Merge branch 'master' of github.com:cyassl/cyassl

2013-04-24 10:37:55 -07:00 · 2013-04-24 10:37:55 -07:00 · 8e5532eb42
parent c27ebe546d 65913b0d6c
commit 8e5532eb42
11 changed files with 379 additions and 203 deletions
--- a/commit-tests.sh
+++ b/commit-tests.sh
@ -12,7 +12,7 @@ RESULT=$?
 # make sure basic config is ok
 echo -e "\n\nTesting basic config too...\n\n"
-./configure;
+./configure --disable-fastmath;
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nBasic config ./configure failed" && exit 1
--- a/ctaocrypt/src/integer.c
+++ b/ctaocrypt/src/integer.c
@ -3400,7 +3400,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
  mp_rshd (&q, um - 1);         
  /* according to HAC this optimization is ok */
-  if (((unsigned long) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
+  if (((mp_word) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
    if ((res = mp_mul (&q, mu, &q)) != MP_OKAY) {
      goto CLEANUP;
    }
--- a/cyassl/ctaocrypt/types.h
+++ b/cyassl/ctaocrypt/types.h
@ -242,7 +242,8 @@ enum {
    DYNAMIC_TYPE_TMP_BUFFER   = 38,
    DYNAMIC_TYPE_DTLS_MSG     = 39,
    DYNAMIC_TYPE_CAVIUM_TMP   = 40,
-    DYNAMIC_TYPE_CAVIUM_RSA   = 41 
+    DYNAMIC_TYPE_CAVIUM_RSA   = 41,
    DYNAMIC_TYPE_X509         = 42 
 };
 /* stack protection */
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@ -1536,6 +1536,7 @@ struct CYASSL_X509 {
    buffer           derCert;                        /* may need  */
    DNS_entry*       altNames;                       /* alt names list */
    DNS_entry*       altNamesNext;                   /* hint for retrieval */
    byte             dynamicMemory;                  /* dynamic memory flag */
 };
@ -1882,11 +1883,12 @@ CYASSL_LOCAL  int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
 #endif /* NO_TLS */
 typedef double timer_d;
 CYASSL_LOCAL timer_d Timer(void);
 CYASSL_LOCAL word32  LowResTimer(void);
 CYASSL_LOCAL void InitX509(CYASSL_X509*, int);
 CYASSL_LOCAL void FreeX509(CYASSL_X509*);
 CYASSL_LOCAL int  CopyDecodedToX509(CYASSL_X509*, DecodedCert*);
 #ifdef __cplusplus
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@ -167,6 +167,7 @@ CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int);
 CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int);
 CYASSL_API int CyaSSL_CTX_load_verify_locations(CYASSL_CTX*, const char*,
                                                const char*);
 CYASSL_API int CyaSSL_CTX_UnloadCAs(CYASSL_CTX*);
 CYASSL_API int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX *,
                                                     const char *file);
 CYASSL_API int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX*, const char*, int);
@ -713,6 +714,10 @@ CYASSL_API int  CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain);
 CYASSL_API int  CyaSSL_get_chain_length(CYASSL_X509_CHAIN*, int idx);
 /* index cert */
 CYASSL_API unsigned char* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN*, int idx);
 /* index cert in X509 */
 CYASSL_API CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN*, int idx);
 /* free X509 */
 CYASSL_API void CyaSSL_FreeX509(CYASSL_X509*);
 /* get index cert in PEM */
 CYASSL_API int  CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx,
                                unsigned char* buffer, int inLen, int* outLen);
@ -869,6 +874,7 @@ typedef void (*CbMissingCRL)(const char* url);
    CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
                                                                 const char* d);
    CYASSL_API int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm);
    CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
                                                                    int format);
    CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
--- a/cyassl/test.h
+++ b/cyassl/test.h
@ -263,49 +263,53 @@ static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
 #endif
 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
 static INLINE void ShowX509(CYASSL_X509* x509, const char* hdr)
 {
    char* altName;
    char* issuer  = CyaSSL_X509_NAME_oneline(
                                       CyaSSL_X509_get_issuer_name(x509), 0, 0);
    char* subject = CyaSSL_X509_NAME_oneline(
                                      CyaSSL_X509_get_subject_name(x509), 0, 0);
