From e673b1852ab61e7c76690cd0385eca5a24d08582 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 9 Oct 2012 16:13:05 -0700 Subject: [PATCH 1/4] fixed windows build warnings --- cyassl/internal.h | 1 + src/internal.c | 18 ++++++++++-------- src/io.c | 2 +- src/tls.c | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 6aa119da4..50ae3929d 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -342,6 +342,7 @@ enum Misc { TLSv1_MINOR = 1, /* TLSv1 minor version number */ TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ + INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ NO_COMPRESSION = 0, ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */ HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ diff --git a/src/internal.c b/src/internal.c index 58c42d1d6..bf76cf821 100644 --- a/src/internal.c +++ b/src/internal.c @@ -498,11 +498,11 @@ void FreeCiphers(CYASSL* ssl) void InitCipherSpecs(CipherSpecs* cs) { - cs->bulk_cipher_algorithm = -1; - cs->cipher_type = -1; - cs->mac_algorithm = -1; - cs->kea = -1; - cs->sig_algo = -1; + cs->bulk_cipher_algorithm = INVALID_BYTE; + cs->cipher_type = INVALID_BYTE; + cs->mac_algorithm = INVALID_BYTE; + cs->kea = INVALID_BYTE; + cs->sig_algo = INVALID_BYTE; cs->hash_size = 0; cs->static_ecdh = 0; @@ -7110,15 +7110,17 @@ int SetCipherList(Suites* s, const char* list) b = input[i++]; if (b) { byte cookie[MAX_COOKIE_LEN]; - byte cookieSz; if (b > MAX_COOKIE_LEN) return BUFFER_ERROR; if (i + b > totalSz) return INCOMPLETE_DATA; - cookieSz = EmbedGenerateCookie(cookie, COOKIE_SZ, ssl); - if ((b != cookieSz) || XMEMCMP(cookie, input + i, b) != 0) + if ((EmbedGenerateCookie(cookie, COOKIE_SZ, ssl) + != COOKIE_SZ) + || (b != COOKIE_SZ) + || (XMEMCMP(cookie, input + i, b) != 0)) { return COOKIE_ERROR; + } i += b; } } diff --git a/src/io.c b/src/io.c index 7ed6f9e85..0f1d9e555 100644 --- a/src/io.c +++ b/src/io.c @@ -320,7 +320,7 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx) else { if (dtlsCtx != NULL && dtlsCtx->peer.sz > 0 - && peerSz != dtlsCtx->peer.sz + && peerSz != (XSOCKLENT)dtlsCtx->peer.sz && memcmp(&peer, dtlsCtx->peer.sa, peerSz) != 0) { CYASSL_MSG(" Ignored packet from invalid peer"); return IO_ERR_WANT_READ; diff --git a/src/tls.c b/src/tls.c index d2d30e2ad..005bf51bf 100644 --- a/src/tls.c +++ b/src/tls.c @@ -374,7 +374,7 @@ void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, c16toa((word16)sz, length); #ifdef CYASSL_DTLS if (ssl->options.dtls) - c16toa(GetEpoch(ssl, verify), seq); + c16toa((word16)GetEpoch(ssl, verify), seq); #endif c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]); From a503f1332144a66d212aaf97b0c0065482ab96e9 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 10 Oct 2012 08:55:53 -0700 Subject: [PATCH 2/4] update readme and version number --- README | 15 ++++++++++++++- configure.ac | 4 ++-- cyassl/version.h | 4 ++-- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/README b/README index a88a90ab9..b381d6bf2 100644 --- a/README +++ b/README @@ -34,7 +34,20 @@ before calling SSL_new(); Though it's not recommended. *** end Note *** -CyaSSL Release 2.3.0 (8/10/2012) +CyaSSL Release 2.4.0 (10/10/2012) + +Release 2.4.0 CyaSSL has bug fixes and a few new features including: +- DTLS reliability +- Reduced memory usage after handshake +- Updated build process + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +*************** CyaSSL Release 2.3.0 (8/10/2012) Release 2.3.0 CyaSSL has bug fixes and a few new features including: - AES-GCM crypto and cipher suites diff --git a/configure.ac b/configure.ac index 