mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into ocsp

Browse Source
This commit is contained in:
John Safranek 2012-12-14 14:23:53 -08:00
commit c314dc3940
12 changed files with 186 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
README
View File

@ -12,7 +12,7 @@ harder. Now to run testsuite just do:
or
make test (when using autoconf)
make check (when using autoconf)
On *nix or Windows the examples and testsuite will check to see if the current
directory is the source directory and if so, attempt to change to the CyaSSL
@ -32,15 +32,37 @@ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling SSL_new(); Though it's not recommended.
*** end Notes ***
CyaSSL Release 2.4.4 (12/12/2012)
Release 2.4.4 CyaSSL has bug fixes and a few new features including:
- ECC into main version
- Lean PSK build (reduced code size, RAM usage, and stack usage)
- FreeBSD CRL monitor support
- CyaSSL_peek()
- CyaSSL_send() and CyaSSL_recv() for I/O flag setting
- CodeWarrior Support
- MQX Support
- Freescale Kinetis support including Hardware RNG
- autoconf builds use jobserver
- cyassl-config
- Sniffer memory reductions
Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config,
warning system, and general good ideas for improving CyaSSL!
Note 3)
The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the
K70 Sub-Family Reference Manual:
http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
*** end Note ***
The CyaSSL manual is available at:
http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
and comments about the new features please check the manual.
CyaSSL Release 2.4.0 (10/10/2012)
*************** CyaSSL Release 2.4.0 (10/10/2012)
Release 2.4.0 CyaSSL has bug fixes and a few new features including:
- DTLS reliability