    byte  serial[32];
    int   ret;
    int   sz = sizeof(serial);
    printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject);
    while ( (altName = CyaSSL_X509_get_next_altname(x509)) )
        printf(" altname = %s\n", altName);
    ret = CyaSSL_X509_get_serial_number(x509, serial, &sz);
    if (ret == SSL_SUCCESS) {
        int  i;
        int  strLen;
        char serialMsg[80];
        /* testsuite has multiple threads writing to stdout, get output
           message ready to write once */
        strLen = sprintf(serialMsg, " serial number");
        for (i = 0; i < sz; i++)
            sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
        printf("%s\n", serialMsg);
    }
    XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
    XFREE(issuer,  0, DYNAMIC_TYPE_OPENSSL);
 }
 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
 static INLINE void showPeer(CYASSL* ssl)
 {
    CYASSL_CIPHER* cipher;
 #ifdef KEEP_PEER_CERT
-    CYASSL_X509*   peer = CyaSSL_get_peer_certificate(ssl);
+    CYASSL_X509* peer = CyaSSL_get_peer_certificate(ssl);
-    if (peer) {
+    if (peer)
-#ifdef OPENSSL_EXTRA
+        ShowX509(peer, "peer's cert info:");
        char* altName;
        char* issuer  = CyaSSL_X509_NAME_oneline(
                                       CyaSSL_X509_get_issuer_name(peer), 0, 0);
        char* subject = CyaSSL_X509_NAME_oneline(
                                      CyaSSL_X509_get_subject_name(peer), 0, 0);
        byte  serial[32];
        int   ret;
        int   sz = sizeof(serial);
        printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
                                                                  subject);
        while ( (altName = CyaSSL_X509_get_next_altname(peer)) )
            printf(" altname = %s\n", altName);
        ret = CyaSSL_X509_get_serial_number(peer, serial, &sz);
        if (ret == 0) {
            int  i;
            int  strLen;
            char serialMsg[80];
            /* testsuite has multiple threads writing to stdout, get output
               message ready to write once */
            strLen = sprintf(serialMsg, " serial number");
            for (i = 0; i < sz; i++)
                sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
            printf("%s\n", serialMsg);
        }
        XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
        XFREE(issuer,  0, DYNAMIC_TYPE_OPENSSL);
 #else
        printf("peer has a cert!\n");
 #endif
    }
    else
        printf("peer has no cert!\n");
 #endif
@ -323,10 +327,18 @@ static INLINE void showPeer(CYASSL* ssl)
        for (i = 0; i < count; i++) {
            int length;
            unsigned char buffer[3072];
            CYASSL_X509* chainX509;
            CyaSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length);
            buffer[length] = 0;
            printf("cert %d has length %d data = \n%s\n", i, length, buffer);
            chainX509 = CyaSSL_get_chain_X509(chain, i);
            if (chainX509)
                ShowX509(chainX509, "session cert info:");
            else
                printf("get_chain_X509 failed\n");
            CyaSSL_FreeX509(chainX509);
        }
    }
 #endif
--- a/examples/client/client.c
+++ b/examples/client/client.c
@ -113,6 +113,8 @@ static void Usage(void)
    printf("-m          Match domain name in cert\n");
    printf("-N          Use Non-blocking sockets\n");
    printf("-r          Resume session\n");
    printf("-f          Fewer packets/group messages\n");
    printf("-x          Disable client cert/key loading\n");
 #ifdef SHOW_SIZES
    printf("-z          Print structure sizes\n");
 #endif
@ -152,6 +154,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
    int    nonBlocking = 0;
    int    resumeSession = 0;
    int    trackMemory   = 0;
    int    useClientCert = 1;
    int    fewerPackets  = 0;
    char*  cipherList = NULL;
    char*  verifyCert = (char*)caCert;
    char*  ourCert    = (char*)cliCert;
@ -172,7 +176,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
    (void)sslResume;
    (void)trackMemory;
-    while ((ch = mygetopt(argc, argv, "?gdusmNrth:p:v:l:A:c:k:b:z")) != -1) {
+    while ((ch = mygetopt(argc, argv, "?gdusmNrtfxh:p:v:l:A:c:k:b:z")) != -1) {
        switch (ch) {
