Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Cyclic0007:v2.7.2
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0
...
compare: Cyclic0007:v2.8.2
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0

69 Commits
v2.7.2 ... v2.8.2

Author SHA1 Message Date
John Safranek
14f4162180 bump dev version 2013-10-23 16:22:10 -07:00
John Safranek
846511376c added x.509 text dump to the server-ecc.pem cert 2013-10-22 10:16:50 -07:00
John Safranek
fca8d03d4c New server-ecc.pem. Old copy expired today. 2013-10-21 21:07:28 -07:00
Chris Conlon
f45d0709b3 case insensitivity fix for domain name check 2013-10-18 15:17:19 -06:00
John Safranek
8295d8bb4a 1. Reject DSA certificates instead of ignoring them. 
2. Resolved potential crash when trying to calculate a Subject Key
   ID when the public key is missing from a certificate.
 2013-10-16 10:16:04 -07:00
Chris Conlon
dba488ba70 add option to always call verify callback with CYASSL_ALWAYS_VERIFY_CB 2013-10-14 15:04:26 -06:00
toddouska
0126a39d68 fix shamir speed up init buffer 2013-10-10 18:47:25 -07:00
toddouska
6c654bba3d fix camellia memory leak 2013-10-10 16:50:35 -07:00
John Safranek
51c485f523 1. Added a couple missing checks for NULL pointers in DTLS code. 
2. Fixed compiler warning under Windows.
 2013-10-08 14:59:59 -07:00
John Safranek
33bcc76a07 Merge branch 'master' of github.com:cyassl/cyassl 2013-10-02 15:27:10 -07:00
Chris Conlon
3e12f43342 add CyaSSL_GetHmacMaxSize for JNI wrapper 2013-09-25 14:20:36 -06:00
Chris Conlon
17b220e9c7 add Freescale MQX time functionality 2013-09-24 20:12:48 -06:00
toddouska
27078bb89c use to detect x86_64 for fastmath default 2013-09-24 12:15:28 -07:00
toddouska
363f157f50 fix sniffer build w/o fastmath 2013-09-23 13:37:04 -07:00
toddouska
bdb8b9396c Merge branch 'master' of github.com:cyassl/cyassl 2013-09-20 10:37:16 -07:00
toddouska
d1fcce2f73 more settings 2013-09-20 10:36:05 -07:00
toddouska
8e5dab1ef3 clang can't use pthread(s) flag 2013-09-20 10:34:29 -07:00
toddouska
a2189d2f55 Merge branch 'master' of https://github.com/BrianAker/cyassl 2013-09-19 14:06:51 -07:00
John Safranek
5e4ca53496 clean up Windows build issues with OCSP 2013-09-18 14:47:51 -07:00
John Safranek
49d3e74fde Fixed a Windows build warning in the benchmark 2013-09-17 22:15:59 -07:00
John Safranek
b0f94a34e6 Deleted stray semicolon from struct Des definition 2013-09-17 16:42:52 -07:00
Chris Conlon
ee78b108cf CTaoCrypt test mods for MQX 2013-09-16 15:48:36 -06:00
Chris Conlon
abff02532d add Freescale K53 RNGB support 2013-09-16 14:43:33 -06:00
John Safranek
e564b614bf Decode the serialNumber field in the X.509 names 2013-09-15 22:10:58 -07:00
Brian Aker
db20b61e51 Update autoconf rules. Fixes bug url to point to github issues. 2013-09-15 00:13:30 -07:00
John Safranek
49f82c4717 Added two more GMAC test cases 2013-09-12 14:10:57 -07:00
John Safranek
c5f3eace7d DTLS timeout init wasn't initializing the timeout until after the first timeout. 2013-09-11 14:28:01 -07:00
John Safranek
978bb7374d added port.c to the iOS project 2013-09-11 10:58:18 -07:00
toddouska
74e7ba8536 fix Kojo-san pull errors 2013-09-11 10:07:33 -07:00
kojo
0869da34a0 Coldfire SEC 2013-09-11 17:06:28 +09:00
kojo
7e609028bd add port.c to MDK projects 2013-09-11 12:55:15 +09:00
kojo
742f286827 add port.c to MDK projects 2013-09-11 12:16:30 +09:00
kojo
44be8df9ef Merge branch 'master' of https://github.com/kojo1/cyassl-test 2013-09-11 12:04:40 +09:00
kojo
bfc448b90c add port.c 2013-09-11 12:03:14 +09:00
kojo
99b26705ce add prot.c 2013-09-11 11:56:18 +09:00
John Safranek
03d7c694e8 Merge branch 'master' of github.com:cyassl/cyassl 2013-09-10 16:49:40 -07:00
John Safranek
d3db1a42de Added GMAC wrapper functions around AES-GCM 2013-09-10 16:47:39 -07:00
toddouska
bab790ab87 add port.c to visual studio builds 2013-09-09 13:48:28 -07:00
John Safranek
0ae966b350 fix shadow warning 2013-09-08 17:46:29 -07:00
toddouska
44ba0af192 free fp ecc resources on cleanup 2013-09-06 17:08:57 -07:00
toddouska
6e05d4317f add proper locking to fp ecc 2013-09-06 16:53:33 -07:00
toddouska
a14af5f0b0 move mutex to port layer at crypto level 2013-09-06 16:38:27 -07:00
toddouska
782cb0e077 Merge branch 'master' of github.com:cyassl/cyassl 2013-09-06 14:25:51 -07:00
toddouska
46be3b8508 add fixed point ecc cache, --enable-fpecc, add locking down to crypt level next 2013-09-06 14:24:31 -07:00
Moisés Guimarães
d7a08b1a76 centralizing MAX_DIGEST_SIZE definition in hmac.h 2013-09-06 15:53:46 -03:00
John Safranek
f2c75a9e87 ECDSA signatures need a zero padding for the ASN.1 storage of the R and S values 2013-09-05 15:00:01 -07:00
toddouska
08c9f61f16 add accelerated ecc_proj* and ECC SHAMIR to speed up ecdsa verify 2013-09-04 13:13:10 -07:00
toddouska
e93a0640f1 break up huge math into individual parts so can add piece by piece, e.g., ECC256 2013-09-03 13:13:13 -07:00
toddouska
f813182efd release update 2013-08-30 12:34:26 -07:00
toddouska
b9540bf579 check NULL to match docs 2013-08-29 08:25:14 -07:00
John Safranek
78b8da9949 Initialize the AEAD explicit IV to 0. 2013-08-27 10:44:04 -07:00
John Safranek
9764970b8a Added gcov's extensions to gitignore 2013-08-27 10:16:16 -07:00
toddouska
e8fcf35098 add Rsa Public/Private client key exchange callbacks, examples 2013-08-26 17:14:19 -07:00
toddouska
f3f80bd66e add Rsa Sign/Verify callbacks, client/server examples 2013-08-26 16:27:29 -07:00
toddouska
664c6de5d5 send blank cert on client if TLS instead of TLSv1.2, more accept this now and some even incorrectly require it 2013-08-26 12:34:39 -07:00
John Safranek
081a3a57d4 move variable declaration before function code 2013-08-23 10:26:42 -07:00
John Safranek
33a7a7f762 initialize return variable 2013-08-23 10:20:39 -07:00
John Safranek
0002ba4ee8 Merge branch 'master' of github.com:cyassl/cyassl 2013-08-23 10:12:17 -07:00
John Safranek
d734c86c72 cleanup build warnings 
1. Change `CyaSSL_OCSP_set_options()` to return `SSL_SUCCESS`
   or `SSL_FAILURE` as `int` like rest of API.
2. Fix data narrowing warning in file io.c function
   `process_http_response()`.
3. Fix global variable shadowed warning in file ssl.c function
   `CyaSSL_GetSessionAtIndex()`
4. Fix data narrowing warning in file internal.c functions
   `Encrypt()` and `Decrypt()`. Passed in a word32 size parameter
   that was provided a word16 and used as a word16.
5. Removed unreachable code from file tls.c function
   `CyaSSL_GetHmacType()`.
6. Fix data narrowing warnings in file aes.c functions
   `AesCcmEncrypt()` and `AesCcmDecrypt()`.
 2013-08-23 10:09:35 -07:00
toddouska
e98f5f95c2 add public key callbacks for ecc sign/verify, examples 2013-08-22 18:19:39 -07:00
toddouska
bc958f5798 C comments only 2013-08-22 10:35:46 -07:00
John Safranek
64ba0587a3 Merge branch 'master' of github.com:cyassl/cyassl 2013-08-21 22:42:15 -07:00
John Safranek
957cf90118 Added function to read certificate from file into CYASSL_X509 buffer. 2013-08-21 22:36:43 -07:00
toddouska
54a2f8b9aa add useratomic DecryptVerify Callbacks, example 2013-08-21 16:55:34 -07:00
John Safranek
9f07a7dd2b modified SEP X509 functions to behave like the NAME_oneline function 2013-08-20 16:47:38 -07:00
John Safranek
442886a207 Added x509 accessors for the SEP build certificate additions. 2013-08-17 09:01:15 -07:00
toddouska
19f7053f1d Merge branch 'master' of github.com:cyassl/cyassl 2013-08-09 17:28:14 -07:00
toddouska
65f0e9f6b9 add atomic user macencrypt cb 2013-08-09 17:27:15 -07:00
toddouska
840e958ae5 add ecc verify to benchmark 2013-08-09 17:06:02 -07:00
64 changed files with 5726 additions and 1245 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -86,3 +86,6 @@ IDE\MDK-ARM\STM32F2xx_StdPeriph_Lib/inc
IDE\MDK-ARM\STM32F2xx_StdPeriph_Lib/src
IDE\MDK-ARM\LPC43xx\Drivers/
IDE\MDK-ARM\LPC43xx\LPC43xx/
*.gcno
*.gcda
*.gcov

