WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' into ocsp

pull/1/head
John Safranek 2012-12-14 14:23:53 -08:00
parent 831e643a24 f82324a081
commit c314dc3940
12 changed files with 186 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
README
View File

@ -12,7 +12,7 @@ harder. Now to run testsuite just do:
or
make test (when using autoconf)
make check (when using autoconf)
On *nix or Windows the examples and testsuite will check to see if the current
directory is the source directory and if so, attempt to change to the CyaSSL
@ -32,15 +32,37 @@ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling SSL_new(); Though it's not recommended.
*** end Notes ***
CyaSSL Release 2.4.4 (12/12/2012)
Release 2.4.4 CyaSSL has bug fixes and a few new features including:
- ECC into main version
- Lean PSK build (reduced code size, RAM usage, and stack usage)
- FreeBSD CRL monitor support
- CyaSSL_peek()
- CyaSSL_send() and CyaSSL_recv() for I/O flag setting
- CodeWarrior Support
- MQX Support
- Freescale Kinetis support including Hardware RNG
- autoconf builds use jobserver
- cyassl-config
- Sniffer memory reductions
Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config,
warning system, and general good ideas for improving CyaSSL!
Note 3)
The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the
K70 Sub-Family Reference Manual:
http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
*** end Note ***
The CyaSSL manual is available at:
http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
and comments about the new features please check the manual.
CyaSSL Release 2.4.0 (10/10/2012)
*************** CyaSSL Release 2.4.0 (10/10/2012)
Release 2.4.0 CyaSSL has bug fixes and a few new features including:
- DTLS reliability