80
configure.ac
View File

@ -6,7 +6,7 @@
#
#
AC_INIT([cyassl],[2.4.2],[http://www.yassl.com])
AC_INIT([cyassl],[2.4.4],[http://www.yassl.com])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
@ -38,7 +38,7 @@ CYASSL_LIBRARY_VERSION=3:3:0
# | +- increment if source code has changed
# | set to zero if current is incremented
# +- increment if interfaces have been added, removed or changed
AC_SUBST(CYASSL_LIBRARY_VERSION)
AC_SUBST([CYASSL_LIBRARY_VERSION])
# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
# if user doesn't override, no way to tell
@ -106,7 +106,7 @@ AS_IF([test "$ax_enable_debug" = "yes"],
# SMALL BUILD
AC_ARG_ENABLE(small,
AC_ARG_ENABLE([small],
[ --enable-small Enable smallest build (default: disabled)],
[ ENABLED_SMALL=$enableval ],
[ ENABLED_SMALL=no ]
@ -122,7 +122,7 @@ fi
# SINGLE THREADED
AC_ARG_ENABLE(singleThreaded,
AC_ARG_ENABLE([singleThreaded],
[ --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
[ ENABLED_SINGLETHREADED=$enableval ],
[ ENABLED_SINGLETHREADED=no ])
@ -140,7 +140,7 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADE
# DTLS
AC_ARG_ENABLE(dtls,
AC_ARG_ENABLE([dtls],
[ --enable-dtls Enable CyaSSL DTLS (default: disabled)],
[ ENABLED_DTLS=$enableval ],
[ ENABLED_DTLS=no ]
@ -152,7 +152,7 @@ fi
# OPENSSL Extra Compatibility
AC_ARG_ENABLE(opensslExtra,
AC_ARG_ENABLE([opensslExtra],
[ --enable-opensslExtra Enable extra OpenSSL API, size+ (default: disabled)],
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
@ -169,7 +169,7 @@ fi
# IPv6 Test Apps
AC_ARG_ENABLE(ipv6,
AC_ARG_ENABLE([ipv6],
[ --enable-ipv6 Enable testing of IPV6 (default: disabled)],
[ ENABLED_IPV6=$enableval ],
[ ENABLED_IPV6=no ]
@ -182,7 +182,7 @@ fi
# Fortress build
AC_ARG_ENABLE(fortress,
AC_ARG_ENABLE([fortress],
[ --enable-fortress Enable SSL fortress build (default: disabled)],
[ ENABLED_FORTRESS=$enableval ],
[ ENABLED_FORTRESS=no ]
@ -195,7 +195,7 @@ fi
# ssl bump build
AC_ARG_ENABLE(bump,
AC_ARG_ENABLE([bump],
[ --enable-bump Enable SSL Bump build (default: disabled)],
[ ENABLED_BUMP=$enableval ],
[ ENABLED_BUMP=no ]
@ -209,7 +209,7 @@ fi
ENABLED_SLOWMATH="yes"
# lean psk build
AC_ARG_ENABLE(leanpsk,
AC_ARG_ENABLE([leanpsk],
[ --enable-leanpsk Enable Lean PSK build (default: disabled)],
[ ENABLED_LEANPSK=$enableval ],
[ ENABLED_LEANPSK=no ]
@ -226,7 +226,7 @@ AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
# fastmath
AC_ARG_ENABLE(fastmath,
AC_ARG_ENABLE([fastmath],
[ --enable-fastmath Enable fast math for BigInts (default: disabled)],
[ ENABLED_FASTMATH=$enableval ],
[ ENABLED_FASTMATH=no ]
@ -240,7 +240,7 @@ fi
# fast HUGE math
AC_ARG_ENABLE(fasthugemath,
AC_ARG_ENABLE([fasthugemath],
[ --enable-fasthugemath Enable fast math + huge code (default: disabled)],
[ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ]
@ -262,7 +262,7 @@ AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])
# big cache
AC_ARG_ENABLE(bigcache,
AC_ARG_ENABLE([bigcache],
[ --enable-bigcache Enable big session cache (default: disabled)],
[ ENABLED_BIGCACHE=$enableval ],
[ ENABLED_BIGCACHE=no ]
@ -275,7 +275,7 @@ fi
# HUGE cache
AC_ARG_ENABLE(hugecache,
AC_ARG_ENABLE([hugecache],