120
IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt
View File

@@ -478,7 +478,7 @@
<SetRegEntry>
<Number>0</Number>
<Key>ULP2CM3</Key>
<Name>-UP1135060 -O975 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000</Name>
<Name>-UP1135060 -O975 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000</Name>
</SetRegEntry>
</TargetDriverDllRegistry>
<Breakpoint/>
@@ -640,8 +640,8 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>1</TopLine>
<CurrentLine>1</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\shell.c</PathWithFileName>
<FilenameWithoutPath>shell.c</FilenameWithoutPath>
@@ -656,8 +656,8 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>136</TopLine>
<CurrentLine>149</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\main.c</PathWithFileName>
<FilenameWithoutPath>main.c</FilenameWithoutPath>
@@ -696,8 +696,8 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>247</TopLine>
<CurrentLine>248</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\LPC43xx\Drivers\source\lpc43xx_rtc.c</PathWithFileName>
<FilenameWithoutPath>lpc43xx_rtc.c</FilenameWithoutPath>
@@ -832,8 +832,8 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>68</TopLine>
<CurrentLine>89</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c</PathWithFileName>
<FilenameWithoutPath>Serial.c</FilenameWithoutPath>
@@ -864,8 +864,8 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>259</TopLine>
<CurrentLine>260</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c</PathWithFileName>
<FilenameWithoutPath>SDIO_LPC43xx.c</FilenameWithoutPath>
@@ -880,8 +880,8 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>710</TopLine>
<CurrentLine>715</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c</PathWithFileName>
<FilenameWithoutPath>system_LPC43xx.c</FilenameWithoutPath>
@@ -1424,8 +1424,8 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>1</TopLine>
<CurrentLine>1</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\..\..\ctaocrypt\src\random.c</PathWithFileName>
<FilenameWithoutPath>random.c</FilenameWithoutPath>
@@ -1528,6 +1528,22 @@
<RteFlg>0</RteFlg>
<bShared>0</bShared>
</File>
<File>
<GroupNumber>5</GroupNumber>
<FileNumber>61</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\..\..\ctaocrypt\src\port.c</PathWithFileName>
<FilenameWithoutPath>port.c</FilenameWithoutPath>
<RteFlg>0</RteFlg>
<bShared>0</bShared>
</File>
</Group>
<Group>
@@ -1538,7 +1554,7 @@
<RteFlg>0</RteFlg>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>61</FileNumber>
<FileNumber>62</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1554,7 +1570,7 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>62</FileNumber>
<FileNumber>63</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1570,7 +1586,7 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>63</FileNumber>
<FileNumber>64</FileNumber>
<FileType>5</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1586,7 +1602,7 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>64</FileNumber>
<FileNumber>65</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1602,7 +1618,7 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>65</FileNumber>
<FileNumber>66</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1616,22 +1632,6 @@
<RteFlg>0</RteFlg>
<bShared>0</bShared>
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>66</FileNumber>
<FileType>5</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>1</TopLine>
<CurrentLine>1</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\config-FS.h</PathWithFileName>
<FilenameWithoutPath>config-FS.h</FilenameWithoutPath>
<RteFlg>0</RteFlg>
<bShared>0</bShared>
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>67</FileNumber>
@@ -1640,11 +1640,11 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>1</TopLine>
<CurrentLine>1</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h</PathWithFileName>
<FilenameWithoutPath>config-RTX-TCP-FS.h</FilenameWithoutPath>
<PathWithFileName>..\MDK-ARM\CyaSSL\config-FS.h</PathWithFileName>
<FilenameWithoutPath>config-FS.h</FilenameWithoutPath>
<RteFlg>0</RteFlg>
<bShared>0</bShared>
</File>
@@ -1656,8 +1656,24 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>1</TopLine>
<CurrentLine>1</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h</PathWithFileName>
<FilenameWithoutPath>config-RTX-TCP-FS.h</FilenameWithoutPath>
<RteFlg>0</RteFlg>
<bShared>0</bShared>
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>69</FileNumber>
<FileType>5</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\config-BARE-METAL.h</PathWithFileName>
<FilenameWithoutPath>config-BARE-METAL.h</FilenameWithoutPath>
@@ -1666,14 +1682,14 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>69</FileNumber>
<FileNumber>70</FileNumber>
<FileType>2</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>146</TopLine>
<CurrentLine>151</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\LPC43xx\startup_LPC43xx.s</PathWithFileName>
<FilenameWithoutPath>startup_LPC43xx.s</FilenameWithoutPath>
@@ -1690,14 +1706,14 @@
<RteFlg>0</RteFlg>
<File>
<GroupNumber>7</GroupNumber>
<FileNumber>70</FileNumber>
<FileNumber>71</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>167</TopLine>
<CurrentLine>182</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c</PathWithFileName>
<FilenameWithoutPath>cyassl_MDK_ARM.c</FilenameWithoutPath>
@@ -1706,14 +1722,14 @@
</File>
<File>
<GroupNumber>7</GroupNumber>
<FileNumber>71</FileNumber>
<FileNumber>72</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>8</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>55</TopLine>
<CurrentLine>62</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\Retarget.c</PathWithFileName>
<FilenameWithoutPath>Retarget.c</FilenameWithoutPath>
@@ -1722,7 +1738,7 @@
</File>
<File>
<GroupNumber>7</GroupNumber>
<FileNumber>72</FileNumber>
<FileNumber>73</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>

15
IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj
View File

@@ -725,6 +725,11 @@
<FileType>1</FileType>
<FilePath>..\..\..\ctaocrypt\src\misc.c</FilePath>
</File>
<File>
<FileName>port.c</FileName>
<FileType>1</FileType>
<FilePath>..\..\..\ctaocrypt\src\port.c</FilePath>
</File>
<File>
<FileName>pwdbased.c</FileName>
<FileType>1</FileType>
@@ -1964,6 +1969,11 @@
</FileArmAds>
</FileOption>
</File>
<File>
<FileName>port.c</FileName>
<FileType>1</FileType>
<FilePath>..\..\..\ctaocrypt\src\port.c</FilePath>
</File>
</Files>
</Group>
<Group>
@@ -3256,6 +3266,11 @@
</FileArmAds>
</FileOption>
</File>
<File>
<FileName>port.c</FileName>
<FileType>1</FileType>
<FilePath>..\..\..\ctaocrypt\src\port.c</FilePath>
</File>
</Files>
</Group>
<Group>

118
IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt
View File

@@ -165,7 +165,7 @@
<aLa>0</aLa>
<aPa1>0</aPa1>
<AscS4>0</AscS4>
<aSer4>0</aSer4>
<aSer4>1</aSer4>
<StkLoc>1</StkLoc>
<TrcWin>0</TrcWin>
<newCpu>0</newCpu>
@@ -173,12 +173,6 @@
</DebugFlag>
<LintExecutable></LintExecutable>
<LintConfigFile></LintConfigFile>
<SystemViewers>
<Entry>
<Name>OS Support\Event Viewer</Name>
<WinId>35905</WinId>
</Entry>
</SystemViewers>
</TargetOption>
</Target>
@@ -233,7 +227,7 @@
<LExpSel>0</LExpSel>
</OPTXL>
<OPTFL>
<tvExp>0</tvExp>
<tvExp>1</tvExp>
<tvExpOptDlg>0</tvExpOptDlg>
<IsCurrentTarget>0</IsCurrentTarget>
</OPTFL>
@@ -389,7 +383,7 @@
<LExpSel>0</LExpSel>
</OPTXL>
<OPTFL>
<tvExp>0</tvExp>
<tvExp>1</tvExp>
<tvExpOptDlg>0</tvExpOptDlg>
<IsCurrentTarget>0</IsCurrentTarget>
</OPTFL>
@@ -496,7 +490,7 @@
<Group>
<GroupName>CyaSSL Apps</GroupName>
<tvExp>0</tvExp>
<tvExp>1</tvExp>
<tvExpOptDlg>0</tvExpOptDlg>
<cbSel>0</cbSel>
<RteFlg>0</RteFlg>
@@ -554,7 +548,7 @@
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<ColumnNumber>21</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
@@ -604,8 +598,8 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>536</TopLine>
<CurrentLine>541</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\shell.c</PathWithFileName>
<FilenameWithoutPath>shell.c</FilenameWithoutPath>
@@ -620,8 +614,8 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>143</TopLine>
<CurrentLine>149</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\main.c</PathWithFileName>
<FilenameWithoutPath>main.c</FilenameWithoutPath>
@@ -768,7 +762,7 @@
<Group>
<GroupName>MDK-ARM</GroupName>
<tvExp>0</tvExp>
<tvExp>1</tvExp>
<tvExpOptDlg>0</tvExpOptDlg>
<cbSel>0</cbSel>
<RteFlg>0</RteFlg>
@@ -780,8 +774,8 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>44</TopLine>
<CurrentLine>68</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c</PathWithFileName>
<FilenameWithoutPath>Serial.c</FilenameWithoutPath>
@@ -904,7 +898,7 @@
<Group>
<GroupName>CyaSSL Library</GroupName>
<tvExp>0</tvExp>
<tvExp>1</tvExp>
<tvExpOptDlg>0</tvExpOptDlg>
<cbSel>0</cbSel>
<RteFlg>0</RteFlg>
@@ -946,7 +940,7 @@
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<ColumnNumber>23</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
@@ -1056,7 +1050,7 @@
<Group>
<GroupName>Crypt/Cipher Library</GroupName>
<tvExp>0</tvExp>
<tvExp>1</tvExp>
<tvExpOptDlg>0</tvExpOptDlg>
<cbSel>0</cbSel>
<RteFlg>0</RteFlg>
@@ -1292,8 +1286,8 @@
<Focus>0</Focus>
<ColumnNumber>19</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>2922</TopLine>
<CurrentLine>2932</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\..\..\ctaocrypt\src\integer.c</PathWithFileName>
<FilenameWithoutPath>integer.c</FilenameWithoutPath>
@@ -1540,6 +1534,22 @@
<RteFlg>0</RteFlg>
<bShared>0</bShared>
</File>
<File>
<GroupNumber>5</GroupNumber>
<FileNumber>64</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>9</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\..\..\ctaocrypt\src\port.c</PathWithFileName>
<FilenameWithoutPath>port.c</FilenameWithoutPath>
<RteFlg>0</RteFlg>
<bShared>0</bShared>
</File>
</Group>
<Group>
@@ -1550,7 +1560,7 @@
<RteFlg>0</RteFlg>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>64</FileNumber>
<FileNumber>65</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1566,7 +1576,7 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>65</FileNumber>
<FileNumber>66</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1582,7 +1592,7 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>66</FileNumber>
<FileNumber>67</FileNumber>
<FileType>5</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1598,7 +1608,7 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>67</FileNumber>
<FileNumber>68</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1614,7 +1624,7 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>68</FileNumber>
<FileNumber>69</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1630,7 +1640,7 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>69</FileNumber>
<FileNumber>70</FileNumber>
<FileType>5</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1646,7 +1656,7 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>70</FileNumber>
<FileNumber>71</FileNumber>
<FileType>5</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1662,7 +1672,7 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>71</FileNumber>
<FileNumber>72</FileNumber>
<FileType>5</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
@@ -1678,14 +1688,14 @@
</File>
<File>
<GroupNumber>6</GroupNumber>
<FileNumber>72</FileNumber>
<FileNumber>73</FileNumber>
<FileType>2</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>164</TopLine>
<CurrentLine>169</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\config\startup_stm32f2xx.s</PathWithFileName>
<FilenameWithoutPath>startup_stm32f2xx.s</FilenameWithoutPath>
@@ -1696,26 +1706,10 @@
<Group>
<GroupName>CyaSSL-MDK</GroupName>
<tvExp>0</tvExp>
<tvExp>1</tvExp>
<tvExpOptDlg>0</tvExpOptDlg>
<cbSel>0</cbSel>
<RteFlg>0</RteFlg>
<File>
<GroupNumber>7</GroupNumber>
<FileNumber>73</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>166</TopLine>
<CurrentLine>182</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c</PathWithFileName>
<FilenameWithoutPath>cyassl_MDK_ARM.c</FilenameWithoutPath>
<RteFlg>0</RteFlg>
<bShared>0</bShared>
</File>
<File>
<GroupNumber>7</GroupNumber>
<FileNumber>74</FileNumber>
@@ -1724,8 +1718,24 @@
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>50</TopLine>
<CurrentLine>57</CurrentLine>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c</PathWithFileName>
<FilenameWithoutPath>cyassl_MDK_ARM.c</FilenameWithoutPath>
<RteFlg>0</RteFlg>
<bShared>0</bShared>
</File>
<File>
<GroupNumber>7</GroupNumber>
<FileNumber>75</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>
<ColumnNumber>0</ColumnNumber>
<tvExpOptDlg>0</tvExpOptDlg>
<TopLine>0</TopLine>
<CurrentLine>0</CurrentLine>
<bDave2>0</bDave2>
<PathWithFileName>..\MDK-ARM\CyaSSL\Retarget.c</PathWithFileName>
<FilenameWithoutPath>Retarget.c</FilenameWithoutPath>
@@ -1734,7 +1744,7 @@
</File>
<File>
<GroupNumber>7</GroupNumber>
<FileNumber>75</FileNumber>
<FileNumber>76</FileNumber>
<FileType>1</FileType>
<tvExp>0</tvExp>
<Focus>0</Focus>