80
configure.ac
View File

@ -6,7 +6,7 @@
#
#
AC_INIT([cyassl],[2.4.2],[http://www.yassl.com])
AC_INIT([cyassl],[2.4.4],[http://www.yassl.com])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
@ -38,7 +38,7 @@ CYASSL_LIBRARY_VERSION=3:3:0
# | +- increment if source code has changed
# | set to zero if current is incremented
# +- increment if interfaces have been added, removed or changed
AC_SUBST(CYASSL_LIBRARY_VERSION)
AC_SUBST([CYASSL_LIBRARY_VERSION])
# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
# if user doesn't override, no way to tell
@ -106,7 +106,7 @@ AS_IF([test "$ax_enable_debug" = "yes"],
# SMALL BUILD
AC_ARG_ENABLE(small,
AC_ARG_ENABLE([small],
[ --enable-small Enable smallest build (default: disabled)],
[ ENABLED_SMALL=$enableval ],
[ ENABLED_SMALL=no ]
@ -122,7 +122,7 @@ fi
# SINGLE THREADED
AC_ARG_ENABLE(singleThreaded,
AC_ARG_ENABLE([singleThreaded],
[ --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
[ ENABLED_SINGLETHREADED=$enableval ],
[ ENABLED_SINGLETHREADED=no ])
@ -140,7 +140,7 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADE
# DTLS
AC_ARG_ENABLE(dtls,
AC_ARG_ENABLE([dtls],
[ --enable-dtls Enable CyaSSL DTLS (default: disabled)],
[ ENABLED_DTLS=$enableval ],
[ ENABLED_DTLS=no ]
@ -152,7 +152,7 @@ fi
# OPENSSL Extra Compatibility
AC_ARG_ENABLE(opensslExtra,
AC_ARG_ENABLE([opensslExtra],
[ --enable-opensslExtra Enable extra OpenSSL API, size+ (default: disabled)],
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
@ -169,7 +169,7 @@ fi
# IPv6 Test Apps
AC_ARG_ENABLE(ipv6,
AC_ARG_ENABLE([ipv6],
[ --enable-ipv6 Enable testing of IPV6 (default: disabled)],
[ ENABLED_IPV6=$enableval ],
[ ENABLED_IPV6=no ]
@ -182,7 +182,7 @@ fi
# Fortress build
AC_ARG_ENABLE(fortress,
AC_ARG_ENABLE([fortress],
[ --enable-fortress Enable SSL fortress build (default: disabled)],
[ ENABLED_FORTRESS=$enableval ],
[ ENABLED_FORTRESS=no ]
@ -195,7 +195,7 @@ fi
# ssl bump build
AC_ARG_ENABLE(bump,
AC_ARG_ENABLE([bump],
[ --enable-bump Enable SSL Bump build (default: disabled)],
[ ENABLED_BUMP=$enableval ],
[ ENABLED_BUMP=no ]
@ -209,7 +209,7 @@ fi
ENABLED_SLOWMATH="yes"
# lean psk build
AC_ARG_ENABLE(leanpsk,
AC_ARG_ENABLE([leanpsk],
[ --enable-leanpsk Enable Lean PSK build (default: disabled)],
[ ENABLED_LEANPSK=$enableval ],
[ ENABLED_LEANPSK=no ]
@ -226,7 +226,7 @@ AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
# fastmath
AC_ARG_ENABLE(fastmath,
AC_ARG_ENABLE([fastmath],
[ --enable-fastmath Enable fast math for BigInts (default: disabled)],
[ ENABLED_FASTMATH=$enableval ],
[ ENABLED_FASTMATH=no ]
@ -240,7 +240,7 @@ fi
# fast HUGE math
AC_ARG_ENABLE(fasthugemath,
AC_ARG_ENABLE([fasthugemath],
[ --enable-fasthugemath Enable fast math + huge code (default: disabled)],
[ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ]
@ -262,7 +262,7 @@ AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])
# big cache
AC_ARG_ENABLE(bigcache,
AC_ARG_ENABLE([bigcache],
[ --enable-bigcache Enable big session cache (default: disabled)],
[ ENABLED_BIGCACHE=$enableval ],
[ ENABLED_BIGCACHE=no ]
@ -275,7 +275,7 @@ fi
# HUGE cache
AC_ARG_ENABLE(hugecache,
AC_ARG_ENABLE([hugecache],
