mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
John Safranek 2013-03-18 09:37:26 -07:00
commit fa520f753d
28 changed files with 1005 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
autogen.sh
View File

@ -10,4 +10,7 @@ else
fi
autoreconf --install --force --verbose
ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
if test -d .git; then
ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
fi

2
commit-tests.sh
View File

@ -23,7 +23,7 @@ RESULT=$?
# make sure full config is ok
echo -e "\n\nTesting full config as well...\n\n"
./configure --enable-opensslExtra --enable-fastmath --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia;
./configure --enable-opensslextra --enable-fastmath --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia;
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1

556
configure.ac
View File

@ -6,7 +6,7 @@
#
#
AC_INIT([cyassl],[2.5.2],[http://www.yassl.com])
AC_INIT([cyassl],[2.5.3],[http://www.yassl.com])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
@ -106,8 +106,8 @@ AS_IF([test "$ax_enable_debug" = "yes"],
# SINGLE THREADED
AC_ARG_ENABLE([singleThreaded],
[ --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
AC_ARG_ENABLE([singlethreaded],
[ --enable-singlethreaded Enable CyaSSL single threaded (default: disabled)],
[ ENABLED_SINGLETHREADED=$enableval ],
[ ENABLED_SINGLETHREADED=no ])
@ -136,8 +136,8 @@ fi
# OPENSSL Extra Compatibility
AC_ARG_ENABLE([opensslExtra],
[ --enable-opensslExtra Enable extra OpenSSL API, size+ (default: disabled)],
AC_ARG_ENABLE([opensslextra],
[ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)],
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
)
@ -148,7 +148,7 @@ fi
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable small and opensslExtra, only one or the other.])
AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
fi
@ -201,7 +201,7 @@ AC_ARG_ENABLE([leanpsk],
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DCYASSL_USER_IO -DUSE_SLOW_SHA"
AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DCYASSL_USER_IO -DNO_SHA -DUSE_SLOW_SHA"
ENABLED_SLOWMATH="no"
ENABLED_SINGLETHREADED="yes"
fi
@ -209,42 +209,6 @@ fi
AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
# fastmath
AC_ARG_ENABLE([fastmath],
[ --enable-fastmath Enable fast math for BigInts (default: disabled)],
[ ENABLED_FASTMATH=$enableval ],
[ ENABLED_FASTMATH=no ]
)
if test "x$ENABLED_FASTMATH" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
# fast HUGE math
AC_ARG_ENABLE([fasthugemath],
[ --enable-fasthugemath Enable fast math + huge code (default: disabled)],
[ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_FASTHUGEMATH="yes"
fi
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
ENABLED_FASTMATH="yes"
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])
# big cache
AC_ARG_ENABLE([bigcache],
[ --enable-bigcache Enable big session cache (default: disabled)],
@ -400,6 +364,18 @@ fi
AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
# NULL CIPHER
AC_ARG_ENABLE([nullcipher],
[ --enable-nullcipher Enable CyaSSL NULL cipher support (default: disabled)],
[ ENABLED_NULL_CIPHER=$enableval ],
[ ENABLED_NULL_CIPHER=no ]
)
if test "$ENABLED_NULL_CIPHER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
fi
# RIPEMD
AC_ARG_ENABLE([ripemd],
[ --enable-ripemd Enable CyaSSL RIPEMD-160 support (default: disabled)],
@ -485,6 +461,122 @@ then
fi
# DSA
AC_ARG_ENABLE([dsa],
[ --enable-dsa Enable DSA (default: disabled)],
[ ENABLED_DSA=$enableval ],
[ ENABLED_DSA=no ]
)
if test "$ENABLED_DSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
fi
AM_CONDITIONAL([BUILD_DSA], [test "x$ENABLED_DSA" = "xyes"])
# ECC
AC_ARG_ENABLE([ecc],
[ --enable-ecc Enable ECC (default: disabled)],
[ ENABLED_ECC=$enableval ],
[ ENABLED_ECC=no ]
)
if test "$ENABLED_ECC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
fi
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.])
fi
# PSK
AC_ARG_ENABLE([psk],
[ --enable-psk Enable PSK (default: disabled)],
[ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ]
)
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
fi
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "yes"
then
ENABLED_PSK=yes
fi
# ERROR STRINGS
AC_ARG_ENABLE([errorstrings],
[ --enable-errorstrings Enable error strings table (default: enabled)],
[ ENABLED_ERROR_STRINGS=$enableval ],
[ ENABLED_ERROR_STRINGS=yes ]
)
if test "$ENABLED_ERROR_STRINGS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
else
# turn off error strings if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
ENABLED_ERROR_STRINGS=no
fi
fi
# OLD TLS
AC_ARG_ENABLE([oldtls],
[ --enable-oldtls Enable old TLS versions < 1.2 (default: enabled)],
[ ENABLED_OLD_TLS=$enableval ],
[ ENABLED_OLD_TLS=yes ]
)
if test "$ENABLED_OLD_TLS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
else
# turn off old if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no
fi
fi
# MEMORY
AC_ARG_ENABLE([memory],
[ --enable-memory Enable memory callbacks (default: enabled)],
[ ENABLED_MEMORY=$enableval ],
[ ENABLED_MEMORY=yes ]
)
if test "$ENABLED_MEMORY" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CYASSL_MEMORY"
else
# turn off memory cb if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
# but don't turn on NO_CYASSL_MEMORY because using own
ENABLED_MEMORY=no
fi
fi
AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"])
# RSA
AC_ARG_ENABLE([rsa],
[ --enable-rsa Enable RSA (default: enabled)],
@ -507,6 +599,251 @@ fi
AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"])
# DH
AC_ARG_ENABLE([dh],
[ --enable-dh Enable DH (default: enabled)],
[ ENABLED_DH=$enableval ],
[ ENABLED_DH=yes ]
)
if test "$ENABLED_DH" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
else
# turn off DH if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
ENABLED_DH=no
fi
fi
AM_CONDITIONAL([BUILD_DH], [test "x$ENABLED_DH" = "xyes"])
# ASN
# turn off asn, which means no certs, no rsa, no dh, no dsa, no ecc,
# and no big int, use this to disable all public key stuff
AC_ARG_ENABLE([asn],
[ --enable-asn Enable ASN (default: enabled)],
[ ENABLED_ASN=$enableval ],
[ ENABLED_ASN=yes ]
)
if test "$ENABLED_ASN" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
else
# turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
ENABLED_ASN=no
fi
fi
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable rsa if disabling asn.])
fi
if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable dsa if disabling asn.])
fi
if test "$ENABLED_DH" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable dh if disabling asn.])
fi
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable ecc if disabling asn.])
fi
if test "$ENABLED_PSK" = "no" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please enable psk if disabling asn.])
fi
if test "$ENABLED_ASN" = "no"
then
ENABLED_FASTMATH=no
ENABLED_SLOWMATH=no
fi
AM_CONDITIONAL([BUILD_ASN], [test "x$ENABLED_ASN" = "xyes"])
# AES
AC_ARG_ENABLE([aes],
[ --enable-aes Enable AES (default: enabled)],
[ ENABLED_AES=$enableval ],
[ ENABLED_AES=yes ]
)
if test "$ENABLED_AES" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
else
# turn off AES if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
ENABLED_AES=no