15
IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj
View File

@@ -740,6 +740,11 @@
<FileType>1</FileType>
<FilePath>..\..\..\ctaocrypt\src\misc.c</FilePath>
</File>
<File>
<FileName>port.c</FileName>
<FileType>1</FileType>
<FilePath>..\..\..\ctaocrypt\src\port.c</FilePath>
</File>
<File>
<FileName>pwdbased.c</FileName>
<FileType>1</FileType>
@@ -1954,6 +1959,11 @@
<FileType>1</FileType>
<FilePath>..\..\..\ctaocrypt\src\tfm.c</FilePath>
</File>
<File>
<FileName>port.c</FileName>
<FileType>1</FileType>
<FilePath>..\..\..\ctaocrypt\src\port.c</FilePath>
</File>
</Files>
</Group>
<Group>
@@ -3341,6 +3351,11 @@
</FileArmAds>
</FileOption>
</File>
<File>
<FileName>port.c</FileName>
<FileType>1</FileType>
<FilePath>..\..\..\ctaocrypt\src\port.c</FilePath>
</File>
</Files>
</Group>
<Group>

29
README
View File

@@ -35,7 +35,34 @@ before calling SSL_new(); Though it's not recommended.
*** end Notes ***
CyaSSL Release 2.7.0 (6/17/2013)
CyaSSL Release 2.9.0 (X/XX/XXXX)
The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the
K53 Sub-Family Reference Manual:
http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf
*****************CyaSSL Release 2.8.0 (8/30/2013)
Release 2.8.0 CyaSSL has bug fixes and new features including:
- AES-GCM and AES-CCM use AES-NI
- NetX default IO callback handlers
- IPv6 fixes for DTLS Hello Cookies
- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys()
- SEP certificate extensions
- Callback getters for easier resource freeing
- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing
- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing
- Public Key Callbacks for ECC and RSA
- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2
The CyaSSL manual is available at:
http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
and comments about the new features please check the manual.
*****************CyaSSL Release 2.7.0 (6/17/2013)
Release 2.7.0 CyaSSL has bug fixes and new features including:
- SNI support for client and server

12
autogen.sh
View File

@@ -3,6 +3,15 @@
# Create configure and makefile stuff...
#
# Git hooks should come before autoreconf.
if test -d .git; then
if ! test -d .git/hooks; then
mkdir .git/hooks
fi
ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
fi
# If this is a source checkout then call autoreconf with error as well
if test -d .git; then
WARNINGS="all,error"
else
@@ -11,6 +20,3 @@ fi
autoreconf --install --force --verbose
if test -d .git; then
ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
fi

30
certs/server-ecc.pem
View File

@@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f4:cc:72:08:11:35:69:b3
f9:ec:48:2d:d0:a4:49:6c
Signature Algorithm: ecdsa-with-SHA1
Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.yassl.com/emailAddress=info@yassl.com
Validity
Not Before: Jan 25 20:09:20 2011 GMT
Not After : Oct 21 20:09:20 2013 GMT
Not Before: Oct 22 04:02:45 2013 GMT
Not After : Jul 18 04:02:45 2016 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.yassl.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
@@ -25,21 +25,21 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
serial:F4:CC:72:08:11:35:69:B3
serial:F9:EC:48:2D:D0:A4:49:6C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA1
30:44:02:20:08:9b:66:9f:39:ef:49:2b:99:92:31:65:a1:87:
10:91:63:fe:69:e0:5f:b0:49:66:0a:71:41:fd:08:c0:8e:4c:
02:20:02:2a:60:37:e4:94:6b:3e:39:a8:6c:4f:07:75:2b:28:
b3:f5:9d:c2:26:c7:64:1b:a9:7f:6e:e9:2a:a3:5e:4e
30:44:02:20:36:14:3b:c8:19:43:87:b9:3d:aa:32:6f:18:9a:
4e:07:0c:47:6c:e1:dc:87:fd:ad:f4:2c:71:ec:04:ba:c9:58:
02:20:65:4e:67:ee:68:26:ed:1c:03:11:0e:31:91:69:f6:16:
27:06:f7:33:68:18:0b:5d:63:5f:8b:e8:bc:d6:00:57
-----BEGIN CERTIFICATE-----
MIIDADCCAqigAwIBAgIJAPTMcggRNWmzMAkGByqGSM49BAEwgYsxCzAJBgNVBAYT
MIIDADCCAqigAwIBAgIJAPnsSC3QpElsMAkGByqGSM49BAEwgYsxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRAwDgYD
VQQKEwdFbGlwdGljMQwwCgYDVQQLEwNFQ0MxFjAUBgNVBAMTDXd3dy55YXNzbC5j
b20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTExMDEyNTIwMDky
MFoXDTEzMTAyMTIwMDkyMFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo
b20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEzMTAyMjA0MDI0
NVoXDTE2MDcxODA0MDI0NVowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo
aW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRAwDgYDVQQKEwdFbGlwdGljMQwwCgYD
VQQLEwNFQ0MxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW
DmluZm9AeWFzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQ
@@ -48,8 +48,8 @@ huggWDMLgDSJ2KOB8zCB8DAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUCI++yiTAw
gcAGA1UdIwSBuDCBtYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZGkgY4wgYsxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxl
MRAwDgYDVQQKEwdFbGlwdGljMQwwCgYDVQQLEwNFQ0MxFjAUBgNVBAMTDXd3dy55
YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggkA9MxyCBE1
abMwDAYDVR0TBAUwAwEB/zAJBgcqhkjOPQQBA0cAMEQCIAibZp8570krmZIxZaGH
EJFj/mngX7BJZgpxQf0IwI5MAiACKmA35JRrPjmobE8HdSsos/WdwibHZBupf27p
KqNeTg==
YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggkA+exILdCk
SWwwDAYDVR0TBAUwAwEB/zAJBgcqhkjOPQQBA0cAMEQCIDYUO8gZQ4e5Paoybxia
TgcMR2zh3If9rfQscewEuslYAiBlTmfuaCbtHAMRDjGRafYWJwb3M2gYC11jX4vo
vNYAVw==
-----END CERTIFICATE-----