[ --enable-hugecache Enable huge session cache (default: disabled)],
[ ENABLED_HUGECACHE=$enableval ],
[ ENABLED_HUGECACHE=no ]
@ -288,7 +288,7 @@ fi
# SMALL cache
AC_ARG_ENABLE(smallcache,
AC_ARG_ENABLE([smallcache],
[ --enable-smallcache Enable small session cache (default: disabled)],
[ ENABLED_SMALLCACHE=$enableval ],
[ ENABLED_SMALLCACHE=no ]
@ -314,7 +314,7 @@ AC_ARG_ENABLE([sniffer],
AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
# AES-GCM
AC_ARG_ENABLE(aesgcm,
AC_ARG_ENABLE([aesgcm],
[ --enable-aesgcm Enable CyaSSL AES-GCM support (default: disabled)],
[ ENABLED_AESGCM=$enableval ],
[ ENABLED_AESGCM=no ]
@ -346,7 +346,7 @@ fi
AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])
# AES-NI
AC_ARG_ENABLE(aesni,
AC_ARG_ENABLE([aesni],
[ --enable-aesni Enable CyaSSL AES-NI support (default: disabled)],
[ ENABLED_AESNI=$enableval ],
[ ENABLED_AESNI=no ]
@ -366,7 +366,7 @@ AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
# MD2
AC_ARG_ENABLE(md2,
AC_ARG_ENABLE([md2],
[ --enable-md2 Enable CyaSSL MD2 support (default: disabled)],
[ ENABLED_MD2=$enableval ],
[ ENABLED_MD2=no ]
@ -386,7 +386,7 @@ AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
# RIPEMD
AC_ARG_ENABLE(ripemd,
AC_ARG_ENABLE([ripemd],
[ --enable-ripemd Enable CyaSSL RIPEMD-160 support (default: disabled)],
[ ENABLED_RIPEMD=$enableval ],
[ ENABLED_RIPEMD=no ]
@ -401,7 +401,7 @@ AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
# SHA512
AC_ARG_ENABLE(sha512,
AC_ARG_ENABLE([sha512],
[ --enable-sha512 Enable CyaSSL SHA-512 support (default: disabled)],
[ ENABLED_SHA512=$enableval ],
[ ENABLED_SHA512=no ]
@ -427,7 +427,7 @@ AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
# SESSION CERTS
AC_ARG_ENABLE(sessioncerts,
AC_ARG_ENABLE([sessioncerts],
[ --enable-sessioncerts Enable session cert storing (default: disabled)],
[ ENABLED_SESSIONCERTS=$enableval ],
[ ENABLED_SESSIONCERTS=no ]
@ -440,7 +440,7 @@ fi
# KEY GENERATION
AC_ARG_ENABLE(keygen,
AC_ARG_ENABLE([keygen],
[ --enable-keygen Enable key generation (default: disabled)],
[ ENABLED_KEYGEN=$enableval ],
[ ENABLED_KEYGEN=no ]
@ -453,7 +453,7 @@ fi
# CERT GENERATION
AC_ARG_ENABLE(certgen,
AC_ARG_ENABLE([certgen],
[ --enable-certgen Enable cert generation (default: disabled)],
[ ENABLED_CERTGEN=$enableval ],
[ ENABLED_CERTGEN=no ]
@ -466,7 +466,7 @@ fi
# HC128
AC_ARG_ENABLE(hc128,
AC_ARG_ENABLE([hc128],
[ --enable-hc128 Enable HC-128 (default: disabled)],
[ ENABLED_HC128=$enableval ],
[ ENABLED_HC128=no ]
@ -483,7 +483,7 @@ AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
# RABBIT
AC_ARG_ENABLE(rabbit,
AC_ARG_ENABLE([rabbit],
[ --enable-rabbit Enable RABBIT (default: disabled)],
[ ENABLED_RABBIT=$enableval ],
[ ENABLED_RABBIT=no ]
@ -500,7 +500,7 @@ AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
# PSK
AC_ARG_ENABLE(psk,
AC_ARG_ENABLE([psk],
[ --enable-psk Enable PSK (default: disabled)],
[ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ]
@ -513,7 +513,7 @@ fi
# Web Server Build
AC_ARG_ENABLE(webServer,
AC_ARG_ENABLE([webServer],
[ --enable-webServer Enable Web Server (default: disabled)],
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