[ --enable-hugecache Enable huge session cache (default: disabled)],
[ ENABLED_HUGECACHE=$enableval ],
[ ENABLED_HUGECACHE=no ]
@ -288,7 +288,7 @@ fi
# SMALL cache
AC_ARG_ENABLE(smallcache,
AC_ARG_ENABLE([smallcache],
[ --enable-smallcache Enable small session cache (default: disabled)],
[ ENABLED_SMALLCACHE=$enableval ],
[ ENABLED_SMALLCACHE=no ]
@ -314,7 +314,7 @@ AC_ARG_ENABLE([sniffer],
AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
# AES-GCM
AC_ARG_ENABLE(aesgcm,
AC_ARG_ENABLE([aesgcm],
[ --enable-aesgcm Enable CyaSSL AES-GCM support (default: disabled)],
[ ENABLED_AESGCM=$enableval ],
[ ENABLED_AESGCM=no ]
@ -346,7 +346,7 @@ fi
AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])
# AES-NI
AC_ARG_ENABLE(aesni,
AC_ARG_ENABLE([aesni],
[ --enable-aesni Enable CyaSSL AES-NI support (default: disabled)],
[ ENABLED_AESNI=$enableval ],
[ ENABLED_AESNI=no ]
@ -366,7 +366,7 @@ AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
# MD2
AC_ARG_ENABLE(md2,
AC_ARG_ENABLE([md2],
[ --enable-md2 Enable CyaSSL MD2 support (default: disabled)],
[ ENABLED_MD2=$enableval ],
[ ENABLED_MD2=no ]
@ -386,7 +386,7 @@ AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
# RIPEMD
AC_ARG_ENABLE(ripemd,
AC_ARG_ENABLE([ripemd],
[ --enable-ripemd Enable CyaSSL RIPEMD-160 support (default: disabled)],
[ ENABLED_RIPEMD=$enableval ],
[ ENABLED_RIPEMD=no ]
@ -401,7 +401,7 @@ AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
# SHA512
AC_ARG_ENABLE(sha512,
AC_ARG_ENABLE([sha512],
[ --enable-sha512 Enable CyaSSL SHA-512 support (default: disabled)],
[ ENABLED_SHA512=$enableval ],
[ ENABLED_SHA512=no ]
@ -427,7 +427,7 @@ AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
# SESSION CERTS
AC_ARG_ENABLE(sessioncerts,
AC_ARG_ENABLE([sessioncerts],
[ --enable-sessioncerts Enable session cert storing (default: disabled)],
[ ENABLED_SESSIONCERTS=$enableval ],
[ ENABLED_SESSIONCERTS=no ]
@ -440,7 +440,7 @@ fi
# KEY GENERATION
AC_ARG_ENABLE(keygen,
AC_ARG_ENABLE([keygen],
[ --enable-keygen Enable key generation (default: disabled)],
[ ENABLED_KEYGEN=$enableval ],
[ ENABLED_KEYGEN=no ]
@ -453,7 +453,7 @@ fi
# CERT GENERATION
AC_ARG_ENABLE(certgen,
AC_ARG_ENABLE([certgen],
[ --enable-certgen Enable cert generation (default: disabled)],
[ ENABLED_CERTGEN=$enableval ],
[ ENABLED_CERTGEN=no ]
@ -466,7 +466,7 @@ fi
# HC128
AC_ARG_ENABLE(hc128,
AC_ARG_ENABLE([hc128],
[ --enable-hc128 Enable HC-128 (default: disabled)],
[ ENABLED_HC128=$enableval ],
[ ENABLED_HC128=no ]
@ -483,7 +483,7 @@ AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
# RABBIT
AC_ARG_ENABLE(rabbit,
AC_ARG_ENABLE([rabbit],
[ --enable-rabbit Enable RABBIT (default: disabled)],
[ ENABLED_RABBIT=$enableval ],
[ ENABLED_RABBIT=no ]
@ -500,7 +500,7 @@ AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
# PSK
AC_ARG_ENABLE(psk,
AC_ARG_ENABLE([psk],
[ --enable-psk Enable PSK (default: disabled)],
[ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ]
@ -513,7 +513,7 @@ fi
# Web Server Build
AC_ARG_ENABLE(webServer,
AC_ARG_ENABLE([webServer],
[ --enable-webServer Enable Web Server (default: disabled)],
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