73
configure.ac
View File

@@ -6,27 +6,34 @@
#
#
AC_INIT([cyassl],[2.7.2],[http://www.yassl.com])
AC_INIT([cyassl],[2.8.2],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
# using $targget_cpu to only turn on fastmath by default on x86_64
AC_CANONICAL_TARGET
AC_USE_SYSTEM_EXTENSIONS
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects])
AC_CANONICAL_HOST
AC_CANONICAL_BUILD
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
AC_PREREQ([2.63])
AC_ARG_PROGRAM
AC_DEFUN([PROTECT_AC_USE_SYSTEM_EXTENSIONS],
[AX_SAVE_FLAGS
AC_LANG_PUSH([C])
AC_USE_SYSTEM_EXTENSIONS
AC_LANG_POP([C])
AX_RESTORE_FLAGS
])
#PROTECT_AC_USE_SYSTEM_EXTENSIONS
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
#shared library versioning
CYASSL_LIBRARY_VERSION=5:1:0
CYASSL_LIBRARY_VERSION=5:2:0
# | | |
# +------+ | +---+
# | | |
@@ -57,8 +64,6 @@ AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
AX_CXX_COMPILER_VERSION
AC_CHECK_FUNCS([gethostbyname])
AC_CHECK_FUNCS([getaddrinfo])
AC_CHECK_FUNCS([gettimeofday])
@@ -95,7 +100,7 @@ LT_LIB_M
OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
OPTIMIZE_FAST_CFLAGS="-O2 -fomit-frame-pointer"
OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET"
OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"
@@ -176,7 +181,7 @@ AC_ARG_ENABLE([fortress],
if test "$ENABLED_FORTRESS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DCYASSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
fi
@@ -276,6 +281,32 @@ then
fi
# Atomic User Record Layer
AC_ARG_ENABLE([atomicuser],
[ --enable-atomicuser Enable Atomic User Record Layer (default: disabled)],
[ ENABLED_ATOMICUSER=$enableval ],
[ ENABLED_ATOMICUSER=no ]
)
if test "$ENABLED_ATOMICUSER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
# Public Key Callbacks
AC_ARG_ENABLE([pkcallbacks],
[ --enable-pkcallbacks Enable Public Key Callbacks (default: disabled)],
[ ENABLED_PKCALLBACKS=$enableval ],
[ ENABLED_PKCALLBACKS=no ]
)
if test "$ENABLED_PKCALLBACKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
fi
# SNIFFER
AC_ARG_ENABLE([sniffer],
[AS_HELP_STRING([--enable-sniffer],[ Enable CyaSSL sniffer support (default: disabled) ])],[
@@ -531,7 +562,7 @@ AC_ARG_ENABLE([ecc],
if test "$ENABLED_ECC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
fi
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
@@ -543,6 +574,19 @@ then
fi
# FP ECC, Fixed Point cache ECC
AC_ARG_ENABLE([fpecc],
[ --enable-fpecc Enable Fixed Point cache ECC (default: disabled)],
[ ENABLED_FPECC=$enableval ],
[ ENABLED_FPECC=no ]
)
if test "$ENABLED_FPECC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
fi
# PSK
AC_ARG_ENABLE([psk],
[ --enable-psk Enable PSK (default: disabled)],
@@ -1473,6 +1517,7 @@ echo " * RSA: $ENABLED_RSA"
echo " * DSA: $ENABLED_DSA"
echo " * DH: $ENABLED_DH"
echo " * ECC: $ENABLED_ECC"
echo " * FPECC: $ENABLED_FPECC"
echo " * ASN: $ENABLED_ASN"
echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
@@ -1484,6 +1529,8 @@ echo " * CRL: $ENABLED_CRL"
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
echo " * Persistent session cache: $ENABLED_SAVESESSION"
echo " * Persistent cert cache: $ENABLED_SAVECERT"
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
echo " * NTRU: $ENABLED_NTRU"
echo " * SNI: $ENABLED_SNI"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"

26
ctaocrypt/benchmark/benchmark.c
View File

@@ -909,7 +909,7 @@ void bench_eccKeyGen(void)
ecc_key genKey;
double start, total, each, milliEach;
int i;
const int genTimes = 5;
const int genTimes = 100;
/* 256 bit */
start = current_time(1);
@@ -933,7 +933,7 @@ void bench_eccKeyAgree(void)
ecc_key genKey, genKey2;
double start, total, each, milliEach;
int i, ret;
const int agreeTimes = 5;
const int agreeTimes = 100;
byte shared[1024];
byte sig[1024];
byte digest[32];
@@ -982,7 +982,20 @@ void bench_eccKeyAgree(void)
total = current_time(0) - start;
each = total / agreeTimes; /* per second */
milliEach = each * 1000; /* millisconds */
printf("EC-DSA sign time %6.2f milliseconds, avg over %d"
printf("EC-DSA sign time %6.2f milliseconds, avg over %d"
" iterations\n", milliEach, agreeTimes);
start = current_time(1);
for(i = 0; i < agreeTimes; i++) {
int verify = 0;
ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &genKey);
}
total = current_time(0) - start;
each = total / agreeTimes; /* per second */
milliEach = each * 1000; /* millisconds */
printf("EC-DSA verify time %6.2f milliseconds, avg over %d"
" iterations\n", milliEach, agreeTimes);
ecc_free(&genKey2);
@@ -998,13 +1011,13 @@ void bench_eccKeyAgree(void)
double current_time(int reset)
{
(void)reset;
static int init = 0;
static LARGE_INTEGER freq;
LARGE_INTEGER count;
(void)reset;
if (!init) {
QueryPerformanceFrequency(&freq);
init = 1;
@@ -1047,9 +1060,10 @@ void bench_eccKeyAgree(void)
double current_time(int reset)
{
struct timeval tv;
(void) reset;
struct timeval tv;
gettimeofday(&tv, 0);
return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;

4
ctaocrypt/ctaocrypt.vcproj
View File

@@ -296,6 +296,10 @@
RelativePath=".\src\md5.c"
>
</File>
<File
RelativePath=".\src\port.c"
>
</File>
<File
RelativePath=".\src\rabbit.c"
>

170
ctaocrypt/src/aes.c
View File

@@ -419,6 +419,140 @@
#endif /* CYASSL_AES_COUNTER */
#elif defined(HAVE_COLDFIRE_SEC)
#include "sec.h"
#include "mcf548x_sec.h"
#include "mcf548x_siu.h"
#include "memory_pools.h"
extern TX_BYTE_POOL mp_ncached; /* Non Cached memory pool */
#define AES_BUFFER_SIZE (AES_BLOCK_SIZE * 8)
static unsigned char *AESBuffer = NULL ;
#define SEC_DESC_AES_CBC_ENCRYPT 0x60300010
#define SEC_DESC_AES_CBC_DECRYPT 0x60200010
#define AES_BLOCK_LENGTH 16
extern volatile unsigned char __MBAR[];
int AesCbcEncrypt(Aes* aes, byte* po, const byte* pi, word32 sz)
{
//printf("AesCbcEncrypt(%x, %x, %x, %d)\n", aes, po, pi, sz) ;
return(AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_ENCRYPT)) ;
}
int AesCbcDecrypt(Aes* aes, byte* po, const byte* pi, word32 sz)
{
//printf("AesCbcDecrypt(%x, %x, %x, %d)\n", aes, po, pi, sz) ;
return(AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_DECRYPT)) ;
}
static int AesCbcCrypt(Aes* aes, byte* po, const byte* pi, word32 sz, word32 descHeader)
{
int i ; int stat1, stat2 ;
int ret ; int size ;
static SECdescriptorType descriptor;
volatile int v ;
if((pi == NULL) || (po == NULL))
return BAD_FUNC_ARG;/*wrong pointer*/
while(sz) {
if((sz%AES_BUFFER_SIZE) == sz) {
size = sz ;
sz = 0 ;
} else {
size = AES_BUFFER_SIZE ;
sz -= AES_BUFFER_SIZE ;
}
/* Set descriptor for SEC */
descriptor.header = descHeader ;
/*
descriptor.length1 = 0x0;
descriptor.pointer1 = NULL;
*/
descriptor.length2 = AES_BLOCK_SIZE;
descriptor.pointer2 = (byte *)aes->reg ; /* Initial Vector */
switch(aes->rounds) {
case 10: descriptor.length3 = 16 ; break ;
case 12: descriptor.length3 = 24 ; break ;
case 14: descriptor.length3 = 32 ; break ;
}
descriptor.pointer3 = (byte *)aes->key;
descriptor.length4 = size;
descriptor.pointer4 = (byte *)pi ;
descriptor.length5 = size;
descriptor.pointer5 = AESBuffer ;
/*
descriptor.length6 = 0x0;
descriptor.pointer6 = NULL;
descriptor.length7 = 0x0;
descriptor.pointer7 = NULL;
descriptor.nextDescriptorPtr = NULL;
*/
/* Initialize SEC and wait for encryption to complete */
MCF_SEC_CCCR0 = 0x00000000;
/* Point SEC to the location of the descriptor */
MCF_SEC_FR0 = (uint32)&descriptor;
/* poll SISR to determine when channel is complete */
i=0 ;
while (!(MCF_SEC_SISRL) && !(MCF_SEC_SISRH))i++ ;
for(v=0; v<100; v++) ;
ret = MCF_SEC_SISRH;
stat1 = MCF_SEC_AESSR ;
stat2 = MCF_SEC_AESISR ;
if(ret & 0xe0000000)
{
db_printf("Aes_Cbc(i=%d):ISRH=%08x, AESSR=%08x, AESISR=%08x\n", i, ret, stat1, stat2) ;
}
XMEMCPY(po, AESBuffer, size) ;
if(descHeader == SEC_DESC_AES_CBC_ENCRYPT) {
XMEMCPY((void*)aes->reg, (void*)&(po[size-AES_BLOCK_SIZE]), AES_BLOCK_SIZE) ;
} else {
XMEMCPY((void*)aes->reg, (void*)&(pi[size-AES_BLOCK_SIZE]), AES_BLOCK_SIZE) ;
}
pi += size ;
po += size ;
}
return 0 ; /* for descriptier header 0xff000000 mode */
}
int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
int dir)
{
int status ;
if(AESBuffer == NULL) {
status = tx_byte_allocate(&mp_ncached,(void *)&AESBuffer, AES_BUFFER_SIZE,TX_NO_WAIT);
}
if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
return BAD_FUNC_ARG;
if (aes == NULL)
return BAD_FUNC_ARG;
aes->rounds = keylen/4 + 6;
XMEMCPY(aes->key, userKey, keylen);
if (iv)
XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
return 0;
}
#else /* CTaoCrypt software implementation */
static const word32 rcon[] = {
@@ -2636,6 +2770,21 @@ int AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
return 0;
}
CYASSL_API void GmacSetKey(Gmac* gmac, const byte* key, word32 len)
{
AesGcmSetKey(&gmac->aes, key, len);
}
CYASSL_API void GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
const byte* authIn, word32 authInSz,
byte* authTag, word32 authTagSz)
{
AesGcmEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
}
#endif /* HAVE_AESGCM */
#ifdef HAVE_AESCCM
@@ -2733,12 +2882,13 @@ void AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
{
byte A[AES_BLOCK_SIZE];
byte B[AES_BLOCK_SIZE];
word32 i, lenSz;
byte lenSz;
word32 i;
XMEMCPY(B+1, nonce, nonceSz);
lenSz = AES_BLOCK_SIZE - 1 - nonceSz;
lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
B[0] = (authInSz > 0 ? 64 : 0)
+ (8 * ((authTagSz - 2) / 2))
+ (8 * (((byte)authTagSz - 2) / 2))
+ (lenSz - 1);
for (i = 0; i < lenSz; i++)
B[AES_BLOCK_SIZE - 1 - i] = (inSz >> (8 * i)) & 0xFF;
@@ -2750,7 +2900,7 @@ void AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
roll_x(aes, in, inSz, A);
XMEMCPY(authTag, A, authTagSz);
B[0] = (lenSz - 1);
B[0] = lenSz - 1;
for (i = 0; i < lenSz; i++)
B[AES_BLOCK_SIZE - 1 - i] = 0;
AesEncrypt(aes, B, A);
@@ -2786,14 +2936,16 @@ int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
byte A[AES_BLOCK_SIZE];
byte B[AES_BLOCK_SIZE];
byte* o;
word32 i, lenSz, oSz; int result = 0;
byte lenSz;
word32 i, oSz;
int result = 0;
o = out;
oSz = inSz;
XMEMCPY(B+1, nonce, nonceSz);
lenSz = AES_BLOCK_SIZE - 1 - nonceSz;
lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
B[0] = (lenSz - 1);
B[0] = lenSz - 1;
for (i = 0; i < lenSz; i++)
B[AES_BLOCK_SIZE - 1 - i] = 0;
B[15] = 1;
@@ -2822,7 +2974,7 @@ int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
oSz = inSz;
B[0] = (authInSz > 0 ? 64 : 0)
+ (8 * ((authTagSz - 2) / 2))
+ (8 * (((byte)authTagSz - 2) / 2))
+ (lenSz - 1);
for (i = 0; i < lenSz; i++)
B[AES_BLOCK_SIZE - 1 - i] = (inSz >> (8 * i)) & 0xFF;
@@ -2833,7 +2985,7 @@ int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
if (inSz > 0)
roll_x(aes, o, oSz, A);
B[0] = (lenSz - 1);
B[0] = lenSz - 1;
for (i = 0; i < lenSz; i++)
B[AES_BLOCK_SIZE - 1 - i] = 0;
AesEncrypt(aes, B, B);