fi
fi
AM_CONDITIONAL([BUILD_AES], [test "x$ENABLED_AES" = "xyes"])
# CODING
AC_ARG_ENABLE([coding],
[ --enable-coding Enable Coding base 16/64 (default: enabled)],
[ ENABLED_CODING=$enableval ],
[ ENABLED_CODING=yes ]
)
if test "$ENABLED_CODING" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
else
# turn off CODING if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
ENABLED_CODING=no
fi
fi
AM_CONDITIONAL([BUILD_CODING], [test "x$ENABLED_CODING" = "xyes"])
# DES3
AC_ARG_ENABLE([des3],
[ --enable-des3 Enable DES3 (default: enabled)],
[ ENABLED_DES3=$enableval ],
[ ENABLED_DES3=yes ]
)
if test "$ENABLED_DES3" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else
# turn off DES3 if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no
fi
fi
AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
# ARC4
AC_ARG_ENABLE([arc4],
[ --enable-arc4 Enable ARC4 (default: enabled)],
[ ENABLED_ARC4=$enableval ],
[ ENABLED_ARC4=yes ]
)
if test "$ENABLED_ARC4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
else
# turn off ARC4 if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
ENABLED_ARC4=no
fi
fi
AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"])
# MD5
AC_ARG_ENABLE([md5],
[ --enable-md5 Enable MD5 (default: enabled)],
[ ENABLED_MD5=$enableval ],
[ ENABLED_MD5=yes ]
)
if test "$ENABLED_MD5" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
else
# turn off MD5 if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
ENABLED_MD5=no
fi
fi
AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"])
# SHA
AC_ARG_ENABLE([sha],
[ --enable-sha Enable SHA (default: enabled)],
[ ENABLED_SHA=$enableval ],
[ ENABLED_SHA=yes ]
)
if test "$ENABLED_SHA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
else
# turn off SHA if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
ENABLED_SHA=no
fi
fi
AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
# MD4
AC_ARG_ENABLE([md4],
[ --enable-md4 Enable MD4 (default: disabled)],
[ ENABLED_MD4=$enableval ],
[ ENABLED_MD4=no ]
)
if test "$ENABLED_MD4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
fi
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
# PWDBASED
AC_ARG_ENABLE([pwdbased],
[ --enable-pwdbased Enable PWDBASED (default: disabled)],
[ ENABLED_PWDBASED=$enableval ],
[ ENABLED_PWDBASED=no ]
)
if test "$ENABLED_PWDBASED" = "no"
then
if test "$ENABLED_OPENSSLEXTRA" = "yes"
then
# opensslextra needs pwdbased
ENABLED_PWDBASED=yes
else
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
fi
fi
AM_CONDITIONAL([BUILD_PWDBASED], [test "x$ENABLED_PWDBASED" = "xyes"])
# HC128
AC_ARG_ENABLE([hc128],
[ --enable-hc128 Enable HC-128 (default: disabled)],
@ -541,22 +878,9 @@ fi
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
# PSK
AC_ARG_ENABLE([psk],
[ --enable-psk Enable PSK (default: disabled)],
[ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ]
)
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
fi
# Web Server Build
AC_ARG_ENABLE([webServer],
[ --enable-webServer Enable Web Server (default: disabled)],
AC_ARG_ENABLE([webserver],
[ --enable-webserver Enable Web Server (default: disabled)],
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
)
@ -567,53 +891,39 @@ then
fi
# No Filesystem Build
AC_ARG_ENABLE([noFilesystem],
[ --enable-noFilesystem Enable No Filesystem (default: disabled)],
[ ENABLED_NOFILESYSTEM=$enableval ],
[ ENABLED_NOFILESYSTEM=no ]
# Filesystem Build
AC_ARG_ENABLE([filesystem],
[ --enable-filesystem Enable Filesystem support (default: disabled)],
[ ENABLED_FILESYSTEM=$enableval ],
[ ENABLED_FILESYSTEM=yes ]
)
if test "$ENABLED_NOFILESYSTEM" = "yes"
if test "$ENABLED_FILESYSTEM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
else
# turn off filesystem if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
ENABLED_FILESYSTEM=no
fi
fi
# No inline Build
AC_ARG_ENABLE([noInline],
[ --enable-noInline Enable No inline (default: disabled)],
[ ENABLED_NOINLINE=$enableval ],
[ ENABLED_NOINLINE=no ]
# inline Build
AC_ARG_ENABLE([inline],
[ --enable-inline Enable inline functions (default: disabled)],
[ ENABLED_INLINE=$enableval ],
[ ENABLED_INLINE=yes ]
)
if test "$ENABLED_NOINLINE" = "yes"
if test "$ENABLED_INLINE" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
fi
AM_CONDITIONAL([BUILD_NOINLINE], [test "x$ENABLED_NOINLINE" = "xyes"])
# ECC
AC_ARG_ENABLE([ecc],
[ --enable-ecc Enable ECC (default: disabled)],
[ ENABLED_ECC=$enableval ],
[ ENABLED_ECC=no ]
)
if test "$ENABLED_ECC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
fi
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.])
fi
AM_CONDITIONAL([BUILD_INLINE], [test "x$ENABLED_INLINE" = "xyes"])
# OCSP
@ -725,6 +1035,43 @@ then
fi
# fastmath
AC_ARG_ENABLE([fastmath],
[ --enable-fastmath Enable fast math for BigInts (default: disabled)],
[ ENABLED_FASTMATH=$enableval ],
[ ENABLED_FASTMATH=no ]
)
if test "x$ENABLED_FASTMATH" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
# fast HUGE math
AC_ARG_ENABLE([fasthugemath],
[ --enable-fasthugemath Enable fast math + huge code (default: disabled)],
[ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_FASTHUGEMATH="yes"
fi
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
ENABLED_FASTMATH="yes"
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])
# Enable Examples, used to disable examples
AC_ARG_ENABLE([examples],
[ --enable-examples Enable Examples (default: enabled)],
@ -733,7 +1080,10 @@ AC_ARG_ENABLE([examples],
)
AS_IF([test "x$ENABLED_SINGLETHREADED" = "xyes"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_NOFILESYSTEM" = "xyes"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
# certs still have sha signatures for now
AS_IF([test "x$ENABLED_SHA" = "xno"], [ENABLED_EXAMPLES="no"])
AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])
@ -880,24 +1230,40 @@ echo " * VCS checkout: $ac_cv_vcs_checkout"
echo
echo " Features "
echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * DTLS: $ENABLED_DTLS"
echo " * Enable extra OpenSSL API: $ENABLED_OPENSSLEXTRA"
echo " * Filesystem: $ENABLED_FILESYSTEM"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
echo " * fastmath: $ENABLED_FASTMATH"
echo " * sniffer: $ENABLED_SNIFFER"
echo " * ARC4: $ENABLED_ARC4"
echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI"
echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM"
echo " * DES3: $ENABLED_DES3"
echo " * Camellia: $ENABLED_CAMELLIA"
echo " * NULL Cipher: $ENABLED_NULL_CIPHER"
echo " * MD5: $ENABLED_MD5"
echo " * RIPEMD: $ENABLED_RIPEMD"
echo " * SHA: $ENABLED_SHA"
echo " * SHA-512: $ENABLED_SHA512"
echo " * keygen: $ENABLED_KEYGEN"
echo " * certgen: $ENABLED_CERTGEN"
echo " * HC-128: $ENABLED_HC128"
echo " * RABBIT: $ENABLED_RABBIT"
echo " * PWDBASED: $ENABLED_PWDBASED"
echo " * MD4: $ENABLED_MD4"
echo " * PSK: $ENABLED_PSK"
echo " * LEANPSK: $ENABLED_LEANPSK"
echo " * RSA: $ENABLED_RSA"
echo " * DSA: $ENABLED_DSA"
echo " * DH: $ENABLED_DH"
echo " * ECC: $ENABLED_ECC"
echo " * ASN: $ENABLED_ASN"
echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
echo " * OCSP: $ENABLED_OCSP"
echo " * CRL: $ENABLED_CRL"
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"

