From 3051c8e900ef3302086c3a48f97ccf8b47f790e0 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 9 Dec 2013 18:21:43 -0800 Subject: [PATCH 1/6] make sure Arrays elemets all set to 0 --- src/internal.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/internal.c b/src/internal.c index dfb4a79b8..ffa120a2d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1636,6 +1636,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) CYASSL_MSG("Arrays Memory error"); return MEMORY_E; } + XMEMSET(ssl->arrays, 0, sizeof(Arrays)); #ifndef NO_PSK ssl->arrays->client_identity[0] = 0; From 0d85a85d5924357f21c335b8f57b60d30c083910 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 10 Dec 2013 12:05:55 -0800 Subject: [PATCH 2/6] Bumped version for point release. --- configure.ac | 2 +- cyassl/version.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index d851731cf..e49e55d58 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[2.8.4],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com]) +AC_INIT([cyassl],[2.8.5],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/cyassl/version.h b/cyassl/version.h index bac8ec1d4..96207f8fa 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBCYASSL_VERSION_STRING "2.8.4" -#define LIBCYASSL_VERSION_HEX 0x02008004 +#define LIBCYASSL_VERSION_STRING "2.8.5" +#define LIBCYASSL_VERSION_HEX 0x02008005 #ifdef __cplusplus } From 9e56ad262cb587f310c45e9ee5e2f70502a892ff Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 10 Dec 2013 16:17:43 -0800 Subject: [PATCH 3/6] fix snifftest pcap frees on file mode, close TraceFile on ssl_Free --- src/sniffer.c | 7 +++++++ sslSniffer/sslSnifferTest/snifftest.c | 24 ++++++++++++++++-------- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index 7eb272f87..8e0bff995 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -417,6 +417,13 @@ void ssl_FreeSniffer(void) FreeMutex(&SessionMutex); FreeMutex(&ServerListMutex); + + if (TraceFile) { + TraceOn = 0; + fclose(TraceFile); + TraceFile = NULL; + } + CyaSSL_Cleanup(); } diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 7d5a7561e..2570a65bc 100755 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -69,18 +69,25 @@ enum { }; -pcap_t* pcap = 0; -pcap_if_t *alldevs; +pcap_t* pcap = NULL; +pcap_if_t* alldevs = NULL; + + +static void FreeAll(void) +{ + if (pcap) + pcap_close(pcap); + if (alldevs) + pcap_freealldevs(alldevs); +#ifndef _WIN32 + ssl_FreeSniffer(); +#endif +} static void sig_handler(const int sig) { printf("SIGINT handled = %d.\n", sig); - if (pcap) - pcap_close(pcap); - pcap_freealldevs(alldevs); -#ifndef _WIN32 - ssl_FreeSniffer(); -#endif + FreeAll(); if (sig) exit(EXIT_SUCCESS); } @@ -286,6 +293,7 @@ int main(int argc, char** argv) else if (saveFile) break; /* we're done reading file */ } + FreeAll(); return EXIT_SUCCESS; } From b41d09b1a227d7beb13faf7b69c2fc23fd74d6c3 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 11 Dec 2013 12:03:09 -0800 Subject: [PATCH 4/6] fix newer clang warnings --- ctaocrypt/src/asn.c | 2 ++ src/internal.c | 6 +++++- src/ssl.c | 4 +++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index f19ce79b0..d2fe3f0ad 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -2563,6 +2563,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, (void)sigSz; (void)heap; (void)ret; + (void)typeH; switch (sigOID) { #ifndef NO_MD5 @@ -3339,6 +3340,7 @@ static void DecodeCertExtensions(DecodedCert* cert) } idx += length; } + (void)critical; CYASSL_LEAVE("DecodeCertExtensions", 0); return; diff --git a/src/internal.c b/src/internal.c index ffa120a2d..037ae1372 100644 --- a/src/internal.c +++ b/src/internal.c @@ -622,6 +622,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, (void)tls; /* shut up compiler */ (void)tls1_2; + (void)haveRSA; (void)haveDH; (void)havePSK; (void)haveNTRU; @@ -8118,7 +8119,7 @@ static void PickHashSigAlgo(CYASSL* ssl, case ecc_diffie_hellman_kea: { ecc_key myKey; - ecc_key* peerKey = &myKey; + ecc_key* peerKey = NULL; word32 size = sizeof(encSecret); if (ssl->specs.static_ecdh) { @@ -8133,6 +8134,9 @@ static void PickHashSigAlgo(CYASSL* ssl, peerKey = ssl->peerEccKey; } + if (peerKey == NULL) + return NO_PEER_KEY; + ecc_init(&myKey); ret = ecc_make_key(ssl->rng, peerKey->dp->size, &myKey); if (ret != 0) diff --git a/src/ssl.c b/src/ssl.c index 827369fcf..8196e46db 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1730,6 +1730,7 @@ int CyaSSL_Init(void) der.buffer = 0; (void)dynamicType; + (void)rsaKey; if (used) *used = sz; /* used bytes default to sz, PEM chain may shorten*/ @@ -1980,7 +1981,8 @@ int CyaSSL_Init(void) } ecc_free(&key); eccKey = 1; - ctx->haveStaticECC = 1; + if (ctx) + ctx->haveStaticECC = 1; if (ssl) ssl->options.haveStaticECC = 1; } From e5b0000ee46645673cdba772aa15c4b4d913b61c Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 11 Dec 2013 14:59:46 -0800 Subject: [PATCH 5/6] switch enable-sniffer w/o libpcap to error out again --- configure.ac | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac index e49e55d58..ca1f24783 100644 --- a/configure.ac +++ b/configure.ac @@ -311,14 +311,14 @@ fi # SNIFFER AC_ARG_ENABLE([sniffer], - [AS_HELP_STRING([--enable-sniffer],[ Enable CyaSSL sniffer support (default: disabled) ])],[ - AS_IF([ test "x$enableval" = "xyes" ],[ AC_CHECK_HEADERS([pcap/pcap.h],[ - ENABLED_SNIFFER=yes - AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA" - ],[ ENABLED_SNIFFER=no ]) ]) - ],[ - ENABLED_SNIFFER=no - ]) + [AS_HELP_STRING([--enable-sniffer],[ Enable CyaSSL sniffer support (default: disabled) ])],[ + AS_IF([ test "x$enableval" = "xyes" ],[ AC_CHECK_HEADERS([pcap/pcap.h],[ + ENABLED_SNIFFER=yes + AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA" + ],[ AC_MSG_ERROR([cannot enable sniffer without having libpcap available.]) ]) ]) + ],[ + ENABLED_SNIFFER=no + ]) AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ]) From ba95c33ed45787e60f85e58f26c3c2c385a64a6d Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 11 Dec 2013 15:47:40 -0800 Subject: [PATCH 6/6] more clang warnings --- ctaocrypt/src/asn.c | 2 +- src/internal.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index d2fe3f0ad..8b4463229 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -2563,7 +2563,6 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, (void)sigSz; (void)heap; (void)ret; - (void)typeH; switch (sigOID) { #ifndef NO_MD5 @@ -2647,6 +2646,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, CYASSL_MSG("Verify Signautre has unsupported type"); return 0; } + (void)typeH; /* some builds won't read */ switch (keyOID) { #ifndef NO_RSA diff --git a/src/internal.c b/src/internal.c index 037ae1372..e36fb4aec 100644 --- a/src/internal.c +++ b/src/internal.c @@ -622,7 +622,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, (void)tls; /* shut up compiler */ (void)tls1_2; - (void)haveRSA; (void)haveDH; (void)havePSK; (void)haveNTRU; @@ -636,8 +635,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, if (suites->setSuites) return; /* trust user settings, don't override */ - if (side == CYASSL_SERVER_END && haveStaticECC) + if (side == CYASSL_SERVER_END && haveStaticECC) { haveRSA = 0; /* can't do RSA with ECDSA key */ + (void)haveRSA; /* some builds won't read */ + } if (side == CYASSL_SERVER_END && haveECDSAsig) { haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */