt.poly1305, p, sizeof(p)); + Poly1305Final(ssl->encrypt.poly1305, tag); + + return 0; +} +#endif /*OLD_POLY*/ +#endif /*HAVE_POLY1305*/ #endif @@ -4890,15 +4999,18 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) byte additional[CHACHA20_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; byte cipher[32]; /* generated key for poly1305 */ - int padding2 = (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) - +(16 - (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16); - byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; - XMEMSET(tag, 0, ssl->specs.aead_mac_size); XMEMSET(nonce, 0, AEAD_NONCE_SZ); XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); - XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); + + /* get nonce */ +#ifndef OLD_POLY + /* new rfc of chacha uses salt in nonce else use 0 */ + XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ); +#endif + c32toa(ssl->keys.sequence_number, nonce + AEAD_IMP_IV_SZ + + AEAD_SEQ_OFFSET); /* opaque SEQ number stored for AD */ c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET); @@ -4930,50 +5042,18 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) printf("\n"); #endif - /* get nonce using implicit and explicit IV */ - XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ); - XMEMCPY(nonce + AEAD_IMP_IV_SZ, - ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); - /* set the nonce for chacha and get poly1305 key */ Chacha_SetIV(ssl->encrypt.chacha, nonce, 0); Chacha_Process(ssl->encrypt.chacha, cipher, cipher, 32); /* encrypt the plain text */ - Chacha_Process(ssl->encrypt.chacha, out + AEAD_EXP_IV_SZ, - input + AEAD_EXP_IV_SZ, sz - AEAD_EXP_IV_SZ - - ssl->specs.aead_mac_size); + Chacha_Process(ssl->encrypt.chacha, out, input, + sz - ssl->specs.aead_mac_size); - /* create input to poly1305 */ - XMEMCPY(ssl->keys.server_write_MAC_secret, cipher, 32); - XMEMCPY(p, additional, CHACHA20_BLOCK_SIZE); - XMEMCPY((p + CHACHA20_BLOCK_SIZE), out + AEAD_EXP_IV_SZ, - sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); - - /* add size of AD and size of cipher to poly input */ - (p + CHACHA20_BLOCK_SIZE + padding2)[0] = - (CHACHA20_BLOCK_SIZE); + /* get the tag : future use of hmac could go here*/ + Poly1305Tag(ssl, additional, (const byte* )out, cipher, sz, tag); - /* 32 bit size of cipher to 64 bit endian */ - ((p + CHACHA20_BLOCK_SIZE + padding2))[8] = - (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) & 0xff; - - ((p + CHACHA20_BLOCK_SIZE + padding2))[9] = - ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >> 8) & 0xff; - - ((p + CHACHA20_BLOCK_SIZE + padding2))[10] = - ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >>16) & 0xff; - - ((p + CHACHA20_BLOCK_SIZE + padding2))[11] = - ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >>24) & 0xff; - - /* generate tag */ - Poly1305SetKey(ssl->encrypt.poly1305, cipher, sizeof(cipher)); - Poly1305Update(ssl->encrypt.poly1305, p, - CHACHA20_BLOCK_SIZE + padding2 + 16); - Poly1305Final(ssl->encrypt.poly1305, tag); - - /* append Poly1305 tag to ciphertext */ + /* append tag to ciphertext */ XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag)); AeadIncrementExpIV(ssl); @@ -5150,17 +5230,29 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, byte nonce[AEAD_NONCE_SZ]; byte tag[16]; byte cipher[32]; - int padding2 = (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) - +(16 - (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16); - - byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; int i, ret; XMEMSET(tag, 0, 16); XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(nonce, 0, AEAD_NONCE_SZ); XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); - XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); + + #ifdef CHACHA_AEAD_TEST + printf("input before decrypt :\n"); + for (i = 0; i < sz; i++) { + printf("%02x", input[i]); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); + #endif + + /* get nonce */ +#ifndef OLD_POLY + XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); +#endif + c32toa(ssl->keys.peer_sequence_number, nonce + AEAD_IMP_IV_SZ + + AEAD_SEQ_OFFSET); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); @@ -5176,9 +5268,6 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, c16toa(ssl->keys.dtls_state.curEpoch, additional); #endif - /* get nonce */ - XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); - XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ); #ifdef CHACHA_AEAD_TEST printf("Decrypt Additional : "); @@ -5192,34 +5281,8 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, Chacha_SetIV(ssl->decrypt.chacha, nonce, 0); Chacha_Process(ssl->decrypt.chacha, cipher, cipher, 32); - /* create input for Poly1305 */ - XMEMCPY(ssl->keys.server_write_MAC_secret, cipher, 32); - XMEMCPY(p, additional, CHACHA20_BLOCK_SIZE); - XMEMCPY((p + (CHACHA20_BLOCK_SIZE)), input + AEAD_EXP_IV_SZ, - sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); - - /* add size of AD and of cipher */ - (p + CHACHA20_BLOCK_SIZE + padding2)[0] = - (CHACHA20_BLOCK_SIZE); - - /* 32 bit size of cipher to 64 bit endian */ - ((p + CHACHA20_BLOCK_SIZE + padding2))[8] = - (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) & 0xff; - - ((p + CHACHA20_BLOCK_SIZE + padding2))[9] = - ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >> 8) & 0xff; - - ((p + CHACHA20_BLOCK_SIZE + padding2))[10] = - ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >>16) & 0xff; - - ((p + CHACHA20_BLOCK_SIZE + padding2))[11] = - ((sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) >>24) & 0xff; - - /* create Poly1305 tag */ - Poly1305SetKey(ssl->decrypt.poly1305, cipher, sizeof(cipher)); - Poly1305Update(ssl->decrypt.poly1305, p, - CHACHA20_BLOCK_SIZE + padding2 + 16); - Poly1305Final(ssl->decrypt.poly1305, tag); + /* get the tag : potential future use of hmac could go here */ + Poly1305Tag(ssl, additional, input, cipher, sz, tag); /* check mac sent along with packet */ ret = 0; @@ -5236,9 +5299,9 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, } /* if mac was good decrypt message */ - Chacha_Process(ssl->decrypt.chacha, plain + AEAD_EXP_IV_SZ, - input + AEAD_EXP_IV_SZ, sz - AEAD_EXP_IV_SZ - - ssl->specs.aead_mac_size); + Chacha_Process(ssl->decrypt.chacha, plain, input, + sz - ssl->specs.aead_mac_size); + #ifdef CHACHA_AEAD_TEST printf("plain after decrypt :\n"); @@ -6444,9 +6507,15 @@ static int BuildMessage(CYASSL* ssl, byte* output, int outSz, #ifdef HAVE_AEAD if (ssl->specs.cipher_type == aead) { - ivSz = AEAD_EXP_IV_SZ; + if (ssl->specs.bulk_cipher_algorithm == cyassl_chacha) { + /* chacha aead does not send exp iv with message */ + ivSz = 0; + } + else { + ivSz = AEAD_EXP_IV_SZ; + } sz += (ivSz + ssl->specs.aead_mac_size - digestSz); - XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); + XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); } #endif if (sz > (word32)outSz) { @@ -9254,13 +9323,26 @@ static void PickHashSigAlgo(CYASSL* ssl, if (encSigSz != (word32)ret || !out || XMEMCMP(out, encodedSig, min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) + { + CYASSL_MSG("line 9258"); + if (encSigSz != (word32)ret) + {CYASSL_MSG("encSigSz != ret");} + if (!out) + {CYASSL_MSG("!out");} + if (XMEMCMP(out, encodedSig, + min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) + {CYASSL_MSG("xmemcmp != 0");} + return VERIFY_SIGN_ERROR; + + } } else { if (ret != sizeof(hash) || !out || XMEMCMP(out, hash, sizeof(hash)) != 0) + {CYASSL_MSG("line 9266"); return VERIFY_SIGN_ERROR; - } + }} } else #endif #ifdef HAVE_ECC @@ -9318,8 +9400,9 @@ static void PickHashSigAlgo(CYASSL* ssl, digest, digestSz, &verify, ssl->peerEccDsaKey); } if (ret != 0 || verify == 0) + {CYASSL_MSG("line 9326"); return VERIFY_SIGN_ERROR; - } + }} else #endif /* HAVE_ECC */ return ALGO_ID_E; From b77a1fdbbba47f5d92b3940ef6320762702802e5 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 17 Jul 2014 15:00:40 -0600 Subject: [PATCH 15/21] refactoring --- cyassl/internal.h | 21 +- cyassl/ssl.h | 4 + examples/client/client.c | 10 + src/internal.c | 580 +++++++++++++++++++++------------------ src/ssl.c | 10 + tests/test-dtls.conf | 66 +++++ tests/test.conf | 108 ++++++-- 7 files changed, 505 insertions(+), 294 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 689ca6a9d..dbb396fa4 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -468,9 +468,20 @@ void c32to24(word32 in, word24 out); #ifdef HAVE_CHACHA #define CHACHA20_BLOCK_SIZE 16 - #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + /* ChaCha - Poly AEAD suites */ + #if defined(HAVE_POLY1305) && !defined(NO_SHA256) + #if defined(HAVE_ECC) + #if !defined(NO_RSA) + #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + #endif + #if !defined(NO_DSA) + #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + #endif + #endif + #if !defined(NO_DH) && !defined(NO_RSA) + #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + #endif + #endif /* end of ChaCha - Poly AEAD suites */ #endif #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_CHACHA) @@ -1704,6 +1715,10 @@ typedef struct Options { byte usingNonblock; /* set when using nonblocking socket */ byte saveArrays; /* save array Memory for user get keys or psk */ +#ifdef HAVE_POLY1305 + byte oldPoly; /* set when to use old rfc way of poly*/ +#endif + #ifndef NO_PSK byte havePSK; /* psk key set by user */ psk_client_callback client_psk_cb; diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 19a19a15a..7109b0726 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -217,6 +217,10 @@ CYASSL_API int CyaSSL_use_RSAPrivateKey_file(CYASSL*, const char*, int); const char*, int); #endif +#ifdef HAVE_POLY1305 + CYASSL_API int CyaSSL_use_old_poly(CYASSL*, int); +#endif + #ifdef HAVE_NTRU CYASSL_API int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX*, const char*); /* load NTRU private key blob */ diff --git a/examples/client/client.c b/examples/client/client.c index 6c268e65d..65aa0f837 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -611,6 +611,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) #endif ssl = CyaSSL_new(ctx); + if (ssl == NULL) err_sys("unable to get SSL object"); if (doDTLS) { @@ -622,6 +623,15 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) else { tcp_connect(&sockfd, host, port, 0); } + +#ifdef HAVE_POLY1305 + /* use old poly to connect with google server */ + if (!XMEMCMP(domain, "www.google.com", 15)) { + if (CyaSSL_use_old_poly(ssl, 1) != 0) + err_sys("unable to set to old poly"); + } +#endif + CyaSSL_set_fd(ssl, sockfd); #ifdef HAVE_CRL if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS) diff --git a/src/internal.c b/src/internal.c index 52d60a4f9..4f1fd1980 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4567,10 +4567,6 @@ static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, CYASSL_ENTER("DoHandShakeMsg()"); - /* changes the pointer for CHACHA aead */ - if (ssl->specs.bulk_cipher_algorithm == cyassl_chacha && *inOutIdx > 7) - *inOutIdx -= 8; - if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size) != 0) return PARSE_ERROR; @@ -4757,105 +4753,333 @@ static INLINE void AeadIncrementExpIV(CYASSL* ssl) #ifdef HAVE_POLY1305 -#ifndef OLD_POLY /*more recent rfc's concatonate input for poly1305 differently*/ - -static int Poly1305Tag(CYASSL* ssl, byte* additional, const byte* out, byte* cipher, - word16 sz, byte* tag) +/*more recent rfc's concatonate input for poly1305 differently*/ +static int Poly1305Tag(CYASSL* ssl, byte* additional, const byte* out, + byte* cipher, word16 sz, byte* tag) { - int padding2 = (sz - ssl->specs.aead_mac_size); - if ((sz - ssl->specs.aead_mac_size) % 16 != 0) { - padding2 += - (16 - (sz - ssl->specs.aead_mac_size) % 16); - } - - byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; - XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); + int ret = 0; + int paddingSz = 0; + int msglen = (sz - ssl->specs.aead_mac_size); + word32 keySz = 32; + byte padding[16]; - /* create input to poly1305 */ - XMEMCPY(p, additional, CHACHA20_BLOCK_SIZE); - XMEMCPY((p + CHACHA20_BLOCK_SIZE), out, - sz - ssl->specs.aead_mac_size); + if (msglen < 0) + return INPUT_CASE_ERROR; - /* add size of AD and size of cipher to poly input */ - (p + CHACHA20_BLOCK_SIZE + padding2)[0] = - (CHACHA20_BLOCK_SIZE); + XMEMSET(padding, 0, sizeof(padding)); - /* 32 bit size of cipher to 64 bit endian */ - ((p + CHACHA20_BLOCK_SIZE + padding2))[8] = - (sz - ssl->specs.aead_mac_size) & 0xff; - - ((p + CHACHA20_BLOCK_SIZE + padding2))[9] = - ((sz - ssl->specs.aead_mac_size) >> 8) & 0xff; - - ((p + CHACHA20_BLOCK_SIZE + padding2))[10] = - ((sz - ssl->specs.aead_mac_size) >>16) & 0xff; - - ((p + CHACHA20_BLOCK_SIZE + padding2))[11] = - ((sz - ssl->specs.aead_mac_size) >>24) & 0xff; + if ((ret = Poly1305SetKey(ssl->encrypt.poly1305, cipher, keySz)) != 0) + return ret; - /* generate tag */ - Poly1305SetKey(ssl->encrypt.poly1305, cipher, 32); - Poly1305Update(ssl->encrypt.poly1305, p, - CHACHA20_BLOCK_SIZE + padding2 + 16); - Poly1305Final(ssl->encrypt.poly1305, tag); + /* additional input to poly1305 */ + if ((ret = Poly1305Update(ssl->encrypt.poly1305, additional, + CHACHA20_BLOCK_SIZE)) != 0) + return ret; - return 0; + /* cipher input */ + if ((ret = Poly1305Update(ssl->encrypt.poly1305, out, msglen)) != 0) + return ret; + + /* handle padding for cipher input */ + if (msglen % 16 != 0) { + paddingSz = (16 - (sz - ssl->specs.aead_mac_size) % 16); + if (paddingSz < 0) + return INPUT_CASE_ERROR; + + if ((ret = Poly1305Update(ssl->encrypt.poly1305, padding, paddingSz)) + != 0) + return ret; + } + + /* add size of AD and size of cipher to poly input */ + XMEMSET(padding, 0, sizeof(padding)); + padding[0] = CHACHA20_BLOCK_SIZE; + + /* 32 bit size of cipher to 64 bit endian */ + padding[8] = msglen & 0xff; + padding[9] = (msglen >> 8) & 0xff; + padding[10] = (msglen >>16) & 0xff; + padding[11] = (msglen >>24) & 0xff; + + if ((ret = Poly1305Update(ssl->encrypt.poly1305, padding, sizeof(padding))) + != 0) + return ret; + + /* generate tag */ + if ((ret = Poly1305Final(ssl->encrypt.poly1305, tag)) != 0) + return ret; + + return ret; } -#else - /** * Used for the older version of creating AEAD tags with Poly1305 */ -static int Poly1305Tag(CYASSL* ssl, byte* additional, const byte* out, byte* cipher, - word16 sz, byte* tag) +static int Poly1305TagOld(CYASSL* ssl, byte* additional, const byte* out, + byte* cipher, word16 sz, byte* tag) { - byte p[AEAD_AUTH_DATA_SZ + 16 + - (sz - ssl->specs.aead_mac_size)]; - XMEMSET(p, 0, sizeof(p)); + int ret = 0; + int msglen = (sz - ssl->specs.aead_mac_size); + word32 keySz = 32; + byte padding[8]; /* used to temporarly store lengths */ #ifdef CHACHA_AEAD_TEST printf("Using old version of poly1305 input.\n"); #endif - /* create input to poly1305 */ - XMEMCPY(p, additional, AEAD_AUTH_DATA_SZ); - - (p + AEAD_AUTH_DATA_SZ - 2)[0] = ((sz - ssl->specs.aead_mac_size)>>8) & 0xff; - (p + AEAD_AUTH_DATA_SZ - 2)[1] = (sz - ssl->specs.aead_mac_size) & 0xff; - - (p + AEAD_AUTH_DATA_SZ)[0] = AEAD_AUTH_DATA_SZ; + if (msglen < 0) + return INPUT_CASE_ERROR; - XMEMCPY((p + AEAD_AUTH_DATA_SZ + 8), out, - sz - ssl->specs.aead_mac_size); + if ((ret = Poly1305SetKey(ssl->encrypt.poly1305, cipher, keySz)) != 0) + return ret; + + /* add TLS compressed length and additional input to poly1305 */ + additional[AEAD_AUTH_DATA_SZ - 2] = (msglen >> 8) & 0xff; + additional[AEAD_AUTH_DATA_SZ - 1] = msglen & 0xff; + if ((ret = Poly1305Update(ssl->encrypt.poly1305, additional, + AEAD_AUTH_DATA_SZ)) != 0) + return ret; + + /* length of additional input plus padding */ + XMEMSET(padding, 0, sizeof(padding)); + padding[0] = AEAD_AUTH_DATA_SZ; + if ((ret = Poly1305Update(ssl->encrypt.poly1305, padding, + sizeof(padding))) != 0) + return ret; - /* 32 bit size of cipher to 64 bit endian */ - (p + AEAD_AUTH_DATA_SZ + sz - ssl->specs.aead_mac_size - + 8)[0] = - (sz - ssl->specs.aead_mac_size) & 0xff; - - (p + AEAD_AUTH_DATA_SZ + sz - ssl->specs.aead_mac_size - + 8)[1] = - ((sz - ssl->specs.aead_mac_size) >> 8) & 0xff; - - (p + AEAD_AUTH_DATA_SZ + sz - ssl->specs.aead_mac_size - + 8)[2] = - ((sz - ssl->specs.aead_mac_size) >>16) & 0xff; - - (p + AEAD_AUTH_DATA_SZ + sz - ssl->specs.aead_mac_size - + 8)[3] = - ((sz - ssl->specs.aead_mac_size) >>24) & 0xff; + /* add cipher info and then its length */ + XMEMSET(padding, 0, sizeof(padding)); + if ((ret = Poly1305Update(ssl->encrypt.poly1305, out, msglen)) != 0) + return ret; - /* generate tag */ - Poly1305SetKey(ssl->encrypt.poly1305, cipher, 32); - Poly1305Update(ssl->encrypt.poly1305, p, sizeof(p)); - Poly1305Final(ssl->encrypt.poly1305, tag); + /* 32 bit size of cipher to 64 bit endian */ + padding[0] = msglen & 0xff; + padding[1] = (msglen >> 8) & 0xff; + padding[2] = (msglen >> 16) & 0xff; + padding[3] = (msglen >> 24) & 0xff; + if ((ret = Poly1305Update(ssl->encrypt.poly1305, padding, sizeof(padding))) + != 0) + return ret; - return 0; + /* generate tag */ + if ((ret = Poly1305Final(ssl->encrypt.poly1305, tag)) != 0) + return ret; + + return ret; } -#endif /*OLD_POLY*/ #endif /*HAVE_POLY1305*/ + +#ifdef HAVE_CHACHA +static int ChachaAEADEncrypt(CYASSL* ssl, byte* out, const byte* input, + word16 sz) +{ + int offset = 5; /*where to find type,version in record header */ + const byte* additionalSrc = input - offset; + int ret = 0; + byte tag[ssl->specs.aead_mac_size]; + byte additional[CHACHA20_BLOCK_SIZE]; + byte nonce[AEAD_NONCE_SZ]; + byte cipher[32]; /* generated key for poly1305 */ + + XMEMSET(tag, 