29
ctaocrypt/src/asm.c
View File

@ -437,9 +437,10 @@ __asm__( \
#define INNERMUL \
do { fp_word t; \
_c[0] = t = ((fp_word)_c[0] + (fp_word)cy) + \
t = ((fp_word)_c[0] + (fp_word)cy) + \
(((fp_word)mu) * ((fp_word)*tmpm++)); \
cy = (t >> DIGIT_BIT); \
_c[0] = (fp_digit)t; \
cy = (fp_digit)(t >> DIGIT_BIT); \
} while (0)
#define PROPCARRY \
@ -975,8 +976,9 @@ __asm__( \
/* multiplies point i and j, updates carry "c1" and digit c2 */
#define SQRADD(i, j) \
do { fp_word t; \
t = c0 + ((fp_word)i) * ((fp_word)j); c0 = t; \
t = c1 + (t >> DIGIT_BIT); c1 = t; c2 += t >> DIGIT_BIT; \
t = c0 + ((fp_word)i) * ((fp_word)j); c0 = (fp_digit)t; \
t = c1 + (t >> DIGIT_BIT); c1 = (fp_digit)t; \
c2 +=(fp_digit) (t >> DIGIT_BIT); \
} while (0);
@ -984,10 +986,12 @@ __asm__( \
#define SQRADD2(i, j) \
do { fp_word t; \
t = ((fp_word)i) * ((fp_word)j); \
tt = (fp_word)c0 + t; c0 = tt; \
tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = tt; c2 += tt >> DIGIT_BIT; \
tt = (fp_word)c0 + t; c0 = tt; \
tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = tt; c2 += tt >> DIGIT_BIT; \
tt = (fp_word)c0 + t; c0 = (fp_digit)tt; \
tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = (fp_digit)tt; \
c2 +=(fp_digit)( tt >> DIGIT_BIT); \
tt = (fp_word)c0 + t; c0 = (fp_digit)tt; \
tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = (fp_digit)tt; \
c2 +=(fp_digit) (tt >> DIGIT_BIT); \
} while (0);
#define SQRADDSC(i, j) \
@ -1274,10 +1278,11 @@ ____asm__( \
#define COMBA_FINI
#define MULADD(i, j) \
do { fp_word t; \
t = (fp_word)c0 + ((fp_word)i) * ((fp_word)j); c0 = t; \
t = (fp_word)c1 + (t >> DIGIT_BIT); c1 = t; c2 += t >> DIGIT_BIT; \
#define MULADD(i, j) \
do { fp_word t; \
t = (fp_word)c0 + ((fp_word)i) * ((fp_word)j); c0 = (fp_digit)t; \
t = (fp_word)c1 + (t >> DIGIT_BIT); \
c1 = (fp_digit)t; c2 += (fp_digit)(t >> DIGIT_BIT); \
} while (0);
#endif

24
ctaocrypt/src/asn.c
View File

@ -71,10 +71,10 @@
#ifndef TRUE
enum {
FALSE = 0,
TRUE = 1
};
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
@ -184,10 +184,10 @@ struct tm* gmtime(const time_t* timer)
dayclock = (unsigned long)secs % SECS_DAY;
dayno = (unsigned long)secs / SECS_DAY;
ret->tm_sec = dayclock % 60;
ret->tm_min = (dayclock % 3600) / 60;
ret->tm_hour = dayclock / 3600;
ret->tm_wday = (dayno + 4) % 7; /* day 0 a Thursday */
ret->tm_sec = (int) dayclock % 60;
ret->tm_min = (int)(dayclock % 3600) / 60;
ret->tm_hour = (int) dayclock / 3600;
ret->tm_wday = (int) (dayno + 4) % 7; /* day 0 a Thursday */
while(dayno >= (unsigned long)YEARSIZE(year)) {
dayno -= YEARSIZE(year);
@ -195,7 +195,7 @@ struct tm* gmtime(const time_t* timer)
}
ret->tm_year = year - YEAR0;
ret->tm_yday = dayno;
ret->tm_yday = (int)dayno;
ret->tm_mon = 0;
while(dayno >= (unsigned long)_ytab[LEAPYEAR(year)][ret->tm_mon]) {
@ -203,7 +203,7 @@ struct tm* gmtime(const time_t* timer)
ret->tm_mon++;
}
ret->tm_mday = ++dayno;
ret->tm_mday = (int)++dayno;
ret->tm_isdst = 0;
return ret;
@ -1911,7 +1911,7 @@ static word32 BytePrecision(word32 value)
{
word32 i;
for (i = sizeof(value); i; --i)
if (value >> ((i - 1) * BIT_SIZE))
if (value >> ((i - 1) * CYASSL_BIT_SIZE))
break;
return i;
@ -1928,7 +1928,7 @@ static word32 SetLength(word32 length, byte* output)
output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH);
for (j = BytePrecision(length); j; --j) {
output[i] = (byte)(length >> ((j - 1) * BIT_SIZE));
output[i] = (byte)(length >> ((j - 1) * CYASSL_BIT_SIZE));
i++;
}
}

3
ctaocrypt/src/coding.c
View File

@ -23,6 +23,8 @@
#include <config.h>
#endif
#ifndef NO_CODING
#include <cyassl/ctaocrypt/coding.h>
#include <cyassl/ctaocrypt/error.h>
#include <cyassl/ctaocrypt/logging.h>
@ -265,3 +267,4 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
#endif /* defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER) */
#endif /* NO_CODING */

4
ctaocrypt/src/dh.c
View File

@ -83,8 +83,8 @@ static word32 DiscreteLogWorkFactor(word32 n)
static void GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
{
word32 sz = mp_unsigned_bin_size(&key->p);
sz = min(sz, 2 * DiscreteLogWorkFactor(sz * BIT_SIZE) / BIT_SIZE + 1);
sz = min(sz, 2 * DiscreteLogWorkFactor(sz * CYASSL_BIT_SIZE) /
CYASSL_BIT_SIZE + 1);
RNG_GenerateBlock(rng, priv, sz);
priv[0] |= 0x0C;

2
ctaocrypt/src/integer.c
View File

@ -3736,7 +3736,7 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c)
#endif
#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || !defined(NO_PWDBASED)
#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || defined(OPENSSL_EXTRA)
/* single digit addition */
int mp_add_d (mp_int* a, mp_digit b, mp_int* c)