3f22029d8..1ed8b36f8 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[2.3.1],[http://www.yassl.com]) +AC_INIT([cyassl],[2.4.0],[http://www.yassl.com]) AC_CONFIG_AUX_DIR(config) @@ -25,7 +25,7 @@ AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -CYASSL_LIBRARY_VERSION=3:2:0 +CYASSL_LIBRARY_VERSION=3:3:0 # | | | # +------+ | +---+ # | | | diff --git a/cyassl/version.h b/cyassl/version.h index 6c56a3923..08bcd9972 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBCYASSL_VERSION_STRING "2.3.1" -#define LIBCYASSL_VERSION_HEX 0x02003001 +#define LIBCYASSL_VERSION_STRING "2.4.0" +#define LIBCYASSL_VERSION_HEX 0x02004000 #ifdef __cplusplus } From 8760e6ac3e60da7900cedabb701c0e613e2ea1df Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 10 Oct 2012 12:15:13 -0700 Subject: [PATCH 3/4] fixed build warnings & aes-gcm/ni conflict --- ctaocrypt/src/aes.c | 10 +++++++--- cyassl/ctaocrypt/aes.h | 3 +++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index eabd0f4ee..b9268007e 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -743,7 +743,7 @@ static const word32 Td[5][256] = { #endif /* _MSC_VER */ -static int Check_CPU_support_AES() +static int Check_CPU_support_AES(void) { unsigned int a,b,c,d; cpuid(1,a,b,c,d); @@ -865,6 +865,9 @@ static int AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen, word32 temp, *rk = aes->key; unsigned int i = 0; + #ifdef CYASSL_AESNI + aes->use_aesni = 0; + #endif /* CYASSL_AESNI */ aes->rounds = keylen/4 + 6; XMEMCPY(rk, userKey, keylen); @@ -1003,6 +1006,7 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, checkAESNI = 1; } if (haveAESNI) { + aes->use_aesni = 1; if (iv) XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); if (dir == AES_ENCRYPTION) @@ -1028,7 +1032,7 @@ static void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) return; /* stop instead of segfaulting, set up your keys! */ } #ifdef CYASSL_AESNI - if (haveAESNI) { + if (aes->use_aesni) { CYASSL_MSG("AesEncrypt encountered aesni keysetup, don't use direct"); return; /* just stop now */ } @@ -1173,7 +1177,7 @@ static void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) return; /* stop instead of segfaulting, set up your keys! */ } #ifdef CYASSL_AESNI - if (haveAESNI) { + if (aes->use_aesni) { CYASSL_MSG("AesEncrypt encountered aesni keysetup, don't use direct"); return; /* just stop now */ } diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index e8dc53312..8f1dc327d 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -76,6 +76,9 @@ typedef struct Aes { ALIGN16 byte M0[256][AES_BLOCK_SIZE]; #endif /* GCM_TABLE */ #endif /* HAVE_AESGCM */ +#ifdef CYASSL_AESNI + byte use_aesni; +#endif /* CYASSL_AESNI */ } Aes; From d99c5d8e0625dac7b9b0fd984339e4488bc81e34 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 10 Oct 2012 14:07:10 -0700 Subject: [PATCH 4/4] fixed aes-ctr test case --- ctaocrypt/test/test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 4f478a58f..7919e2b34 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1230,9 +1230,9 @@ int aes_test(void) 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee }; - AesSetKey(&enc, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION); + AesSetKeyDirect(&enc, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION); /* Ctr only uses encrypt, even on key setup */ - AesSetKey(&dec, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION); + AesSetKeyDirect(&dec, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION); AesCtrEncrypt(&enc, cipher, ctrPlain, AES_BLOCK_SIZE*4); AesCtrEncrypt(&dec, plain, cipher, AES_BLOCK_SIZE*4);