            case '?' :
                Usage();
@ -204,6 +208,14 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
                matchName = 1;
                break;
            case 'x' :
                useClientCert = 0;
                break;
            case 'f' :
                fewerPackets = 1;
                break;
            case 'h' :
                host   = myoptarg;
                domain = myoptarg;
@ -344,6 +356,9 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
    usePsk = 1;
 #endif
    if (fewerPackets)
        CyaSSL_CTX_set_group_messages(ctx);
    if (usePsk) {
 #ifndef NO_PSK
        CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
@ -358,6 +373,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
                err_sys("client can't set cipher list 2");
        }
 #endif
        useClientCert = 0;
    }
 #ifdef OPENSSL_EXTRA
@ -381,17 +397,18 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
    CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
 #endif
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
-    if (!usePsk){
+    if (useClientCert){
-        if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
+        if (CyaSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
                                     != SSL_SUCCESS)
            err_sys("can't load client cert file, check file and run from"
                    " CyaSSL home dir");
        if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
                                         != SSL_SUCCESS)
            err_sys("can't load client private key file, check file and run "
-                    "from CyaSSL home dir");    
+                    "from CyaSSL home dir");
    }
    if (!usePsk) {
        if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
                err_sys("can't load ca file, Please run from CyaSSL home dir");
    }
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -108,6 +108,7 @@ static void Usage(void)
    printf("-t          Track CyaSSL memory use\n");
    printf("-u          Use UDP DTLS,"
           " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
    printf("-f          Fewer packets/group messages\n");
    printf("-N          Use Non-blocking sockets\n");
 }
@ -131,9 +132,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    int    port = yasslPort;
    int    usePsk = 0;
    int    doDTLS = 0;
-    int    useNtruKey = 0;
+    int    useNtruKey   = 0;
-    int    nonBlocking = 0;
+    int    nonBlocking  = 0;
-    int    trackMemory = 0;
+    int    trackMemory  = 0;
    int    fewerPackets = 0;
    char*  cipherList = NULL;
    char*  verifyCert = (char*)cliCert;
    char*  ourCert    = (char*)svrCert;
@ -150,7 +152,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #endif
    (void)trackMemory;
-    while ((ch = mygetopt(argc, argv, "?dbstnNup:v:l:A:c:k:")) != -1) {
+    while ((ch = mygetopt(argc, argv, "?dbstnNufp:v:l:A:c:k:")) != -1) {
        switch (ch) {
            case '?' :
                Usage();
@ -182,6 +184,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                doDTLS  = 1;
                break;
            case 'f' :
                fewerPackets = 1;
                break;
            case 'p' :
                port = atoi(myoptarg);
                #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
@ -299,6 +305,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    usePsk = 1;
 #endif
    if (fewerPackets)
        CyaSSL_CTX_set_group_messages(ctx);
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
    if (!usePsk) {
        if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
--- a/src/internal.c
+++ b/src/internal.c
@ -1182,6 +1182,30 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
 }
 /* Initialize CyaSSL X509 type */
 void InitX509(CYASSL_X509* x509, int dynamicFlag)
 {
    x509->derCert.buffer = NULL;
    x509->altNames       = NULL;
    x509->altNamesNext   = NULL;
    x509->dynamicMemory  = dynamicFlag;
 }
 /* Free CyaSSL X509 type */
 void FreeX509(CYASSL_X509* x509)
 {
    if (x509 == NULL)
        return;
    XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_CERT);
    if (x509->altNames)
        FreeAltNames(x509->altNames, NULL);
    if (x509->dynamicMemory)