4
ctaocrypt/src/misc.c
View File

@ -163,8 +163,8 @@ STATIC INLINE void XorWords(word* r, const word* a, word32 n)
STATIC INLINE void xorbuf(byte* buf, const byte* mask, word32 count)
{
if (((word)buf | (word)mask | count) % WORD_SIZE == 0)
XorWords( (word*)buf, (const word*)mask, count / WORD_SIZE);
if (((word)buf | (word)mask | count) % CYASSL_WORD_SIZE == 0)
XorWords( (word*)buf, (const word*)mask, count / CYASSL_WORD_SIZE);
else {
word32 i;
for (i = 0; i < count; i++) buf[i] ^= mask[i];

4
ctaocrypt/test/test.c
View File

@ -166,7 +166,7 @@ void ctaocrypt_test(void* args)
((func_args*)args)->return_code = -1; /* error state */
#if !defined(CYASSL_LEANPSK)
#if !defined(NO_BIG_INT)
if (CheckCtcSettings() != 1)
err_sys("Build vs runtime math mismatch\n", -1234);
@ -174,7 +174,7 @@ void ctaocrypt_test(void* args)
if (CheckFastMathSettings() != 1)
err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n", -1235);
#endif /* USE_FAST_MATH */
#endif /* !CYASSL_LEANPSK */
#endif /* !NO_BIG_INT */
#ifndef NO_MD5

6
cyassl/ctaocrypt/integer.h
View File

@ -82,9 +82,9 @@ extern "C" {
#ifdef MP_8BIT
typedef unsigned char mp_digit;
typedef unsigned short mp_word;
#elif defined(MP_16BIT)
#elif defined(MP_16BIT) || defined(NO_64BIT)
typedef unsigned short mp_digit;
typedef unsigned long mp_word;
typedef unsigned int mp_word;
#elif defined(MP_64BIT)
/* for GCC only on supported platforms */
#ifndef CRYPT
@ -313,7 +313,7 @@ int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
#endif
#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || !defined(NO_PWDBASED)
#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || defined(OPENSSL_EXTRA)
int mp_sub_d (mp_int * a, mp_digit b, mp_int * c);
#endif

22
cyassl/ctaocrypt/settings.h
View File

@ -133,11 +133,21 @@
#ifdef FREERTOS
#define NO_WRITEV
#define NO_SHA512
#define NO_DH
#define NO_DSA
#define NO_HC128
#ifndef NO_WRITEV
#define NO_WRITEV
#endif
#ifndef NO_SHA512
#define NO_SHA512
#endif
#ifndef NO_DH
#define NO_DH
#endif
#ifndef NO_DSA
#define NO_DSA
#endif
#ifndef NO_HC128
#define NO_HC128
#endif
#ifndef SINGLE_THREADED
#include "FreeRTOS.h"
@ -457,7 +467,7 @@
#if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \
!defined(CYASSL_LEANPSK)
!defined(CYASSL_LEANPSK) && !defined(NO_CYASSL_MEMORY)
#define USE_CYASSL_MEMORY
#endif

13
cyassl/ctaocrypt/tfm.h
View File

@ -54,6 +54,7 @@
#endif
#ifndef NO_64BIT
/* autodetect x86-64 and make sure we are using 64-bit digits with x86-64 asm */
#if defined(__x86_64__)
#if defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM)
@ -72,6 +73,7 @@
#if defined(__x86_64__) && !defined(FP_64BIT)
#define FP_64BIT
#endif
#endif /* NO_64BIT */
/* try to detect x86-32 */
#if defined(__i386__) && !defined(TFM_SSE2)
@ -214,8 +216,15 @@
typedef signed long long long64;
#endif
#endif
typedef unsigned int fp_digit;
typedef ulong64 fp_word;
#ifndef NO_64BIT
typedef unsigned int fp_digit;
typedef ulong64 fp_word;
#else
/* some procs like coldfire prefer not to place multiply into 64bit type
even though it exists */
typedef unsigned short fp_digit;
typedef unsigned int fp_word;
#endif
#endif
/* # of digits this is */

16
cyassl/ctaocrypt/types.h
View File

@ -97,9 +97,9 @@
enum {
WORD_SIZE = sizeof(word),
BIT_SIZE = 8,
WORD_BITS = WORD_SIZE * BIT_SIZE
CYASSL_WORD_SIZE = sizeof(word),
CYASSL_BIT_SIZE = 8,
CYASSL_WORD_BITS = CYASSL_WORD_SIZE * CYASSL_BIT_SIZE
};
#define CYASSL_MAX_16BIT 0xffffU
@ -149,16 +149,22 @@ enum {
/* default to libc stuff */
/* XREALLOC is used once in normal math lib, not in fast math lib */
/* XFREE on some embeded systems doesn't like free(0) so test */
#ifdef XMALLOC_USER
#if defined(XMALLOC_USER)
/* prototypes for user heap override functions */
#include <stddef.h> /* for size_t */
extern void *XMALLOC(size_t n, void* heap, int type);
extern void *XREALLOC(void *p, size_t n, void* heap, int type);
extern void XFREE(void *p, void* heap, int type);
#elif defined(NO_CYASSL_MEMORY)
/* just use plain C stdlib stuff if desired */
#include <stdlib.h>
#define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));}
#define XREALLOC(p, n, h, t) realloc((p), (n))
#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
&& !defined(CYASSL_SAFERTOS) && !defined(FREESCALE_MQX) \
&& !defined(CYASSL_LEANPSK)
/* default C runtime, can install different routines at runtime */
/* default C runtime, can install different routines at runtime via cbs */
#include <cyassl/ctaocrypt/memory.h>
#define XMALLOC(s, h, t) ((void)h, (void)t, CyaSSL_Malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) CyaSSL_Free((xp));}

34
cyassl/internal.h
View File

@ -138,8 +138,10 @@ void c32to24(word32 in, word24 out);
#if !defined(NO_SHA)
#define BUILD_SSL_RSA_WITH_RC4_128_SHA
#endif
#define BUILD_SSL_RSA_WITH_RC4_128_MD5
#if !defined(NO_TLS) && defined(HAVE_NTRU)
#if !defined(NO_MD5)
#define BUILD_SSL_RSA_WITH_RC4_128_MD5
#endif
#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
#endif
#endif
@ -826,7 +828,7 @@ enum {
The length (in bytes) of the following TLSPlaintext.fragment.
The length should not exceed 2^14.
*/
#if defined(LARGE_STATIC_BUFFERS) || defined(CYASSL_DTLS)
#if defined(LARGE_STATIC_BUFFERS)
#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
MTU_EXTRA + MAX_MSG_EXTRA
#else
@ -882,18 +884,18 @@ int SetCipherList(Suites*, const char* list);
CYASSL_LOCAL
void EmbedOcspRespFree(void*, byte*);
#endif
#endif
#ifdef CYASSL_DTLS
CYASSL_LOCAL
int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL
int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL
int EmbedGenerateCookie(byte *buf, int sz, void *ctx);
CYASSL_LOCAL
int IsUDP(void*);
#endif
#ifdef CYASSL_DTLS
CYASSL_LOCAL
int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL
int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL
int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx);
CYASSL_LOCAL
int IsUDP(void*);
#endif /* CYASSL_DTLS */
#endif /* CYASSL_USER_IO */
/* CyaSSL Cipher type just points back to SSL */
@ -1087,6 +1089,9 @@ struct CYASSL_CTX {
byte groupMessages; /* group handshake messages before sending */
CallbackIORecv CBIORecv;
CallbackIOSend CBIOSend;
#ifdef CYASSL_DTLS
CallbackGenCookie CBIOCookie; /* gen cookie callback */
#endif
VerifyCallback verifyCallback; /* cert verification callback */
word32 timeout; /* session timeout */
#ifdef HAVE_ECC
@ -1621,6 +1626,7 @@ struct CYASSL {
int dtls_timeout;
DtlsPool* dtls_pool;
DtlsMsg* dtls_msg_list;
void* IOCB_CookieCtx; /* gen cookie ctx */
#endif
#ifdef CYASSL_CALLBACKS
HandShakeInfo handShakeInfo; /* info saved during handshake */