@ -526,7 +526,7 @@ fi
# No Filesystem Build
AC_ARG_ENABLE(noFilesystem,
AC_ARG_ENABLE([noFilesystem],
[ --enable-noFilesystem Enable No Filesystem (default: disabled)],
[ ENABLED_NOFILESYSTEM=$enableval ],
[ ENABLED_NOFILESYSTEM=no ]
@ -539,7 +539,7 @@ fi
# No inline Build
AC_ARG_ENABLE(noInline,
AC_ARG_ENABLE([noInline],
[ --enable-noInline Enable No inline (default: disabled)],
[ ENABLED_NOINLINE=$enableval ],
[ ENABLED_NOINLINE=no ]
@ -554,7 +554,7 @@ AM_CONDITIONAL([BUILD_NOINLINE], [test "x$ENABLED_NOINLINE" = "xyes"])
# ECC
AC_ARG_ENABLE(ecc,
AC_ARG_ENABLE([ecc],
[ --enable-ecc Enable ECC (default: disabled)],
[ ENABLED_ECC=$enableval ],
[ ENABLED_ECC=no ]
@ -575,7 +575,7 @@ fi
# OCSP
AC_ARG_ENABLE(ocsp,
AC_ARG_ENABLE([ocsp],
[ --enable-ocsp Enable OCSP (default: disabled)],
[ ENABLED_OCSP=$enableval ],
[ ENABLED_OCSP=no ],
@ -590,7 +590,7 @@ AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
# CRL
AC_ARG_ENABLE(crl,
AC_ARG_ENABLE([crl],
[ --enable-crl Enable CRL (default: disabled)],
[ ENABLED_CRL=$enableval ],
[ ENABLED_CRL=no ],
@ -605,7 +605,7 @@ AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
# CRL Monitor
AC_ARG_ENABLE(crl-monitor,
AC_ARG_ENABLE([crl-monitor],
[ --enable-crl-monitor Enable CRL Monitor (default: disabled)],
[ ENABLED_CRL_MONITOR=$enableval ],
[ ENABLED_CRL_MONITOR=no ],
@ -628,7 +628,7 @@ AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
ntruHome=`pwd`/NTRU_algorithm
ntruInclude=$ntruHome/cryptolib
ntruLib=$ntruHome
AC_ARG_ENABLE(ntru,
AC_ARG_ENABLE([ntru],
[ --enable-ntru Enable NTRU (default: disabled)],
[ ENABLED_NTRU=$enableval ],
[ ENABLED_NTRU=no ]
@ -650,7 +650,7 @@ fi
#valgrind
AC_ARG_ENABLE(valgrind,
AC_ARG_ENABLE([valgrind],
[ --enable-valgrind Enable valgrind for unit tests (default: disabled)],
[ ENABLED_VALGRIND=$enableval ],
[ ENABLED_VALGRIND=no ]
@ -658,7 +658,7 @@ AC_ARG_ENABLE(valgrind,
if test "$ENABLED_VALGRIND" = "yes"
then
AC_CHECK_PROG(HAVE_VALGRIND,valgrind,yes,no)
AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
if [["$HAVE_VALGRIND" = "no" ]]; then
AC_MSG_ERROR([Valgrind not found.])
@ -670,7 +670,7 @@ AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"])
# Test certs, use internal cert functions for extra testing
AC_ARG_ENABLE(testcert,
AC_ARG_ENABLE([testcert],
[ --enable-testcert Enable Test Cert (default: disabled)],
[ ENABLED_TESTCERT=$enableval ],
[ ENABLED_TESTCERT=no ]
@ -683,7 +683,7 @@ fi
# Enable Examples, used to disable examples
AC_ARG_ENABLE(examples,
AC_ARG_ENABLE([examples],
[ --enable-examples Enable Examples (default: enabled)],
[ ENABLED_EXAMPLES=$enableval ],
[ ENABLED_EXAMPLES=yes ]
@ -694,7 +694,7 @@ AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])
# LIBZ
trylibzdir=""
AC_ARG_WITH(libz,
AC_ARG_WITH([libz],
[ --with-libz=PATH PATH to libz install (default /usr/) ],
[
AC_MSG_CHECKING([for libz])
@ -750,7 +750,7 @@ fi
LIB_SOCKET_NSL
AC_ARG_ENABLE(gcc-hardening,
AC_ARG_ENABLE([gcc-hardening],
AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default: disabled)),
[if test x$enableval = xyes; then
AM_CFLAGS="$AM_CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"