0, sizeof(tag)); + XMEMSET(nonce, 0, AEAD_NONCE_SZ); + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); + + /* get nonce */ + c32toa(ssl->keys.sequence_number, nonce + AEAD_IMP_IV_SZ + + AEAD_SEQ_OFFSET); + + /* opaque SEQ number stored for AD */ + c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET); + + /* Store the type, version. Unfortunately, they are in + * the input buffer ahead of the plaintext. */ + #ifdef CYASSL_DTLS + if (ssl->options.dtls) { + c16toa(ssl->keys.dtls_epoch, additional); + additionalSrc -= DTLS_HANDSHAKE_EXTRA; + } + #endif + + XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); + + #ifdef CHACHA_AEAD_TEST + int i; + printf("Encrypt Additional : "); + for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { + printf("%02x", additional[i]); + } + printf("\n\n"); + printf("input before encryption :\n"); + for (i = 0; i < sz; i++) { + printf("%02x", input[i]); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); + #endif + + /* set the nonce for chacha and get poly1305 key */ + if ((ret = Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0) + return ret; + + if ((ret = Chacha_Process(ssl->encrypt.chacha, cipher, + cipher, 32)) != 0) + return ret; + + /* encrypt the plain text */ + if ((ret = Chacha_Process(ssl->encrypt.chacha, out, input, + sz - ssl->specs.aead_mac_size)) != 0) + return ret; + + #ifdef HAVE_POLY1305 + /* get the tag : future use of hmac could go here*/ + if (ssl->options.oldPoly == 1) { + if ((ret = Poly1305TagOld(ssl, additional, (const byte* )out, + cipher, sz, tag)) != 0) + return ret; + } + else { + if ((ret = Poly1305Tag(ssl, additional, (const byte* )out, + cipher, sz, tag)) != 0) + return ret; + } + #endif + + /* append tag to ciphertext */ + XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag)); + + AeadIncrementExpIV(ssl); + XMEMSET(nonce, 0, AEAD_NONCE_SZ); + + #ifdef CHACHA_AEAD_TEST + printf("mac tag :\n"); + for (i = 0; i < 16; i++) { + printf("%02x", tag[i]); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n\noutput after encrypt :\n"); + for (i = 0; i < sz; i++) { + printf("%02x", out[i]); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); + #endif + + return ret; +} + +static int ChachaAEADDecrypt(CYASSL* ssl, byte* plain, const byte* input, + word16 sz) +{ + byte additional[CHACHA20_BLOCK_SIZE]; + byte nonce[AEAD_NONCE_SZ]; + byte tag[ssl->specs.aead_mac_size]; + byte cipher[32]; /* generated key for mac */ + int i; + int ret = 0; + + XMEMSET(tag, 0, sizeof(tag)); + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(nonce, 0, AEAD_NONCE_SZ); + XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); + + #ifdef CHACHA_AEAD_TEST + printf("input before decrypt :\n"); + for (i = 0; i < sz; i++) { + printf("%02x", input[i]); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); + #endif + + /* get nonce */ + c32toa(ssl->keys.peer_sequence_number, nonce + AEAD_IMP_IV_SZ + + AEAD_SEQ_OFFSET); + + /* sequence number field is 64-bits, we only use 32-bits */ + c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); + + /* get AD info */ + additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; + additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; + additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; + + /* Store the type, version. */ + #ifdef CYASSL_DTLS + if (ssl->options.dtls) + c16toa(ssl->keys.dtls_state.curEpoch, additional); + #endif + + + #ifdef CHACHA_AEAD_TEST + printf("Decrypt Additional : "); + for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { + printf("%02x", additional[i]); + } + printf("\n\n"); + #endif + + /* set nonce and get poly1305 key */ + if ((ret = Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0) + return ret; + + if ((ret = Chacha_Process(ssl->decrypt.chacha, cipher, + cipher, sizeof(cipher))) != 0) + return ret; + + #ifdef HAVE_POLY1305 + /* get the tag : future use of hmac could go here*/ + if (ssl->options.oldPoly == 1) { + if ((ret = Poly1305TagOld(ssl, additional, input, cipher, + sz, tag)) != 0) + return ret; + } + else { + if ((ret = Poly1305Tag(ssl, additional, input, cipher, + sz, tag)) != 0) + return ret; + } + #endif + + /* check mac sent along with packet */ + ret = 0; + for (i = 0; i < ssl->specs.aead_mac_size; i++) { + if ((input + sz - ssl->specs.aead_mac_size)[i] != tag[i]) + ret = 1; + } + + if (ret == 1) { + CYASSL_MSG("Mac did not match"); + SendAlert(ssl, alert_fatal, bad_record_mac); + XMEMSET(nonce, 0, AEAD_NONCE_SZ); + return VERIFY_MAC_ERROR; + } + + /* if mac was good decrypt message */ + if ((ret = Chacha_Process(ssl->decrypt.chacha, plain, input, + sz - ssl->specs.aead_mac_size)) != 0) + return ret; + + + #ifdef CHACHA_AEAD_TEST + printf("plain after decrypt :\n"); + for (i = 0; i < sz; i++) { + printf("%02x", plain[i]); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); + #endif + + return ret; +} +#endif /* HAVE_CHACHA */ #endif @@ -4993,89 +5217,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) #ifdef HAVE_CHACHA case cyassl_chacha: - { - const byte* additionalSrc = input - 5; - byte tag[16]; - byte additional[CHACHA20_BLOCK_SIZE]; - byte nonce[AEAD_NONCE_SZ]; - byte cipher[32]; /* generated key for poly1305 */ - XMEMSET(tag, 0, ssl->specs.aead_mac_size); - XMEMSET(nonce, 0, AEAD_NONCE_SZ); - XMEMSET(cipher, 0, sizeof(cipher)); - XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); - - /* get nonce */ -#ifndef OLD_POLY - /* new rfc of chacha uses salt in nonce else use 0 */ - XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ); -#endif - c32toa(ssl->keys.sequence_number, nonce + AEAD_IMP_IV_SZ - + AEAD_SEQ_OFFSET); - - /* opaque SEQ number stored for AD */ - c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET); - - /* Store the type, version. Unfortunately, they are in - * the input buffer ahead of the plaintext. */ - #ifdef CYASSL_DTLS - if (ssl->options.dtls) { - c16toa(ssl->keys.dtls_epoch, additional); - additionalSrc -= DTLS_HANDSHAKE_EXTRA; - } - #endif - - XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); - -#ifdef CHACHA_AEAD_TEST - int i; - printf("Encrypt Additional : "); - for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { - printf("%02x", additional[i]); - } - printf("\n\n"); - printf("input before encryption :\n"); - for (i = 0; i < sz; i++) { - printf("%02x", input[i]); - if ((i + 1) % 16 == 0) - printf("\n"); - } - printf("\n"); -#endif - - /* set the nonce for chacha and get poly1305 key */ - Chacha_SetIV(ssl->encrypt.chacha, nonce, 0); - Chacha_Process(ssl->encrypt.chacha, cipher, cipher, 32); - - /* encrypt the plain text */ - Chacha_Process(ssl->encrypt.chacha, out, input, - sz - ssl->specs.aead_mac_size); - - /* get the tag : future use of hmac could go here*/ - Poly1305Tag(ssl, additional, (const byte* )out, cipher, sz, tag); - - /* append tag to ciphertext */ - XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag)); - - AeadIncrementExpIV(ssl); - XMEMSET(nonce, 0, AEAD_NONCE_SZ); - - #ifdef CHACHA_AEAD_TEST - printf("mac tag :\n"); - for (i = 0; i < 16; i++) { - printf("%02x", tag[i]); - if ((i + 1) % 16 == 0) - printf("\n"); - } - printf("\n\noutput after encrypt :\n"); - for (i = 0; i < sz; i++) { - printf("%02x", out[i]); - if ((i + 1) % 16 == 0) - printf("\n"); - } - printf("\n"); - #endif - } - break; /* end of chacha-poly1305 encrypt process */ + return ChachaAEADEncrypt(ssl, out, input, sz); #endif #ifdef HAVE_NULL_CIPHER @@ -5225,96 +5367,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, #ifdef HAVE_CHACHA case cyassl_chacha: - { - byte additional[CHACHA20_BLOCK_SIZE]; - byte nonce[AEAD_NONCE_SZ]; - byte tag[16]; - byte cipher[32]; - int i, ret; - - XMEMSET(tag, 0, 16); - XMEMSET(cipher, 0, sizeof(cipher)); - XMEMSET(nonce, 0, AEAD_NONCE_SZ); - XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); - - #ifdef CHACHA_AEAD_TEST - printf("input before decrypt :\n"); - for (i = 0; i < sz; i++) { - printf("%02x", input[i]); - if ((i + 1) % 16 == 0) - printf("\n"); - } - printf("\n"); - #endif - - /* get nonce */ -#ifndef OLD_POLY - XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); -#endif - c32toa(ssl->keys.peer_sequence_number, nonce + AEAD_IMP_IV_SZ - + AEAD_SEQ_OFFSET); - - /* sequence number field is 64-bits, we only use 32-bits */ - c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); - - /* get AD info */ - additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; - additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; - additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; - - /* Store the type, version. */ - #ifdef CYASSL_DTLS - if (ssl->options.dtls) - c16toa(ssl->keys.dtls_state.curEpoch, additional); - #endif - - -#ifdef CHACHA_AEAD_TEST - printf("Decrypt Additional : "); - for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { - printf("%02x", additional[i]); - } - printf("\n\n"); -#endif - - /* set nonce and get poly1305 key */ - Chacha_SetIV(ssl->decrypt.chacha, nonce, 0); - Chacha_Process(ssl->decrypt.chacha, cipher, cipher, 32); - - /* get the tag : potential future use of hmac could go here */ - Poly1305Tag(ssl, additional, input, cipher, sz, tag); - - /* check mac sent along with packet */ - ret = 0; - for (i = 0; i < ssl->specs.aead_mac_size; i++) { - if ((input + sz - ssl->specs.aead_mac_size)[i] != tag[i]) - ret = 1; - } - - if (ret == 1) { - CYASSL_MSG("Mac did not match"); - SendAlert(ssl, alert_fatal, bad_record_mac); - XMEMSET(nonce, 0, AEAD_NONCE_SZ); - return VERIFY_MAC_ERROR; - } - - /* if mac was good decrypt message */ - Chacha_Process(ssl->decrypt.chacha, plain, input, - sz - ssl->specs.aead_mac_size); - - - #ifdef CHACHA_AEAD_TEST - printf("plain after decrypt :\n"); - for (i = 0; i < sz; i++) { - printf("%02x", plain[i]); - if ((i + 1) % 16 == 0) - printf("\n"); - } - printf("\n"); - #endif - - } - break; + return ChachaAEADDecrypt(ssl, plain, input, sz); #endif #ifdef HAVE_NULL_CIPHER @@ -5667,7 +5720,8 @@ int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx) ivExtra = ssl->specs.block_size; } else if (ssl->specs.cipher_type == aead) { - ivExtra = AEAD_EXP_IV_SZ; + if (ssl->specs.bulk_cipher_algorithm != cyassl_chacha) + ivExtra = AEAD_EXP_IV_SZ; } dataSz = msgSz - ivExtra - ssl->keys.padSz; @@ -6058,7 +6112,8 @@ int ProcessReply(CYASSL* ssl) if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) ssl->buffers.inputBuffer.idx += ssl->specs.block_size; /* go past TLSv1.1 IV */ - if (ssl->specs.cipher_type == aead) + if (ssl->specs.cipher_type == aead && + ssl->specs.bulk_cipher_algorithm != cyassl_chacha) ssl->buffers.inputBuffer.idx += AEAD_EXP_IV_SZ; #endif /* ATOMIC_USER */ } @@ -6075,7 +6130,8 @@ int ProcessReply(CYASSL* ssl) if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) ssl->buffers.inputBuffer.idx += ssl->specs.block_size; /* go past TLSv1.1 IV */ - if (ssl->specs.cipher_type == aead) + if (ssl->specs.cipher_type == aead && + ssl->specs.bulk_cipher_algorithm != cyassl_chacha) ssl->buffers.inputBuffer.idx += AEAD_EXP_IV_SZ; ret = VerifyMac(ssl, ssl->buffers.inputBuffer.buffer + @@ -6507,13 +6563,9 @@ static int BuildMessage(CYASSL* ssl, byte* output, int outSz, #ifdef HAVE_AEAD if (ssl->specs.cipher_type == aead) { - if (ssl->specs.bulk_cipher_algorithm == cyassl_chacha) { - /* chacha aead does not send exp iv with message */ - ivSz = 0; - } - else { + if (ssl->specs.bulk_cipher_algorithm != cyassl_chacha) ivSz = AEAD_EXP_IV_SZ; - } + sz += (ivSz + ssl->specs.aead_mac_size - digestSz); XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); } @@ -7782,15 +7834,15 @@ static const char* const cipher_names[] = #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - "ECDHE-RSA-CHACHA20-256-POLY1305-SHA256", + "ECDHE-RSA-CHACHA20-POLY1305", #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - "ECDHE-ECDSA-CHACHA20-256-POLY1305-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - "DHE-RSA-CHACHA20-256-POLY1305-SHA256", + "DHE-RSA-CHACHA20-POLY1305", #endif }; diff --git a/src/ssl.c b/src/ssl.c index dd99d8f30..1b99e98fd 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -194,6 +194,16 @@ void CyaSSL_free(CYASSL* ssl) CYASSL_LEAVE("SSL_free", 0); } +#ifdef HAVE_POLY1305 +/* set if to use old poly 1 for yes 0 to use new poly */ +int CyaSSL_use_old_poly(CYASSL* ssl, int value) +{ + CYASSL_ENTER("SSL_use_old_poly"); + ssl->options.oldPoly = value; + CYASSL_LEAVE("SSL_use_old_poly", 0); + return 0; +} +#endif int CyaSSL_set_fd(CYASSL* ssl, int fd) { diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf index cc3a6aeb5..887afb18d 100644 --- a/tests/test-dtls.conf +++ b/tests/test-dtls.conf @@ -1,3 +1,69 @@ +# server DTLSv1 DHE-RSA-CHACHA20-POLY1305 +-u +-v 2 +-l DHE-RSA-CHACHA20-POLY1305 + +# client DTLSv1 DHE-RSA-CHACHA20-POLY1305 +-u +-v 2 +-l DHE-RSA-CHACHA20-POLY1305 + +# server DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 +-u +-v 2 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# client DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 +-u +-v 2 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# server DTLSv1 ECDHE-EDCSA-CHACHA20-POLY1305 +-u +-v 2 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1 ECDHE-ECDSA-CHACHA20-POLY1305 +-u +-v 2 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-A ./certs/server-ecc.pem + +# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-u +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 + +# client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-u +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 + +# server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-u +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-u +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 +-u +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 +-u +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-A ./certs/server-ecc.pem + # server DTLSv1 RC4-SHA -u -v 2 diff --git a/tests/test.conf b/tests/test.conf index c5de20a15..b3656f112 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1,3 +1,84 @@ +# server TLSv1 DHE-RSA-CHACHA20-POLY1305 +-v 1 +-l DHE-RSA-CHACHA20-POLY1305 + +# client TLSv1 DHE-RSA-CHACHA20-POLY1305 +-v 1 +-l DHE-RSA-CHACHA20-POLY1305 + +# server TLSv1 ECDHE-EDCSA-CHACHA20-POLY1305 +-v 1 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-CHACHA20-POLY1305 +-v 1 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-A ./certs/server-ecc.pem + +# server TLSv1 ECDHE-RSA-CHACHA20-POLY1305 +-v 1 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# client TLSv1 ECDHE-RSA-CHACHA20-POLY1305 +-v 1 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# server TLSv1.1 DHE-RSA-CHACHA20-POLY1305 +-v 2 +-l DHE-RSA-CHACHA20-POLY1305 + +# client TLSv1.1 DHE-RSA-CHACHA20-POLY1305 +-v 2 +-l DHE-RSA-CHACHA20-POLY1305 + +# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305 +-v 2 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# client TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305 +-v 2 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305 +-v 2 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305 +-v 2 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-A ./certs/server-ecc.pem + +# server TLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 + +# client TLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 + +# server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-A ./certs/server-ecc.pem + # server SSLv3 RC4-SHA -v 0 -l RC4-SHA @@ -349,17 +430,6 @@ -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -# server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305 --v 2 --l ECDHE-ECDSA-CHACHA20-256-POLY1305-SHA256 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305 --v 2 --l ECDHE-ECDSA-CHACHA20-256-POLY1305-SHA256 --A ./certs/server-ecc.pem - # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA @@ -729,14 +799,6 @@ -v 3 -l ECDHE-RSA-AES256-SHA384 -# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305 --v 2 --l ECDHE-RSA-CHACHA20-256-POLY1305-SHA256 - -# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305 --v 2 --l ECDHE-RSA-CHACHA20-256-POLY1305-SHA256 - # server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l ECDHE-ECDSA-AES256-SHA384 @@ -1053,14 +1115,6 @@ -v 1 -l DHE-RSA-AES128-SHA -# server TLSv1 DHE-RSA-CHACHA20-POLY1305 --v 1 --l DHE-RSA-CHACHA20-256-POLY1305-SHA256 - -# server TLSv1 DHE-RSA-CHACHA20-POLY1305 --v 1 --l DHE-RSA-CHACHA20-256-POLY1305-SHA256 - # server TLSv1 DHE AES256 -v 1 -l DHE-RSA-AES256-SHA From 7cb65d8b3d4ef6ec7c45203bd39c66a49422eb18 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 17 Jul 2014 15:33:48 -0600 Subject: [PATCH 16/21] asthetics --- cyassl/internal.h | 4 +- src/internal.c | 106 +++++++++++++++++++++++----------------------- 2 files changed, 54 insertions(+), 56 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index dbb396fa4..d36a43db6 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -609,9 +609,9 @@ enum { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x13, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x14, - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x15, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x15, /* Renegotiation Indication Extension Special Suite */ TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff diff --git a/src/internal.c b/src/internal.c index 4f1fd1980..fa97d7c39 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4751,8 +4751,8 @@ static INLINE void AeadIncrementExpIV(CYASSL* ssl) } } -#ifdef HAVE_POLY1305 +#ifdef HAVE_POLY1305 /*more recent rfc's concatonate input for poly1305 differently*/ static