        XFREE(x509, NULL, DYNAMIC_TYPE_X509);
 }
 /* init everything to 0, NULL, default values before calling anything that may
   fail so that desctructor has a "good" state to cleanup */
 int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
@ -1231,9 +1255,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
    ssl->buffers.plainSz                   = 0;
 #ifdef KEEP_PEER_CERT
-    ssl->peerCert.derCert.buffer = NULL;
+    InitX509(&ssl->peerCert, 0);
    ssl->peerCert.altNames     = NULL;
    ssl->peerCert.altNamesNext = NULL;
 #endif
 #ifdef HAVE_ECC
@ -1590,9 +1612,7 @@ void SSL_ResourceFree(CYASSL* ssl)
    ssl->buffers.dtlsCtx.peer.sa = NULL;
 #endif
 #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
-    XFREE(ssl->peerCert.derCert.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
+    FreeX509(&ssl->peerCert);
    if (ssl->peerCert.altNames)
        FreeAltNames(ssl->peerCert.altNames, ssl->heap);
 #endif
 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
    CyaSSL_BIO_free(ssl->biord);
@ -2023,7 +2043,7 @@ ProtocolVersion MakeDTLSv1_2(void)
 #ifdef USE_WINDOWS_API 
-    timer_d Timer(void)
+    word32 LowResTimer(void)
    {
        static int           init = 0;
        static LARGE_INTEGER freq;
@ -2036,16 +2056,9 @@ ProtocolVersion MakeDTLSv1_2(void)
        QueryPerformanceCounter(&count);
-        return (double)count.QuadPart / freq.QuadPart;
+        return (word32)(count.QuadPart / freq.QuadPart);
    }
    word32 LowResTimer(void)
    {
        return (word32)Timer();
    }
 #elif defined(THREADX)
    #include "rtptime.h"
@ -2805,6 +2818,54 @@ static int CheckAltNames(DecodedCert* dCert, char* domain)
 }
 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
 /* Copy parts X509 needs from Decoded cert, 0 on success */
 int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
 {
    int ret = 0;
    if (x509 == NULL || dCert == NULL)
        return BAD_FUNC_ARG;
    XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
    x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
    x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
    XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
    x509->subject.name[ASN_NAME_MAX - 1] = '\0';
    x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
    XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
    x509->serialSz = dCert->serialSz;
    if (dCert->subjectCNLen < ASN_NAME_MAX) {
        XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
        x509->subjectCN[dCert->subjectCNLen] = '\0';
    }
    else
        x509->subjectCN[0] = '\0';
    /* store cert for potential retrieval */
    x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL,
                                          DYNAMIC_TYPE_CERT);
    if (x509->derCert.buffer == NULL) {
        ret = MEMORY_E;
    }
    else {
        XMEMCPY(x509->derCert.buffer, dCert->source, dCert->maxIdx);
        x509->derCert.length = dCert->maxIdx;
    }
    x509->altNames     = dCert->altNames;
    dCert->altNames    = NULL;     /* takes ownership */
    x509->altNamesNext = x509->altNames;  /* index hint */
    return ret;
 }
 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
 static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
 {
    word32 listSz, i = *inOutIdx;
@ -2981,39 +3042,12 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
 #endif /* HAVE_CRL */
 #ifdef KEEP_PEER_CERT
        {
        /* set X509 format for peer cert even if fatal */
-        XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
+        int copyRet = CopyDecodedToX509(&ssl->peerCert, &dCert);
-        ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0';
+        if (copyRet == MEMORY_E)
        ssl->peerCert.issuer.sz = (int)XSTRLEN(ssl->peerCert.issuer.name) + 1;
        XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
        ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0';
        ssl->peerCert.subject.sz = (int)XSTRLEN(ssl->peerCert.subject.name) + 1;
        XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE);
        ssl->peerCert.serialSz = dCert.serialSz;
        if (dCert.subjectCNLen < ASN_NAME_MAX) {
            XMEMCPY(ssl->peerCert.subjectCN,dCert.subjectCN,dCert.subjectCNLen);
            ssl->peerCert.subjectCN[dCert.subjectCNLen] = '\0';
        }