5
cyassl/ssl.h
View File

@ -809,6 +809,11 @@ CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx);
CYASSL_API void CyaSSL_SetIOReadFlags( CYASSL* ssl, int flags);
CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags);
typedef int (*CallbackGenCookie)(CYASSL* ssl, unsigned char* buf, int sz,
void* ctx);
CYASSL_API void CyaSSL_CTX_SetGenCookie(CYASSL_CTX*, CallbackGenCookie);
CYASSL_API void CyaSSL_SetCookieCtx(CYASSL* ssl, void *ctx);
typedef int (*CallbackIOOcsp)(void*, const char*, int,
unsigned char*, int, unsigned char**);
typedef void (*CallbackIOOcspRespFree)(void*,unsigned char*);

108
cyassl/test.h
View File

@ -937,5 +937,113 @@ static INLINE int CurrentDir(const char* str)
#endif /* USE_WINDOWS_API */
#ifdef USE_CYASSL_MEMORY
typedef struct memoryStats {
size_t totalAllocs; /* number of allocations */
size_t totalBytes; /* total number of bytes allocated */
size_t peakBytes; /* concurrent max bytes */
size_t currentBytes; /* total current bytes in use */
} memoryStats;
typedef struct memHint {
size_t thisSize; /* size of this memory */
void* thisMemory; /* actual memory for user */
} memHint;
typedef struct memoryTrack {
union {
memHint hint;
byte alignit[16]; /* make sure we have strong alignment */
} u;
} memoryTrack;
#if defined(CYASSL_TRACK_MEMORY)
#define DO_MEM_STATS
static memoryStats ourMemStats;
#endif
static INLINE void* TrackMalloc(size_t sz)
{
memoryTrack* mt;
if (sz == 0)
return NULL;
mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz);
if (mt == NULL)
return NULL;
mt->u.hint.thisSize = sz;
mt->u.hint.thisMemory = (byte*)mt + sizeof(memoryTrack);
#ifdef DO_MEM_STATS
ourMemStats.totalAllocs++;
ourMemStats.totalBytes += sz;
ourMemStats.currentBytes += sz;
if (ourMemStats.currentBytes > ourMemStats.peakBytes)
ourMemStats.peakBytes = ourMemStats.currentBytes;
#endif
return mt->u.hint.thisMemory;
}
static INLINE void TrackFree(void* ptr)
{
memoryTrack* mt;
if (ptr == NULL)
return;
mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack));
#ifdef DO_MEM_STATS
ourMemStats.currentBytes -= mt->u.hint.thisSize;
#endif
free(mt);
}
static INLINE void* TrackRealloc(void* ptr, size_t sz)
{
void* ret = TrackMalloc(sz);
if (ret && ptr)
memcpy(ret, ptr, sz);
if (ret)
TrackFree(ptr);
return ret;
}
static INLINE void InitMemoryTracker(void)
{
if (CyaSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc) != 0)
err_sys("CyaSSL SetAllocators failed for track memory");
#ifdef DO_MEM_STATS
ourMemStats.totalAllocs = 0;
ourMemStats.totalBytes = 0;
ourMemStats.peakBytes = 0;
ourMemStats.currentBytes = 0;
#endif
}
static INLINE void ShowMemoryTracker(void)
{
#ifdef DO_MEM_STATS
printf("total Allocs = %9ld\n", ourMemStats.totalAllocs);
printf("total Bytes = %9ld\n", ourMemStats.totalBytes);
printf("peak Bytes = %9ld\n", ourMemStats.peakBytes);
printf("current Bytes = %9ld\n", ourMemStats.currentBytes);
#endif
}
#endif /* USE_CYASSL_MEMORY */
#endif /* CyaSSL_TEST_H */

4
cyassl/version.h
View File

@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBCYASSL_VERSION_STRING "2.5.2"
#define LIBCYASSL_VERSION_HEX 0x02005002
#define LIBCYASSL_VERSION_STRING "2.5.3"
#define LIBCYASSL_VERSION_HEX 0x02005003
#ifdef __cplusplus
}

30
examples/client/client.c
View File

@ -23,6 +23,11 @@
#include <config.h>
#endif
#if !defined(CYASSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER)
/* in case memory tracker wants stats */
#define CYASSL_TRACK_MEMORY
#endif
#include <cyassl/ssl.h>
#include <cyassl/test.h>
@ -35,6 +40,7 @@
Timeval timeout;
#endif
static void NonBlockingSSL_Connect(CYASSL* ssl)
{
#ifndef CYASSL_CALLBACKS
@ -97,6 +103,7 @@ static void Usage(void)
printf("-A <file> Certificate Authority file, default %s\n", caCert);
printf("-b <num> Benchmark <num> connections and print stats\n");
printf("-s Use pre Shared keys\n");
printf("-t Track CyaSSL memory use\n");
printf("-d Disable peer checks\n");
printf("-g Send server HTTP GET\n");
printf("-u Use UDP DTLS,"
@ -139,6 +146,7 @@ void client_test(void* args)
int doPeerCheck = 1;
int nonBlocking = 0;
int resumeSession = 0;
int trackMemory = 0;
char* cipherList = NULL;
char* verifyCert = (char*)caCert;
char* ourCert = (char*)cliCert;
@ -157,8 +165,9 @@ void client_test(void* args)
(void)resumeSz;
(void)session;
(void)sslResume;
(void)trackMemory;
while ((ch = mygetopt(argc, argv, "?gdusmNrh:p:v:l:A:c:k:b:")) != -1) {
while ((ch = mygetopt(argc, argv, "?gdusmNrth:p:v:l:A:c:k:b:")) != -1) {
switch (ch) {
case '?' :
Usage();
@ -180,6 +189,12 @@ void client_test(void* args)
usePsk = 1;
break;
case 't' :
#ifdef USE_CYASSL_MEMORY
trackMemory = 1;
#endif
break;
case 'm' :
matchName = 1;
break;
@ -257,6 +272,11 @@ void client_test(void* args)
}
}
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
case 0:
@ -361,8 +381,10 @@ void client_test(void* args)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#endif
#if !defined(NO_CERTS)
if (!usePsk && doPeerCheck == 0)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
#ifdef HAVE_CAVIUM
CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
@ -561,6 +583,11 @@ void client_test(void* args)
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
#endif /* USE_CYASSL_MEMORY */
}
@ -622,4 +649,3 @@ void client_test(void* args)
#endif