4
ctaocrypt/benchmark/benchmark.c
View File

@ -511,6 +511,10 @@ void bench_dh(void)
bytes = fread(tmp, 1, sizeof(tmp), file);
InitDhKey(&dhKey);
bytes = DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes);
if (bytes != 0) {
printf("dhekydecode failed, can't benchmark\n");
return;
}
start = current_time();

3
ctaocrypt/src/asn.c
View File

@ -2079,6 +2079,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
typeH = SHA256h;
digestSz = SHA256_DIGEST_SIZE;
}
break;
#endif
#ifdef CYASSL_SHA512
case CTC_SHA512wRSA:
@ -2091,6 +2092,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
typeH = SHA512h;
digestSz = SHA512_DIGEST_SIZE;
}
break;
#endif
#ifdef CYASSL_SHA384
case CTC_SHA384wRSA:
@ -2103,6 +2105,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
typeH = SHA384h;
digestSz = SHA384_DIGEST_SIZE;
}
break;
#endif
default:
CYASSL_MSG("Verify Signautre has unsupported type");

20
ctaocrypt/test/test.c
View File

@ -1708,6 +1708,8 @@ int rsa_test(void)
if (ret != 0) return -491;
FreeDecodedCert(&cert);
#else
(void)bytes;
#endif
fclose(file2);
@ -2091,13 +2093,13 @@ int dh_test(void)
if (ret != 0)
return -53;
ret = DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
ret = DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2);
ret = DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
ret += DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2);
if (ret != 0)
return -54;
ret = DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
ret = DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
ret = DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
ret += DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
if (ret != 0)
return -55;
@ -2420,14 +2422,20 @@ int pkcs12_test(void)
int ret = PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations,
kLen, SHA, id);
if ( (ret = memcmp(derived, verify, kLen)) != 0)
if (ret < 0)
return -103;
if ( (ret = memcmp(derived, verify, kLen)) != 0)
return -104;
iterations = 1000;
ret = PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations,
kLen, SHA, id);
if (ret < 0)
return -105;
if ( (ret = memcmp(derived, verify2, 24)) != 0)
return -104;
return -106;
return 0;
}

24
cyassl/test.h
View File

@ -821,10 +821,18 @@ static INLINE void ChangeDirBack(int x)
/* does current dir contain str */
static INLINE int CurrentDir(const char* str)
{
char path[MAX_PATH];
char path[MAX_PATH];
char* baseName;
GetCurrentDirectoryA(sizeof(path), path);
if (strstr(path, str))
baseName = strrchr(path, '\\');
if (baseName)
baseName++;
else
baseName = path;
if (strstr(baseName, str))
return 1;
return 0;
@ -859,13 +867,21 @@ static INLINE void ChangeDirBack(int x)
/* does current dir contain str */
static INLINE int CurrentDir(const char* str)
{
char path[MAX_PATH];
char path[MAX_PATH];
char* baseName;
if (getcwd(path, sizeof(path)) == NULL) {
printf("no current dir?\n");
return 0;
}
if (strstr(path, str))
baseName = strrchr(path, '/');
if (baseName)
baseName++;
else
baseName = path;
if (strstr(baseName, str))
return 1;
return 0;

4
cyassl/version.h
View File

@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBCYASSL_VERSION_STRING "2.4.2"
#define LIBCYASSL_VERSION_HEX 0x02004002
#define LIBCYASSL_VERSION_STRING "2.4.4"
#define LIBCYASSL_VERSION_HEX 0x02004004
#ifdef __cplusplus
}

2
examples/client/client.c
View File

@ -232,8 +232,6 @@ void client_test(void* args)
}
}
argc -= myoptind;
argv += myoptind;
myoptind = 0; /* reset for test cases */
switch (version) {

2
examples/server/server.c
View File

@ -200,8 +200,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
}
argc -= myoptind;
argv += myoptind;
myoptind = 0; /* reset for test cases */
switch (version) {

71
src/internal.c
View File

@ -7257,30 +7257,31 @@ int SetCipherList(Suites* s, const char* list)
ssl->options.haveSessionId = 1;
/* DoClientHello uses same resume code */
while (ssl->options.resuming) { /* let's try */
if (ssl->options.resuming) { /* let's try */
int ret;
CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
if (!session) {
CYASSL_MSG("Session lookup for resume failed");
ssl->options.resuming = 0;
break; /* session lookup failed */
}
if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, OldClientHello");
return UNSUPPORTED_SUITE;
}
} else {
if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, OldClientHello");
return UNSUPPORTED_SUITE;
}
RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
#ifndef NO_OLD_TLS
if (ssl->options.tls)
RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
#ifndef NO_OLD_TLS
if (ssl->options.tls)
ret = DeriveTlsKeys(ssl);
else
ret = DeriveKeys(ssl);
#else
ret = DeriveTlsKeys(ssl);
else
ret = DeriveKeys(ssl);
#else
ret = DeriveTlsKeys(ssl);
#endif
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
#endif
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
return ret;
return ret;
}
}
return MatchSuite(ssl, &clSuites);
@ -7429,31 +7430,31 @@ int SetCipherList(Suites* s, const char* list)
ssl->options.haveSessionId = 1;
/* ProcessOld uses same resume code */
while (ssl->options.resuming) { /* let's try */
if (ssl->options.resuming) { /* let's try */
int ret;
CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
if (!session) {
ssl->options.resuming = 0;
CYASSL_MSG("Session lookup for resume failed");
break; /* session lookup failed */
}
if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, ClientHello");
return UNSUPPORTED_SUITE;
}
ssl->options.resuming = 0;
} else {
if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, ClientHello");
return UNSUPPORTED_SUITE;
}
RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
#ifndef NO_OLD_TLS
if (ssl->options.tls)
RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
#ifndef NO_OLD_TLS
if (ssl->options.tls)
ret = DeriveTlsKeys(ssl);
else
ret = DeriveKeys(ssl);
#else
ret = DeriveTlsKeys(ssl);
else
ret = DeriveKeys(ssl);
#else
ret = DeriveTlsKeys(ssl);
#endif
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
#endif
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
return ret;
return ret;
}
}
return MatchSuite(ssl, &clSuites);
}