118
ctaocrypt/src/asm.c
View File

@@ -1018,21 +1018,50 @@ __asm__( \
#endif
#ifdef TFM_SMALL_SET
#include "fp_sqr_comba_small_set.i"
#include "fp_sqr_comba_3.i"
#include "fp_sqr_comba_4.i"
#include "fp_sqr_comba_6.i"
#include "fp_sqr_comba_7.i"
#include "fp_sqr_comba_8.i"
#include "fp_sqr_comba_9.i"
#include "fp_sqr_comba_12.i"
#include "fp_sqr_comba_17.i"
#include "fp_sqr_comba_20.i"
#include "fp_sqr_comba_24.i"
#include "fp_sqr_comba_28.i"
#include "fp_sqr_comba_32.i"
#include "fp_sqr_comba_48.i"
#include "fp_sqr_comba_64.i"
#include "fp_sqr_comba_small_set.i"
#endif
#if defined(TFM_SQR3)
#include "fp_sqr_comba_3.i"
#endif
#if defined(TFM_SQR4)
#include "fp_sqr_comba_4.i"
#endif
#if defined(TFM_SQR6)
#include "fp_sqr_comba_6.i"
#endif
#if defined(TFM_SQR7)
#include "fp_sqr_comba_7.i"
#endif
#if defined(TFM_SQR8)
#include "fp_sqr_comba_8.i"
#endif
#if defined(TFM_SQR9)
#include "fp_sqr_comba_9.i"
#endif
#if defined(TFM_SQR12)
#include "fp_sqr_comba_12.i"
#endif
#if defined(TFM_SQR17)
#include "fp_sqr_comba_17.i"
#endif
#if defined(TFM_SQR20)
#include "fp_sqr_comba_20.i"
#endif
#if defined(TFM_SQR24)
#include "fp_sqr_comba_24.i"
#endif
#if defined(TFM_SQR28)
#include "fp_sqr_comba_28.i"
#endif
#if defined(TFM_SQR32)
#include "fp_sqr_comba_32.i"
#endif
#if defined(TFM_SQR48)
#include "fp_sqr_comba_48.i"
#endif
#if defined(TFM_SQR64)
#include "fp_sqr_comba_64.i"
#endif
/* end fp_sqr_comba.c asm */
@@ -1291,21 +1320,50 @@ ____asm__( \
#ifdef TFM_SMALL_SET
#include "fp_mul_comba_small_set.i"
#include "fp_mul_comba_3.i"
#include "fp_mul_comba_4.i"
#include "fp_mul_comba_6.i"
#include "fp_mul_comba_7.i"
#include "fp_mul_comba_8.i"
#include "fp_mul_comba_9.i"
#include "fp_mul_comba_12.i"
#include "fp_mul_comba_17.i"
#include "fp_mul_comba_20.i"
#include "fp_mul_comba_24.i"
#include "fp_mul_comba_28.i"
#include "fp_mul_comba_32.i"
#include "fp_mul_comba_48.i"
#include "fp_mul_comba_64.i"
#include "fp_mul_comba_small_set.i"
#endif
#if defined(TFM_MUL3)
#include "fp_mul_comba_3.i"
#endif
#if defined(TFM_MUL4)
#include "fp_mul_comba_4.i"
#endif
#if defined(TFM_MUL6)
#include "fp_mul_comba_6.i"
#endif
#if defined(TFM_MUL7)
#include "fp_mul_comba_7.i"
#endif
#if defined(TFM_MUL8)
#include "fp_mul_comba_8.i"
#endif
#if defined(TFM_MUL9)
#include "fp_mul_comba_9.i"
#endif
#if defined(TFM_MUL12)
#include "fp_mul_comba_12.i"
#endif
#if defined(TFM_MUL17)
#include "fp_mul_comba_17.i"
#endif
#if defined(TFM_MUL20)
#include "fp_mul_comba_20.i"
#endif
#if defined(TFM_MUL24)
#include "fp_mul_comba_24.i"
#endif
#if defined(TFM_MUL28)
#include "fp_mul_comba_28.i"
#endif
#if defined(TFM_MUL32)
#include "fp_mul_comba_32.i"
#endif
#if defined(TFM_MUL48)
#include "fp_mul_comba_48.i"
#endif
#if defined(TFM_MUL64)
#include "fp_mul_comba_64.i"
#endif
/* end fp_mul_comba.c asm */

67
ctaocrypt/src/asn.c
View File

@@ -100,6 +100,11 @@
#define XTIME(t1) pic32_time((t1))
#define XGMTIME(c) gmtime((c))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#elif defined(FREESCALE_MQX)
#include <time.h>
#define XTIME(t1) mqx_time((t1))
#define XGMTIME(c) gmtime((c))
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#elif defined(CYASSL_MDK_ARM)
#include <rtl.h>
#undef RNG
@@ -289,6 +294,25 @@ time_t pic32_time(time_t* timer)
#endif /* MICROCHIP_TCPIP */
#ifdef FREESCALE_MQX
time_t mqx_time(time_t* timer)
{
time_t localTime;
TIME_STRUCT time_s;
if (timer == NULL)
timer = &localTime;
_time_get(&time_s);
*timer = (time_t) time_s.SECONDS;
return *timer;
}
#endif /* FREESCALE_MQX */
static INLINE word32 btoi(byte b)
{
return b - 0x30;
@@ -1220,6 +1244,7 @@ int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
{
cert->publicKey = 0;
cert->pubKeySize = 0;
cert->pubKeyStored = 0;
cert->signature = 0;
cert->subjectCN = 0;
@@ -1346,15 +1371,15 @@ static int GetCertHeader(DecodedCert* cert)
static int StoreRsaKey(DecodedCert* cert)
{
int length;
word32 read = cert->srcIdx;
word32 recvd = cert->srcIdx;
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
read = cert->srcIdx - read;
length += read;
recvd = cert->srcIdx - recvd;
length += recvd;
while (read--)
while (recvd--)
cert->srcIdx--;
cert->pubKeySize = length;
@@ -1395,9 +1420,6 @@ static int GetKey(DecodedCert* cert)
return ASN_PARSE_E;
switch (cert->keyOID) {
case DSAk:
/* do nothing */
break;
#ifndef NO_RSA
case RSAk:
{
@@ -1578,8 +1600,8 @@ static int GetName(DecodedCert* cert, int nameType)
cert->maxIdx) < 0)
return ASN_PARSE_E;
if ( (strLen + 4) > (int)(ASN_NAME_MAX - idx)) {
/* include biggest pre fix header too 4 = "/CN=" */
if ( (strLen + 14) > (int)(ASN_NAME_MAX - idx)) {
/* include biggest pre fix header too 4 = "/serialNumber=" */
CYASSL_MSG("ASN Name too big, skipping");
tooBig = TRUE;
}
@@ -1674,6 +1696,13 @@ static int GetName(DecodedCert* cert, int nameType)
}
#endif /* CYASSL_CERT_GEN */
}
else if (id == ASN_SERIAL_NUMBER) {
if (!tooBig) {
XMEMCPY(&full[idx], "/serialNumber=", 14);
idx += 14;
copy = TRUE;
}
}
if (copy && !tooBig) {
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
@@ -2961,7 +2990,8 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
return ASN_SIG_OID_E;
#ifndef NO_SKID
if (cert->extSubjKeyIdSet == 0) {
if (cert->extSubjKeyIdSet == 0
&& cert->publicKey != NULL && cert->pubKeySize > 0) {
Sha sha;
InitSha(&sha);
ShaUpdate(&sha, cert->publicKey, cert->pubKeySize);
@@ -4390,6 +4420,9 @@ int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s)
word32 sSz;
word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */
/* If the leading bit on the INTEGER is a 1, add a leading zero */
int rLeadingZero = mp_leading_bit(r);
int sLeadingZero = mp_leading_bit(s);
int rLen = mp_unsigned_bin_size(r); /* big int size */
int sLen = mp_unsigned_bin_size(s);
int err;
@@ -4397,20 +4430,24 @@ int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s)
if (*outLen < (rLen + sLen + headerSz + 2)) /* SEQ_TAG + LEN(ENUM) */
return BAD_FUNC_ARG;
idx = SetSequence(rLen + sLen + headerSz, out);
idx = SetSequence(rLen+rLeadingZero+sLen+sLeadingZero+headerSz, out);
/* store r */
out[idx++] = ASN_INTEGER;
rSz = SetLength(rLen, &out[idx]);
rSz = SetLength(rLen + rLeadingZero, &out[idx]);
idx += rSz;
if (rLeadingZero)
out[idx++] = 0;
err = mp_to_unsigned_bin(r, &out[idx]);
if (err != MP_OKAY) return err;
idx += rLen;
/* store s */
out[idx++] = ASN_INTEGER;
sSz = SetLength(sLen, &out[idx]);
sSz = SetLength(sLen + sLeadingZero, &out[idx]);
idx += sSz;
if (sLeadingZero)
out[idx++] = 0;
err = mp_to_unsigned_bin(s, &out[idx]);
if (err != MP_OKAY) return err;
idx += sLen;
@@ -5006,13 +5043,13 @@ static int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
* INTEGER, if the MSB is 1, add a padding zero to keep the
* number positive. */
if (sn[0] & 0x80) {
output[1] = snSz + 1;
output[1] = (byte)snSz + 1;
output[2] = 0;
XMEMCPY(&output[3], sn, snSz);
result = snSz + 3;
}
else {
output[1] = snSz;
output[1] = (byte)snSz;
XMEMCPY(&output[2], sn, snSz);
result = snSz + 2;
}