        else
            ssl->peerCert.subjectCN[0] = '\0';
        /* store cert for potential retrieval */
        ssl->peerCert.derCert.buffer = (byte*)XMALLOC(myCert.length, ssl->heap,
                                                      DYNAMIC_TYPE_CERT);
        if (ssl->peerCert.derCert.buffer == NULL) {
            ret   = MEMORY_E;
            fatal = 1;
        }
        else {
            XMEMCPY(ssl->peerCert.derCert.buffer, myCert.buffer, myCert.length);
            ssl->peerCert.derCert.length = myCert.length;
        }
        ssl->peerCert.altNames = dCert.altNames;
        dCert.altNames = NULL;     /* takes ownership */
        ssl->peerCert.altNamesNext = ssl->peerCert.altNames;  /* index hint */
 #endif    
        if (fatal) {
--- a/src/ssl.c
+++ b/src/ssl.c
@ -692,6 +692,31 @@ void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
 }
 /* Unload the CA signer list */
 int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm)
 {
    Signer* signers;
    CYASSL_ENTER("CyaSSL_CertManagerUnloadCAs");
    if (cm == NULL)
        return BAD_FUNC_ARG;
    if (LockMutex(&cm->caLock) != 0)
        return BAD_MUTEX_ERROR;
    signers = cm->caList;
    cm->caList = NULL;
    UnLockMutex(&cm->caLock);
    FreeSigners(signers, NULL);
    return SSL_SUCCESS;
 }
 #endif /* !NO_CERTS */
@ -986,7 +1011,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
 int CyaSSL_Init(void)
 {
-    int ret = 0;
+    int ret = SSL_SUCCESS;
    CYASSL_ENTER("CyaSSL_Init");
@ -2510,7 +2535,7 @@ void CyaSSL_load_error_strings(void)   /* compatibility only */
 int CyaSSL_library_init(void)
 {
    CYASSL_ENTER("SSL_library_init");
-    if (CyaSSL_Init() == 0)
+    if (CyaSSL_Init() == SSL_SUCCESS)
        return SSL_SUCCESS;
    else
        return SSL_FATAL_ERROR;
@ -3131,13 +3156,13 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
 int CyaSSL_Cleanup(void)
 {
-    int ret = 0;
+    int ret = SSL_SUCCESS;
    int release = 0;
    CYASSL_ENTER("CyaSSL_Cleanup");
    if (initRefCount == 0)
-        return 0;  /* possibly no init yet */
+        return ret;  /* possibly no init yet, but not failure either way */
    if (LockMutex(&count_mutex) != 0) {
        CYASSL_MSG("Bad Lock Mutex count");
@ -3469,7 +3494,7 @@ int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn)
 /* turn on CyaSSL zlib compression
-   returns 0 for success, else error (not built in)
+   returns SSL_SUCCESS for success, else error (not built in)
 */
 int CyaSSL_set_compression(CYASSL* ssl)
 {
@ -3477,7 +3502,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
    (void)ssl;
 #ifdef HAVE_LIBZ
    ssl->options.usingCompression = 1;
-    return 0;
+    return SSL_SUCCESS;
 #else
    return NOT_COMPILED_IN;
 #endif
@ -3882,6 +3907,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
                             ssl, NULL, 1);
    }
    int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx)
    {
        CYASSL_ENTER("CyaSSL_CTX_UnloadCAs");
        if (ctx == NULL)
            return BAD_FUNC_ARG;
        return CyaSSL_CertManagerUnloadCAs(ctx->cm);
    }
 /* old NO_FILESYSTEM end */
 #endif /* !NO_CERTS */
@ -4082,65 +4117,6 @@ int CyaSSL_set_compression(CYASSL* ssl)
    }
    /* return the next, if any, altname from the peer cert */
    char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
    {
        char* ret = NULL;
        CYASSL_ENTER("CyaSSL_X509_get_next_altname");
        /* don't have any to work with */
        if (cert == NULL || cert->altNames == NULL)
            return NULL;
        /* already went through them */
        if (cert->altNamesNext == NULL)
            return NULL;
        ret = cert->altNamesNext->name;
        cert->altNamesNext = cert->altNamesNext->next;
        return ret;
    }
    CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
    {
        CYASSL_ENTER("X509_get_issuer_name");
        return &cert->issuer;
    }
    CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert)
    {
        CYASSL_ENTER("X509_get_subject_name");
        return &cert->subject;
    }
    /* copy name into in buffer, at most sz bytes, if buffer is null will
       malloc buffer, call responsible for freeing                     */
    char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz)
    {