2
src/sniffer.c
View File

@ -2275,7 +2275,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
const byte* sslBegin = sslFrame;
const byte* tmp;
RecordLayerHeader rh;
int rhSize;
int rhSize = 0;
int ret;
int decoded = 0; /* bytes stored for user in data */
int notEnough; /* notEnough bytes yet flag */

68
src/ssl.c
View File

@ -1128,8 +1128,10 @@ int CyaSSL_Init(void)
{
EncryptedInfo info;
buffer der; /* holds DER or RAW (for NTRU) */
int ret;
int dynamicType = 0;
int eccKey = 0;
void* heap = ctx ? ctx->heap : NULL;
info.set = 0;
info.ctx = ctx;
@ -1153,9 +1155,9 @@ int CyaSSL_Init(void)
dynamicType = DYNAMIC_TYPE_KEY;
if (format == SSL_FILETYPE_PEM) {
int ret = PemToDer(buff, sz, type, &der, ctx->heap, &info, &eccKey);
ret = PemToDer(buff, sz, type, &der, heap, &info, &eccKey);
if (ret < 0) {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return ret;
}
if (used)
@ -1174,10 +1176,10 @@ int CyaSSL_Init(void)
CYASSL_MSG("Growing Tmp Chain Buffer");
bufferSz = (word32)(sz - consumed);
/* will shrink to actual size */
chainBuffer = (byte*)XMALLOC(bufferSz, ctx->heap,
chainBuffer = (byte*)XMALLOC(bufferSz, heap,
DYNAMIC_TYPE_FILE);
if (chainBuffer == NULL) {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return MEMORY_E;
}
dynamicBuffer = 1;
@ -1190,7 +1192,7 @@ int CyaSSL_Init(void)
part.buffer = 0;
ret = PemToDer(buff + consumed, sz - consumed, type, &part,
ctx->heap, &info, &eccKey);
heap, &info, &eccKey);
if (ret == 0) {
gotOne = 1;
if ( (idx + part.length) > bufferSz) {
@ -1208,38 +1210,42 @@ int CyaSSL_Init(void)
}
}
XFREE(part.buffer, ctx->heap, dynamicType);
XFREE(part.buffer, heap, dynamicType);
if (ret == SSL_NO_PEM_HEADER && gotOne) {
CYASSL_MSG("We got one good PEM so stuff at end ok");
ret = 0;
break;
}
if (ret < 0) {
CYASSL_MSG(" Error in Cert in Chain");
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return ret;
}
CYASSL_MSG(" Consumed another Cert in Chain");
}
CYASSL_MSG("Finished Processing Cert Chain");
ctx->certChain.buffer = (byte*)XMALLOC(idx, ctx->heap,
if (ctx == NULL) {
CYASSL_MSG("certChain needs context");
return BAD_FUNC_ARG;
}
ctx->certChain.buffer = (byte*)XMALLOC(idx, heap,
dynamicType);
if (ctx->certChain.buffer) {
ctx->certChain.length = idx;
XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
}
if (dynamicBuffer)
XFREE(chainBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
if (ctx->certChain.buffer == NULL) {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return MEMORY_E;
}
}
}
else { /* ASN1 (DER) or RAW (NTRU) */
der.buffer = (byte*) XMALLOC(sz, ctx->heap, dynamicType);
der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
if (!der.buffer) return MEMORY_ERROR;
XMEMCPY(der.buffer, buff, sz);
der.length = (word32)sz;