153
ctaocrypt/src/des3.c
View File

@@ -44,6 +44,9 @@
word32 length);
#endif
#ifdef STM32F2_CRYPTO
/*
* STM32F2 hardware DES/3DES support through the STM32F2 standard
@@ -260,6 +263,156 @@
Des3Crypt(des, out, in, sz, DES_DECRYPTION);
}
#elif defined(HAVE_COLDFIRE_SEC)
#include "sec.h"
#include "mcf548x_sec.h"
#include "memory_pools.h"
extern TX_BYTE_POOL mp_ncached; /* Non Cached memory pool */
#define DES_BUFFER_SIZE (DES_BLOCK_SIZE * 16)
static unsigned char *DesBuffer = NULL ;
#define SEC_DESC_DES_CBC_ENCRYPT 0x20500010
#define SEC_DESC_DES_CBC_DECRYPT 0x20400010
#define SEC_DESC_DES3_CBC_ENCRYPT 0x20700010
#define SEC_DESC_DES3_CBC_DECRYPT 0x20600010
extern volatile unsigned char __MBAR[];
static void Des_Cbc(Des* des, byte* out, const byte* in, word32 sz, word32 desc)
{
static volatile SECdescriptorType descriptor = { NULL } ;
int ret ; int stat1,stat2 ;
int i ; int size ;
volatile int v ;
while(sz) {
if((sz%DES_BUFFER_SIZE) == sz) {
size = sz ;
sz = 0 ;
} else {
size = DES_BUFFER_SIZE ;
sz -= DES_BUFFER_SIZE ;
}
descriptor.header = desc ;
/*
escriptor.length1 = 0x0;
descriptor.pointer1 = NULL;
*/
descriptor.length2 = des->ivlen ;
descriptor.pointer2 = (byte *)des->iv ;
descriptor.length3 = des->keylen ;
descriptor.pointer3 = (byte *)des->key;
descriptor.length4 = size;
descriptor.pointer4 = (byte *)in ;
descriptor.length5 = size;
descriptor.pointer5 = DesBuffer ;
/*
descriptor.length6 = 0;
descriptor.pointer6 = NULL;
descriptor.length7 = 0x0;
descriptor.pointer7 = NULL;
descriptor.nextDescriptorPtr = NULL ;
*/
/* Initialize SEC and wait for encryption to complete */
MCF_SEC_CCCR0 = 0x0000001A; //enable channel done notification
/* Point SEC to the location of the descriptor */
MCF_SEC_FR0 = (uint32)&descriptor;
/* poll SISR to determine when channel is complete */
while (!(MCF_SEC_SISRL) && !(MCF_SEC_SISRH))
;
for(v=0; v<500; v++) ;
ret = MCF_SEC_SISRH;
stat1 = MCF_SEC_DSR ;
stat2 = MCF_SEC_DISR ;
if(ret & 0xe0000000)
db_printf("Des_Cbc(%x):ISRH=%08x, DSR=%08x, DISR=%08x\n", desc, ret, stat1, stat2) ;
XMEMCPY(out, DesBuffer, size) ;
if((desc==SEC_DESC_DES3_CBC_ENCRYPT)||(desc==SEC_DESC_DES_CBC_ENCRYPT)) {
XMEMCPY((void*)des->iv, (void*)&(out[size-DES_IVLEN]), DES_IVLEN) ;
} else {
XMEMCPY((void*)des->iv, (void*)&(in[size-DES_IVLEN]), DES_IVLEN) ;
}
in += size ;
out += size ;
}
}
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
Des_Cbc(des, out, in, sz, SEC_DESC_DES_CBC_ENCRYPT) ;
}
void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
Des_Cbc(des, out, in, sz, SEC_DESC_DES_CBC_DECRYPT) ;
}
void Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz)
{
Des_Cbc((Des *)des3, out, in, sz, SEC_DESC_DES3_CBC_ENCRYPT) ;
}
void Des3_CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 sz)
{
Des_Cbc((Des *)des3, out, in, sz, SEC_DESC_DES3_CBC_DECRYPT) ;
}
void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
{
int i ; int status ;
if(DesBuffer == NULL) {
status = tx_byte_allocate(&mp_ncached,(void *)&DesBuffer,DES_BUFFER_SIZE,TX_NO_WAIT);
}
XMEMCPY(des->key, key, DES_KEYLEN);
des->keylen = DES_KEYLEN ;
des->ivlen = 0 ;
if (iv) {
XMEMCPY(des->iv, iv, DES_IVLEN);
des->ivlen = DES_IVLEN ;
} else {
for(i=0; i<DES_IVLEN; i++)
des->iv[i] = 0x0 ;
}
}
void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
{
int i ; int status ;
if(DesBuffer == NULL) {
status = tx_byte_allocate(&mp_ncached,(void *)&DesBuffer,DES_BUFFER_SIZE,TX_NO_WAIT);
}
XMEMCPY(des3->key, key, DES3_KEYLEN);
des3->keylen = DES3_KEYLEN ;
des3->ivlen = 0 ;
if (iv) {
XMEMCPY(des3->iv, iv, DES3_IVLEN);
des3->ivlen = DES3_IVLEN ;
} else {
for(i=0; i<DES_IVLEN; i++)
des3->iv[i] = 0x0 ;
}
}
#else /* CTaoCrypt software implementation */
/* permuted choice table (key) */

1911
ctaocrypt/src/ecc.c
View File

File diff suppressed because it is too large Load Diff

4
ctaocrypt/src/error.c
View File

@@ -66,6 +66,10 @@ void CTaoCryptErrorString(int error, char* buffer)
XSTRNCPY(buffer, "random device read would block error", max);
break;
case BAD_MUTEX_E :
XSTRNCPY(buffer, "Bad mutex, operation failed", max);
break;
case MP_INIT_E :
XSTRNCPY(buffer, "mp_init error state", max);
break;

2
ctaocrypt/src/fp_sqr_comba_3.i
View File

@@ -23,7 +23,7 @@
#ifdef TFM_SQR3
void fp_sqr_comba3(fp_int *A, fp_int *B)
{
fp_digit *a, b[6], c0, c1, c2, sc0, sc1, sc2;
fp_digit *a, b[6], c0, c1, c2;
a = A->dp;
COMBA_START;

2
ctaocrypt/src/fp_sqr_comba_4.i
View File

@@ -23,7 +23,7 @@
#ifdef TFM_SQR4
void fp_sqr_comba4(fp_int *A, fp_int *B)
{
fp_digit *a, b[8], c0, c1, c2, sc0, sc1, sc2;
fp_digit *a, b[8], c0, c1, c2;
a = A->dp;
COMBA_START;

5
ctaocrypt/src/hmac.c
View File

@@ -487,5 +487,10 @@ static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
#endif /* HAVE_CAVIUM */
int CyaSSL_GetHmacMaxSize(void)
{
return MAX_DIGEST_SIZE;
}
#endif /* NO_HMAC */

24
ctaocrypt/src/integer.c
View File

@@ -179,6 +179,28 @@ mp_count_bits (mp_int * a)
}
int mp_leading_bit (mp_int * a)
{
int bit = 0;
mp_int t;
if (mp_init_copy(&t, a) != MP_OKAY)
return 0;
while (mp_iszero(&t) == 0) {
#ifndef MP_8BIT
bit = (t.dp[0] & 0x80) != 0;
#else
bit = (t.dp[0] | ((t.dp[1] & 0x01) << 7)) & 0x80 != 0;
#endif
if (mp_div_2d (&t, 8, &t, NULL) != MP_OKAY)
break;
}
mp_clear(&t);
return bit;
}
/* store in unsigned [big endian] format */
int mp_to_unsigned_bin (mp_int * a, unsigned char *b)
{
@@ -3743,7 +3765,7 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c)
#endif
#if defined(HAVE_ECC) || !defined(NO_PWDBASED)
#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(CYASSL_SNIFFER)
/* single digit addition */
int mp_add_d (mp_int* a, mp_digit b, mp_int* c)