@ -526,7 +526,7 @@ fi
# No Filesystem Build
AC_ARG_ENABLE(noFilesystem,
AC_ARG_ENABLE([noFilesystem],
[ --enable-noFilesystem Enable No Filesystem (default: disabled)],
[ ENABLED_NOFILESYSTEM=$enableval ],
[ ENABLED_NOFILESYSTEM=no ]
@ -539,7 +539,7 @@ fi
# No inline Build
AC_ARG_ENABLE(noInline,
AC_ARG_ENABLE([noInline],
[ --enable-noInline Enable No inline (default: disabled)],
[ ENABLED_NOINLINE=$enableval ],
[ ENABLED_NOINLINE=no ]
@ -554,7 +554,7 @@ AM_CONDITIONAL([BUILD_NOINLINE], [test "x$ENABLED_NOINLINE" = "xyes"])
# ECC
AC_ARG_ENABLE(ecc,
AC_ARG_ENABLE([ecc],
[ --enable-ecc Enable ECC (default: disabled)],
[ ENABLED_ECC=$enableval ],
[ ENABLED_ECC=no ]
@ -575,7 +575,7 @@ fi
# OCSP
AC_ARG_ENABLE(ocsp,
AC_ARG_ENABLE([ocsp],
[ --enable-ocsp Enable OCSP (default: disabled)],
[ ENABLED_OCSP=$enableval ],
[ ENABLED_OCSP=no ],
@ -590,7 +590,7 @@ AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
# CRL
AC_ARG_ENABLE(crl,
AC_ARG_ENABLE([crl],
[ --enable-crl Enable CRL (default: disabled)],
[ ENABLED_CRL=$enableval ],
[ ENABLED_CRL=no ],
@ -605,7 +605,7 @@ AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
# CRL Monitor
AC_ARG_ENABLE(crl-monitor,
AC_ARG_ENABLE([crl-monitor],
[ --enable-crl-monitor Enable CRL Monitor (default: disabled)],
[ ENABLED_CRL_MONITOR=$enableval ],
[ ENABLED_CRL_MONITOR=no ],
@ -628,7 +628,7 @@ AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
ntruHome=`pwd`/NTRU_algorithm
ntruInclude=$ntruHome/cryptolib
ntruLib=$ntruHome
AC_ARG_ENABLE(ntru,
AC_ARG_ENABLE([ntru],
[ --enable-ntru Enable NTRU (default: disabled)],
[ ENABLED_NTRU=$enableval ],
[ ENABLED_NTRU=no ]
@ -650,7 +650,7 @@ fi
#valgrind
AC_ARG_ENABLE(valgrind,
AC_ARG_ENABLE([valgrind],
[ --enable-valgrind Enable valgrind for unit tests (default: disabled)],
[ ENABLED_VALGRIND=$enableval ],
[ ENABLED_VALGRIND=no ]
@ -658,7 +658,7 @@ AC_ARG_ENABLE(valgrind,
if test "$ENABLED_VALGRIND" = "yes"
then
AC_CHECK_PROG(HAVE_VALGRIND,valgrind,yes,no)
AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
if [["$HAVE_VALGRIND" = "no" ]]; then
AC_MSG_ERROR([Valgrind not found.])
@ -670,7 +670,7 @@ AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"])
# Test certs, use internal cert functions for extra testing
AC_ARG_ENABLE(testcert,
AC_ARG_ENABLE([testcert],
[ --enable-testcert Enable Test Cert (default: disabled)],
[ ENABLED_TESTCERT=$enableval ],
[ ENABLED_TESTCERT=no ]
@ -683,7 +683,7 @@ fi
# Enable Examples, used to disable examples
AC_ARG_ENABLE(examples,
AC_ARG_ENABLE([examples],
[ --enable-examples Enable Examples (default: enabled)],
[ ENABLED_EXAMPLES=$enableval ],
[ ENABLED_EXAMPLES=yes ]
@ -694,7 +694,7 @@ AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])
# LIBZ
trylibzdir=""
AC_ARG_WITH(libz,
AC_ARG_WITH([libz],
[ --with-libz=PATH PATH to libz install (default /usr/) ],
[
AC_MSG_CHECKING([for libz])
@ -750,7 +750,7 @@ fi
LIB_SOCKET_NSL
AC_ARG_ENABLE(gcc-hardening,
AC_ARG_ENABLE([gcc-hardening],
AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default: disabled)),
[if test x$enableval = xyes; then
AM_CFLAGS="$AM_CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"