        int copySz = min(sz, name->sz);
        CYASSL_ENTER("CyaSSL_X509_NAME_oneline");
        if (!name->sz) return in;
        if (!in) {
            in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
            if (!in ) return in;
            copySz = name->sz;
        }
        if (copySz == 0)
            return in;
        XMEMCPY(in, name->name, copySz - 1);
        in[copySz - 1] = 0;
        return in;
    }
    CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert(
                                                     CYASSL_X509_STORE_CTX* ctx)
@ -5112,7 +5088,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
    }
-    /* store for external read of iv, 0 on success */
+    /* store for external read of iv, SSL_SUCCESS on success */
    int  CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
    {
        CYASSL_ENTER("CyaSSL_StoreExternalIV");
@ -5163,11 +5139,11 @@ int CyaSSL_set_compression(CYASSL* ssl)
                return -1;  /* failure */
            }
        }    
-        return 0;  /* success */
+        return SSL_SUCCESS;
    }
-    /* set internal IV from external, 0 on success */
+    /* set internal IV from external, SSL_SUCCESS on success */
    int  CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
    {
@ -5219,7 +5195,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
                return -1;  /* failure */
            }
        }    
-        return 0;  /* success */
+        return SSL_SUCCESS;
    }
@ -5505,8 +5481,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
        (void)flags; 
        return 0;
    }
-#endif
+
-#ifdef KEEP_PEER_CERT
+#endif /* OPENSSL_EXTRA */
 #if defined(KEEP_PEER_CERT)
    CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl)
    {
        CYASSL_ENTER("SSL_get_peer_certificate");
@ -5515,7 +5495,108 @@ int CyaSSL_set_compression(CYASSL* ssl)
        else
            return 0;
    }
-#endif
+
 #endif /* KEEP_PEER_CERT */
 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
    void CyaSSL_FreeX509(CYASSL_X509* x509)
    {
        CYASSL_ENTER("CyaSSL_FreeX509");
        FreeX509(x509); 
    }
    /* return the next, if any, altname from the peer cert */
    char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
    {
        char* ret = NULL;
        CYASSL_ENTER("CyaSSL_X509_get_next_altname");
        /* don't have any to work with */
        if (cert == NULL || cert->altNames == NULL)
            return NULL;
        /* already went through them */
        if (cert->altNamesNext == NULL)
            return NULL;
        ret = cert->altNamesNext->name;
        cert->altNamesNext = cert->altNamesNext->next;
        return ret;
    }
    CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
    {
        CYASSL_ENTER("X509_get_issuer_name");
        return &cert->issuer;
    }
    CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert)
    {
        CYASSL_ENTER("X509_get_subject_name");
        return &cert->subject;
    }
    /* copy name into in buffer, at most sz bytes, if buffer is null will
       malloc buffer, call responsible for freeing                     */
    char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz)
    {
        int copySz = min(sz, name->sz);
        CYASSL_ENTER("CyaSSL_X509_NAME_oneline");
        if (!name->sz) return in;
        if (!in) {
            in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
            if (!in ) return in;
            copySz = name->sz;
        }
        if (copySz == 0)
            return in;
        XMEMCPY(in, name->name, copySz - 1);
        in[copySz - 1] = 0;
        return in;
    }
    /* write X509 serial number in unsigned binary to buffer 
       buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
       return SSL_SUCCESS on success */
    int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
    {
        CYASSL_ENTER("CyaSSL_X509_get_serial_number");
        if (x509 == NULL || in == NULL || *inOutSz < x509->serialSz)
            return BAD_FUNC_ARG;
        XMEMCPY(in, x509->serial, x509->serialSz);
        *inOutSz = x509->serialSz;
        return SSL_SUCCESS;
    }
    const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
    { 
        CYASSL_ENTER("CyaSSL_X509_get_der");
        if (x509 == NULL || outSz == NULL)