2
examples/echoclient/echoclient.c
View File

@ -98,7 +98,7 @@ void echoclient_test(void* args)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#endif
#elif !defined(NO_CERTS)
if (!doLeanPSK)
if (!doPSK)
load_buffer(ctx, caCert, CYASSL_CA);
#endif

27
examples/server/server.c
View File

@ -23,6 +23,11 @@
#include <config.h>
#endif
#if !defined(CYASSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER)
/* in case memory tracker wants stats */
#define CYASSL_TRACK_MEMORY
#endif
#include <cyassl/openssl/ssl.h>
#include <cyassl/test.h>
@ -98,6 +103,7 @@ static void Usage(void)
printf("-d Disable client cert check\n");
printf("-b Bind to any interface instead of localhost only\n");
printf("-s Use pre Shared keys\n");
printf("-t Track CyaSSL memory use\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
printf("-N Use Non-blocking sockets\n");
@ -125,6 +131,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int doDTLS = 0;
int useNtruKey = 0;
int nonBlocking = 0;
int trackMemory = 0;
char* cipherList = NULL;
char* verifyCert = (char*)cliCert;
char* ourCert = (char*)svrCert;
@ -139,8 +146,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
ourCert = (char*)eccCert;
ourKey = (char*)eccKey;
#endif
(void)trackMemory;
while ((ch = mygetopt(argc, argv, "?dbsnNup:v:l:A:c:k:")) != -1) {
while ((ch = mygetopt(argc, argv, "?dbstnNup:v:l:A:c:k:")) != -1) {
switch (ch) {
case '?' :
Usage();
@ -158,6 +166,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
usePsk = 1;
break;
case 't' :
#ifdef USE_CYASSL_MEMORY
trackMemory = 1;
#endif
break;
case 'n' :
useNtruKey = 1;
break;
@ -222,6 +236,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
}
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
case 0:
@ -400,6 +419,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
CloseSocket(clientfd);
((func_args*)args)->return_code = 0;
#ifdef USE_CYASSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
#endif /* USE_CYASSL_MEMORY */
return 0;
}

21
src/crl.c
View File

@ -30,6 +30,7 @@
#include <cyassl/error.h>
#include <dirent.h>
#include <sys/stat.h>
#include <string.h>
@ -532,8 +533,19 @@ int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
return BAD_PATH_ERROR;
}
while ( (entry = readdir(dir)) != NULL) {
if (entry->d_type & DT_REG) {
char name[MAX_FILENAME_SZ];
char name[MAX_FILENAME_SZ];
struct stat s;
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
if (stat(name, &s) != 0) {
CYASSL_MSG("stat on name failed");
continue;
}
if (s.st_mode & S_IFREG) {
if (type == SSL_FILETYPE_PEM) {
if (strstr(entry->d_name, ".pem") == NULL) {
@ -550,11 +562,6 @@ int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
}
}
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
!= SSL_SUCCESS) {
CYASSL_MSG("CRL file load failed, continuing");

61
src/include.am
View File

@ -11,7 +11,6 @@ src_libcyassl_la_SOURCES = \
src/tls.c \
ctaocrypt/src/hmac.c \
ctaocrypt/src/random.c \
ctaocrypt/src/sha.c \
ctaocrypt/src/sha256.c \
ctaocrypt/src/logging.c \
ctaocrypt/src/error.c
@ -20,24 +19,58 @@ src_libcyassl_la_LIBADD = $(LIBM)
src_libcyassl_la_CFLAGS = -DBUILDING_CYASSL $(AM_CFLAGS)
src_libcyassl_la_CPPFLAGS = -DBUILDING_CYASSL $(AM_CPPFLAGS)
if !BUILD_LEANPSK
src_libcyassl_la_SOURCES += ctaocrypt/src/des3.c \
ctaocrypt/src/coding.c \
ctaocrypt/src/arc4.c \
ctaocrypt/src/md4.c \
ctaocrypt/src/md5.c \
ctaocrypt/src/asn.c \
ctaocrypt/src/dh.c \
ctaocrypt/src/dsa.c \
ctaocrypt/src/pwdbased.c \
ctaocrypt/src/aes.c \
ctaocrypt/src/memory.c
if BUILD_MEMORY
src_libcyassl_la_SOURCES += ctaocrypt/src/memory.c
endif
if BUILD_RSA
src_libcyassl_la_SOURCES += ctaocrypt/src/rsa.c
endif
if BUILD_DH
src_libcyassl_la_SOURCES += ctaocrypt/src/dh.c
endif
if BUILD_ASN
src_libcyassl_la_SOURCES += ctaocrypt/src/asn.c
endif
if BUILD_CODING
src_libcyassl_la_SOURCES += ctaocrypt/src/coding.c
endif
if BUILD_AES
src_libcyassl_la_SOURCES += ctaocrypt/src/aes.c
endif
if BUILD_DES3
src_libcyassl_la_SOURCES += ctaocrypt/src/des3.c
endif
if BUILD_SHA
src_libcyassl_la_SOURCES += ctaocrypt/src/sha.c
endif
if BUILD_RC4
src_libcyassl_la_SOURCES += ctaocrypt/src/arc4.c
endif
if BUILD_MD4
src_libcyassl_la_SOURCES += ctaocrypt/src/md4.c
endif
if BUILD_MD5
src_libcyassl_la_SOURCES += ctaocrypt/src/md5.c
endif
if BUILD_PWDBASED
src_libcyassl_la_SOURCES += ctaocrypt/src/pwdbased.c
endif
if BUILD_DSA
src_libcyassl_la_SOURCES += ctaocrypt/src/dsa.c
endif
if BUILD_AESNI
src_libcyassl_la_SOURCES += ctaocrypt/src/aes_asm.s
endif
@ -70,7 +103,7 @@ if BUILD_RABBIT
src_libcyassl_la_SOURCES += ctaocrypt/src/rabbit.c
endif
if BUILD_NOINLINE
if !BUILD_INLINE
src_libcyassl_la_SOURCES += ctaocrypt/src/misc.c
endif

69
src/internal.c
View File

@ -94,6 +94,9 @@ typedef enum {
static void Hmac(CYASSL* ssl, byte* digest, const byte* buffer, word32 sz,
int content, int verify);
#endif
#ifndef NO_CERTS
static void BuildCertHashes(CYASSL* ssl, Hashes* hashes);
#endif
@ -219,12 +222,16 @@ static INLINE void ato16(const byte* c, word16* u16)
}
#ifdef CYASSL_DTLS
/* convert opaque to 32 bit integer */
static INLINE void ato32(const byte* c, word32* u32)
{
*u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
}
#endif /* CYASSL_DTLS */
#ifdef HAVE_LIBZ
@ -360,14 +367,18 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
#ifdef CYASSL_DTLS
if (method->version.major == DTLS_MAJOR
&& method->version.minor >= DTLSv1_2_MINOR) {
ctx->CBIORecv = EmbedReceiveFrom;
ctx->CBIOSend = EmbedSendTo;
ctx->CBIORecv = EmbedReceiveFrom;
ctx->CBIOSend = EmbedSendTo;
ctx->CBIOCookie = EmbedGenerateCookie;
}
#endif
#else
/* user will set */
ctx->CBIORecv = NULL;
ctx->CBIOSend = NULL;
ctx->CBIORecv = NULL;
ctx->CBIOSend = NULL;
#ifdef CYASSL_DTLS
ctx->CBIOCookie = NULL;
#endif
#endif
ctx->partialWrite = 0;
ctx->verifyCallback = 0;
@ -1220,6 +1231,9 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
#ifdef CYASSL_DTLS
ssl->IOCB_CookieCtx = NULL; /* we don't use for default cb */
#endif
#ifndef NO_OLD_TLS
#ifndef NO_MD5
@ -2189,6 +2203,11 @@ static int Receive(CYASSL* ssl, byte* buf, word32 sz)
{
int recvd;
if (ssl->ctx->CBIORecv == NULL) {
CYASSL_MSG("Your IO Recv callback is null, please set");
return -1;
}
retry:
recvd = ssl->ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
if (recvd < 0)
@ -2283,6 +2302,11 @@ void ShrinkInputBuffer(CYASSL* ssl, int forcedFree)
int SendBuffered(CYASSL* ssl)
{
if (ssl->ctx->CBIOSend == NULL) {
CYASSL_MSG("Your IO Send callback is null, please set");
return SOCKET_ERROR_E;
}
while (ssl->buffers.outputBuffer.length > 0) {
int sent = ssl->ctx->CBIOSend(ssl,
(char*)ssl->buffers.outputBuffer.buffer +
@ -4143,6 +4167,7 @@ static int GetInputData(CYASSL *ssl, word32 size)
int inSz;
int maxLength;
int usedLength;
int dtlsExtra = 0;
/* check max input length */
@ -4151,12 +4176,15 @@ static int GetInputData(CYASSL *ssl, word32 size)
inSz = (int)(size - usedLength); /* from last partial read */
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
if (ssl->options.dtls) {
if (size < MAX_MTU)
dtlsExtra = (int)(MAX_MTU - size);
inSz = MAX_MTU; /* read ahead up to MTU */
}
#endif
if (inSz > maxLength) {
if (GrowInputBuffer(ssl, size, usedLength) < 0)
if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
return MEMORY_E;
}
@ -4599,7 +4627,7 @@ static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
}
}
#ifndef NO_CERTS
static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest)
{
byte md5_result[MD5_DIGEST_SIZE];
@ -4634,7 +4662,8 @@ static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest)
ShaFinal(&ssl->hashSha, digest);
}
#endif
#endif /* NO_CERTS */
#endif /* NO_OLD_TLS */
#ifndef NO_CERTS
@ -5163,6 +5192,7 @@ int SendAlert(CYASSL* ssl, int severity, int type)
byte *output;
int sendSz;
int ret;
int dtlsExtra = 0;
/* if sendalert is called again for nonbloking */
if (ssl->options.sendAlertState != 0) {
@ -5172,8 +5202,14 @@ int SendAlert(CYASSL* ssl, int severity, int type)
return ret;
}
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
dtlsExtra = DTLS_RECORD_EXTRA;
#endif
/* check for avalaible size */
if ((ret = CheckAvalaibleSize(ssl, ALERT_SIZE + MAX_MSG_EXTRA)) != 0)
if ((ret = CheckAvalaibleSize(ssl,
ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra)) != 0)
return ret;
/* get ouput buffer */
@ -9008,8 +9044,12 @@ int SetCipherList(Suites* s, const char* list)
return BUFFER_ERROR;
if (i + b > totalSz)
return INCOMPLETE_DATA;
if ((EmbedGenerateCookie(cookie, COOKIE_SZ, ssl)
!= COOKIE_SZ)
if (ssl->ctx->CBIORecv == NULL) {
CYASSL_MSG("Your Cookie callback is null, please set");
return COOKIE_ERROR;
}
if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ,
ssl->IOCB_CookieCtx) != COOKIE_SZ)
|| (b != COOKIE_SZ)
|| (XMEMCMP(cookie, input + i, b) != 0)) {
return COOKIE_ERROR;
@ -9319,7 +9359,12 @@ int SetCipherList(Suites* s, const char* list)
output[idx++] = ssl->chVersion.minor;
output[idx++] = cookieSz;
if ((ret = EmbedGenerateCookie(output + idx, cookieSz, ssl)) < 0)
if (ssl->ctx->CBIORecv == NULL) {
CYASSL_MSG("Your Cookie callback is null, please set");
return COOKIE_ERROR;
}
if ((ret = ssl->ctx->CBIOCookie(ssl, output + idx, cookieSz,
ssl->IOCB_CookieCtx)) < 0)
return ret;
HashOutput(ssl, output, sendSz, 0);

30
src/io.c
View File

@ -192,7 +192,9 @@ int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx)
#ifdef USE_WINDOWS_API
DWORD timeout = dtls_timeout * 1000;
#else
struct timeval timeout = {dtls_timeout, 0};
struct timeval timeout;
XMEMSET(&timeout, 0, sizeof(timeout));
timeout.tv_sec = dtls_timeout;
#endif
if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
sizeof(timeout)) != 0) {
@ -324,7 +326,9 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx)
#ifdef USE_WINDOWS_API
DWORD timeout = dtls_timeout * 1000;
#else
struct timeval timeout = { dtls_timeout, 0 };
struct timeval timeout;
XMEMSET(&timeout, 0, sizeof(timeout));
timeout.tv_sec = dtls_timeout;
#endif
if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
sizeof(timeout)) != 0) {
@ -429,9 +433,8 @@ int EmbedSendTo(CYASSL* ssl, char *buf, int sz, void *ctx)
/* The DTLS Generate Cookie callback
* return : number of bytes copied into buf, or error
*/
int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx)
{
CYASSL* ssl = (CYASSL*)ctx;
int sd = ssl->wfd;
struct sockaddr_in peer;
XSOCKLENT peerSz = sizeof(peer);
@ -439,6 +442,8 @@ int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
int cookieSrcSz = 0;
Sha sha;
(void)ctx;
if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) {
CYASSL_MSG("getpeername failed in EmbedGenerateCookie");
return GEN_COOKIE_E;
@ -783,6 +788,23 @@ CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags)
ssl->wflags = flags;
}
#ifdef CYASSL_DTLS
CYASSL_API void CyaSSL_CTX_SetGenCookie(CYASSL_CTX* ctx, CallbackGenCookie cb)
{
ctx->CBIOCookie = cb;
}
CYASSL_API void CyaSSL_SetCookieCtx(CYASSL* ssl, void *ctx)
{
ssl->IOCB_CookieCtx = ctx;
}
#endif /* CYASSL_DTLS */
#ifdef HAVE_OCSP
CYASSL_API void CyaSSL_SetIOOcsp(CYASSL_CTX* ctx, CallbackIOOcsp cb)