int Poly1305Tag(CYASSL* ssl, byte* additional, const byte* out, byte* cipher, word16 sz, byte* tag) @@ -4780,7 +4780,7 @@ static int Poly1305Tag(CYASSL* ssl, byte* additional, const byte* out, if ((ret = Poly1305Update(ssl->encrypt.poly1305, out, msglen)) != 0) return ret; - /* handle padding for cipher input */ + /* handle padding for cipher input to make it 16 bytes long */ if (msglen % 16 != 0) { paddingSz = (16 - (sz - ssl->specs.aead_mac_size) % 16); if (paddingSz < 0) @@ -4800,7 +4800,6 @@ static int Poly1305Tag(CYASSL* ssl, byte* additional, const byte* out, padding[9] = (msglen >> 8) & 0xff; padding[10] = (msglen >>16) & 0xff; padding[11] = (msglen >>24) & 0xff; - if ((ret = Poly1305Update(ssl->encrypt.poly1305, padding, sizeof(padding))) != 0) return ret; @@ -4812,9 +4811,8 @@ static int Poly1305Tag(CYASSL* ssl, byte* additional, const byte* out, return ret; } -/** - * Used for the older version of creating AEAD tags with Poly1305 - */ + +/* Used for the older version of creating AEAD tags with Poly1305 */ static int Poly1305TagOld(CYASSL* ssl, byte* additional, const byte* out, byte* cipher, word16 sz, byte* tag) { @@ -4870,6 +4868,7 @@ static int Poly1305TagOld(CYASSL* ssl, byte* additional, const byte* out, } #endif /*HAVE_POLY1305*/ + #ifdef HAVE_CHACHA static int ChachaAEADEncrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) @@ -4906,19 +4905,19 @@ static int ChachaAEADEncrypt(CYASSL* ssl, byte* out, const byte* input, XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); #ifdef CHACHA_AEAD_TEST - int i; - printf("Encrypt Additional : "); - for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { - printf("%02x", additional[i]); - } - printf("\n\n"); - printf("input before encryption :\n"); - for (i = 0; i < sz; i++) { - printf("%02x", input[i]); - if ((i + 1) % 16 == 0) - printf("\n"); - } - printf("\n"); + int i; + printf("Encrypt Additional : "); + for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { + printf("%02x", additional[i]); + } + printf("\n\n"); + printf("input before encryption :\n"); + for (i = 0; i < sz; i++) { + printf("%02x", input[i]); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); #endif /* set the nonce for chacha and get poly1305 key */ @@ -4935,17 +4934,17 @@ static int ChachaAEADEncrypt(CYASSL* ssl, byte* out, const byte* input, return ret; #ifdef HAVE_POLY1305 - /* get the tag : future use of hmac could go here*/ - if (ssl->options.oldPoly == 1) { - if ((ret = Poly1305TagOld(ssl, additional, (const byte* )out, - cipher, sz, tag)) != 0) - return ret; - } - else { - if ((ret = Poly1305Tag(ssl, additional, (const byte* )out, - cipher, sz, tag)) != 0) - return ret; - } + /* get the tag : future use of hmac could go here*/ + if (ssl->options.oldPoly == 1) { + if ((ret = Poly1305TagOld(ssl, additional, (const byte* )out, + cipher, sz, tag)) != 0) + return ret; + } + else { + if ((ret = Poly1305Tag(ssl, additional, (const byte* )out, + cipher, sz, tag)) != 0) + return ret; + } #endif /* append tag to ciphertext */ @@ -4954,7 +4953,7 @@ static int ChachaAEADEncrypt(CYASSL* ssl, byte* out, const byte* input, AeadIncrementExpIV(ssl); XMEMSET(nonce, 0, AEAD_NONCE_SZ); - #ifdef CHACHA_AEAD_TEST + #ifdef CHACHA_AEAD_TEST printf("mac tag :\n"); for (i = 0; i < 16; i++) { printf("%02x", tag[i]); @@ -4973,6 +4972,7 @@ static int ChachaAEADEncrypt(CYASSL* ssl, byte* out, const byte* input, return ret; } + static int ChachaAEADDecrypt(CYASSL* ssl, byte* plain, const byte* input, word16 sz) { @@ -4980,7 +4980,7 @@ static int ChachaAEADDecrypt(CYASSL* ssl, byte* plain, const byte* input, byte nonce[AEAD_NONCE_SZ]; byte tag[ssl->specs.aead_mac_size]; byte cipher[32]; /* generated key for mac */ - int i; + int i; int ret = 0; XMEMSET(tag, 0, sizeof(tag)); @@ -4988,7 +4988,7 @@ static int ChachaAEADDecrypt(CYASSL* ssl, byte* plain, const byte* input, XMEMSET(nonce, 0, AEAD_NONCE_SZ); XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); - #ifdef CHACHA_AEAD_TEST + #ifdef CHACHA_AEAD_TEST printf("input before decrypt :\n"); for (i = 0; i < sz; i++) { printf("%02x", input[i]); @@ -5015,36 +5015,35 @@ static int ChachaAEADDecrypt(CYASSL* ssl, byte* plain, const byte* input, if (ssl->options.dtls) c16toa(ssl->keys.dtls_state.curEpoch, additional); #endif - - + #ifdef CHACHA_AEAD_TEST - printf("Decrypt Additional : "); - for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { - printf("%02x", additional[i]); - } - printf("\n\n"); + printf("Decrypt Additional : "); + for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { + printf("%02x", additional[i]); + } + printf("\n\n"); #endif /* set nonce and get poly1305 key */ if ((ret = Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0) return ret; - if ((ret = Chacha_Process(ssl->decrypt.chacha, cipher, + if ((ret = Chacha_Process(ssl->decrypt.chacha, cipher, cipher, sizeof(cipher))) != 0) return ret; #ifdef HAVE_POLY1305 - /* get the tag : future use of hmac could go here*/ - if (ssl->options.oldPoly == 1) { - if ((ret = Poly1305TagOld(ssl, additional, input, cipher, - sz, tag)) != 0) - return ret; - } - else { - if ((ret = Poly1305Tag(ssl, additional, input, cipher, - sz, tag)) != 0) - return ret; - } + /* get the tag : future use of hmac could go here*/ + if (ssl->options.oldPoly == 1) { + if ((ret = Poly1305TagOld(ssl, additional, input, cipher, + sz, tag)) != 0) + return ret; + } + else { + if ((ret = Poly1305Tag(ssl, additional, input, cipher, + sz, tag)) != 0) + return ret; + } #endif /* check mac sent along with packet */ @@ -5065,8 +5064,7 @@ static int ChachaAEADDecrypt(CYASSL* ssl, byte* plain, const byte* input, if ((ret = Chacha_Process(ssl->decrypt.chacha, plain, input, sz - ssl->specs.aead_mac_size)) != 0) return ret; - - + #ifdef CHACHA_AEAD_TEST printf("plain after decrypt :\n"); for (i = 0; i < sz; i++) { From 726cc3e3a4a563722eabccb945ff959cbba90743 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 18 Jul 2014 14:42:45 -0600 Subject: [PATCH 17/21] sanity check and recent cyassl release --- certs/ca-cert.der | Bin 1186 -> 1198 bytes certs/ca-cert.pem | 100 ++--- certs/client-cert.der | Bin 1180 -> 1198 bytes certs/client-cert.pem | 100 ++--- certs/crl/cliCrl.pem | 64 ++- certs/crl/crl.pem | 58 +-- certs/crl/crl.revoked | 50 +-- certs/ntru-cert.pem | 52 +-- certs/ntru-key.raw | Bin 607 -> 607 bytes certs/server-cert.der | Bin 916 -> 1186 bytes certs/server-cert.pem | 203 +++++----- certs/server-ecc-rsa.pem | 93 +++-- ctaocrypt/benchmark/benchmark.c | 24 +- ctaocrypt/src/aes.c | 285 +++++++------- ctaocrypt/src/error.c | 3 + ctaocrypt/src/rsa.c | 34 +- cyassl/certs_test.h | 669 +++++++++++++++++--------------- cyassl/ctaocrypt/error-crypt.h | 4 +- cyassl/test.h | 2 +- examples/client/client.c | 1 - src/internal.c | 36 +- 21 files changed, 906 insertions(+), 872 deletions(-) diff --git a/certs/ca-cert.der b/certs/ca-cert.der index 5d7c48aded1f8d8eaa1f57e8405c2bc5da4b4350..aaff68ff715d9919ce6340ea60746f0c892cd78b 100644 GIT binary patch literal 1198 zcmXqLVp(O-#5`#MGZP~d6DPwgNB6S}MUr|9c-c6$+C196^D;8BvN9MnPBG**;ACSC zWnmL$3Jo?CFyI4mIC$87^Ycm)^Aceq>^$sF`Bka8iFt;C2K*p3Ts$1XiRC5v`6U^K z!UlpMA#NTn=ls0l(wvgaymUhe12K>wGY@}xdAVMBeok6(agJVcey*Xsfh^n^oQz@u znR#jX4oC_NyvM(z{hQ-^Y5RkWu9?)%{}I{cUm8BY^cp+58)P= zq3GLiT1esf8UK5(wI_?pjb5FausbtIfLVXV=cz|Ob|-~NzfaF!BH%c6E!XVFOAl$e>8Zz$d=mUhw&p7T%YPwna|Gy56$T54F+&t-{Nw6FZw zvo+&%Mtz}z_SXf;U&Hhlt6kcjzcEVuy2VV6f0HBf{~Z?gZwTzum8MVsPpd=sw4c|O>0mdsJTbVI+Xby$y}sV9rfh3C7%j`DI% z?7g-kdPncgJuQ4kr8e(RVe$){xMWeQ SX!H6H(X%x?<2P+)z5xJ)xTPon delta 780 zcmZ3-xrkHCpowLkK@)S^0%j&gCMHgXmlu}DSE_!oG2mt6)N1o+`_9YA$jZuK&^Te@ zL$P{ccHjKGlEl13LjeOmHs(+kc42m>{HoO4#5_Ym1AdSQmoP_gVtGk^eo2O*uz?^* zh+CM;IX|zsG^ZppFWpegKm;VnEX-S8UanV}SX`W=mzCB(^Zu8u7yH16&#m`=}i7MWHWW34b>V^5A4=!n+6!Y`qe*^tK<~^Hjc#IZL zh?klmw|?&DdDq#QR@SPgCF`%3xV}bWMo)9U#b@p{W&)+ZPn8J=L^Jgl?|;1DU2~9X z$T_uhbN1?2u9mJ(*fHrN^MOCs95)ZFy;{Vf+K{MwXa4f$BzE@)>^|P?1}rPvWkT!O zg)W?SiamWkjZsSc-B136?YHwYp87c^a-@8YBNj9Zl#zA?O2ot$}O$LHtg7TO-To%?yyO}7*C5AP_5l4q(v1pp0K56b`m diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem index b2dc6ae6e..7e64eb479 100644 --- a/certs/ca-cert.pem +++ b/certs/ca-cert.pem @@ -1,45 +1,45 @@ -----BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD -VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G -A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3 -dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx -MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290 -aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd -MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q -8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k -EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A -dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/ -mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ -CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O -BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd -P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u -dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV -BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG -9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513 -PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH -Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr -G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m -ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi -rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg== +MIIEqjCCA5KgAwIBAgIJAJpBR82hFGKMMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNDA3MTEwMzIwMDhaFw0xNzA0MDYwMzIwMDhaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAeXgMbXmIkfw6FZz5J2IW8CEf ++n0/oqgyHvfyEal0FnRe3BjK8AAq1QMGJjDxR4P9Mm787apPfQxjYDEvfAy/mWaH +7ScIhi3EM+iYIxz+o9uaSU78WkLvccM/rdxKqNKjHQmsMwR7hvNtAFmjyNvRPHP2 +DpDWXkngvzZjCHulsI81O1aMETVJBBzQ57pWxQ0KkY3Wt2IZNBJSTNJtfMU9DxiB +VMv2POWE0tZxFewaNAvwoCF0Q8ijsN/ZZ9rirZNI+KCHvXkU4GIK3/cxLjF70TIq +Cv5dFO/ZZFDkg5G8cA3XiI3ZvIQOxRqzv2QCTlGRpKKFFYOv8FubKElfsrMD2A== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: - e9:d0:a7:5f:79:25:f4:3c - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com + 9a:41:47:cd:a1:14:62:8c + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Oct 24 18:18:15 2011 GMT - Not After : Jul 20 18:18:15 2014 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com + Not Before: Jul 11 03:20:08 2014 GMT + Not After : Apr 6 03:20:08 2017 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): + Public-Key: (2048 bit) + Modulus: 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: @@ -64,24 +64,24 @@ Certificate: 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com - serial:E9:D0:A7:5F:79:25:F4:3C + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:9A:41:47:CD:A1:14:62:8C X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption - 5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26: - 4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6: - e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c: - f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e: - af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18: - 98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02: - 8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab: - 1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80: - 61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87: - 1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f: - 60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf: - 18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12: - f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4: - b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70: - 5a:1f:7f:ca + 79:78:0c:6d:79:88:91:fc:3a:15:9c:f9:27:62:16:f0:21:1f: + fa:7d:3f:a2:a8:32:1e:f7:f2:11:a9:74:16:74:5e:dc:18:ca: + f0:00:2a:d5:03:06:26:30:f1:47:83:fd:32:6e:fc:ed:aa:4f: + 7d:0c:63:60:31:2f:7c:0c:bf:99:66:87:ed:27:08:86:2d:c4: + 33:e8:98:23:1c:fe:a3:db:9a:49:4e:fc:5a:42:ef:71:c3:3f: + ad:dc:4a:a8:d2:a3:1d:09:ac:33:04:7b:86:f3:6d:00:59:a3: + c8:db:d1:3c:73:f6:0e:90:d6:5e:49:e0:bf:36:63:08:7b:a5: + b0:8f:35:3b:56:8c:11:35:49:04:1c:d0:e7:ba:56:c5:0d:0a: + 91:8d:d6:b7:62:19:34:12:52:4c:d2:6d:7c:c5:3d:0f:18:81: + 54:cb:f6:3c:e5:84:d2:d6:71:15:ec:1a:34:0b:f0:a0:21:74: + 43:c8:a3:b0:df:d9:67:da:e2:ad:93:48:f8:a0:87:bd:79:14: + e0:62:0a:df:f7:31:2e:31:7b:d1:32:2a:0a:fe:5d:14:ef:d9: + 64:50:e4:83:91:bc:70:0d:d7:88:8d:d9:bc:84:0e:c5:1a:b3: + bf:64:02:4e:51:91:a4:a2:85:15:83:af:f0:5b:9b:28:49:5f: + b2:b3:03:d8 diff --git a/certs/client-cert.der b/certs/client-cert.der index a656ff91f3e20281d2ce8fa5154bb4dcfb1291c8..293985adb974f6aefe00cbcd63701ea735fbcfa6 100644 GIT binary patch literal 1198 zcmXqLVp(O-#5`#MGZP~d6DPyA^$sF`Bka8iFq&)E*|#s{G7DlU>`#f10j$u zZXWJ{qWtut#N6D>ymUhe12K>&GY@}xdAS})ZEsVVgi|YY55LF z3Jm1Lc@0er%nc0<&5bQhOrn5Xa|06tGbnekI=hKc2|0inSs9p{82K3tni#p5niv@w z4l`fW{%5(w$kjUdM2ogoP06gitF(gH-LEY(+r)0vcVSm%^|8Y)^R6^{{MF4^)SbS2 zVd)7o9j{B$-@A96=l%Kq&BsQ$>e?%w%s=ml;&Az{q^HwFViOv&rQ28UANzF`UQa(D>w`q*DG*4 ziySRU-(u91-`jSm!(pab^Da4uA|>(bL8&Um8_vC#JiG3HMNahrA?7Q7MZ5vI){Ctd z&y1UU;wDe)=9^tNL)32P{#vv9zpBrXisv_(vq>;@v%b*8{f~ z<~i1N>qN~uUGAOrmF+*%dbwxG{(D?*+K0{Koa6j6RME(-iL-5Gb&1TpD6Rd>l@m{Y z(yTuz+SIu-_-q~fgq5*n4<+MxBX&ey<-M=GIy<>ca^9T#8^S$vF0@TQoMZFrLD(Vb z#|xdLB9dC?mPj^ptdE@VW9HuU%U-YePM%8a;_Y%eGvTG)p^)PGxb?k{j83~MT$A*T ME;l^GuX~^l0F5cF6aWAK delta 817 zcmZ3-Ift{}powLMK@)Ss0%j&gCMHgXcCXTX6VqyTD}8Z+CWa6*U-?=z{teV!pP9nGz!QyF)%kWfO3g*aSG{9Cf&uG^BDCR zS-u%GexAILNs;F;(6_S6ERDMj8h1=S$0SidWl7^i;+#tp*D8V{88d*J5Q$-O53^Fe zOpQ~c<~+so7j7I3$v?ABgwx`G#*A50gUckUpBa?B(cmpze(%BAzN?|iS?=0?y?<)i z7T@4s8+VQ6B!ltqa`nqwnKxG}mKbt-t=E;>Jh|`8=Xl!*_Gcc4N=~ep{{Y z_b-#3wY+oUxb%NMf993kwqcFd!q;1()6W_`*(T^ct0;|kkyly&Kczj*e{XNUy7C?C Q$&H0|(%KInGp#=W0HM4HM*si- diff --git a/certs/client-cert.pem b/certs/client-cert.pem index 278b43fe6..38330d538 100644 --- a/certs/client-cert.pem +++ b/certs/client-cert.pem @@ -2,17 +2,17 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 87:4a:75:be:91:66:d8:3d - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com + b6:63:af:8f:5d:62:57:a0 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Oct 24 18:21:55 2011 GMT - Not After : Jul 20 18:21:55 2014 GMT - Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com + Not Before: Jul 11 17:39:44 2014 GMT + Not After : Apr 6 17:39:44 2017 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): + Public-Key: (2048 bit) + Modulus: 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: @@ -37,51 +37,51 @@ Certificate: 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 X509v3 Authority Key Identifier: keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 - DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com - serial:87:4A:75:BE:91:66:D8:3D + DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:B6:63:AF:8F:5D:62:57:A0 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption - 1c:7c:42:81:29:9e:21:cf:d0:d8:c1:54:6f:cc:ae:14:09:38: - ff:68:98:9a:95:53:76:18:7b:e6:30:76:ec:28:0d:75:a7:de: - e0:cd:8e:d5:55:23:6a:47:2b:4e:8d:fc:7d:06:a3:d8:0f:ad: - 5e:d6:04:c9:00:33:fb:77:27:d3:b5:03:b3:7b:21:74:31:0b: - 4a:af:2d:1a:b3:93:8e:cc:f3:5f:3d:90:3f:cc:e3:55:19:91: - 7b:78:24:2e:4a:09:bb:18:4e:61:2d:9c:c6:0a:a0:34:91:88: - 70:6b:3b:48:47:bc:79:94:a2:a0:4d:32:47:54:c2:a3:dc:2e: - d2:51:4c:29:39:11:ff:e2:15:5e:58:97:36:f6:e9:06:06:86: - 0e:8d:9d:95:03:72:b2:8b:19:7c:e9:14:6e:a1:88:73:68:58: - 6d:71:5e:c2:d5:d3:13:d2:5f:de:ea:03:be:e2:00:40:e5:ce: - fd:e6:92:31:57:c3:eb:bb:66:ac:cb:2f:1a:fa:e0:62:a2:47: - f4:93:43:2a:4b:6c:5e:0a:2f:f9:e7:e6:4a:63:86:b0:ac:2a: - a1:eb:b4:5b:67:cd:32:e4:b6:11:4b:9a:72:66:0d:a2:4a:76: - 8f:fe:22:bc:83:fd:db:b7:d5:a9:ee:05:c9:b1:71:7e:1b:2b: - e1:e3:af:c0 + 85:10:90:c5:5d:de:25:8c:f2:57:7b:2d:14:1c:05:f9:71:63: + 40:b0:e3:c1:c1:2e:13:2a:7a:b7:d6:24:58:87:eb:03:fb:0d: + af:e0:f4:d0:c8:bc:51:36:10:4f:79:cc:4f:66:7d:af:99:cb: + 7b:ce:68:94:c6:36:aa:42:6e:8c:78:5b:b2:85:ca:d1:e1:a8: + 31:d1:81:d9:f9:c1:a3:9e:34:43:ef:0a:79:7d:3e:83:61:fc: + 14:5c:d1:dd:bc:0e:d7:51:b7:71:6e:41:7e:8b:2c:5a:9a:cb: + 77:4b:6a:f5:06:ff:02:af:1e:e6:63:4f:bc:44:d9:3f:56:9e: + 09:9c:43:f9:55:21:32:46:82:09:86:a9:7b:74:1c:9e:5a:2a: + bf:03:79:91:cb:f2:29:7f:c9:15:82:89:b9:53:cd:7e:07:90: + a9:5d:76:e1:19:5e:0d:58:b8:59:d5:0d:df:23:ab:6b:63:76: + 19:9e:9c:df:b0:57:49:6c:d0:86:97:c3:6c:3c:fa:e0:56:c2: + 1b:e3:a1:42:1a:58:62:85:9d:74:19:83:08:af:59:90:f8:99: + bd:67:d3:4a:ea:0e:c9:ca:61:8a:0d:8a:42:cc:90:e9:2e:c2: + 54:73:7f:5e:af:8d:e2:32:cb:45:20:d6:19:4d:5b:77:31:cc: + 0f:2d:c0:7e -----BEGIN CERTIFICATE----- -MIIEmDCCA4CgAwIBAgIJAIdKdb6RZtg9MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD -VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG -A1UEChMFeWFTU0wxFDASBgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu -eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMTEw -MjQxODIxNTVaFw0xNDA3MjAxODIxNTVaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE -CBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDAS -BgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ -KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Quml7xsNE -ntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvk -NPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+ -v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOwzu8Zza7/ -eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOw -Y7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB9jCB8zAdBgNVHQ4EFgQU -M9hFZtdohxh+VA1wJ5HHJteFZcAwgcMGA1UdIwSBuzCBuIAUM9hFZtdohxh+VA1w -J5HHJteFZcChgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24x -ETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQKEwV5YVNTTDEUMBIGA1UECxMLUHJv -Z3JhbW1pbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW -DmluZm9AeWFzc2wuY29tggkAh0p1vpFm2D0wDAYDVR0TBAUwAwEB/zANBgkqhkiG -9w0BAQUFAAOCAQEAHHxCgSmeIc/Q2MFUb8yuFAk4/2iYmpVTdhh75jB27CgNdafe -4M2O1VUjakcrTo38fQaj2A+tXtYEyQAz+3cn07UDs3shdDELSq8tGrOTjszzXz2Q -P8zjVRmRe3gkLkoJuxhOYS2cxgqgNJGIcGs7SEe8eZSioE0yR1TCo9wu0lFMKTkR -/+IVXliXNvbpBgaGDo2dlQNysosZfOkUbqGIc2hYbXFewtXTE9Jf3uoDvuIAQOXO -/eaSMVfD67tmrMsvGvrgYqJH9JNDKktsXgov+efmSmOGsKwqoeu0W2fNMuS2EUua -cmYNokp2j/4ivIP927fVqe4FybFxfhsr4eOvwA== +MIIEqjCCA5KgAwIBAgIJALZjr49dYlegMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4G +A1UECgwHd29sZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNDA3MTExNzM5NDRaFw0xNzA0MDYxNzM5NDRaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29s +ZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9am +NrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/ +Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE7 +9fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX +11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8l +TMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwgckGA1UdIwSBwTCBvoAU +M9hFZtdohxh+VA1wJ5HHJteFZcChgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAtmOvj11iV6AwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAhRCQxV3eJYzyV3stFBwF+XFj +QLDjwcEuEyp6t9YkWIfrA/sNr+D00Mi8UTYQT3nMT2Z9r5nLe85olMY2qkJujHhb +soXK0eGoMdGB2fnBo540Q+8KeX0+g2H8FFzR3bwO11G3cW5BfossWprLd0tq9Qb/ +Aq8e5mNPvETZP1aeCZxD+VUhMkaCCYape3QcnloqvwN5kcvyKX/JFYKJuVPNfgeQ +qV124RleDVi4WdUN3yOra2N2GZ6c37BXSWzQhpfDbDz64FbCG+OhQhpYYoWddBmD +CK9ZkPiZvWfTSuoOycphig2KQsyQ6S7CVHN/Xq+N4jLLRSDWGU1bdzHMDy3Afg== -----END CERTIFICATE----- diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem index e623562a9..8915758bb 100644 --- a/certs/crl/cliCrl.pem +++ b/certs/crl/cliCrl.pem @@ -1,41 +1,39 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption - Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com - Last Update: Feb 7 20:14:06 2014 GMT - Next Update: Feb 7 20:14:06 2015 GMT + Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Last Update: Jul 11 20:39:48 2014 GMT + Next Update: Jul 11 20:39:48 2015 GMT CRL extensions: X509v3 CRL Number: - 3 -Revoked Certificates: - Serial Number: 02 - Revocation Date: Feb 7 20:14:06 2014 GMT + 2 +No Revoked Certificates. Signature Algorithm: sha1WithRSAEncryption - 36:33:8d:75:7a:2c:40:dc:e2:64:71:de:1d:06:b4:0e:d3:98: - 63:05:79:84:53:76:9b:aa:51:70:a1:3a:ab:12:f7:da:69:70: - 34:5b:4d:08:01:a6:3b:16:25:ac:3d:11:0c:80:94:bc:dc:b5: - 51:7c:84:11:65:d7:d2:24:16:f5:ac:11:0b:ea:72:62:4a:cb: - 83:c1:6c:96:ec:6b:ce:1f:26:88:89:8a:74:90:fb:d3:67:91: - 8c:f7:ef:0e:ca:81:39:22:89:1a:52:75:d0:13:ba:ee:83:0c: - 61:e9:b4:d8:f1:3f:80:77:29:d2:bb:7e:81:29:a8:fb:1f:ad: - 92:91:bd:e9:b8:29:3f:a3:ec:44:b5:09:e5:03:3c:1b:2d:df: - 4c:27:45:94:da:be:50:dd:b9:78:3f:1f:92:92:59:a5:ad:5a: - ef:95:71:ff:ca:ff:db:70:53:17:aa:00:40:9b:4c:ff:fb:be: - 73:7a:8e:0f:07:9b:b9:14:fd:a4:b4:d7:79:4b:3e:ff:c6:90: - ef:91:2e:a2:f3:ee:4b:1f:16:47:2a:a3:39:f9:b5:fd:74:fa: - 8f:c4:15:8d:77:7f:46:78:6f:ba:a5:4e:bc:63:8f:39:63:c9: - 68:3d:8f:02:3a:4a:d0:d5:c4:47:6a:2c:4d:6c:d5:e2:a7:5f: - 35:ba:65:e4 + 35:c1:34:91:04:d9:88:99:83:40:ef:09:ee:04:28:91:be:7a: + b1:84:48:f4:f8:c5:9d:50:6c:67:56:4c:ee:b2:3a:32:5c:1d: + 1c:49:ef:58:72:a7:69:71:9a:d8:a6:68:0c:3e:ff:48:15:c7: + 44:28:67:6b:34:9d:c0:dc:c5:1b:d1:2f:e6:90:0f:45:7c:aa: + 0c:f9:3c:19:dd:55:a0:92:8a:a0:fe:93:1d:1f:42:ae:5f:7c: + 48:a5:de:61:89:94:bf:43:d3:c1:2d:e8:8b:f9:c5:6e:b9:8a: + 40:0e:6e:32:5e:39:83:cb:9b:76:6b:de:6e:6c:da:4e:1e:5c: + 69:d6:8c:08:0e:9f:de:4e:77:9d:f5:e9:97:29:b3:4c:e0:cb: + ed:46:68:ed:e1:89:ac:d7:b9:11:ca:5a:ed:fe:e3:73:20:6e: + 01:e6:77:a8:48:c7:01:83:40:25:a5:ee:d7:ef:2f:af:b8:e2: + 2d:85:37:2a:80:8f:7f:6a:a7:32:29:86:42:66:40:d7:eb:87: + 44:66:54:5f:04:5f:7b:22:14:6c:4c:5d:f0:57:ac:33:e0:da: + 53:d6:13:52:ea:85:b2:89:de:41:e6:a6:f5:0d:34:47:37:75: + 26:b8:c4:f3:e0:1b:c6:32:3f:3b:65:0a:20:08:8e:c7:7e:6d: + 61:f1:aa:eb -----BEGIN X509 CRL----- -MIIB/jCB5wIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV -BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw -EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG -CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTE0MDIwNzIwMTQwNloXDTE1MDIw -NzIwMTQwNlowFDASAgECFw0xNDAyMDcyMDE0MDZaoA4wDDAKBgNVHRQEAwIBAzAN -BgkqhkiG9w0BAQUFAAOCAQEANjONdXosQNziZHHeHQa0DtOYYwV5hFN2m6pRcKE6 -qxL32mlwNFtNCAGmOxYlrD0RDICUvNy1UXyEEWXX0iQW9awRC+pyYkrLg8Fsluxr -zh8miImKdJD702eRjPfvDsqBOSKJGlJ10BO67oMMYem02PE/gHcp0rt+gSmo+x+t -kpG96bgpP6PsRLUJ5QM8Gy3fTCdFlNq+UN25eD8fkpJZpa1a75Vx/8r/23BTF6oA -QJtM//u+c3qODwebuRT9pLTXeUs+/8aQ75EuovPuSx8WRyqjOfm1/XT6j8QVjXd/ -RnhvuqVOvGOPOWPJaD2PAjpK0NXER2osTWzV4qdfNbpl5A== +MIIB7jCB1wIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV +BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wx +FDASBgNVBAsMC1Byb2dyYW1taW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE0MDcxMTIwMzk0OFoX +DTE1MDcxMTIwMzk0OFqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBBQUAA4IB +AQA1wTSRBNmImYNA7wnuBCiRvnqxhEj0+MWdUGxnVkzusjoyXB0cSe9YcqdpcZrY +pmgMPv9IFcdEKGdrNJ3A3MUb0S/mkA9FfKoM+TwZ3VWgkoqg/pMdH0KuX3xIpd5h +iZS/Q9PBLeiL+cVuuYpADm4yXjmDy5t2a95ubNpOHlxp1owIDp/eTned9emXKbNM +4MvtRmjt4Yms17kRylrt/uNzIG4B5neoSMcBg0Alpe7X7y+vuOIthTcqgI9/aqcy +KYZCZkDX64dEZlRfBF97IhRsTF3wV6wz4NpT1hNS6oWyid5B5qb1DTRHN3UmuMTz +4BvGMj87ZQogCI7Hfm1h8arr -----END X509 CRL----- diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem index d93a4707e..f4e18434e 100644 --- a/certs/crl/crl.pem +++ b/certs/crl/crl.pem @@ -1,39 +1,39 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption - Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com - Last Update: Feb 7 20:14:06 2014 GMT - Next Update: Feb 7 20:14:06 2015 GMT + Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Last Update: Jul 11 20:36:35 2014 GMT + Next Update: Jul 11 20:36:35 2015 GMT CRL extensions: X509v3 CRL Number: 1 No Revoked Certificates. Signature Algorithm: sha1WithRSAEncryption - 4b:c1:68:4f:80:01:0e:ab:ff:c1:8f:5e:e5:3c:01:7a:fd:9c: - bb:21:b3:68:73:7c:e9:dc:c5:70:a8:fd:1b:74:27:c2:9e:7d: - 11:9c:95:b9:fb:73:ac:50:bb:b7:4a:5e:f1:f3:44:b4:7c:b5: - 21:0f:32:48:2e:b2:03:95:a7:09:6b:25:87:c3:1d:9c:3f:8f: - 69:91:30:fb:e5:a1:b2:26:1a:ed:8f:73:06:2d:bd:bc:72:f4: - b8:bd:63:61:90:c7:91:2b:68:52:51:47:0d:d6:a1:79:b8:4b: - bc:30:57:94:fa:b7:49:80:1a:1f:4d:aa:a3:8b:cd:8f:5d:8e: - ad:8b:d6:d1:5b:c1:cf:f2:0c:60:22:19:87:42:db:42:8b:aa: - 47:36:4d:20:eb:cb:72:ce:4b:48:1b:f3:4d:0b:e0:f8:58:27: - 65:60:e7:97:50:83:a9:80:58:62:a8:02:ac:4e:37:79:42:47: - 65:aa:55:ca:7c:9a:9c:bf:6c:36:89:f3:f7:60:d3:30:be:d4: - ce:f1:af:41:7e:02:75:6e:82:86:96:b9:16:07:15:29:c0:65: - 4d:2f:13:4f:01:ec:47:f1:af:36:0a:d6:a1:dc:81:57:18:2d: - 00:7b:d4:49:88:c0:61:81:0e:cd:a7:39:6a:53:2a:7c:91:3d: - ac:62:8d:49 + b4:54:84:e9:f8:c3:5c:e4:c4:a1:9a:71:eb:bc:46:96:09:bd: + 84:9d:4c:ac:29:a8:23:12:9d:80:8e:18:30:85:92:94:72:04: + 6d:74:05:31:e0:1b:20:b1:ef:6f:44:98:e8:d4:20:74:b1:ec: + 9f:fe:ad:74:14:66:ad:6f:5b:7a:45:02:b5:6f:a8:d3:bd:dc: + 88:94:d1:e2:78:e1:11:44:95:57:7d:d9:8c:7e:09:dc:aa:4f: + 07:e0:59:f2:09:30:d5:7c:a0:6c:54:88:d0:76:88:33:11:61: + 20:9d:3d:89:49:3b:85:be:e7:c0:38:f1:08:be:44:7a:1d:4c: + e4:84:7a:40:23:6f:85:bd:67:7b:77:7e:00:78:d2:3c:e2:a8: + 47:ba:5c:21:c4:78:15:81:a2:9e:a6:9c:c4:47:4c:ee:97:81: + 18:91:5e:18:2b:92:e8:06:1f:dc:f2:51:e1:b3:14:bf:c3:c5: + 9c:78:ce:41:2e:61:0b:71:ad:ea:9e:2d:bb:2e:e4:98:a9:14: + 47:3f:00:65:4e:09:17:82:ee:be:ea:48:1e:2e:a5:92:64:ce: + e9:b1:ee:ce:01:5b:e8:e3:fe:ba:dd:8c:eb:ad:34:32:15:00: + 56:4d:fe:9d:60:bf:a1:cd:9e:1b:61:94:21:0a:b1:98:4f:ec: + c1:af:b3:dc -----BEGIN X509 CRL----- -MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV -BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro -MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w -GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUw -MjA3MjAxNDA2WqAOMAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADggEBAEvB -aE+AAQ6r/8GPXuU8AXr9nLshs2hzfOncxXCo/Rt0J8KefRGclbn7c6xQu7dKXvHz -RLR8tSEPMkgusgOVpwlrJYfDHZw/j2mRMPvlobImGu2PcwYtvbxy9Li9Y2GQx5Er -aFJRRw3WoXm4S7wwV5T6t0mAGh9NqqOLzY9djq2L1tFbwc/yDGAiGYdC20KLqkc2 -TSDry3LOS0gb800L4PhYJ2Vg55dQg6mAWGKoAqxON3lCR2WqVcp8mpy/bDaJ8/dg -0zC+1M7xr0F+AnVugoaWuRYHFSnAZU0vE08B7EfxrzYK1qHcgVcYLQB71EmIwGGB -Ds2nOWpTKnyRPaxijUk= +MIIB7jCB1wIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV +BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro +MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE0MDcxMTIwMzYzNVoX +DTE1MDcxMTIwMzYzNVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IB +AQC0VITp+MNc5MShmnHrvEaWCb2EnUysKagjEp2AjhgwhZKUcgRtdAUx4Bsgse9v +RJjo1CB0seyf/q10FGatb1t6RQK1b6jTvdyIlNHieOERRJVXfdmMfgncqk8H4Fny +CTDVfKBsVIjQdogzEWEgnT2JSTuFvufAOPEIvkR6HUzkhHpAI2+FvWd7d34AeNI8 +4qhHulwhxHgVgaKeppzER0zul4EYkV4YK5LoBh/c8lHhsxS/w8WceM5BLmELca3q +ni27LuSYqRRHPwBlTgkXgu6+6kgeLqWSZM7pse7OAVvo4/663YzrrTQyFQBWTf6d +YL+hzZ4bYZQhCrGYT+zBr7Pc -----END X509 CRL----- diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked index b67ee676d..205acfe88 100644 --- a/certs/crl/crl.revoked +++ b/certs/crl/crl.revoked @@ -1,41 +1,13 @@ -Certificate Revocation List (CRL): - Version 2 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com - Last Update: Feb 7 20:14:06 2014 GMT - Next Update: Feb 7 20:14:06 2015 GMT - CRL extensions: - X509v3 CRL Number: - 2 -Revoked Certificates: - Serial Number: 02 - Revocation Date: Feb 7 20:14:06 2014 GMT - Signature Algorithm: sha1WithRSAEncryption - 10:5d:b1:d0:79:d2:8a:15:2d:40:0b:44:d6:d9:df:58:73:eb: - 55:2c:81:fe:e1:7b:62:48:8f:34:c5:06:51:e5:e8:50:70:8c: - 12:ba:e3:6e:fe:7d:0d:ce:44:08:9d:dc:d9:57:43:6c:54:12: - 82:d4:ed:6c:71:e5:74:44:bd:d1:a8:98:96:63:8b:68:5f:d2: - 87:28:dd:99:4f:aa:ba:8e:18:9e:c4:4f:69:9e:66:13:03:28: - 5f:3c:35:01:15:77:22:7c:ed:c5:4a:67:44:af:85:7f:df:8a: - fd:49:8b:e1:be:52:e3:ca:e8:ae:a3:ad:07:91:2c:51:c6:28: - 5f:26:17:14:39:5d:4e:21:9f:11:6f:c4:a2:ef:ef:b8:ec:27: - af:45:ad:b9:ed:e0:14:09:60:a0:50:ee:dd:f7:b1:3e:58:c4: - 0d:e8:b5:0b:a9:0d:98:ad:7c:74:ab:1c:d6:fa:c8:7d:e7:5a: - 3b:91:23:d5:62:ba:d4:e4:be:58:78:fe:09:ba:63:f6:9e:2c: - 3f:93:c2:fe:de:c5:00:21:50:39:91:ac:71:e6:fc:4a:37:a4: - e4:e9:5e:e7:ac:8d:95:21:d6:76:aa:10:a8:3c:28:3e:ef:1c: - 64:58:e9:1e:f6:7e:54:f3:cb:bb:ed:6f:5d:27:5a:b1:4b:91: - 8e:8c:67:7d -----BEGIN X509 CRL----- -MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV -BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro -MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w -GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUw -MjA3MjAxNDA2WjAUMBICAQIXDTE0MDIwNzIwMTQwNlqgDjAMMAoGA1UdFAQDAgEC -MA0GCSqGSIb3DQEBBQUAA4IBAQAQXbHQedKKFS1AC0TW2d9Yc+tVLIH+4XtiSI80 -xQZR5ehQcIwSuuNu/n0NzkQIndzZV0NsVBKC1O1sceV0RL3RqJiWY4toX9KHKN2Z -T6q6jhiexE9pnmYTAyhfPDUBFXcifO3FSmdEr4V/34r9SYvhvlLjyuiuo60HkSxR -xihfJhcUOV1OIZ8Rb8Si7++47CevRa257eAUCWCgUO7d97E+WMQN6LULqQ2YrXx0 -qxzW+sh951o7kSPVYrrU5L5YeP4JumP2niw/k8L+3sUAIVA5kaxx5vxKN6Tk6V7n -rI2VIdZ2qhCoPCg+7xxkWOke9n5U88u77W9dJ1qxS5GOjGd9 +MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV +BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro +MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE0MDcxMTEyMzUyN1oX +DTE1MDcxMTEyMzUyN1owFDASAgEBFw0xNDA3MTExMjM1MjdaoA4wDDAKBgNVHRQE +AwIBOzANBgkqhkiG9w0BAQsFAAOCAQEAB+ao48FzCAbRKKPkFJX8Ho5SZl44YhNW +Uy/JxMkonyjyaMwp7GSwd2hNpv3geC6tHO7YLSRcyvyKu1BQVbeoa6FpultQSv5+ +twk6mmeSenzhzNhfJmzSEhJicXOgBoLAh4aBXkixQis9dAVg16/nNSS2DAJwEKMW +kXcJpuBLt6XLL0aM71+NDqB8HAUUPyuNWLiYEb4NlScIWNh7lI6ZWmsv8vb1PMmn +2hn4CVJIkHkfEHYnikek55iE31QMUyobCXzro+cR9jGR1iPZSQu9dxstRHF5bXai +eBYWZIblBVCSJ896a5TJ5uaA1RKk6ZZbAG43oQTB/hupaEPjTTXysw== -----END X509 CRL----- diff --git a/certs/ntru-cert.pem b/certs/ntru-cert.pem index 7141bb1a8..e002ee3aa 100644 --- a/certs/ntru-cert.pem +++ b/certs/ntru-cert.pem @@ -1,28 +1,28 @@ -----BEGIN CERTIFICATE----- -MIIEyzCCA7OgAwIBAgIIAXluJQUcy8wwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYD -VQQKEwhTYXd0b290aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3 -Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wIhgPMjAx -NDA2MDMyMzEzMjdaGA8yMDE1MTAxNzIzMTMyN1owgYoxCzAJBgNVBAYTAlVTMQsw -CQYDVQQIDAJPUjERMA8GA1UEBwwIUG9ydGxhbmQxDjAMBgNVBAoMBXlhU1NMMRQw -EgYDVQQLDAtEZXZlbG9wbWVudDEWMBQGA1UEAwwNd3d3Lnlhc3NsLmNvbTEdMBsG -CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggJNMBoGCysGAQQBwRYBAQEBBgsr -BgEEAcEWAQECLgOCAi0ABIICKO1hBf4/bE5gMEaaWRDZuWBjrwl+j5DTlJG1mECJ -EyikaLfh26ZdmjPz3I7QI5i3YcDF4i0CTrN81S8JNBubGdGKeV32v/Vgam/NYhK7 -Otzzxnk/c+6no0oBhJre5PNvvYnJDcA5IVFDXQ4cFip/xAv7plQ9eR615+t6J8am -ycS1iIE3DBkDXJreTmu0jkuC1tyRXuLmivRbphtxRjAdDV8BE0PYmHLIHuKtAbQu -uAkYLK40dnKN44HRjiROtHPaU8rZd861tF4HfkD5j/Fv+KfBhmDGL0ohYO6ibWKc -nEW57XqpKqTo9kioLJn+ap4eYFFZc4ABVC15Hr5SJYoiVORi8FTxhdSY2sddnZ/u -TMV8GKHncWc++tEnuagz+XSi9aGxeSH71RotbLFuxLPXmtEkyNiqdH/s54bgMNQU -pkuHsuWnPTPti/yLZDPm7YT4etrC2+Q7OawCzqH+FHiUep5jaejpBcyCwdcSTtB+ -h+GV1qDG0/zdA/2y1sFICmmLXsrXLp17+1IMWNCzrAqJDy+zdL/cE3lF1tzFiNO+ -8ZX8Q/dY0X1zZXBkj0z1LCowYKh2lI6bt1dHwXIsZvfUK9IpwNC7Wi98yVViT2LC -ukIqjBgzEqvlqOQKsIwz6ylOEqYx2t95J9P1hdmpsHGIdH5EpQyzkCDE0DG/aNfk -/dycRqTQyqVf0wHWbANj0ISJgEbnWg574g5T2Zy9eoY9oXMwiZpbt+bTIDANBgkq -hkiG9w0BAQUFAAOCAQEAfcgvvM7yAL33VGgF3RSh7DF/a66UnKVDiByVOXyERgbG -Apw3tPkZuPu78wqpUfUzSW8+mLE0oRYZYbUQnWdr56z1PvTGTDdN1xzwJo/sOWFl -BfijJ4T9mzVv2W/4IOGMCpxfEqnf7Yjrk4yBxKoIFCn14BGuQGYxCcyX3L3ZLngP -cHgj5bACMQxgWAC7rQp+svAWSATTXeIJyAZdNmg6f68CXIvKupHk87STLx6Vfrnv -7d9LflW94wftGRtl7HE54a8E6x7D+ORC1w0jmlQVwoZq6zYDKj20SO0O4JNTwP4H -uF/2wFSDfkX+Fh902Q1FebbFaXqTYwHhGc/XSs5Mwg== +MIIEzzCCA7egAwIBAgIIAXf7v+vECVkwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD +VQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3 +LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCIY +DzIwMTQwNzEwMjMyMDM5WhgPMjAxNTExMjMyMjIwMzlaMIGKMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCT1IxETAPBgNVBAcMCFBvcnRsYW5kMQ4wDAYDVQQKDAV5YVNT +TDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxFjAUBgNVBAMMDXd3dy55YXNzbC5jb20x +HTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMIICTTAaBgsrBgEEAcEWAQEB +AQYLKwYBBAHBFgEBAi4DggItAASCAijYe+JeNLXR6gSUtCr6lgMmeCQqvDRCb8wp +bzUt/kqyRU7K0eMTSMv40ThD6jriU3p8uQQ92OkfbNwtWfB3VyScTpyr4INIvS3D +gB6Y4uH+kDlWVQutqiPNvNSn0AxBnTEBOsBqqyDqzAXujcoSOxTbU9GLv5jk08iU +Q9H4EkGMQgUr0VsPSBjrxK0VrQY9StpyObUM2z6LfRNjI5SGDvR6FBRdKUBdmUWw +EMvUhB39MbFebvXHNkyFeFaTbc6hgCRgzLNHpb2xzq7YCb+F5CsLFD8WuWKLn/Fn +61MSLvP99mIUM5MBBqacfrJSFzBWL8LX/NpEAO4SRbnKUJRr3e8cjfALU9oZnCgr +2TY91lnlJcfPTeHLckkYVacz+l0E8zJpge7PViYGK2Zdune7EJZ2QZ/EnhV7mrjc +GVwK6PZQ/l0UpzSz0yYyAzsb9OW7AlGOnH6u6lCP0sYwMDRdr1fPvq5Cu0ZkVzy+ +sfVD5kOyy35WEJQVmyuTu8ifos0QcmbqCNF5IrZtfZL7m/4Msg+GePL6x20A1TMF +rZ//+1gNbcxaeZZVG7Jw7RfW461SMbTuypt3Qp2eNHox6OrF+6A96t5vfOwqYa8W +GMMobFVQR8lH4qsBt/km0iQVjkvIjoSaPSSBcIgBxzXJwU2XCzVsj8tFW9IXP1SG +4ouMty6qbFb73k9EwliEQkLBjXfINp5/wlR1nv4dAA66rZNtysktWah8t8jXtSAw +DQYJKoZIhvcNAQEFBQADggEBAGCcqiwYrVUdQ7t4CvuPkuD7NFIAlVFNdwKaiJSp +moCCNL3sBWW1UjGKTLLRvn08oPAmrOQ8OkK1rusw+G7hxWjicEypp/WcaVCQv4or +M+BtWOUZ+fgIn6gHt4JRLMqt/R/t70AvONhIESL/XEjgQCP+GDuz+UDiwIxhzdcn +pSFU7APxKbeKIrFxiMaH8fB8fwPY60IH/LRTX7jA5ixXQWOm6r3u5ocmMW4naHd4 +qAWB5wGmU/rmvrSw+v0mHjwvI66DiCeZl9Y9i4mOKk+7eOTdOsKR1VifBtEg/+Qj +UHiltbupX9fkm5ncvaRS/stAYywBheGYbEMYMaatndvMuzw= -----END CERTIFICATE----- diff --git a/certs/ntru-key.raw b/certs/ntru-key.raw index de73053e985e1439bcdaf145df206e538480a994..e482d5980d9a3d6b09084297e1ec008e0ab611a8 100644 GIT binary patch literal 607 zcmV-l0-*f@0{{XL*n8q$G_}#{1eCNY`j!JGcqA&kG(vC8DQ`6`{z|e%PRh~a6G+SW z(KtiuI^t7$e7OWY*y$f^+$~w~cUL5wPMoXYgGjwC!+;)`;^F>~IaXB*t*Rr#Qlta<@56h9WZVvC>gXX{fEF7y5NViYrz0S2a=ezH;*Fjg+Z)>-8x$IngS%W_E=Ri`uhT?F$oX@Ty~Rwf23W?i~> zyAYOkL7&8)6?>Yv+!QIl;#xO86U9VTq zzOF*MMr2n!zOnT~=0mc}epV2a6`L!QyU3rS%@A^C>Il(!BDQUPlKY$f46+Y~c=Gzk zZ2;9X1+Aa|`&bQa%vyPtRU5K!?HAVLtx_?x?#i2YLYfUdB>?&ce z78t`QY*kQ4$w%U=0k`=k(j*m*OURCdnmr_eaEJlNHOawEmkTv)kIO|{(icBehT@Bi zw=Sw|R{P#hM8a5vLPEifcgQxLf5KFCp8g#G4!W(AZOX|lS*U!s$k(+XlG)+uXCQXw tMLj!En1q`GnCy*27K5wntrc=c)^AIoJ9TSOx=Kwp(mN1wPK7NZQ*Z@oCtd&m literal 607 zcmV-l0-*f@0{{XL?O_G}KWt85Fh-hL5ZSq4W3LH*kC4-pk+qmWi4!QKXt&|prd^sd z^W2WmBbc{gz{TP%0#37h)h`J&8=D!?ig{i3zx7~hZ_Q#7yE@$S#(6(;?x&+l0fd^~ zv|`~rpd&$h=Df@83SCJ-cD<@j!S~p z+>u`5=8E)NrWVQFG?X`?xJmCoSa3u?Ru#yr0DiYs4SWOYMvfoQCV|<0aPt{ z9==i~iXv3xV(?V)h18hZ$6cMD?o7pe7@_BJXFmGTC%LFI`E;W7p|N=(`_&pPY_V>{ zv)7u@B*@sRbbsvUhTt&N6sAjuvgM~eGwqA~i)1tA?S%Mx+QQr9J2|WZ&Y}Jkc$9jc zV`=E=1nTnWrZL*zc_-8Lh1sdFafoz&M5PR~kRZg+F~4Zn z7Mx@ZnrC-wl)@%b~(1eMAM(0`%d*TjL*_^$4hCQKkFo~L5x8~Cz7bT@DF@rv| t!weKiunSRPdstU5!UcyL@F>_ArQ8Z|y&;-wJ%C5T1+{kM%xl?TvA~{bIJp1- diff --git a/certs/server-cert.der b/certs/server-cert.der index 5f845ca3b56a800093a1263b7d258ff81b965953..43669c42c7c2a8ff422efcc030c468d2c591e0b4 100644 GIT binary patch delta 843 zcmbQjzKB!FpowLkK@)S^0%j&gCMHHk170>xtu~Lg@4SqRtgH+MjZ-FG5Ub~5_s!2M zNz6+$6fodpV-96u=V5osuS(5L%rg`;;0K9t@o)qumY3w`mt+_U8wi4gxOupo^Ye;J zb4oJv(hVgH#6W_~JpAS5<$C4$IcdekIeN+YxrXuvvT#c|8N~!L^V0GikQ5jw$%*qC zni!ZH8XB4#85o*G0lDS|CI)6uu0i7jLav0mn~R4XWN>h>56marJnX@x1qJytzP+>kYR`r_)s##u`mrw@tr8v`t_rLXL6*)z%HwWRV3 zf&N!}C3+^S+mw{{MX>zRDsid(<7;_8M0{7p!