4
ctaocrypt/benchmark/benchmark.c
View File

@ -511,6 +511,10 @@ void bench_dh(void)
bytes = fread(tmp, 1, sizeof(tmp), file);
InitDhKey(&dhKey);
bytes = DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes);
if (bytes != 0) {
printf("dhekydecode failed, can't benchmark\n");
return;
}
start = current_time();

3
ctaocrypt/src/asn.c
View File

@ -2079,6 +2079,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
typeH = SHA256h;
digestSz = SHA256_DIGEST_SIZE;
}
break;
#endif
#ifdef CYASSL_SHA512
case CTC_SHA512wRSA:
@ -2091,6 +2092,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
typeH = SHA512h;
digestSz = SHA512_DIGEST_SIZE;
}
break;
#endif
#ifdef CYASSL_SHA384
case CTC_SHA384wRSA:
@ -2103,6 +2105,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
typeH = SHA384h;
digestSz = SHA384_DIGEST_SIZE;
}
break;
#endif
default:
CYASSL_MSG("Verify Signautre has unsupported type");

20
ctaocrypt/test/test.c
View File

@ -1708,6 +1708,8 @@ int rsa_test(void)
if (ret != 0) return -491;
FreeDecodedCert(&cert);
#else
(void)bytes;
#endif
fclose(file2);
@ -2091,13 +2093,13 @@ int dh_test(void)
if (ret != 0)
return -53;
ret = DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
ret = DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2);
ret = DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
ret += DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2);
if (ret != 0)
return -54;
ret = DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
ret = DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
ret = DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
ret += DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
if (ret != 0)
return -55;
@ -2420,14 +2422,20 @@ int pkcs12_test(void)
int ret = PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations,
kLen, SHA, id);
if ( (ret = memcmp(derived, verify, kLen)) != 0)
if (ret < 0)
return -103;
if ( (ret = memcmp(derived, verify, kLen)) != 0)
return -104;
iterations = 1000;
ret = PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations,
kLen, SHA, id);
if (ret < 0)
return -105;
if ( (ret = memcmp(derived, verify2, 24)) != 0)
return -104;
return -106;
return 0;
}

24
cyassl/test.h
View File

@ -821,10 +821,18 @@ static INLINE void ChangeDirBack(int x)
/* does current dir contain str */
static INLINE int CurrentDir(const char* str)
{
char path[MAX_PATH];
char path[MAX_PATH];
char* baseName;
GetCurrentDirectoryA(sizeof(path), path);
if (strstr(path, str))
baseName = strrchr(path, '\\');
if (baseName)
baseName++;
else
baseName = path;
if (strstr(baseName, str))
return 1;
return 0;
@ -859,13 +867,21 @@ static INLINE void ChangeDirBack(int x)
/* does current dir contain str */
static INLINE int CurrentDir(const char* str)
{
char path[MAX_PATH];
char path[MAX_PATH];
char* baseName;
if (getcwd(path, sizeof(path)) == NULL) {
printf("no current dir?\n");
return 0;
}
if (strstr(path, str))
baseName = strrchr(path, '/');
if (baseName)
baseName++;
else
baseName = path;
if (strstr(baseName, str))
return 1;
return 0;

4
cyassl/version.h
View File

@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBCYASSL_VERSION_STRING "2.4.2"
#define LIBCYASSL_VERSION_HEX 0x02004002
#define LIBCYASSL_VERSION_STRING "2.4.4"
#define LIBCYASSL_VERSION_HEX 0x02004004
#ifdef __cplusplus
}

2
examples/client/client.c
View File

@ -232,8 +232,6 @@ void client_test(void* args)
}
}
argc -= myoptind;
argv += myoptind;
myoptind = 0; /* reset for test cases */
switch (version) {

2
examples/server/server.c
View File

@ -200,8 +200,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
}
argc -= myoptind;
argv += myoptind;
myoptind = 0; /* reset for test cases */
switch (version) {