381
ctaocrypt/src/port.c Normal file
View File

@@ -0,0 +1,381 @@
/* port.c
*
* Copyright (C) 2006-2013 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ctaocrypt/types.h>
#include <cyassl/ctaocrypt/error.h>
#ifdef _MSC_VER
/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
#pragma warning(disable: 4996)
#endif
#ifdef SINGLE_THREADED
int InitMutex(CyaSSL_Mutex* m)
{
(void)m;
return 0;
}
int FreeMutex(CyaSSL_Mutex *m)
{
(void)m;
return 0;
}
int LockMutex(CyaSSL_Mutex *m)
{
(void)m;
return 0;
}
int UnLockMutex(CyaSSL_Mutex *m)
{
(void)m;
return 0;
}
#else /* MULTI_THREAD */
#if defined(FREERTOS)
int InitMutex(CyaSSL_Mutex* m)
{
int iReturn;
*m = ( CyaSSL_Mutex ) xSemaphoreCreateMutex();
if( *m != NULL )
iReturn = 0;
else
iReturn = BAD_MUTEX_E;
return iReturn;
}
int FreeMutex(CyaSSL_Mutex* m)
{
vSemaphoreDelete( *m );
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
/* Assume an infinite block, or should there be zero block? */
xSemaphoreTake( *m, portMAX_DELAY );
return 0;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
xSemaphoreGive( *m );
return 0;
}
#elif defined(CYASSL_SAFERTOS)
int InitMutex(CyaSSL_Mutex* m)
{
vSemaphoreCreateBinary(m->mutexBuffer, m->mutex);
if (m->mutex == NULL)
return BAD_MUTEX_E;
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
(void)m;
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
/* Assume an infinite block */
xSemaphoreTake(m->mutex, portMAX_DELAY);
return 0;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
xSemaphoreGive(m->mutex);
return 0;
}
#elif defined(USE_WINDOWS_API)
int InitMutex(CyaSSL_Mutex* m)
{
InitializeCriticalSection(m);
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
DeleteCriticalSection(m);
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
EnterCriticalSection(m);
return 0;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
LeaveCriticalSection(m);
return 0;
}
#elif defined(CYASSL_PTHREADS)
int InitMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_init(m, 0) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int FreeMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_destroy(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_lock(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_unlock(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
#elif defined(THREADX)
int InitMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_create(m, "CyaSSL Mutex", TX_NO_INHERIT) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int FreeMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_delete(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_get(m, TX_WAIT_FOREVER) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_put(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
#elif defined(MICRIUM)
int InitMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_MutexCreate(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
int FreeMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_FreeMutex(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
int LockMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_LockMutex(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
int UnLockMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_UnLockMutex(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
#elif defined(EBSNET)
int InitMutex(CyaSSL_Mutex* m)
{
if (rtp_sig_mutex_alloc(m, "CyaSSL Mutex") == -1)
return BAD_MUTEX_E;
else
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
rtp_sig_mutex_free(*m);
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (rtp_sig_mutex_claim_timed(*m, RTIP_INF) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
rtp_sig_mutex_release(*m);
return 0;
}
#elif defined(FREESCALE_MQX)
int InitMutex(CyaSSL_Mutex* m)
{
if (_mutex_init(m, NULL) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
int FreeMutex(CyaSSL_Mutex* m)
{
if (_mutex_destroy(m) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (_mutex_lock(m) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
if (_mutex_unlock(m) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
#elif defined(CYASSL_MDK_ARM)
int InitMutex(CyaSSL_Mutex* m)
{
os_mut_init (m);
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
return(0) ;
}
int LockMutex(CyaSSL_Mutex* m)
{
os_mut_wait (m, 0xffff);
return(0) ;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
os_mut_release (m);
return 0;
}
#endif /* USE_WINDOWS_API */
#endif /* SINGLE_THREADED */

6
ctaocrypt/src/pwdbased.c
View File

@@ -106,11 +106,7 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
int hLen;
int j;
Hmac hmac;
#ifdef CYASSL_SHA512
byte buffer[SHA512_DIGEST_SIZE];
#else
byte buffer[INNER_HASH_SIZE]; /* max size, doesn't handle 512 yet */
#endif
byte buffer[MAX_DIGEST_SIZE];
if (hashType == MD5) {
hLen = MD5_DIGEST_SIZE;

39
ctaocrypt/src/random.c
View File

@@ -525,6 +525,45 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(FREESCALE_K53_RNGB)
/*
* Generates a RNG seed using the Random Number Generator (RNGB)
* on the Kinetis K53. Documentation located in Chapter 33 of
* K53 Sub-Family Reference Manual (see note in the README for link).
*/
int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int i;
/* turn on RNGB module */
SIM_SCGC3 |= SIM_SCGC3_RNGB_MASK;
/* reset RNGB */
RNG_CMD |= RNG_CMD_SR_MASK;
/* FIFO generate interrupt, return all zeros on underflow,
* set auto reseed */
RNG_CR |= (RNG_CR_FUFMOD_MASK | RNG_CR_AR_MASK);
/* gen seed, clear interrupts, clear errors */
RNG_CMD |= (RNG_CMD_GS_MASK | RNG_CMD_CI_MASK | RNG_CMD_CE_MASK);
/* wait for seeding to complete */
while ((RNG_SR & RNG_SR_SDN_MASK) == 0) {}
for (i = 0; i < sz; i++) {
/* wait for a word to be available from FIFO */
while((RNG_SR & RNG_SR_FIFO_LVL_MASK) == 0) {}
/* get value */
output[i] = RNG_OUT;
}
return 0;
}
#else
#warning "write a real random seed!!!!, just for testing now"

25
ctaocrypt/src/tfm.c
View File

@@ -1706,6 +1706,25 @@ int fp_count_bits (fp_int * a)
return r;
}
int fp_leading_bit(fp_int *a)
{
int bit = 0;
if (a->used != 0) {
fp_digit q = a->dp[a->used - 1];
int qSz = sizeof(fp_digit);
while (qSz > 0) {
if ((unsigned char)q != 0)
bit = (q & 0x80) != 0;
q >>= 8;
qSz--;
}
}
return bit;
}
void fp_lshd(fp_int *a, int x)
{
int y;
@@ -1968,6 +1987,12 @@ int mp_count_bits (mp_int* a)
}
int mp_leading_bit (mp_int* a)
{
return fp_leading_bit(a);
}
/* fast math conversion */
void mp_rshb (mp_int* a, int x)
{

168
ctaocrypt/test/test.c
View File

@@ -99,6 +99,7 @@
#ifdef FREESCALE_MQX
#include <mqx.h>
#include <fio.h>
#include <stdlib.h>
#else
#include <stdio.h>
#endif
@@ -140,6 +141,7 @@ int des_test(void);
int des3_test(void);
int aes_test(void);
int aesgcm_test(void);
int gmac_test(void);
int aesccm_test(void);
int camellia_test(void);
int rsa_test(void);
@@ -301,6 +303,13 @@ void ctaocrypt_test(void* args)
#endif
#ifdef HAVE_AESGCM
if ( (ret = gmac_test()) != 0)
err_sys("GMAC test passed!\n", ret);
else
printf( "GMAC test passed!\n");
#endif
#ifndef NO_RC4
if ( (ret = arc4_test()) != 0)
err_sys("ARC4 test failed!\n", ret);
@@ -1928,6 +1937,95 @@ int aesgcm_test(void)
return 0;
}
int gmac_test(void)
{
Gmac gmac;
const byte k1[] =
{
0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
};
const byte iv1[] =
{
0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
0xe2, 0x8c, 0x8f, 0x16
};
const byte a1[] =
{
0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
};
const byte t1[] =
{
0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
};
const byte k2[] =
{
0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
};
const byte iv2[] =
{
0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
0x1a, 0x60, 0x24, 0xa7
};
const byte a2[] =
{
0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
};
const byte t2[] =
{
0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
};
const byte k3[] =
{
0xb8, 0xe4, 0x9a, 0x5e, 0x37, 0xf9, 0x98, 0x2b,
0xb9, 0x6d, 0xd0, 0xc9, 0xb6, 0xab, 0x26, 0xac
};
const byte iv3[] =
{
0xe4, 0x4a, 0x42, 0x18, 0x8c, 0xae, 0x94, 0x92,
0x6a, 0x9c, 0x26, 0xb0
};
const byte a3[] =
{
0x9d, 0xb9, 0x61, 0x68, 0xa6, 0x76, 0x7a, 0x31,
0xf8, 0x29, 0xe4, 0x72, 0x61, 0x68, 0x3f, 0x8a
};
const byte t3[] =
{
0x23, 0xe2, 0x9f, 0x66, 0xe4, 0xc6, 0x52, 0x48
};
byte tag[16];
memset(tag, 0, sizeof(tag));
GmacSetKey(&gmac, k1, sizeof(k1));
GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
if (memcmp(t1, tag, sizeof(t1)) != 0)
return -126;
memset(tag, 0, sizeof(tag));
GmacSetKey(&gmac, k2, sizeof(k2));
GmacUpdate(&gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
if (memcmp(t2, tag, sizeof(t2)) != 0)
return -127;
memset(tag, 0, sizeof(tag));
GmacSetKey(&gmac, k3, sizeof(k3));
GmacUpdate(&gmac, iv3, sizeof(iv3), a3, sizeof(a3), tag, sizeof(t3));
if (memcmp(t3, tag, sizeof(t3)) != 0)
return -128;
return 0;
}
#endif /* HAVE_AESGCM */
#ifdef HAVE_AESCCM
@@ -2279,30 +2377,32 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
#ifndef NO_RSA
#ifdef FREESCALE_MQX
static const char* clientKey = "a:\\certs\\client-key.der";
static const char* clientCert = "a:\\certs\\client-cert.der";
#ifdef CYASSL_CERT_GEN
static const char* caKeyFile = "a:\\certs\\ca-key.der";
static const char* caCertFile = "a:\\certs\\ca-cert.pem";
#endif
#elif !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && defined(CYASSL_MKD_SHELL)
static char* clientKey = "certs/client-key.der";
static char* clientCert = "certs/client-cert.der";
void set_clientKey(char *key) { clientKey = key ; } /* set by shell command */
void set_clientCert(char *cert) { clientCert = cert ; } /* set by shell command */
#ifdef CYASSL_CERT_GEN
static char* caKeyFile = "certs/ca-key.der";
static char* caCertFile = "certs/ca-cert.pem";
void set_caKeyFile (char * key) { caKeyFile = key ; } /* set by shell command */
void set_caCertFile(char * cert) { caCertFile = cert ; } /* set by shell command */
#endif
#elif !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
static const char* clientKey = "./certs/client-key.der";
static const char* clientCert = "./certs/client-cert.der";
#ifdef CYASSL_CERT_GEN
static const char* caKeyFile = "./certs/ca-key.der";
static const char* caCertFile = "./certs/ca-cert.pem";
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
#ifdef FREESCALE_MQX
static const char* clientKey = "a:\\certs\\client-key.der";
static const char* clientCert = "a:\\certs\\client-cert.der";
#ifdef CYASSL_CERT_GEN
static const char* caKeyFile = "a:\\certs\\ca-key.der";
static const char* caCertFile = "a:\\certs\\ca-cert.pem";
#endif
#elif defined(CYASSL_MKD_SHELL)
static char* clientKey = "certs/client-key.der";
static char* clientCert = "certs/client-cert.der";
void set_clientKey(char *key) { clientKey = key ; } /* set by shell command */
void set_clientCert(char *cert) { clientCert = cert ; } /* set by shell command */
#ifdef CYASSL_CERT_GEN
static char* caKeyFile = "certs/ca-key.der";
static char* caCertFile = "certs/ca-cert.pem";
void set_caKeyFile (char * key) { caKeyFile = key ; } /* set by shell command */
void set_caCertFile(char * cert) { caCertFile = cert ; } /* set by shell command */
#endif
#else
static const char* clientKey = "./certs/client-key.der";
static const char* clientCert = "./certs/client-cert.der";
#ifdef CYASSL_CERT_GEN
static const char* caKeyFile = "./certs/ca-key.der";
static const char* caCertFile = "./certs/ca-cert.pem";
#endif
#endif
#endif
@@ -2751,10 +2851,12 @@ int rsa_test(void)
#ifndef NO_DH
#ifdef FREESCALE_MQX
static const char* dhKey = "a:\certs\\dh2048.der";
#elif !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
static const char* dhKey = "./certs/dh2048.der";
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
#ifdef FREESCALE_MQX
static const char* dhKey = "a:\certs\\dh2048.der";
#else
static const char* dhKey = "./certs/dh2048.der";
#endif
#endif
int dh_test(void)
@@ -2829,10 +2931,12 @@ int dh_test(void)
#ifndef NO_DSA
#ifdef FREESCALE_MQX
static const char* dsaKey = "a:\\certs\\dsa2048.der";
#elif !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
static const char* dsaKey = "./certs/dsa2048.der";
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
#ifdef FREESCALE_MQX
static const char* dsaKey = "a:\\certs\\dsa2048.der";
#else
static const char* dsaKey = "./certs/dsa2048.der";
#endif
#endif
int dsa_test(void)