`Q5X%QcG{8lOo9PCV=q_-1#<%HW6B hSN3RpQIv5C4stkA|OF#Vczoca=psL;^G{=>}tyJ_8^iOr$ybQ4)2TmN>~iDIm-RQ!tn+!uvoCbX%iR4KvnDzv<#~F1gfd zV&203@SE}`&3ntXZTAVUo5pr}rI@Ow6|-(=?XsRF-{&=+oVu;%px3!6X*{PoUSHz; e8Z9On(R5$^Z~D}V?M!S}mnZIhZ}n$W;#mL@?b=-c diff --git a/certs/server-cert.pem b/certs/server-cert.pem index 8381265ee..f56cba9de 100644 --- a/certs/server-cert.pem +++ b/certs/server-cert.pem @@ -1,17 +1,17 @@ Certificate: Data: - Version: 1 (0x0) - Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Oct 24 18:27:13 2011 GMT - Not After : Jul 20 18:27:13 2014 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=Support, CN=www.yassl.com/emailAddress=info@yassl.com + Not Before: Jul 11 17:20:14 2014 GMT + Not After : Apr 6 17:20:14 2017 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): + Public-Key: (2048 bit) + Modulus: 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: @@ -31,59 +31,74 @@ Certificate: a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: ad:d7 Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:9A:41:47:CD:A1:14:62:8C + + X509v3 Basic Constraints: + CA:TRUE Signature Algorithm: sha1WithRSAEncryption - 71:4e:d3:62:df:cc:4c:f7:cd:b7:6e:52:0b:6c:6e:e0:bd:c2: - 2d:07:d7:c0:b0:6e:43:1e:35:bc:30:01:50:f0:ff:99:23:6c: - 18:1a:41:b6:11:d6:d4:19:61:fd:e4:77:97:1c:39:e1:57:ab: - c5:15:63:77:11:36:5e:74:e2:24:0b:1f:41:78:ad:b7:81:e7: - b4:40:66:80:f0:4b:91:a0:6d:a8:6e:3d:53:d9:8b:ce:2a:e1: - 0b:45:65:87:a1:96:ae:ee:3e:88:d5:12:1f:78:17:ae:2c:c5: - 73:44:d8:dc:f4:af:d8:cc:ae:4c:e1:0c:be:55:a4:99:f7:6e: - 96:c0:c8:45:87:bf:dc:51:57:ff:9e:73:37:6a:18:9c:c3:f9: - 22:7a:f4:b0:52:bd:fc:21:30:f8:c5:ff:1e:87:7d:ad:a2:5a: - 35:f5:22:a8:b4:0a:76:38:e6:76:b0:98:af:1b:ec:8a:0a:43: - 74:d2:85:34:37:84:07:e1:f6:23:b2:29:de:a6:b6:b7:4c:57: - 7e:96:06:cb:a9:16:25:29:3a:03:2d:55:7d:a6:8c:a4:f7:9e: - 81:c9:95:b6:7c:c1:4a:ce:94:66:0c:ca:88:eb:d2:09:f5:5b: - 19:58:82:df:27:fd:67:95:78:b7:02:06:d5:a7:61:bd:ef:3a: - fc:b2:61:cd + 3d:8c:70:05:5b:62:4b:bf:6c:b6:48:61:01:10:1d:5e:05:ba: + 55:94:2c:ae:59:6f:97:80:5d:6c:86:ec:9a:eb:15:45:44:e4: + 56:f8:75:ca:8a:45:32:f4:c7:e1:fa:f2:98:1c:91:d3:3f:e8: + 0e:c9:1b:fa:e1:79:99:67:0e:0d:6b:8a:ec:1a:2c:59:c4:34: + 04:8d:39:77:cd:b5:e9:60:5b:82:bf:34:ce:ed:c6:4f:3f:b4: + 5c:4d:8a:b4:f4:0a:04:12:a0:56:c1:e1:33:37:a1:54:87:48: + e9:81:c2:0f:8f:6f:d3:52:4c:4c:32:4c:6b:9f:3a:04:8f:77: + 5d:ad:dc:3d:2b:f2:c9:df:3c:60:5d:d8:fc:86:72:7c:3d:d0: + 84:4b:8c:df:26:43:fe:c0:cc:5b:e1:36:b3:3d:32:28:a3:ef: + 0c:20:d6:b1:50:39:d6:67:a9:8b:84:bc:92:34:eb:19:23:e8: + 10:8f:ea:bd:18:8c:93:27:3c:74:75:8e:58:04:fa:2a:74:44: + 7d:fc:4d:39:df:54:17:ba:78:e1:5d:6a:70:d3:7c:a2:80:81: + e6:19:51:91:c3:44:51:ec:bb:88:a9:53:e1:d7:a9:8c:28:f4: + 21:1c:42:51:09:b4:12:6d:a0:d6:25:09:85:c6:2a:0c:af:a7: + 58:e6:52:8b -----BEGIN CERTIFICATE----- -MIIDkDCCAngCAQIwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290 -aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd -MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTExMDI0MTgyNzEzWhcN -MTQwNzIwMTgyNzEzWjCBijELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmEx -EDAOBgNVBAcTB0JvemVtYW4xDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwdTdXBw -b3J0MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZv -QHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFX -QfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/h -vXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4 -pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo -3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4 -D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHm -YYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAcU7TYt/MTPfNt25S -C2xu4L3CLQfXwLBuQx41vDABUPD/mSNsGBpBthHW1Blh/eR3lxw54VerxRVjdxE2 -XnTiJAsfQXitt4HntEBmgPBLkaBtqG49U9mLzirhC0Vlh6GWru4+iNUSH3gXrizF -c0TY3PSv2MyuTOEMvlWkmfdulsDIRYe/3FFX/55zN2oYnMP5Inr0sFK9/CEw+MX/ -Hod9raJaNfUiqLQKdjjmdrCYrxvsigpDdNKFNDeEB+H2I7Ip3qa2t0xXfpYGy6kW -JSk6Ay1VfaaMpPeegcmVtnzBSs6UZgzKiOvSCfVbGViC3yf9Z5V4twIG1adhve86 -/LJhzQ== +MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTQwNzEx +MTcyMDE0WhcNMTcwNDA2MTcyMDE0WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO +BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn +f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X +GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM +QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq +0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ +6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU +sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj +s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h +MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK +Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOCAQEAPYxwBVtiS79stkhhARAdXgW6VZQsrllvl4BdbIbs +musVRUTkVvh1yopFMvTH4frymByR0z/oDskb+uF5mWcODWuK7BosWcQ0BI05d821 +6WBbgr80zu3GTz+0XE2KtPQKBBKgVsHhMzehVIdI6YHCD49v01JMTDJMa586BI93 +Xa3cPSvyyd88YF3Y/IZyfD3QhEuM3yZD/sDMW+E2sz0yKKPvDCDWsVA51mepi4S8 +kjTrGSPoEI/qvRiMkyc8dHWOWAT6KnREffxNOd9UF7p44V1qcNN8ooCB5hlRkcNE +Uey7iKlT4depjCj0IRxCUQm0Em2g1iUJhcYqDK+nWOZSiw== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: - e9:d0:a7:5f:79:25:f4:3c - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com + 9a:41:47:cd:a1:14:62:8c + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Oct 24 18:18:15 2011 GMT - Not After : Jul 20 18:18:15 2014 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com + Not Before: Jul 11 03:20:08 2014 GMT + Not After : Apr 6 03:20:08 2017 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): + Public-Key: (2048 bit) + Modulus: 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: @@ -108,51 +123,51 @@ Certificate: 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com - serial:E9:D0:A7:5F:79:25:F4:3C + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:9A:41:47:CD:A1:14:62:8C X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption - 5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26: - 4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6: - e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c: - f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e: - af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18: - 98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02: - 8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab: - 1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80: - 61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87: - 1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f: - 60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf: - 18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12: - f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4: - b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70: - 5a:1f:7f:ca + 79:78:0c:6d:79:88:91:fc:3a:15:9c:f9:27:62:16:f0:21:1f: + fa:7d:3f:a2:a8:32:1e:f7:f2:11:a9:74:16:74:5e:dc:18:ca: + f0:00:2a:d5:03:06:26:30:f1:47:83:fd:32:6e:fc:ed:aa:4f: + 7d:0c:63:60:31:2f:7c:0c:bf:99:66:87:ed:27:08:86:2d:c4: + 33:e8:98:23:1c:fe:a3:db:9a:49:4e:fc:5a:42:ef:71:c3:3f: + ad:dc:4a:a8:d2:a3:1d:09:ac:33:04:7b:86:f3:6d:00:59:a3: + c8:db:d1:3c:73:f6:0e:90:d6:5e:49:e0:bf:36:63:08:7b:a5: + b0:8f:35:3b:56:8c:11:35:49:04:1c:d0:e7:ba:56:c5:0d:0a: + 91:8d:d6:b7:62:19:34:12:52:4c:d2:6d:7c:c5:3d:0f:18:81: + 54:cb:f6:3c:e5:84:d2:d6:71:15:ec:1a:34:0b:f0:a0:21:74: + 43:c8:a3:b0:df:d9:67:da:e2:ad:93:48:f8:a0:87:bd:79:14: + e0:62:0a:df:f7:31:2e:31:7b:d1:32:2a:0a:fe:5d:14:ef:d9: + 64:50:e4:83:91:bc:70:0d:d7:88:8d:d9:bc:84:0e:c5:1a:b3: + bf:64:02:4e:51:91:a4:a2:85:15:83:af:f0:5b:9b:28:49:5f: + b2:b3:03:d8 -----BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD -VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G -A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3 -dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx -MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290 -aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd -MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q -8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k -EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A -dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/ -mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ -CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O -BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd -P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u -dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV -BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG -9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513 -PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH -Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr -G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m -ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi -rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg== +MIIEqjCCA5KgAwIBAgIJAJpBR82hFGKMMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNDA3MTEwMzIwMDhaFw0xNzA0MDYwMzIwMDhaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAeXgMbXmIkfw6FZz5J2IW8CEf ++n0/oqgyHvfyEal0FnRe3BjK8AAq1QMGJjDxR4P9Mm787apPfQxjYDEvfAy/mWaH +7ScIhi3EM+iYIxz+o9uaSU78WkLvccM/rdxKqNKjHQmsMwR7hvNtAFmjyNvRPHP2 +DpDWXkngvzZjCHulsI81O1aMETVJBBzQ57pWxQ0KkY3Wt2IZNBJSTNJtfMU9DxiB +VMv2POWE0tZxFewaNAvwoCF0Q8ijsN/ZZ9rirZNI+KCHvXkU4GIK3/cxLjF70TIq +Cv5dFO/ZZFDkg5G8cA3XiI3ZvIQOxRqzv2QCTlGRpKKFFYOv8FubKElfsrMD2A== -----END CERTIFICATE----- diff --git a/certs/server-ecc-rsa.pem b/certs/server-ecc-rsa.pem index 5f25d9df8..3a8b97152 100644 --- a/certs/server-ecc-rsa.pem +++ b/certs/server-ecc-rsa.pem @@ -1,16 +1,16 @@ Certificate: Data: - Version: 1 (0x0) - Serial Number: 9 (0x9) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Aug 8 21:58:29 2012 GMT - Not After : May 5 21:58:29 2015 GMT - Subject: C=US, ST=Washington, L=Seattle, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.yassl.com/emailAddress=info@yassl.com + Not Before: Jul 11 17:25:56 2014 GMT + Not After : Apr 6 17:25:56 2017 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey - EC Public Key: + Public-Key: (256 bit) pub: 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: @@ -18,37 +18,52 @@ Certificate: 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: 0b:80:34:89:d8 ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Subject Key Identifier: + 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:9A:41:47:CD:A1:14:62:8C + + X509v3 Basic Constraints: + CA:TRUE Signature Algorithm: sha1WithRSAEncryption - a0:1c:de:98:e8:61:c8:fb:0a:0e:af:ea:99:4b:c0:49:e6:66: - 68:5e:7a:18:b8:0c:e3:0f:16:86:bc:b5:86:79:02:69:1c:b7: - e7:ff:53:d9:05:5d:27:39:24:54:67:14:de:ef:8e:c2:a0:11: - ca:c8:27:99:b9:d6:e9:71:1f:86:c9:8f:b1:74:a2:9f:93:6a: - 0c:74:cf:17:77:8c:26:08:6e:a8:ac:69:d4:55:15:a2:95:87: - 43:7a:ab:72:93:73:40:58:c2:bb:9c:89:f2:73:20:69:df:f1: - f3:65:08:9c:00:67:97:a6:71:00:2b:31:84:10:ac:bd:54:ac: - fd:b3:eb:12:36:77:f6:0a:e3:9a:96:d2:a6:22:bc:1d:6b:ce: - 3c:0d:7b:d9:1c:1d:f1:ee:ec:ce:83:c8:98:c9:65:3e:06:31: - c3:b2:87:da:09:b4:90:0b:e2:6b:29:0e:d6:ae:53:1d:10:98: - e2:dc:f9:63:38:a1:a2:af:46:23:a4:4c:ab:0c:0b:08:be:cd: - a4:a6:6d:46:f0:f8:e0:31:99:85:39:10:4a:a0:04:54:3b:21: - e1:e9:b4:f3:a5:06:cd:37:ae:2c:ca:5d:ac:90:b5:ab:92:81: - aa:bf:2d:3f:8e:ee:4d:12:81:0a:8e:a4:ca:87:93:af:b0:25: - 7e:e2:07:f7 + 61:a8:c1:b3:39:c8:f6:77:e7:cc:58:ed:15:25:44:81:47:ac: + 09:58:37:ab:5f:1d:2d:a7:78:70:96:c4:7f:98:cf:56:80:a3: + 0f:ce:e1:80:fa:80:f6:96:04:97:50:4e:08:04:30:97:64:e7: + 0d:c2:16:a3:ab:a8:d4:11:f2:70:10:65:6c:b6:65:4d:bc:9a: + 40:20:a3:6c:e7:93:6d:fa:ab:a5:e0:82:9a:30:e6:0c:82:6c: + 1c:7f:76:cc:78:a1:9c:3d:56:67:37:58:6c:e2:ab:8a:ae:c9: + b2:83:d5:a5:79:74:e5:c9:bb:f3:39:5a:45:ca:ad:54:65:06: + 1b:bf:c5:d4:16:33:f2:10:6b:2a:07:fe:a7:ef:47:c6:df:02: + 4d:28:35:a5:ed:1b:86:d8:82:3b:4a:cb:76:fe:98:62:d4:bd: + 98:28:aa:86:b5:02:3b:24:4e:ad:bb:63:f7:e3:dc:e5:12:41: + ca:ee:93:b3:33:1e:a1:26:82:ce:ff:66:8d:c5:51:5f:b0:1f: + 0f:03:df:e2:c5:66:82:9a:42:ab:36:ef:3e:cf:44:d9:39:e3: + 59:63:f2:9c:24:13:6f:9a:cb:3c:78:be:4b:c6:be:c8:e7:11: + 31:8b:de:5f:c5:de:50:d0:87:c5:5b:6e:1e:d6:cf:68:39:b1: + e1:f2:a3:d6 -----BEGIN CERTIFICATE----- -MIIC1zCCAb8CAQkwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290 -aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd -MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTIwODA4MjE1ODI5WhcN -MTUwNTA1MjE1ODI5WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0 -b24xEDAOBgNVBAcTB1NlYXR0bGUxGjAYBgNVBAoTEUVsbGlwdGljIC0gUlNBc2ln -MRMwEQYDVQQLEwpFQ0MtUlNBc2lnMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w -GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49 -AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5ox -W5eSIX/wzxjakRECNIboIFgzC4A0idgwDQYJKoZIhvcNAQEFBQADggEBAKAc3pjo -Ycj7Cg6v6plLwEnmZmheehi4DOMPFoa8tYZ5Amkct+f/U9kFXSc5JFRnFN7vjsKg -EcrIJ5m51ulxH4bJj7F0op+Tagx0zxd3jCYIbqisadRVFaKVh0N6q3KTc0BYwruc -ifJzIGnf8fNlCJwAZ5emcQArMYQQrL1UrP2z6xI2d/YK45qW0qYivB1rzjwNe9kc -HfHu7M6DyJjJZT4GMcOyh9oJtJAL4mspDtauUx0QmOLc+WM4oaKvRiOkTKsMCwi+ -zaSmbUbw+OAxmYU5EEqgBFQ7IeHptPOlBs03rizKXayQtauSgaq/LT+O7k0SgQqO -pMqHk6+wJX7iB/c= +MIID0zCCArugAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTQwNzEx +MTcyNTU2WhcNMTcwNDA2MTcyNTU2WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO +BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS +IX/wzxjakRECNIboIFgzC4A0idijgfwwgfkwHQYDVR0OBBYEFF1dJu+sfjb5m3YV +K0olAiPvsokwMIHJBgNVHSMEgcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGa +pIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH +Qm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcx +GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIJAJpBR82hFGKMMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF +BQADggEBAGGowbM5yPZ358xY7RUlRIFHrAlYN6tfHS2neHCWxH+Yz1aAow/O4YD6 +gPaWBJdQTggEMJdk5w3CFqOrqNQR8nAQZWy2ZU28mkAgo2znk236q6Xggpow5gyC +bBx/dsx4oZw9Vmc3WGziq4quybKD1aV5dOXJu/M5WkXKrVRlBhu/xdQWM/IQayoH +/qfvR8bfAk0oNaXtG4bYgjtKy3b+mGLUvZgoqoa1AjskTq27Y/fj3OUSQcruk7Mz +HqEmgs7/Zo3FUV+wHw8D3+LFZoKaQqs27z7PRNk541lj8pwkE2+ayzx4vkvGvsjn +ETGL3l/F3lDQh8Vbbh7Wz2g5seHyo9Y= -----END CERTIFICATE----- diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 60eb4a41c..4f4131a30 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -269,6 +269,17 @@ enum BenchmarkBounds { static const char blockType[] = "megs"; /* used in printf output */ #endif + +/* use kB instead of mB for embedded benchmarking */ +#ifdef BENCH_EMBEDDED +static byte plain [1024]; +#else +static byte plain [1024*1024]; +#endif + + +#ifndef NO_AES + static const byte key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, @@ -287,15 +298,12 @@ static const byte iv[] = /* use kB instead of mB for embedded benchmarking */ #ifdef BENCH_EMBEDDED -static byte plain [1024]; static byte cipher[1024]; #else -static byte plain [1024*1024]; static byte cipher[1024*1024]; #endif -#ifndef NO_AES void bench_aes(int show) { Aes enc; @@ -1133,9 +1141,9 @@ void bench_ntruKeyGen(void) double start, total, each, milliEach; int i; - byte public_key[5951]; /* 2048 key equivalent to rsa */ - word16 public_key_len; - byte private_key[5951]; + byte public_key[557]; /* 2048 key equivalent to rsa */ + word16 public_key_len = sizeof(public_key); + byte private_key[607]; word16 private_key_len = sizeof(private_key); DRBG_HANDLE drbg; @@ -1143,8 +1151,8 @@ void bench_ntruKeyGen(void) 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't' }; - word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), GetEntropy, &drbg); - + word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), + GetEntropy, &drbg); if(rc != DRBG_OK) { printf("NTRU drbg instantiate failed\n"); return; diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index e25b5d873..083bc807b 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -607,166 +607,175 @@ #elif defined(HAVE_COLDFIRE_SEC) -#include + #include -#include "sec.h" -#include "mcf5475_sec.h" -#include "mcf5475_siu.h" + #include "sec.h" + #include "mcf5475_sec.h" + #include "mcf5475_siu.h" -#if defined (HAVE_THREADX) -#include "memory_pools.h" -extern TX_BYTE_POOL mp_ncached; /* Non Cached memory pool */ -#endif + #if defined (HAVE_THREADX) + #include "memory_pools.h" + extern TX_BYTE_POOL mp_ncached; /* Non Cached memory pool */ + #endif -#define AES_BUFFER_SIZE (AES_BLOCK_SIZE * 64) -static unsigned char *AESBuffIn = NULL ; -static unsigned char *AESBuffOut = NULL ; -static byte *secReg ; -static byte *secKey ; -static volatile SECdescriptorType *secDesc ; + #define AES_BUFFER_SIZE (AES_BLOCK_SIZE * 64) + static unsigned char *AESBuffIn = NULL; + static unsigned char *AESBuffOut = NULL; + static byte *secReg; + static byte *secKey; + static volatile SECdescriptorType *secDesc; -static CyaSSL_Mutex Mutex_AesSEC ; + static CyaSSL_Mutex Mutex_AesSEC; -#define SEC_DESC_AES_CBC_ENCRYPT 0x60300010 -#define SEC_DESC_AES_CBC_DECRYPT 0x60200010 + #define SEC_DESC_AES_CBC_ENCRYPT 0x60300010 + #define SEC_DESC_AES_CBC_DECRYPT 0x60200010 -extern volatile unsigned char __MBAR[]; + extern volatile unsigned char __MBAR[]; -static int AesCbcCrypt(Aes* aes, byte* po, const byte* pi, word32 sz, word32 descHeader) -{ - #ifdef DEBUG_CYASSL - int i ; int stat1, stat2 ; int ret ; - #endif + static int AesCbcCrypt(Aes* aes, byte* po, const byte* pi, word32 sz, + word32 descHeader) + { + #ifdef DEBUG_CYASSL + int i; int stat1, stat2; int ret; + #endif - int size ; - volatile int v ; + int size; + volatile int v; - if((pi == NULL) || (po == NULL)) - return BAD_FUNC_ARG;/*wrong pointer*/ + if ((pi == NULL) || (po == NULL)) + return BAD_FUNC_ARG; /*wrong pointer*/ - LockMutex(&Mutex_AesSEC) ; + LockMutex(&Mutex_AesSEC); - /* Set descriptor for SEC */ - secDesc->length1 = 0x0; - secDesc->pointer1 = NULL; + /* Set descriptor for SEC */ + secDesc->length1 = 0x0; + secDesc->pointer1 = NULL; + + secDesc->length2 = AES_BLOCK_SIZE; + secDesc->pointer2 = (byte *)secReg; /* Initial Vector */ - secDesc->length2 = AES_BLOCK_SIZE; - secDesc->pointer2 = (byte *)secReg ; /* Initial Vector */ - - switch(aes->rounds) { - case 10: secDesc->length3 = 16 ; break ; - case 12: secDesc->length3 = 24 ; break ; - case 14: secDesc->length3 = 32 ; break ; - } - XMEMCPY(secKey, aes->key, secDesc->length3) ; - - secDesc->pointer3 = (byte *)secKey; - secDesc->pointer4 = AESBuffIn ; - secDesc->pointer5 = AESBuffOut ; - secDesc->length6 = 0x0; - secDesc->pointer6 = NULL; - secDesc->length7 = 0x0; - secDesc->pointer7 = NULL; - secDesc->nextDescriptorPtr = NULL; - - while(sz) { - secDesc->header = descHeader ; - XMEMCPY(secReg, aes->reg, AES_BLOCK_SIZE) ; - if((sz%AES_BUFFER_SIZE) == sz) { - size = sz ; - sz = 0 ; - } else { - size = AES_BUFFER_SIZE ; - sz -= AES_BUFFER_SIZE ; + switch(aes->rounds) { + case 10: secDesc->length3 = 16 ; break ; + case 12: secDesc->length3 = 24 ; break ; + case 14: secDesc->length3 = 32 ; break ; } - secDesc->length4 = size; - secDesc->length5 = size; - - XMEMCPY(AESBuffIn, pi, size) ; - if(descHeader == SEC_DESC_AES_CBC_DECRYPT) { - XMEMCPY((void*)aes->tmp, (void*)&(pi[size-AES_BLOCK_SIZE]), AES_BLOCK_SIZE) ; + XMEMCPY(secKey, aes->key, secDesc->length3); + + secDesc->pointer3 = (byte *)secKey; + secDesc->pointer4 = AESBuffIn; + secDesc->pointer5 = AESBuffOut; + secDesc->length6 = 0x0; + secDesc->pointer6 = NULL; + secDesc->length7 = 0x0; + secDesc->pointer7 = NULL; + secDesc->nextDescriptorPtr = NULL; + + while (sz) { + secDesc->header = descHeader; + XMEMCPY(secReg, aes->reg, AES_BLOCK_SIZE); + if ((sz % AES_BUFFER_SIZE) == sz) { + size = sz; + sz = 0; + } else { + size = AES_BUFFER_SIZE; + sz -= AES_BUFFER_SIZE; + } + secDesc->length4 = size; + secDesc->length5 = size; + + XMEMCPY(AESBuffIn, pi, size); + if(descHeader == SEC_DESC_AES_CBC_DECRYPT) { + XMEMCPY((void*)aes->tmp, (void*)&(pi[size-AES_BLOCK_SIZE]), + AES_BLOCK_SIZE); + } + + /* Point SEC to the location of the descriptor */ + MCF_SEC_FR0 = (uint32)secDesc; + /* Initialize SEC and wait for encryption to complete */ + MCF_SEC_CCCR0 = 0x0000001a; + /* poll SISR to determine when channel is complete */ + v=0; + + while ((secDesc->header>> 24) != 0xff) v++; + + #ifdef DEBUG_CYASSL + ret = MCF_SEC_SISRH; + stat1 = MCF_SEC_AESSR; + stat2 = MCF_SEC_AESISR; + if (ret & 0xe0000000) { + db_printf("Aes_Cbc(i=%d):ISRH=%08x, AESSR=%08x, " + "AESISR=%08x\n", i, ret, stat1, stat2); + } + #endif + + XMEMCPY(po, AESBuffOut, size); + + if (descHeader == SEC_DESC_AES_CBC_ENCRYPT) { + XMEMCPY((void*)aes->reg, (void*)&(po[size-AES_BLOCK_SIZE]), + AES_BLOCK_SIZE); + } else { + XMEMCPY((void*)aes->reg, (void*)aes->tmp, AES_BLOCK_SIZE); + } + + pi += size; + po += size; } - /* Point SEC to the location of the descriptor */ - MCF_SEC_FR0 = (uint32)secDesc; - /* Initialize SEC and wait for encryption to complete */ - MCF_SEC_CCCR0 = 0x0000001a; - /* poll SISR to determine when channel is complete */ - v=0 ; - while((secDesc->header>> 24) != 0xff)v++ ; - -#ifdef DEBUG_CYASSL - ret = MCF_SEC_SISRH; - stat1 = MCF_SEC_AESSR ; - stat2 = MCF_SEC_AESISR ; - if(ret & 0xe0000000) - { - db_printf("Aes_Cbc(i=%d):ISRH=%08x, AESSR=%08x, AESISR=%08x\n", i, ret, stat1, stat2) ; - } -#endif - - XMEMCPY(po, AESBuffOut, size) ; - - if(descHeader == SEC_DESC_AES_CBC_ENCRYPT) { - XMEMCPY((void*)aes->reg, (void*)&(po[size-AES_BLOCK_SIZE]), AES_BLOCK_SIZE) ; - } else { - XMEMCPY((void*)aes->reg, (void*)aes->tmp, AES_BLOCK_SIZE) ; - } - - pi += size ; - po += size ; + UnLockMutex(&Mutex_AesSEC); + return 0; } - UnLockMutex(&Mutex_AesSEC) ; - return 0 ; -} -int AesCbcEncrypt(Aes* aes, byte* po, const byte* pi, word32 sz) -{ - return(AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_ENCRYPT)) ; -} + int AesCbcEncrypt(Aes* aes, byte* po, const byte* pi, word32 sz) + { + return (AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_ENCRYPT)); + } -int AesCbcDecrypt(Aes* aes, byte* po, const byte* pi, word32 sz) -{ - return(AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_DECRYPT)) ; -} + int AesCbcDecrypt(Aes* aes, byte* po, const byte* pi, word32 sz) + { + return (AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_DECRYPT)); + } -int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, + int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir) -{ - - if(AESBuffIn == NULL) { - #if defined (HAVE_THREADX) - int s1, s2, s3, s4, s5 ; - s5 = tx_byte_allocate(&mp_ncached,(void *)&secDesc, sizeof(SECdescriptorType), TX_NO_WAIT); - s1 = tx_byte_allocate(&mp_ncached,(void *)&AESBuffIn, AES_BUFFER_SIZE, TX_NO_WAIT); - s2 = tx_byte_allocate(&mp_ncached,(void *)&AESBuffOut, AES_BUFFER_SIZE, TX_NO_WAIT); - s3 = tx_byte_allocate(&mp_ncached,(void *)&secKey, AES_BLOCK_SIZE*2,TX_NO_WAIT); - s4 = tx_byte_allocate(&mp_ncached,(void *)&secReg, AES_BLOCK_SIZE, TX_NO_WAIT); - - if(s1 || s2 || s3 || s4 || s5) - return BAD_FUNC_ARG; - - #else - #warning "Allocate non-Cache buffers" - #endif - - InitMutex(&Mutex_AesSEC) ; + { + if (AESBuffIn == NULL) { + #if defined (HAVE_THREADX) + int s1, s2, s3, s4, s5 ; + s5 = tx_byte_allocate(&mp_ncached,(void *)&secDesc, + sizeof(SECdescriptorType), TX_NO_WAIT); + s1 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffIn, + AES_BUFFER_SIZE, TX_NO_WAIT); + s2 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffOut, + AES_BUFFER_SIZE, TX_NO_WAIT); + s3 = tx_byte_allocate(&mp_ncached, (void *)&secKey, + AES_BLOCK_SIZE*2, TX_NO_WAIT); + s4 = tx_byte_allocate(&mp_ncached, (void *)&secReg, + AES_BLOCK_SIZE, TX_NO_WAIT); + + if(s1 || s2 || s3 || s4 || s5) + return BAD_FUNC_ARG; + #else + #warning "Allocate non-Cache buffers" + #endif + + InitMutex(&Mutex_AesSEC); + } + + if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) + return BAD_FUNC_ARG; + + if (aes == NULL) + return BAD_FUNC_ARG; + + aes->rounds = keylen/4 + 6; + XMEMCPY(aes->key, userKey, keylen); + + if (iv) + XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); + + return 0; } - if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) - return BAD_FUNC_ARG; - if (aes == NULL) - return BAD_FUNC_ARG; - - aes->rounds = keylen/4 + 6; - - XMEMCPY(aes->key, userKey, keylen); - if (iv) - XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); - - return 0; -} - #elif defined FREESCALE_MMCAU /* * Freescale mmCAU hardware AES support through the CAU/mmCAU library. diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c index 00bfe309b..be625ad16 100644 --- a/ctaocrypt/src/error.c +++ b/ctaocrypt/src/error.c @@ -280,6 +280,9 @@ const char* CTaoCryptGetErrorString(int error) case HMAC_MIN_KEYLEN_E: return "FIPS Mode HMAC Minimum Key Length error"; + case RSA_PAD_E: + return "Rsa Padding error"; + default: return "unknown error number"; diff --git a/ctaocrypt/src/rsa.c b/ctaocrypt/src/rsa.c index 648d56f1b..af56f9bac 100644 --- a/ctaocrypt/src/rsa.c +++ b/ctaocrypt/src/rsa.c @@ -157,7 +157,9 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, } -static word32 RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, +/* UnPad plaintext, set start to *output, return length of plaintext, + * < 0 on error */ +static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, byte **output, byte padValue) { word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0, @@ -177,7 +179,7 @@ static word32 RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, } if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) { CYASSL_MSG("RsaUnPad error, bad formatting"); - return 0; + return RSA_PAD_E; } outputLen = pkcsBlockLen - i; @@ -185,7 +187,7 @@ static word32 RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, if (invalid) { CYASSL_MSG("RsaUnPad error, bad formatting"); - return 0; + return RSA_PAD_E; } *output = (byte *)(pkcsBlock + i); @@ -316,7 +318,7 @@ int RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, int RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) { - int plainLen, ret; + int ret; #ifdef HAVE_CAVIUM if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) { @@ -332,16 +334,14 @@ int RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) return ret; } - plainLen = RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2); - - return plainLen; + return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2); } int RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { - int plainLen, ret; + int plainLen; byte* tmp; byte* pad = 0; @@ -357,10 +357,9 @@ int RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, XMEMCPY(tmp, in, inLen); - if ((ret = plainLen = RsaPrivateDecryptInline(tmp, inLen, &pad, key)) - < 0) { + if ( (plainLen = RsaPrivateDecryptInline(tmp, inLen, &pad, key) ) < 0) { XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); - return ret; + return plainLen; } if (plainLen > (int)outLen) plainLen = BAD_FUNC_ARG; @@ -376,7 +375,7 @@ int RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, /* for Rsa Verify */ int RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) { - int plainLen, ret; + int ret; #ifdef HAVE_CAVIUM if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) { @@ -392,16 +391,14 @@ int RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) return ret; } - plainLen = RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1); - - return plainLen; + return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1); } int RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { - int plainLen, ret; + int plainLen; byte* tmp; byte* pad = 0; @@ -417,10 +414,9 @@ int RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, XMEMCPY(tmp, in, inLen); - if ((ret = plainLen = RsaSSL_VerifyInline(tmp, inLen, &pad, key)) - < 0) { + if ( (plainLen = RsaSSL_VerifyInline(tmp, inLen, &pad, key) ) < 0) { XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); - return ret; + return plainLen; } if (plainLen > (int)outLen) diff --git a/cyassl/certs_test.h b/cyassl/certs_test.h index cd3341f4b..0d4373b2c 100644 --- a/cyassl/certs_test.h +++ b/cyassl/certs_test.h @@ -423,125 +423,126 @@ const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048); /* ./certs/client-cert.der, 2048-bit */ const unsigned char client_cert_der_2048[] = { - 0x30, 0x82, 0x04, 0x98, 0x30, 0x82, 0x03, 0x80, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x87, 0x4A, 0x75, 0xBE, - 0x91, 0x66, 0xD8, 0x3D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xB6, 0x63, 0xAF, 0x8F, + 0x5D, 0x62, 0x57, 0xA0, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, - 0x81, 0x8E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x13, 0x06, 0x4F, 0x72, 0x65, 0x67, - 0x6F, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, - 0x07, 0x13, 0x08, 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, - 0x64, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x13, 0x05, 0x79, 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, - 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0B, 0x50, 0x72, - 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, - 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0D, - 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, - 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x31, - 0x31, 0x30, 0x32, 0x34, 0x31, 0x38, 0x32, 0x31, 0x35, 0x35, - 0x5A, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x32, 0x30, 0x31, - 0x38, 0x32, 0x31, 0x35, 0x35, 0x5A, 0x30, 0x81, 0x8E, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, - 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, - 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, 0x64, 0x31, 0x0E, - 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x05, 0x79, - 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, - 0x55, 0x04, 0x0B, 0x13, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, - 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0D, 0x77, 0x77, 0x77, - 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, 0x6E, 0x66, - 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, - 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, - 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, - 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, - 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, - 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, - 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, - 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, - 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, - 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, - 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, - 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, - 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, - 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, - 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, - 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, - 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, - 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, - 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, - 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, - 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, - 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, - 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, - 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, - 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, - 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xF6, 0x30, 0x81, - 0xF3, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, - 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, - 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, - 0x65, 0xC0, 0x30, 0x81, 0xC3, 0x06, 0x03, 0x55, 0x1D, 0x23, - 0x04, 0x81, 0xBB, 0x30, 0x81, 0xB8, 0x80, 0x14, 0x33, 0xD8, - 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, - 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0xA1, 0x81, - 0x94, 0xA4, 0x81, 0x91, 0x30, 0x81, 0x8E, 0x31, 0x0B, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, - 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x11, 0x30, - 0x0F, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x50, 0x6F, - 0x72, 0x74, 0x6C, 0x61, 0x6E, 0x64, 0x31, 0x0E, 0x30, 0x0C, - 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x05, 0x79, 0x61, 0x53, + 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, + 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, + 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x31, 0x31, + 0x31, 0x37, 0x33, 0x39, 0x34, 0x34, 0x5A, 0x17, 0x0D, 0x31, + 0x37, 0x30, 0x34, 0x30, 0x36, 0x31, 0x37, 0x33, 0x39, 0x34, + 0x34, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, + 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, + 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, - 0x0B, 0x13, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, - 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, - 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, - 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, - 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0x87, 0x4A, 0x75, 0xBE, 0x91, 0x66, 0xD8, 0x3D, - 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, - 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x1C, 0x7C, 0x42, 0x81, 0x29, 0x9E, - 0x21, 0xCF, 0xD0, 0xD8, 0xC1, 0x54, 0x6F, 0xCC, 0xAE, 0x14, - 0x09, 0x38, 0xFF, 0x68, 0x98, 0x9A, 0x95, 0x53, 0x76, 0x18, - 0x7B, 0xE6, 0x30, 0x76, 0xEC, 0x28, 0x0D, 0x75, 0xA7, 0xDE, - 0xE0, 0xCD, 0x8E, 0xD5, 0x55, 0x23, 0x6A, 0x47, 0x2B, 0x4E, - 0x8D, 0xFC, 0x7D, 0x06, 0xA3, 0xD8, 0x0F, 0xAD, 0x5E, 0xD6, - 0x04, 0xC9, 0x00, 0x33, 0xFB, 0x77, 0x27, 0xD3, 0xB5, 0x03, - 0xB3, 0x7B, 0x21, 0x74, 0x31, 0x0B, 0x4A, 0xAF, 0x2D, 0x1A, - 0xB3, 0x93, 0x8E, 0xCC, 0xF3, 0x5F, 0x3D, 0x90, 0x3F, 0xCC, - 0xE3, 0x55, 0x19, 0x91, 0x7B, 0x78, 0x24, 0x2E, 0x4A, 0x09, - 0xBB, 0x18, 0x4E, 0x61, 0x2D, 0x9C, 0xC6, 0x0A, 0xA0, 0x34, - 0x91, 0x88, 0x70, 0x6B, 0x3B, 0x48, 0x47, 0xBC, 0x79, 0x94, - 0xA2, 0xA0, 0x4D, 0x32, 0x47, 0x54, 0xC2, 0xA3, 0xDC, 0x2E, - 0xD2, 0x51, 0x4C, 0x29, 0x39, 0x11, 0xFF, 0xE2, 0x15, 0x5E, - 0x58, 0x97, 0x36, 0xF6, 0xE9, 0x06, 0x06, 0x86, 0x0E, 0x8D, - 0x9D, 0x95, 0x03, 0x72, 0xB2, 0x8B, 0x19, 0x7C, 0xE9, 0x14, - 0x6E, 0xA1, 0x88, 0x73, 0x68, 0x58, 0x6D, 0x71, 0x5E, 0xC2, - 0xD5, 0xD3, 0x13, 0xD2, 0x5F, 0xDE, 0xEA, 0x03, 0xBE, 0xE2, - 0x00, 0x40, 0xE5, 0xCE, 0xFD, 0xE6, 0x92, 0x31, 0x57, 0xC3, - 0xEB, 0xBB, 0x66, 0xAC, 0xCB, 0x2F, 0x1A, 0xFA, 0xE0, 0x62, - 0xA2, 0x47, 0xF4, 0x93, 0x43, 0x2A, 0x4B, 0x6C, 0x5E, 0x0A, - 0x2F, 0xF9, 0xE7, 0xE6, 0x4A, 0x63, 0x86, 0xB0, 0xAC, 0x2A, - 0xA1, 0xEB, 0xB4, 0x5B, 0x67, 0xCD, 0x32, 0xE4, 0xB6, 0x11, - 0x4B, 0x9A, 0x72, 0x66, 0x0D, 0xA2, 0x4A, 0x76, 0x8F, 0xFE, - 0x22, 0xBC, 0x83, 0xFD, 0xDB, 0xB7, 0xD5, 0xA9, 0xEE, 0x05, - 0xC9, 0xB1, 0x71, 0x7E, 0x1B, 0x2B, 0xE1, 0xE3, 0xAF, 0xC0 - + 0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, + 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, + 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, + 0xFE, 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, + 0x2A, 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, + 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, + 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, + 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, + 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, + 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, + 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, + 0x5B, 0xE4, 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, + 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, + 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, + 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, + 0xA3, 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, + 