99
src/ssl.c
View File

@ -27,8 +27,6 @@
#include <errno.h>
#endif
#define TRUE 1
#define FALSE 0
#include <cyassl/ssl.h>
#include <cyassl/internal.h>
@ -64,6 +62,7 @@
#if !defined(USE_WINDOWS_API) && !defined(NO_CYASSL_DIR) \
&& !defined(EBSNET)
#include <dirent.h>
#include <sys/stat.h>
#endif
#ifdef EBSNET
#include "vfapi.h"
@ -71,6 +70,12 @@
#endif
#endif /* NO_FILESYSTEM */
#ifndef TRUE
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
#ifndef min
@ -1143,7 +1148,7 @@ int CyaSSL_Init(void)
if (pkcs8)
return ToTraditional(der->buffer, der->length);
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED)
if (pkcs8Enc) {
int passwordSz;
char password[80];
@ -1671,14 +1676,20 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
return BAD_PATH_ERROR;
}
while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
if (entry->d_type & DT_REG) {
char name[MAX_FILENAME_SZ];
char name[MAX_FILENAME_SZ];
struct stat s;
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
if (stat(name, &s) != 0) {
CYASSL_MSG("stat on name failed");
closedir(dir);
return BAD_PATH_ERROR;
}
if (s.st_mode & S_IFREG) {
ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
NULL);
}
@ -2865,6 +2876,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
#ifndef NO_PSK
havePSK = ssl->options.havePSK;
#endif
(void)havePSK;
if (ssl->options.side != SERVER_END) {
CYASSL_ERROR(ssl->error = SIDE_ERROR);
@ -3109,13 +3121,64 @@ int CyaSSL_Cleanup(void)
#ifndef NO_SESSION_CACHE
/* Make a work from the front of random hash */
static INLINE word32 MakeWordFromHash(const byte* hashID)
{
return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |
hashID[3];
}
#ifndef NO_MD5
/* some session IDs aren't random afterall, let's make them random */
static INLINE word32 HashSession(const byte* sessionID)
{
/* id is random, just make 32 bit number from first 4 bytes for now */
return (sessionID[0] << 24) | (sessionID[1] << 16) | (sessionID[2] << 8) |
sessionID[3];
byte digest[MD5_DIGEST_SIZE];
Md5 md5;
InitMd5(&md5);
Md5Update(&md5, sessionID, ID_LEN);
Md5Final(&md5, digest);
return MakeWordFromHash(digest);
}
#elif !defined(NO_SHA)
static INLINE word32 HashSession(const byte* sessionID)
{
byte digest[SHA_DIGEST_SIZE];
Sha sha;
InitSha(&sha);
ShaUpdate(&sha, sessionID, ID_LEN);
ShaFinal(&sha, digest);
return MakeWordFromHash(digest);
}
#elif !defined(NO_SHA256)
static INLINE word32 HashSession(const byte* sessionID)
{
byte digest[SHA256_DIGEST_SIZE];
Sha256 sha256;
InitSha256(&sha256);
Sha256Update(&sha256, sessionID, ID_LEN);
Sha256Final(&sha256, digest);
return MakeWordFromHash(digest);
}
#else
#error "We need a digest to hash the session IDs"
#endif /* NO_MD5 */
void CyaSSL_flush_sessions(CYASSL_CTX* ctx, long tm)
{
@ -7340,6 +7403,7 @@ static int initGlobalRNG = 0;
}
#ifndef NO_DSA
static void InitCyaSSL_DSA(CYASSL_DSA* dsa)
{
if (dsa) {
@ -7432,7 +7496,7 @@ static int initGlobalRNG = 0;
return 0; /* key gen not needed by server */
}
#endif /* NO_DSA */
static void InitCyaSSL_Rsa(CYASSL_RSA* rsa)
{
@ -7532,6 +7596,7 @@ static int initGlobalRNG = 0;
}
#ifndef NO_DSA
static int SetDsaExternal(CYASSL_DSA* dsa)
{
DsaKey* key;
@ -7573,6 +7638,7 @@ static int initGlobalRNG = 0;
return 0;
}
#endif /* NO_DSA */
static int SetRsaExternal(CYASSL_RSA* rsa)
@ -7724,6 +7790,7 @@ static int initGlobalRNG = 0;
}
#ifndef NO_DSA
/* return 0 on success, < 0 otherwise */
int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
CYASSL_DSA* dsa)
@ -7759,6 +7826,7 @@ static int initGlobalRNG = 0;
return 0;
}
#endif /* NO_DSA */
/* return 1 on success, 0 otherwise */
@ -8330,6 +8398,7 @@ int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
}
#ifndef NO_DSA
/* Load DSA from Der, 0 on success < 0 on error */
int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
{
@ -8358,7 +8427,7 @@ int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
return 0;
}
#endif /* NO_DSA */

3
sslSniffer/sslSnifferTest/snifftest.c
View File

@ -214,6 +214,9 @@ int main(int argc, char** argv)
ret = ssl_SetPrivateKey(server, port, "../../certs/server-key.pem",
FILETYPE_PEM, NULL, err);
if (ret != 0) {
printf("Please run directly from sslSniffer/sslSnifferTest dir\n");
}
}
else if (argc >= 3) {
saveFile = 1;

40
tests/suites.c
View File

@ -34,6 +34,7 @@
#define MAX_COMMAND_SZ 240
#define MAX_SUITE_SZ 80
#define NOT_BUILT_IN -123
#define VERSION_TOO_OLD -124
#include "examples/client/client.h"
#include "examples/server/server.h"
@ -41,6 +42,30 @@
CYASSL_CTX* cipherSuiteCtx = NULL;
#ifdef NO_OLD_TLS
/* if the protocol version is less than tls 1.2 return 1, else 0 */
static int IsOldTlsVersion(const char* line)
{
const char* find = "-v ";
char* begin = strstr(line, find);
if (begin) {
int version = -1;
begin += 3;
version = atoi(begin);
if (version < 3)
return 1;
}
return 0;
}
#endif /* NO_OLD_TLS */
/* if the cipher suite on line is valid store in suite and return 1, else 0 */
static int IsValidCipherSuite(const char* line, char* suite)
{
@ -48,7 +73,7 @@ static int IsValidCipherSuite(const char* line, char* suite)
int valid = 0;
const char* find = "-l ";
char* begin = strnstr(line, find, MAX_COMMAND_SZ);
char* begin = strstr(line, find);
char* end;
suite[0] = '\0';
@ -56,7 +81,7 @@ static int IsValidCipherSuite(const char* line, char* suite)
if (begin) {
begin += 3;
end = strnstr(begin, " ", MAX_COMMAND_SZ);
end = strstr(begin, " ");
if (end) {
long len = end - begin;
@ -116,6 +141,15 @@ static int execute_test_case(int svr_argc, char** svr_argv,
return NOT_BUILT_IN;
}
#ifdef NO_OLD_TLS
if (IsOldTlsVersion(commandLine) == 1) {
#ifdef DEBUG_SUITE_TESTS
printf("protocol version on line %s is too old\n", commandLine);
#endif
return VERSION_TOO_OLD;
}
#endif
if (addNoVerify) {
printf("repeating test with client cert request off\n");
added += 4; /* -d plus space plus terminator */
@ -269,6 +303,8 @@ static void test_harness(void* vargs)
comment = strsep(&cursor, "\n");
#ifdef DEBUG_SUITE_TESTS
printf("%s\n", comment);
#else
(void)comment;
#endif
break;
case '-':