@ -1250,19 +1256,18 @@ int CyaSSL_Init(void)
/* decrypt */
char password[80];
int passwordSz;
int ret;
byte key[AES_256_KEY_SIZE];
byte iv[AES_IV_SIZE];
if (!ctx->passwd_cb) {
XFREE(der.buffer, ctx->heap, dynamicType);
if (!ctx || !ctx->passwd_cb) {
XFREE(der.buffer, heap, dynamicType);
return NO_PASSWORD;
}
/* use file's salt for key derivation, hex decode first */
if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return ASN_INPUT_E;
}
@ -1270,7 +1275,7 @@ int CyaSSL_Init(void)
ctx->userdata);
if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv,
(byte*)password, passwordSz, 1, key, iv)) <= 0) {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return ret;
}
@ -1300,44 +1305,50 @@ int CyaSSL_Init(void)
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length);
}
else {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return SSL_BAD_FILE;
}
}
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
if (type == CA_TYPE)
if (type == CA_TYPE) {
if (ctx == NULL) {
CYASSL_MSG("Need context for CA load");
XFREE(der.buffer, heap, dynamicType);
return BAD_FUNC_ARG;
}
return AddCA(ctx->cm, der, CYASSL_USER_CA, ctx->verifyPeer);
/* takes der over */
}
else if (type == CERT_TYPE) {
if (ssl) {
if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
XFREE(ssl->buffers.certificate.buffer, ctx->heap,
XFREE(ssl->buffers.certificate.buffer, heap,
dynamicType);
ssl->buffers.certificate = der;
ssl->buffers.weOwnCert = 1;
}
else {
else if (ctx) {
if (ctx->certificate.buffer)
XFREE(ctx->certificate.buffer, ctx->heap, dynamicType);
XFREE(ctx->certificate.buffer, heap, dynamicType);
ctx->certificate = der; /* takes der over */
}
}
else if (type == PRIVATEKEY_TYPE) {
if (ssl) {
if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
XFREE(ssl->buffers.key.buffer, ctx->heap, dynamicType);
XFREE(ssl->buffers.key.buffer, heap, dynamicType);
ssl->buffers.key = der;
ssl->buffers.weOwnKey = 1;
}
else {
else if (ctx) {
if (ctx->privateKey.buffer)
XFREE(ctx->privateKey.buffer, ctx->heap, dynamicType);
XFREE(ctx->privateKey.buffer, heap, dynamicType);
ctx->privateKey = der; /* takes der over */
}
}
else {
XFREE(der.buffer, ctx->heap, dynamicType);
XFREE(der.buffer, heap, dynamicType);
return SSL_BAD_CERTTYPE;
}
@ -1384,7 +1395,7 @@ int CyaSSL_Init(void)
DecodedCert cert;
CYASSL_MSG("Checking cert signature type");
InitDecodedCert(&cert, der.buffer, der.length, ctx->heap);
InitDecodedCert(&cert, der.buffer, der.length, heap);
if (DecodeToKey(&cert, 0) < 0) {
CYASSL_MSG("Decode to key failed");
@ -1396,7 +1407,8 @@ int CyaSSL_Init(void)
case CTC_SHA384wECDSA:
case CTC_SHA512wECDSA:
CYASSL_MSG("ECDSA cert signature");
ctx->haveECDSAsig = 1;
if (ctx)
ctx->haveECDSAsig = 1;
if (ssl)
ssl->options.haveECDSAsig = 1;
break;