0xBF, 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, + 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, + 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, + 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, + 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, + 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, + 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, + 0x85, 0xB3, 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, + 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, + 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, + 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, + 0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, + 0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, + 0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, + 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, + 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, + 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, + 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, + 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, + 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, + 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, + 0xB6, 0x63, 0xAF, 0x8F, 0x5D, 0x62, 0x57, 0xA0, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x01, 0x00, 0x85, 0x10, 0x90, 0xC5, 0x5D, 0xDE, 0x25, 0x8C, + 0xF2, 0x57, 0x7B, 0x2D, 0x14, 0x1C, 0x05, 0xF9, 0x71, 0x63, + 0x40, 0xB0, 0xE3, 0xC1, 0xC1, 0x2E, 0x13, 0x2A, 0x7A, 0xB7, + 0xD6, 0x24, 0x58, 0x87, 0xEB, 0x03, 0xFB, 0x0D, 0xAF, 0xE0, + 0xF4, 0xD0, 0xC8, 0xBC, 0x51, 0x36, 0x10, 0x4F, 0x79, 0xCC, + 0x4F, 0x66, 0x7D, 0xAF, 0x99, 0xCB, 0x7B, 0xCE, 0x68, 0x94, + 0xC6, 0x36, 0xAA, 0x42, 0x6E, 0x8C, 0x78, 0x5B, 0xB2, 0x85, + 0xCA, 0xD1, 0xE1, 0xA8, 0x31, 0xD1, 0x81, 0xD9, 0xF9, 0xC1, + 0xA3, 0x9E, 0x34, 0x43, 0xEF, 0x0A, 0x79, 0x7D, 0x3E, 0x83, + 0x61, 0xFC, 0x14, 0x5C, 0xD1, 0xDD, 0xBC, 0x0E, 0xD7, 0x51, + 0xB7, 0x71, 0x6E, 0x41, 0x7E, 0x8B, 0x2C, 0x5A, 0x9A, 0xCB, + 0x77, 0x4B, 0x6A, 0xF5, 0x06, 0xFF, 0x02, 0xAF, 0x1E, 0xE6, + 0x63, 0x4F, 0xBC, 0x44, 0xD9, 0x3F, 0x56, 0x9E, 0x09, 0x9C, + 0x43, 0xF9, 0x55, 0x21, 0x32, 0x46, 0x82, 0x09, 0x86, 0xA9, + 0x7B, 0x74, 0x1C, 0x9E, 0x5A, 0x2A, 0xBF, 0x03, 0x79, 0x91, + 0xCB, 0xF2, 0x29, 0x7F, 0xC9, 0x15, 0x82, 0x89, 0xB9, 0x53, + 0xCD, 0x7E, 0x07, 0x90, 0xA9, 0x5D, 0x76, 0xE1, 0x19, 0x5E, + 0x0D, 0x58, 0xB8, 0x59, 0xD5, 0x0D, 0xDF, 0x23, 0xAB, 0x6B, + 0x63, 0x76, 0x19, 0x9E, 0x9C, 0xDF, 0xB0, 0x57, 0x49, 0x6C, + 0xD0, 0x86, 0x97, 0xC3, 0x6C, 0x3C, 0xFA, 0xE0, 0x56, 0xC2, + 0x1B, 0xE3, 0xA1, 0x42, 0x1A, 0x58, 0x62, 0x85, 0x9D, 0x74, + 0x19, 0x83, 0x08, 0xAF, 0x59, 0x90, 0xF8, 0x99, 0xBD, 0x67, + 0xD3, 0x4A, 0xEA, 0x0E, 0xC9, 0xCA, 0x61, 0x8A, 0x0D, 0x8A, + 0x42, 0xCC, 0x90, 0xE9, 0x2E, 0xC2, 0x54, 0x73, 0x7F, 0x5E, + 0xAF, 0x8D, 0xE2, 0x32, 0xCB, 0x45, 0x20, 0xD6, 0x19, 0x4D, + 0x5B, 0x77, 0x31, 0xCC, 0x0F, 0x2D, 0xC0, 0x7E }; const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048); @@ -797,125 +798,126 @@ const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048); /* ./certs/ca-cert.der, 2048-bit */ const unsigned char ca_cert_der_2048[] = { - 0x30, 0x82, 0x04, 0x9E, 0x30, 0x82, 0x03, 0x86, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE9, 0xD0, 0xA7, 0x5F, - 0x79, 0x25, 0xF4, 0x3C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x9A, 0x41, 0x47, 0xCD, + 0xA1, 0x14, 0x62, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, - 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x13, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x13, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, - 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, + 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, - 0x67, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, - 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, - 0x16, 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, - 0x31, 0x31, 0x31, 0x30, 0x32, 0x34, 0x31, 0x38, 0x31, 0x38, - 0x31, 0x35, 0x5A, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x32, - 0x30, 0x31, 0x38, 0x31, 0x38, 0x31, 0x35, 0x5A, 0x30, 0x81, - 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, - 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x07, 0x13, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, - 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, - 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, - 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A, - 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x31, 0x31, + 0x30, 0x33, 0x32, 0x30, 0x30, 0x38, 0x5A, 0x17, 0x0D, 0x31, + 0x37, 0x30, 0x34, 0x30, 0x36, 0x30, 0x33, 0x32, 0x30, 0x30, + 0x38, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, + 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, + 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, + 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, + 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, + 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, 0xCA, 0x2D, + 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, 0x1F, 0x4A, + 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, 0xDF, 0xCA, + 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, 0xEE, 0x2A, + 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, 0x10, 0x98, + 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, 0x4F, 0xDE, + 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, 0x90, 0xBB, + 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, 0xC5, 0xF1, + 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, 0x10, 0x41, + 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, 0x70, + 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, 0x7C, 0xED, + 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, 0xC7, 0xED, + 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, 0x5C, 0x38, + 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, 0x94, 0x3C, + 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, 0x1D, 0x13, + 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, 0xB8, 0x7D, + 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, 0x21, 0xDC, + 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, 0xFC, 0x7D, + 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, 0x05, 0x67, + 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, 0xB5, 0x68, + 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, 0x63, 0xF5, + 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, 0x17, + 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, 0xFE, 0xC3, + 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52, + 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9, + 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED, + 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, + 0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, + 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, + 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, + 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, + 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, + 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, + 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, + 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, + 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, - 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, - 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, - 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, - 0xCA, 0x2D, 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, - 0x1F, 0x4A, 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, - 0xDF, 0xCA, 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, - 0xEE, 0x2A, 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, - 0x10, 0x98, 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, - 0x4F, 0xDE, 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, - 0x90, 0xBB, 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, - 0xC5, 0xF1, 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, - 0x10, 0x41, 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, - 0xD2, 0x70, 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, - 0x7C, 0xED, 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, - 0xC7, 0xED, 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, - 0x5C, 0x38, 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, - 0x94, 0x3C, 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, - 0x1D, 0x13, 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, - 0xB8, 0x7D, 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, - 0x21, 0xDC, 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, - 0xFC, 0x7D, 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, - 0x05, 0x67, 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, - 0xB5, 0x68, 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, - 0x63, 0xF5, 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, - 0x5A, 0x17, 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, - 0xFE, 0xC3, 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, - 0x00, 0x52, 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, - 0x1D, 0xB9, 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, - 0xBD, 0xED, 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, - 0x81, 0xF8, 0x30, 0x81, 0xF5, 0x30, 0x1D, 0x06, 0x03, 0x55, - 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11, - 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, - 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC5, 0x06, - 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xBD, 0x30, 0x81, 0xBA, - 0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, - 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, - 0xE8, 0xD5, 0xA1, 0x81, 0x96, 0xA4, 0x81, 0x93, 0x30, 0x81, - 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, - 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x07, 0x13, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, - 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, - 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, - 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A, - 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, - 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, - 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xE9, 0xD0, - 0xA7, 0x5F, 0x79, 0x25, 0xF4, 0x3C, 0x30, 0x0C, 0x06, 0x03, - 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, - 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x5F, 0x86, 0x14, 0xF4, 0x51, 0x8B, 0xBC, 0xA5, 0x4E, 0x30, - 0xDA, 0x5E, 0xAC, 0x9A, 0xF8, 0x6C, 0xD9, 0x26, 0x4B, 0x93, - 0xF9, 0xE3, 0x1C, 0x89, 0x6F, 0x9E, 0xEE, 0xB3, 0x9D, 0x77, - 0x3E, 0x89, 0x20, 0x76, 0xA3, 0xE6, 0xE8, 0x86, 0x15, 0x21, - 0xDB, 0xE2, 0x33, 0xB2, 0x34, 0xD5, 0xD0, 0x9F, 0xF3, 0xC1, - 0xA4, 0x87, 0x92, 0x5C, 0xF9, 0xD1, 0xFF, 0x30, 0x2F, 0x8E, - 0x03, 0xBC, 0xB3, 0x3C, 0x0C, 0x32, 0xA3, 0x90, 0x5F, 0x1A, - 0x90, 0x1E, 0xAF, 0x9D, 0xF3, 0x9E, 0xD7, 0x07, 0x02, 0xA9, - 0x7D, 0x27, 0x66, 0x63, 0x2F, 0xAF, 0x18, 0xD7, 0xAC, 0x18, - 0x98, 0x8C, 0x83, 0x8F, 0x38, 0xF3, 0x0B, 0xAC, 0x36, 0x10, - 0x75, 0xFB, 0xCA, 0x76, 0x13, 0x50, 0x5B, 0x02, 0x8F, 0x73, - 0xBF, 0xE3, 0xA0, 0xEE, 0x83, 0x52, 0x25, 0x54, 0xCE, 0x26, - 0xCE, 0x9C, 0xBD, 0x2F, 0x79, 0xAB, 0x1B, 0x60, 0xB8, 0x92, - 0xF1, 0x03, 0xC0, 0xFC, 0x3B, 0x08, 0xD9, 0xC0, 0xAD, 0xD5, - 0x72, 0x08, 0x25, 0x80, 0x61, 0x2D, 0xDC, 0x9F, 0xA7, 0x83, - 0x62, 0x07, 0x47, 0xE0, 0x07, 0x4C, 0x4B, 0x07, 0x30, 0x04, - 0xA9, 0x87, 0x1C, 0x55, 0x7F, 0x07, 0x12, 0xD0, 0xCB, 0x42, - 0x5D, 0xCB, 0xCF, 0x66, 0x01, 0x1A, 0x17, 0xEE, 0xF9, 0x0F, - 0x60, 0xB7, 0xDB, 0x6F, 0x68, 0xE5, 0x4E, 0x41, 0x62, 0x6E, - 0xD3, 0x6F, 0x60, 0x4F, 0x4B, 0x27, 0xDE, 0xCF, 0x18, 0x07, - 0xF1, 0x13, 0x5D, 0xCB, 0x3F, 0xA9, 0x25, 0x44, 0xDA, 0x52, - 0x5C, 0xC8, 0x04, 0xE1, 0x56, 0x12, 0xF5, 0x2A, 0x90, 0x4E, - 0xD1, 0xE2, 0xAF, 0x01, 0xB5, 0x23, 0xA1, 0xEC, 0x31, 0xDA, - 0x7B, 0x63, 0x69, 0xC4, 0xB8, 0xF3, 0xE7, 0xCE, 0xA1, 0x3D, - 0xC0, 0xDB, 0x6D, 0xF3, 0xB2, 0xD9, 0x46, 0xC8, 0x9F, 0xC3, - 0xB8, 0x70, 0x5A, 0x1F, 0x7F, 0xCA + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, + 0x9A, 0x41, 0x47, 0xCD, 0xA1, 0x14, 0x62, 0x8C, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x01, 0x00, 0x79, 0x78, 0x0C, 0x6D, 0x79, 0x88, 0x91, 0xFC, + 0x3A, 0x15, 0x9C, 0xF9, 0x27, 0x62, 0x16, 0xF0, 0x21, 0x1F, + 0xFA, 0x7D, 0x3F, 0xA2, 0xA8, 0x32, 0x1E, 0xF7, 0xF2, 0x11, + 0xA9, 0x74, 0x16, 0x74, 0x5E, 0xDC, 0x18, 0xCA, 0xF0, 0x00, + 0x2A, 0xD5, 0x03, 0x06, 0x26, 0x30, 0xF1, 0x47, 0x83, 0xFD, + 0x32, 0x6E, 0xFC, 0xED, 0xAA, 0x4F, 0x7D, 0x0C, 0x63, 0x60, + 0x31, 0x2F, 0x7C, 0x0C, 0xBF, 0x99, 0x66, 0x87, 0xED, 0x27, + 0x08, 0x86, 0x2D, 0xC4, 0x33, 0xE8, 0x98, 0x23, 0x1C, 0xFE, + 0xA3, 0xDB, 0x9A, 0x49, 0x4E, 0xFC, 0x5A, 0x42, 0xEF, 0x71, + 0xC3, 0x3F, 0xAD, 0xDC, 0x4A, 0xA8, 0xD2, 0xA3, 0x1D, 0x09, + 0xAC, 0x33, 0x04, 0x7B, 0x86, 0xF3, 0x6D, 0x00, 0x59, 0xA3, + 0xC8, 0xDB, 0xD1, 0x3C, 0x73, 0xF6, 0x0E, 0x90, 0xD6, 0x5E, + 0x49, 0xE0, 0xBF, 0x36, 0x63, 0x08, 0x7B, 0xA5, 0xB0, 0x8F, + 0x35, 0x3B, 0x56, 0x8C, 0x11, 0x35, 0x49, 0x04, 0x1C, 0xD0, + 0xE7, 0xBA, 0x56, 0xC5, 0x0D, 0x0A, 0x91, 0x8D, 0xD6, 0xB7, + 0x62, 0x19, 0x34, 0x12, 0x52, 0x4C, 0xD2, 0x6D, 0x7C, 0xC5, + 0x3D, 0x0F, 0x18, 0x81, 0x54, 0xCB, 0xF6, 0x3C, 0xE5, 0x84, + 0xD2, 0xD6, 0x71, 0x15, 0xEC, 0x1A, 0x34, 0x0B, 0xF0, 0xA0, + 0x21, 0x74, 0x43, 0xC8, 0xA3, 0xB0, 0xDF, 0xD9, 0x67, 0xDA, + 0xE2, 0xAD, 0x93, 0x48, 0xF8, 0xA0, 0x87, 0xBD, 0x79, 0x14, + 0xE0, 0x62, 0x0A, 0xDF, 0xF7, 0x31, 0x2E, 0x31, 0x7B, 0xD1, + 0x32, 0x2A, 0x0A, 0xFE, 0x5D, 0x14, 0xEF, 0xD9, 0x64, 0x50, + 0xE4, 0x83, 0x91, 0xBC, 0x70, 0x0D, 0xD7, 0x88, 0x8D, 0xD9, + 0xBC, 0x84, 0x0E, 0xC5, 0x1A, 0xB3, 0xBF, 0x64, 0x02, 0x4E, + 0x51, 0x91, 0xA4, 0xA2, 0x85, 0x15, 0x83, 0xAF, 0xF0, 0x5B, + 0x9B, 0x28, 0x49, 0x5F, 0xB2, 0xB3, 0x03, 0xD8 }; const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); @@ -1048,98 +1050,125 @@ const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048); /* ./certs/server-cert.der, 2048-bit */ const unsigned char server_cert_der_2048[] = { - 0x30, 0x82, 0x03, 0x90, 0x30, 0x82, 0x02, 0x78, 0x02, 0x01, - 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x90, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, - 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x08, 0x53, - 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A, 0x43, 0x6F, - 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x16, - 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0D, 0x77, - 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, - 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x31, 0x31, - 0x30, 0x32, 0x34, 0x31, 0x38, 0x32, 0x37, 0x31, 0x33, 0x5A, - 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x32, 0x30, 0x31, 0x38, - 0x32, 0x37, 0x31, 0x33, 0x5A, 0x30, 0x81, 0x8A, 0x31, 0x0B, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, - 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, - 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, - 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0E, 0x30, - 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x05, 0x79, 0x61, - 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x0B, 0x13, 0x07, 0x53, 0x75, 0x70, 0x70, 0x6F, 0x72, - 0x74, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, - 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, - 0x16, 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, - 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, - 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0, - 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, - 0x45, 0x41, 0x27, 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, - 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F, 0x4E, 0xD6, 0xF6, 0x1C, - 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE, 0x5C, - 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, - 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, - 0x17, 0xFC, 0xCA, 0x5D, 0x7B, 0xBA, 0xE0, 0x21, 0xE5, 0x72, - 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA, 0xAC, 0x1B, - 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, - 0x63, 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, - 0xA5, 0x1C, 0x5C, 0x34, 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, - 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73, 0xA6, 0x8C, 0x18, - 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10, - 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, - 0x87, 0x6E, 0xC4, 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, - 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5, 0xFD, 0x66, 0x51, 0x0C, - 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23, 0x73, - 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, - 0x2A, 0xD0, 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, - 0xC7, 0xA0, 0xC0, 0xC1, 0x63, 0x78, 0x0F, 0x44, 0x37, 0x30, - 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77, 0xBA, 0x13, - 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, - 0x39, 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, - 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, - 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, 0xD2, 0x96, 0xDF, - 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x30, 0x82, 0x04, 0x9E, 0x30, 0x82, 0x03, 0x86, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, + 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, + 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, + 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, + 