            return NULL;
        *outSz = (int)x509->derCert.length;
        return x509->derCert.buffer;
    }
 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
 #ifdef OPENSSL_EXTRA
    int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data)
@ -6661,32 +6742,6 @@ int CyaSSL_set_compression(CYASSL* ssl)
        return 0; 
    }
    /* write X509 serial number in unsigned binary to buffer 
       buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
       return 0 on success */
    int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
    {
        CYASSL_ENTER("CyaSSL_X509_get_serial_number");
        if (x509 == NULL || in == NULL || *inOutSz < x509->serialSz)
            return BAD_FUNC_ARG;
        XMEMCPY(in, x509->serial, x509->serialSz);
        *inOutSz = x509->serialSz;
        return 0;
    }
    const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
    { 
        CYASSL_ENTER("CyaSSL_X509_get_der");
        if (x509 == NULL || outSz == NULL)
            return NULL;
        *outSz = (int)x509->derCert.length;
        return x509->derCert.buffer;
    }  
 #endif /* OPENSSL_EXTRA */
@ -7857,7 +7912,7 @@ static int initGlobalRNG = 0;
 #ifndef NO_DSA
-    /* return 0 on success, < 0 otherwise */
+    /* return SSL_SUCCESS on success, < 0 otherwise */
    int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
                           CYASSL_DSA* dsa)
    {
@ -7890,7 +7945,7 @@ static int initGlobalRNG = 0;
            return -1;
        }
-        return 0;
+        return SSL_SUCCESS;
    }
 #endif /* NO_DSA */
@ -8434,7 +8489,7 @@ int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
 }
-/* Load RSA from Der, 0 on success < 0 on error */
+/* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
 int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der,  int derSz)
 {
    word32 idx = 0;
@ -8460,12 +8515,12 @@ int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der,  int derSz)
    rsa->inSet = 1;
-    return 0;
+    return SSL_SUCCESS;
 }
 #ifndef NO_DSA
-/* Load DSA from Der, 0 on success < 0 on error */
+/* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
 int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der,  int derSz)
 {
    word32 idx = 0;
@ -8491,7 +8546,7 @@ int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der,  int derSz)
    dsa->inSet = 1;
-    return 0;
+    return SSL_SUCCESS;
 }
 #endif /* NO_DSA */
@ -8548,6 +8603,46 @@ byte* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN* chain, int idx)
 }
 /* Get peer's CyaSSL X509 ceritifcate at index (idx) */
 CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN* chain, int idx)
 {
    int          ret;
    CYASSL_X509* x509;
    DecodedCert  dCert;
    CYASSL_ENTER("CyaSSL_get_chain_X509");
    if (chain == NULL)
        return NULL;
    InitDecodedCert(&dCert, chain->certs[idx].buffer, chain->certs[idx].length,
                    NULL);
    ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
    if (ret != 0) {
        CYASSL_MSG("Failed to parse cert");
        FreeDecodedCert(&dCert);
        return NULL;
    }
    x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509), NULL, DYNAMIC_TYPE_X509);
    if (x509 == NULL) {
        CYASSL_MSG("Failed alloc X509");
        FreeDecodedCert(&dCert);
        return NULL;
    }
    InitX509(x509, 1);
    ret = CopyDecodedToX509(x509, &dCert);
    if (ret != 0) {
        CYASSL_MSG("Failed to copy decoded");
        XFREE(x509, NULL, DYNAMIC_TYPE_X509);
        x509 = NULL;
    }
    FreeDecodedCert(&dCert);
    return x509;
 }
 /* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
   enough else return error (-1), output length is in *outLen */
 int  CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx,
--- a/tests/api.c
+++ b/tests/api.c
@ -103,7 +103,7 @@ int test_CyaSSL_Init(void)
    printf(testingFmt, "CyaSSL_Init()");
    result = CyaSSL_Init();
-    printf(resultFmt, result ? failed : passed);
+    printf(resultFmt, result == SSL_SUCCESS ? passed : failed);
    return result;
 }
@ -114,7 +114,7 @@ static int test_CyaSSL_Cleanup(void)
    printf(testingFmt, "CyaSSL_Cleanup()");
    result = CyaSSL_Cleanup();
-    printf(resultFmt, result ? failed : passed);
+    printf(resultFmt, result == SSL_SUCCESS ? passed : failed);
    return result;
 }