71
src/internal.c
View File

@ -7257,30 +7257,31 @@ int SetCipherList(Suites* s, const char* list)
ssl->options.haveSessionId = 1;
/* DoClientHello uses same resume code */
while (ssl->options.resuming) { /* let's try */
if (ssl->options.resuming) { /* let's try */
int ret;
CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
if (!session) {
CYASSL_MSG("Session lookup for resume failed");
ssl->options.resuming = 0;
break; /* session lookup failed */
}
if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, OldClientHello");
return UNSUPPORTED_SUITE;
}
} else {
if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, OldClientHello");
return UNSUPPORTED_SUITE;
}
RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
#ifndef NO_OLD_TLS
if (ssl->options.tls)
RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
#ifndef NO_OLD_TLS
if (ssl->options.tls)
ret = DeriveTlsKeys(ssl);
else
ret = DeriveKeys(ssl);
#else
ret = DeriveTlsKeys(ssl);
else
ret = DeriveKeys(ssl);
#else
ret = DeriveTlsKeys(ssl);
#endif
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
#endif
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
return ret;
return ret;
}
}
return MatchSuite(ssl, &clSuites);
@ -7429,31 +7430,31 @@ int SetCipherList(Suites* s, const char* list)
ssl->options.haveSessionId = 1;
/* ProcessOld uses same resume code */
while (ssl->options.resuming) { /* let's try */
if (ssl->options.resuming) { /* let's try */
int ret;
CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
if (!session) {
ssl->options.resuming = 0;
CYASSL_MSG("Session lookup for resume failed");
break; /* session lookup failed */
}
if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, ClientHello");
return UNSUPPORTED_SUITE;
}
ssl->options.resuming = 0;
} else {
if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, ClientHello");
return UNSUPPORTED_SUITE;
}
RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
#ifndef NO_OLD_TLS
if (ssl->options.tls)
RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
#ifndef NO_OLD_TLS
if (ssl->options.tls)
ret = DeriveTlsKeys(ssl);
else
ret = DeriveKeys(ssl);
#else
ret = DeriveTlsKeys(ssl);
else
ret = DeriveKeys(ssl);
#else
ret = DeriveTlsKeys(ssl);
#endif
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
#endif
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
return ret;
return ret;
}
}
return MatchSuite(ssl, &clSuites);
}

2
src/sniffer.c
View File

@ -2275,7 +2275,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
const byte* sslBegin = sslFrame;
const byte* tmp;
RecordLayerHeader rh;
int rhSize;
int rhSize = 0;
int ret;
int decoded = 0; /* bytes stored for user in data */
int notEnough; /* notEnough bytes yet flag */