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, + 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, + 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, + 0x31, 0x31, 0x31, 0x37, 0x32, 0x30, 0x31, 0x34, 0x5A, 0x17, + 0x0D, 0x31, 0x37, 0x30, 0x34, 0x30, 0x36, 0x31, 0x37, 0x32, + 0x30, 0x31, 0x34, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, + 0x66, 0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x07, 0x53, 0x75, 0x70, 0x70, 0x6F, + 0x72, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, + 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65, + 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, + 0x2F, 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, + 0xA8, 0x67, 0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, + 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, + 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, + 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, + 0x95, 0x73, 0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, + 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B, + 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3, + 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, + 0x78, 0x73, 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, + 0x19, 0x01, 0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4, + 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17, + 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, + 0xB5, 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, + 0x5F, 0x1C, 0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, + 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A, + 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, + 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, + 0x95, 0xA1, 0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, + 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0, + 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, + 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, + 0x83, 0xC5, 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 0x30, 0x81, + 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, 0x84, 0xE2, + 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, 0x42, 0xCA, 0x1F, 0x0E, + 0x8E, 0x3C, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 0x27, 0x8E, + 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, + 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, + 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, + 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, + 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x9A, 0x41, + 0x47, 0xCD, 0xA1, 0x14, 0x62, 0x8C, 0x30, 0x0C, 0x06, 0x03, + 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x71, 0x4E, 0xD3, 0x62, 0xDF, 0xCC, 0x4C, 0xF7, 0xCD, 0xB7, - 0x6E, 0x52, 0x0B, 0x6C, 0x6E, 0xE0, 0xBD, 0xC2, 0x2D, 0x07, - 0xD7, 0xC0, 0xB0, 0x6E, 0x43, 0x1E, 0x35, 0xBC, 0x30, 0x01, - 0x50, 0xF0, 0xFF, 0x99, 0x23, 0x6C, 0x18, 0x1A, 0x41, 0xB6, - 0x11, 0xD6, 0xD4, 0x19, 0x61, 0xFD, 0xE4, 0x77, 0x97, 0x1C, - 0x39, 0xE1, 0x57, 0xAB, 0xC5, 0x15, 0x63, 0x77, 0x11, 0x36, - 0x5E, 0x74, 0xE2, 0x24, 0x0B, 0x1F, 0x41, 0x78, 0xAD, 0xB7, - 0x81, 0xE7, 0xB4, 0x40, 0x66, 0x80, 0xF0, 0x4B, 0x91, 0xA0, - 0x6D, 0xA8, 0x6E, 0x3D, 0x53, 0xD9, 0x8B, 0xCE, 0x2A, 0xE1, - 0x0B, 0x45, 0x65, 0x87, 0xA1, 0x96, 0xAE, 0xEE, 0x3E, 0x88, - 0xD5, 0x12, 0x1F, 0x78, 0x17, 0xAE, 0x2C, 0xC5, 0x73, 0x44, - 0xD8, 0xDC, 0xF4, 0xAF, 0xD8, 0xCC, 0xAE, 0x4C, 0xE1, 0x0C, - 0xBE, 0x55, 0xA4, 0x99, 0xF7, 0x6E, 0x96, 0xC0, 0xC8, 0x45, - 0x87, 0xBF, 0xDC, 0x51, 0x57, 0xFF, 0x9E, 0x73, 0x37, 0x6A, - 0x18, 0x9C, 0xC3, 0xF9, 0x22, 0x7A, 0xF4, 0xB0, 0x52, 0xBD, - 0xFC, 0x21, 0x30, 0xF8, 0xC5, 0xFF, 0x1E, 0x87, 0x7D, 0xAD, - 0xA2, 0x5A, 0x35, 0xF5, 0x22, 0xA8, 0xB4, 0x0A, 0x76, 0x38, - 0xE6, 0x76, 0xB0, 0x98, 0xAF, 0x1B, 0xEC, 0x8A, 0x0A, 0x43, - 0x74, 0xD2, 0x85, 0x34, 0x37, 0x84, 0x07, 0xE1, 0xF6, 0x23, - 0xB2, 0x29, 0xDE, 0xA6, 0xB6, 0xB7, 0x4C, 0x57, 0x7E, 0x96, - 0x06, 0xCB, 0xA9, 0x16, 0x25, 0x29, 0x3A, 0x03, 0x2D, 0x55, - 0x7D, 0xA6, 0x8C, 0xA4, 0xF7, 0x9E, 0x81, 0xC9, 0x95, 0xB6, - 0x7C, 0xC1, 0x4A, 0xCE, 0x94, 0x66, 0x0C, 0xCA, 0x88, 0xEB, - 0xD2, 0x09, 0xF5, 0x5B, 0x19, 0x58, 0x82, 0xDF, 0x27, 0xFD, - 0x67, 0x95, 0x78, 0xB7, 0x02, 0x06, 0xD5, 0xA7, 0x61, 0xBD, - 0xEF, 0x3A, 0xFC, 0xB2, 0x61, 0xCD + 0x3D, 0x8C, 0x70, 0x05, 0x5B, 0x62, 0x4B, 0xBF, 0x6C, 0xB6, + 0x48, 0x61, 0x01, 0x10, 0x1D, 0x5E, 0x05, 0xBA, 0x55, 0x94, + 0x2C, 0xAE, 0x59, 0x6F, 0x97, 0x80, 0x5D, 0x6C, 0x86, 0xEC, + 0x9A, 0xEB, 0x15, 0x45, 0x44, 0xE4, 0x56, 0xF8, 0x75, 0xCA, + 0x8A, 0x45, 0x32, 0xF4, 0xC7, 0xE1, 0xFA, 0xF2, 0x98, 0x1C, + 0x91, 0xD3, 0x3F, 0xE8, 0x0E, 0xC9, 0x1B, 0xFA, 0xE1, 0x79, + 0x99, 0x67, 0x0E, 0x0D, 0x6B, 0x8A, 0xEC, 0x1A, 0x2C, 0x59, + 0xC4, 0x34, 0x04, 0x8D, 0x39, 0x77, 0xCD, 0xB5, 0xE9, 0x60, + 0x5B, 0x82, 0xBF, 0x34, 0xCE, 0xED, 0xC6, 0x4F, 0x3F, 0xB4, + 0x5C, 0x4D, 0x8A, 0xB4, 0xF4, 0x0A, 0x04, 0x12, 0xA0, 0x56, + 0xC1, 0xE1, 0x33, 0x37, 0xA1, 0x54, 0x87, 0x48, 0xE9, 0x81, + 0xC2, 0x0F, 0x8F, 0x6F, 0xD3, 0x52, 0x4C, 0x4C, 0x32, 0x4C, + 0x6B, 0x9F, 0x3A, 0x04, 0x8F, 0x77, 0x5D, 0xAD, 0xDC, 0x3D, + 0x2B, 0xF2, 0xC9, 0xDF, 0x3C, 0x60, 0x5D, 0xD8, 0xFC, 0x86, + 0x72, 0x7C, 0x3D, 0xD0, 0x84, 0x4B, 0x8C, 0xDF, 0x26, 0x43, + 0xFE, 0xC0, 0xCC, 0x5B, 0xE1, 0x36, 0xB3, 0x3D, 0x32, 0x28, + 0xA3, 0xEF, 0x0C, 0x20, 0xD6, 0xB1, 0x50, 0x39, 0xD6, 0x67, + 0xA9, 0x8B, 0x84, 0xBC, 0x92, 0x34, 0xEB, 0x19, 0x23, 0xE8, + 0x10, 0x8F, 0xEA, 0xBD, 0x18, 0x8C, 0x93, 0x27, 0x3C, 0x74, + 0x75, 0x8E, 0x58, 0x04, 0xFA, 0x2A, 0x74, 0x44, 0x7D, 0xFC, + 0x4D, 0x39, 0xDF, 0x54, 0x17, 0xBA, 0x78, 0xE1, 0x5D, 0x6A, + 0x70, 0xD3, 0x7C, 0xA2, 0x80, 0x81, 0xE6, 0x19, 0x51, 0x91, + 0xC3, 0x44, 0x51, 0xEC, 0xBB, 0x88, 0xA9, 0x53, 0xE1, 0xD7, + 0xA9, 0x8C, 0x28, 0xF4, 0x21, 0x1C, 0x42, 0x51, 0x09, 0xB4, + 0x12, 0x6D, 0xA0, 0xD6, 0x25, 0x09, 0x85, 0xC6, 0x2A, 0x0C, + 0xAF, 0xA7, 0x58, 0xE6, 0x52, 0x8B }; const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048); diff --git a/cyassl/ctaocrypt/error-crypt.h b/cyassl/ctaocrypt/error-crypt.h index c75d37ceb..31489958d 100644 --- a/cyassl/ctaocrypt/error-crypt.h +++ b/cyassl/ctaocrypt/error-crypt.h @@ -126,10 +126,10 @@ enum { ASN_NAME_INVALID_E = -198, /* ASN name constraint error */ RNG_FAILURE_E = -199, /* RNG Failed, Reinitialize */ - HMAC_MIN_KEYLEN_E = -200, /* FIPS Mode HMAC Minimum Key Length error */ + RSA_PAD_E = -201, /* RSA Padding Error */ - MIN_CODE_E = -300 /* errors -101 - -299 */ + MIN_CODE_E = -300 /* errors -101 - -299 */ }; diff --git a/cyassl/test.h b/cyassl/test.h index 179e049ec..dc00a4d06 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -897,8 +897,8 @@ static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store) static INLINE int myDateCb(int preverify, CYASSL_X509_STORE_CTX* store) { - (void)preverify; char buffer[CYASSL_MAX_ERROR_SZ]; + (void)preverify; printf("In verification callback, error = %d, %s\n", store->error, CyaSSL_ERR_error_string(store->error, buffer)); diff --git a/examples/client/client.c b/examples/client/client.c index 65aa0f837..29ab46f42 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -611,7 +611,6 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) #endif ssl = CyaSSL_new(ctx); - if (ssl == NULL) err_sys("unable to get SSL object"); if (doDTLS) { diff --git a/src/internal.c b/src/internal.c index fa97d7c39..c75c3cace 100644 --- a/src/internal.c +++ b/src/internal.c @@ -203,6 +203,8 @@ static INLINE void c16toa(word16 u16, byte* c) } +#if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \ + || defined(HAVE_AESGCM) /* convert 32 bit integer to opaque */ static INLINE void c32toa(word32 u32, byte* c) { @@ -211,6 +213,7 @@ static INLINE void c32toa(word32 u32, byte* c) c[2] = (u32 >> 8) & 0xff; c[3] = u32 & 0xff; } +#endif /* convert a 24 bit integer into a 32 bit one */ @@ -3012,10 +3015,8 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, static int GetHandShakeHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, byte *type, word32 *size) { - const byte *ptr = input + *inOutIdx; (void)ssl; - *inOutIdx += HANDSHAKE_HEADER_SZ; *type = ptr[0]; @@ -4379,7 +4380,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size, /* increment beyond input + size should be checked against totalSz */ if (*inOutIdx + size + ssl->keys.padSz > totalSz) - return INCOMPLETE_DATA; + return INCOMPLETE_DATA; /* force input exhaustion at ProcessReply consuming padSz */ *inOutIdx += size + ssl->keys.padSz; @@ -4427,9 +4428,8 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, /* make sure can read the message */ if (*inOutIdx + size > totalSz) - { return INCOMPLETE_DATA; - } + ret = HashInput(ssl, input + *inOutIdx, size); if (ret != 0) return ret; @@ -4733,6 +4733,8 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, #endif +#if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \ + || defined(HAVE_AESGCM) static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify) { if (verify) @@ -4740,6 +4742,7 @@ static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify) else return ssl->keys.sequence_number++; } +#endif #ifdef HAVE_AEAD @@ -5409,8 +5412,9 @@ static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz) minLength += ssl->specs.block_size; /* explicit IV */ } else if (ssl->specs.cipher_type == aead) { - minLength = ssl->specs.aead_mac_size + AEAD_EXP_IV_SZ; - /* explicit IV + authTag size */ + minLength = ssl->specs.aead_mac_size; /* authTag size */ + if (ssl->specs.bulk_cipher_algorithm != cyassl_chacha) + minLength += AEAD_EXP_IV_SZ; /* explicit IV */ } if (encryptSz < minLength) { @@ -9373,26 +9377,13 @@ static void PickHashSigAlgo(CYASSL* ssl, if (encSigSz != (word32)ret || !out || XMEMCMP(out, encodedSig, min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) - { - CYASSL_MSG("line 9258"); - if (encSigSz != (word32)ret) - {CYASSL_MSG("encSigSz != ret");} - if (!out) - {CYASSL_MSG("!out");} - if (XMEMCMP(out, encodedSig, - min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) - {CYASSL_MSG("xmemcmp != 0");} - return VERIFY_SIGN_ERROR; - - } } else { if (ret != sizeof(hash) || !out || XMEMCMP(out, hash, sizeof(hash)) != 0) - {CYASSL_MSG("line 9266"); return VERIFY_SIGN_ERROR; - }} + } } else #endif #ifdef HAVE_ECC @@ -9450,9 +9441,8 @@ static void PickHashSigAlgo(CYASSL* ssl, digest, digestSz, &verify, ssl->peerEccDsaKey); } if (ret != 0 || verify == 0) - {CYASSL_MSG("line 9326"); return VERIFY_SIGN_ERROR; - }} + } else #endif /* HAVE_ECC */ return ALGO_ID_E; From 3c27deb9d06cde97baa696c9793cb4dcc7569d6b Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 21 Jul 2014 13:50:22 -0600 Subject: [PATCH 19/21] merge --- .gitignore | 3 +++ Makefile.am | 2 +- README | 24 +++++++++++++++++++++++- configure.ac | 4 ++-- cyassl/version.h | 4 ++-- src/internal.c | 3 +-- 6 files changed, 32 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index adf7926eb..ec648f2a3 100644 --- a/.gitignore +++ b/.gitignore @@ -54,6 +54,9 @@ certecc.der certecc.pem othercert.der othercert.pem +ntru-cert.der +ntru-cert.pem +ntru-key.raw key.der key.pem certreq.der diff --git a/Makefile.am b/Makefile.am index c2d916e49..5918a4dc5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -96,7 +96,7 @@ TESTS_ENVIRONMENT=./valgrind-error.sh endif TEST_EXTENSIONS=.test -TESTS += $(check_PROGRAMS) ./client-test.sh +TESTS += $(check_PROGRAMS) test: check tests/unit.log: testsuite/testsuite.log diff --git a/README b/README index cb12a6cda..e2da67459 100644 --- a/README +++ b/README @@ -35,7 +35,29 @@ before calling SSL_new(); Though it's not recommended. *** end Notes *** -CyaSSL Release 3.0.2 (05/30/2014) +CyaSSL Release 3.1.0 (07/14/2014) + +Release 3.1.0 CyaSSL has bug fixes and new features including: + +- Fix for older versions of icc without 128-bit type +- Intel ASM syntax for AES-NI +- Updated NTRU support, keygen benchmark +- FIPS check for minimum required HMAC key length +- Small stack (--enable-smallstack) improvements for PKCS#7, ASN +- TLS extension support for DTLS +- Default I/O callbacks external to user +- Updated example client with bad clock test +- Ability to set optional ECC context info +- Ability to enable/disable DH separate from opensslextra +- Additional test key/cert buffers for CA and server +- Updated example certificates + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 3.0.2 (05/30/2014) Release 3.0.2 CyaSSL has bug fixes and new features including: diff --git a/configure.ac b/configure.ac index e9faab304..13f1fdac5 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[3.0.3],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com]) +AC_INIT([cyassl],[3.1.0],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -31,7 +31,7 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -CYASSL_LIBRARY_VERSION=5:5:0 +CYASSL_LIBRARY_VERSION=5:6:0 # | | | # +------+ | +---+ # | | | diff --git a/cyassl/version.h b/cyassl/version.h index f520844e6..a2d1dea9c 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBCYASSL_VERSION_STRING "3.0.3" -#define LIBCYASSL_VERSION_HEX 0x03000003 +#define LIBCYASSL_VERSION_STRING "3.1.0" +#define LIBCYASSL_VERSION_HEX 0x03001000 #ifdef __cplusplus } diff --git a/src/internal.c b/src/internal.c index c75c3cace..34c1e41d7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -57,7 +57,6 @@ #define FALSE 0 #endif - #if defined(CYASSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS) #error \ CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS @@ -6569,7 +6568,7 @@ static int BuildMessage(CYASSL* ssl, byte* output, int outSz, ivSz = AEAD_EXP_IV_SZ; sz += (ivSz + ssl->specs.aead_mac_size - digestSz); - XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); + XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); } #endif if (sz > (word32)outSz) { From 48e3ef1c3110378db901baa892a3097e77911497 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 21 Jul 2014 15:26:04 -0600 Subject: [PATCH 20/21] Update ctaocrypt.vcproj --- ctaocrypt/ctaocrypt.vcproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ctaocrypt/ctaocrypt.vcproj b/ctaocrypt/ctaocrypt.vcproj index 0bd771d95..0f8779e04 100755 --- a/ctaocrypt/ctaocrypt.vcproj +++ b/ctaocrypt/ctaocrypt.vcproj @@ -301,7 +301,7 @@ > Date: Mon, 21 Jul 2014 16:20:17 -0700 Subject: [PATCH 21/21] fixup some chacah-poly suite things including a valgrind error --- ctaocrypt/benchmark/benchmark.c | 2 +- cyassl/internal.h | 4 +--- examples/client/client.c | 2 +- src/internal.c | 18 ++++++++++-------- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 4f4131a30..e8ae08851 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -464,7 +464,7 @@ void bench_poly1305() persec = persec / 1024; #endif - printf("POLY1305 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, + printf("POLY1305 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif /* HAVE_POLY1305 */ diff --git a/cyassl/internal.h b/cyassl/internal.h index d36a43db6..3780821a4 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -474,9 +474,7 @@ void c32to24(word32 in, word24 out); #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 #endif - #if !defined(NO_DSA) - #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - #endif + #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 #endif #if !defined(NO_DH) && !defined(NO_RSA) #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 diff --git a/examples/client/client.c b/examples/client/client.c index 29ab46f42..bdc08e03a 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -625,7 +625,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) #ifdef HAVE_POLY1305 /* use old poly to connect with google server */ - if (!XMEMCMP(domain, "www.google.com", 15)) { + if (!XSTRNCMP(domain, "www.google.com", 14)) { if (CyaSSL_use_old_poly(ssl, 1) != 0) err_sys("unable to set to old poly"); } diff --git a/src/internal.c b/src/internal.c index 2dabff2ee..7c0239011 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1672,6 +1672,9 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->options.groupMessages = ctx->groupMessages; ssl->options.usingNonblock = 0; ssl->options.saveArrays = 0; +#ifdef HAVE_POLY1305 + ssl->options.oldPoly = 0; +#endif #ifndef NO_CERTS /* ctx still owns certificate, certChain, key, dh, and cm */ @@ -4876,13 +4879,12 @@ static int Poly1305TagOld(CYASSL* ssl, byte* additional, const byte* out, static int ChachaAEADEncrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) { - int offset = 5; /*where to find type,version in record header */ - const byte* additionalSrc = input - offset; - int ret = 0; - byte tag[ssl->specs.aead_mac_size]; + const byte* additionalSrc = input - RECORD_HEADER_SZ; + int ret = 0; + byte tag[POLY1305_AUTH_SZ]; byte additional[CHACHA20_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; - byte cipher[32]; /* generated key for poly1305 */ + byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */ XMEMSET(tag, 0, sizeof(tag)); XMEMSET(nonce, 0, AEAD_NONCE_SZ); @@ -4928,7 +4930,7 @@ static int ChachaAEADEncrypt(CYASSL* ssl, byte* out, const byte* input, return ret; if ((ret = Chacha_Process(ssl->encrypt.chacha, cipher, - cipher, 32)) != 0) + cipher, sizeof(cipher))) != 0) return ret; /* encrypt the plain text */ @@ -4981,8 +4983,8 @@ static int ChachaAEADDecrypt(CYASSL* ssl, byte* plain, const byte* input, { byte additional[CHACHA20_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; - byte tag[ssl->specs.aead_mac_size]; - byte cipher[32]; /* generated key for mac */ + byte tag[POLY1305_AUTH_SZ]; + byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for mac */ int i; int ret = 0;