68
src/ssl.c
View File

@ -1128,8 +1128,10 @@ int CyaSSL_Init(void)
{
EncryptedInfo info;
buffer der; /* holds DER or RAW (for NTRU) */
int ret;
int dynamicType = 0;
int eccKey = 0;
void* heap = ctx ? ctx->heap : NULL;
info.set = 0;
info.ctx = ctx;
@ -1153,9 +1155,9 @@ int CyaSSL_Init(void)
dynamicType = DYNAMIC_TYPE_KEY;
if (format == SSL_FILETYPE_PEM) {
int ret = PemToDer(buff, sz, type, &der, ctx->heap, &info, &eccKey);
ret = PemToDer(buff, sz, type, &der, heap, &info, &eccKey);
if (ret < 0) {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return ret;
}
if (used)
@ -1174,10 +1176,10 @@ int CyaSSL_Init(void)
CYASSL_MSG("Growing Tmp Chain Buffer");
bufferSz = (word32)(sz - consumed);
/* will shrink to actual size */
chainBuffer = (byte*)XMALLOC(bufferSz, ctx->heap,
chainBuffer = (byte*)XMALLOC(bufferSz, heap,
DYNAMIC_TYPE_FILE);
if (chainBuffer == NULL) {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return MEMORY_E;
}
dynamicBuffer = 1;
@ -1190,7 +1192,7 @@ int CyaSSL_Init(void)
part.buffer = 0;
ret = PemToDer(buff + consumed, sz - consumed, type, &part,
ctx->heap, &info, &eccKey);
heap, &info, &eccKey);
if (ret == 0) {
gotOne = 1;
if ( (idx + part.length) > bufferSz) {
@ -1208,38 +1210,42 @@ int CyaSSL_Init(void)
}
}
XFREE(part.buffer, ctx->heap, dynamicType);
XFREE(part.buffer, heap, dynamicType);
if (ret == SSL_NO_PEM_HEADER && gotOne) {
CYASSL_MSG("We got one good PEM so stuff at end ok");
ret = 0;
break;
}
if (ret < 0) {
CYASSL_MSG(" Error in Cert in Chain");
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return ret;
}
CYASSL_MSG(" Consumed another Cert in Chain");
}
CYASSL_MSG("Finished Processing Cert Chain");
ctx->certChain.buffer = (byte*)XMALLOC(idx, ctx->heap,
if (ctx == NULL) {
CYASSL_MSG("certChain needs context");
return BAD_FUNC_ARG;
}
ctx->certChain.buffer = (byte*)XMALLOC(idx, heap,
dynamicType);
if (ctx->certChain.buffer) {
ctx->certChain.length = idx;
XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
}
if (dynamicBuffer)
XFREE(chainBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
if (ctx->certChain.buffer == NULL) {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return MEMORY_E;
}
}
}
else { /* ASN1 (DER) or RAW (NTRU) */
der.buffer = (byte*) XMALLOC(sz, ctx->heap, dynamicType);
der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
if (!der.buffer) return MEMORY_ERROR;
XMEMCPY(der.buffer, buff, sz);
der.length = (word32)sz;
@ -1250,19 +1256,18 @@ int CyaSSL_Init(void)
/* decrypt */
char password[80];
int passwordSz;
int ret;
byte key[AES_256_KEY_SIZE];
byte iv[AES_IV_SIZE];
if (!ctx->passwd_cb) {
XFREE(der.buffer, ctx->heap, dynamicType);
if (!ctx || !ctx->passwd_cb) {
XFREE(der.buffer, heap, dynamicType);
return NO_PASSWORD;
}
/* use file's salt for key derivation, hex decode first */
if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return ASN_INPUT_E;
}
@ -1270,7 +1275,7 @@ int CyaSSL_Init(void)
ctx->userdata);
if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv,
(byte*)password, passwordSz, 1, key, iv)) <= 0) {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return ret;
}
@ -1300,44 +1305,50 @@ int CyaSSL_Init(void)
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length);
}
else {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return SSL_BAD_FILE;
}
}
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
if (type == CA_TYPE)
if (type == CA_TYPE) {
if (ctx == NULL) {
CYASSL_MSG("Need context for CA load");
XFREE(der.buffer, heap, dynamicType);
return BAD_FUNC_ARG;
}
return AddCA(ctx->cm, der, CYASSL_USER_CA, ctx->verifyPeer);
/* takes der over */
}
else if (type == CERT_TYPE) {
if (ssl) {
if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
XFREE(ssl->buffers.certificate.buffer, ctx->heap,
XFREE(ssl->buffers.certificate.buffer, heap,
dynamicType);
ssl->buffers.certificate = der;
ssl->buffers.weOwnCert = 1;
}
else {
else if (ctx) {
if (ctx->certificate.buffer)
XFREE(ctx->certificate.buffer, ctx->heap, dynamicType);
XFREE(ctx->certificate.buffer, heap, dynamicType);
ctx->certificate = der; /* takes der over */
}
}
else if (type == PRIVATEKEY_TYPE) {
if (ssl) {
if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
XFREE(ssl->buffers.key.buffer, ctx->heap, dynamicType);
XFREE(ssl->buffers.key.buffer, heap, dynamicType);
ssl->buffers.key = der;
ssl->buffers.weOwnKey = 1;
}
else {
else if (ctx) {
if (ctx->privateKey.buffer)
XFREE(ctx->privateKey.buffer, ctx->heap, dynamicType);
XFREE(ctx->privateKey.buffer, heap, dynamicType);
ctx->privateKey = der; /* takes der over */
}
}
else {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return SSL_BAD_CERTTYPE;
}
@ -1384,7 +1395,7 @@ int CyaSSL_Init(void)
DecodedCert cert;
CYASSL_MSG("Checking cert signature type");
InitDecodedCert(&cert, der.buffer, der.length, ctx->heap);
InitDecodedCert(&cert, der.buffer, der.length, heap);
if (DecodeToKey(&cert, 0) < 0) {
CYASSL_MSG("Decode to key failed");
@ -1396,7 +1407,8 @@ int CyaSSL_Init(void)
case CTC_SHA384wECDSA:
case CTC_SHA512wECDSA:
CYASSL_MSG("ECDSA cert signature");
ctx->haveECDSAsig = 1;
if (ctx)
ctx->haveECDSAsig = 1;
if (ssl)
ssl->options.haveECDSAsig = 1;
break;