4
cyassl-ios.xcodeproj/project.pbxproj
View File

@@ -7,6 +7,7 @@
objects = {
/* Begin PBXBuildFile section */
52397C5D17E0E63200517C9A /* port.c in Sources */ = {isa = PBXBuildFile; fileRef = 52397C5C17E0E63200517C9A /* port.c */; };
52B1348216F3CCC400C07B32 /* tls.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1347B16F3CCC400C07B32 /* tls.c */; };
52B1348316F3CCC400C07B32 /* ssl.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1347C16F3CCC400C07B32 /* ssl.c */; };
52B1348416F3CCC400C07B32 /* ocsp.c in Sources */ = {isa = PBXBuildFile; fileRef = 52B1347D16F3CCC400C07B32 /* ocsp.c */; };
@@ -55,6 +56,7 @@
/* End PBXCopyFilesBuildPhase section */
/* Begin PBXFileReference section */
52397C5C17E0E63200517C9A /* port.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = port.c; path = ctaocrypt/src/port.c; sourceTree = SOURCE_ROOT; };
52B1344D16F3C9E800C07B32 /* libcyassl-ios.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = "libcyassl-ios.a"; sourceTree = BUILT_PRODUCTS_DIR; };
52B1347B16F3CCC400C07B32 /* tls.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = tls.c; path = src/tls.c; sourceTree = SOURCE_ROOT; };
52B1347C16F3CCC400C07B32 /* ssl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = ssl.c; path = src/ssl.c; sourceTree = SOURCE_ROOT; };
@@ -145,6 +147,7 @@
52B1347A16F3CC9A00C07B32 /* wolfCrypt */ = {
isa = PBXGroup;
children = (
52397C5C17E0E63200517C9A /* port.c */,
52B1348916F3CDF300C07B32 /* tfm.c */,
52B1348A16F3CDF300C07B32 /* sha256.c */,
52B1348B16F3CDF300C07B32 /* sha.c */,
@@ -259,6 +262,7 @@
52B134BA16F3CDF300C07B32 /* asn.c in Sources */,
52B134BB16F3CDF300C07B32 /* arc4.c in Sources */,
52B134BC16F3CDF300C07B32 /* aes.c in Sources */,
52397C5D17E0E63200517C9A /* port.c in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};

4
cyassl-ntru.vcproj
View File

@@ -230,6 +230,10 @@
RelativePath=".\ctaocrypt\src\misc.c"
>
</File>
<File
RelativePath=".\ctaocrypt\src\port.c"
>
</File>
<File
RelativePath=".\ctaocrypt\src\pwdbased.c"
>

4
cyassl.vcproj
View File

@@ -222,6 +222,10 @@
RelativePath=".\ctaocrypt\src\memory.c"
>
</File>
<File
RelativePath=".\ctaocrypt\src\port.c"
>
</File>
<File
RelativePath=".\ctaocrypt\src\pwdbased.c"
>

8
cyassl/ctaocrypt/aes.h
View File

@@ -115,6 +115,14 @@ CYASSL_API int AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
typedef struct Gmac {
Aes aes;
} Gmac;
CYASSL_API void GmacSetKey(Gmac* gmac, const byte* key, word32 len);
CYASSL_API void GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
const byte* authIn, word32 authInSz,
byte* authTag, word32 authTagSz);
#endif /* HAVE_AESGCM */
#ifdef HAVE_AESCCM
CYASSL_API void AesCcmSetKey(Aes* aes, const byte* key, word32 keySz);

3
cyassl/ctaocrypt/asn.h
View File

@@ -78,6 +78,7 @@ enum ASN_Flags{
enum DN_Tags {
ASN_COMMON_NAME = 0x03, /* CN */
ASN_SUR_NAME = 0x04, /* SN */
ASN_SERIAL_NUMBER = 0x05, /* serialNumber */
ASN_COUNTRY_NAME = 0x06, /* C */
ASN_LOCALITY_NAME = 0x07, /* L */
ASN_STATE_NAME = 0x08, /* ST */
@@ -356,7 +357,7 @@ CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
CYASSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
mp_int* r, mp_int* s);
/* private key helpers */
CYASSL_LOCAL int EccPrivateKeyDecode(const byte* input,word32* inOutIdx,
CYASSL_API int EccPrivateKeyDecode(const byte* input,word32* inOutIdx,
ecc_key*,word32);
#endif

14
cyassl/ctaocrypt/des3.h
View File

@@ -45,6 +45,12 @@ enum {
DES_DECRYPTION = 1
};
#define DES_IVLEN 8
#define DES_KEYLEN 8
#define DES3_IVLEN 8
#define DES3_KEYLEN 24
#ifdef STM32F2_CRYPTO
enum {
DES_CBC = 0,
@@ -55,14 +61,20 @@ enum {
/* DES encryption and decryption */
typedef struct Des {
word32 key[DES_KS_SIZE];
word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */
byte keylen ; /* for Coldfire SEC */
byte ivlen ; /* for Coldfire SEC */
byte iv[DES3_IVLEN]; /* for Coldfire SEC */
word32 key[DES_KS_SIZE];
} Des;
/* DES3 encryption and decryption */
typedef struct Des3 {
byte keylen ; /* for Coldfire SEC */
byte ivlen ; /* for Coldfire SEC */
byte iv[DES3_IVLEN]; /* for Coldfire SEC */
word32 key[3][DES_KS_SIZE];
word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */

12
cyassl/ctaocrypt/ecc.h
View File

@@ -91,12 +91,14 @@ CYASSL_API
int ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
RNG* rng, ecc_key* key);
CYASSL_API
int ecc_verify_hash(const byte* sig, word32 siglen, byte* hash, word32 hashlen,
int* stat, ecc_key* key);
int ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
word32 hashlen, int* stat, ecc_key* key);
CYASSL_API
void ecc_init(ecc_key* key);
CYASSL_API
void ecc_free(ecc_key* key);
CYASSL_API
void ecc_fp_free(void);
/* ASN key helpers */
@@ -114,12 +116,6 @@ int ecc_size(ecc_key* key);
CYASSL_API
int ecc_sig_size(ecc_key* key);
/* TODO: fix mutex types */
#define MUTEX_GLOBAL(x) int (x);
#define MUTEX_LOCK(x)
#define MUTEX_UNLOCK(x)
#ifdef __cplusplus
} /* extern "C" */

1
cyassl/ctaocrypt/error.h
View File

@@ -39,6 +39,7 @@ enum {
WINCRYPT_E = -103, /* windows crypt init error */
CRYPTGEN_E = -104, /* windows crypt generation error */
RAN_BLOCK_E = -105, /* reading random device would block */
BAD_MUTEX_E = -106, /* Bad mutex operation */
MP_INIT_E = -110, /* mp_init error state */
MP_READ_E = -111, /* mp_read error state */

13
cyassl/ctaocrypt/hmac.h
View File

@@ -78,19 +78,19 @@ enum {
/* Select the largest available hash for the buffer size. */
#if defined(CYASSL_SHA512)
INNER_HASH_SIZE = SHA512_DIGEST_SIZE,
MAX_DIGEST_SIZE = SHA512_DIGEST_SIZE,
HMAC_BLOCK_SIZE = SHA512_BLOCK_SIZE
#elif defined(CYASSL_SHA384)
INNER_HASH_SIZE = SHA384_DIGEST_SIZE,
MAX_DIGEST_SIZE = SHA384_DIGEST_SIZE,
HMAC_BLOCK_SIZE = SHA384_BLOCK_SIZE
#elif !defined(NO_SHA256)
INNER_HASH_SIZE = SHA256_DIGEST_SIZE,
MAX_DIGEST_SIZE = SHA256_DIGEST_SIZE,
HMAC_BLOCK_SIZE = SHA256_BLOCK_SIZE
#elif !defined(NO_SHA)
INNER_HASH_SIZE = SHA_DIGEST_SIZE,
MAX_DIGEST_SIZE = SHA_DIGEST_SIZE,
HMAC_BLOCK_SIZE = SHA_BLOCK_SIZE
#elif !defined(NO_MD5)
INNER_HASH_SIZE = MD5_DIGEST_SIZE,
MAX_DIGEST_SIZE = MD5_DIGEST_SIZE,
HMAC_BLOCK_SIZE = MD5_BLOCK_SIZE
#else
#error "You have to have some kind of hash if you want to use HMAC."
@@ -122,7 +122,7 @@ typedef struct Hmac {
Hash hash;
word32 ipad[HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
word32 opad[HMAC_BLOCK_SIZE / sizeof(word32)];
word32 innerHash[INNER_HASH_SIZE / sizeof(word32)]; /* max size */
word32 innerHash[MAX_DIGEST_SIZE / sizeof(word32)];
byte macType; /* md5 sha or sha256 */
byte innerHashKeyed; /* keyed flag */
#ifdef HAVE_CAVIUM
@@ -147,6 +147,7 @@ CYASSL_API void HmacFinal(Hmac*, byte*);
CYASSL_API void HmacFreeCavium(Hmac*);
#endif
CYASSL_API int CyaSSL_GetHmacMaxSize(void);
#ifdef __cplusplus
} /* extern "C" */

1
cyassl/ctaocrypt/include.am
View File

@@ -21,6 +21,7 @@ nobase_include_HEADERS+= \
cyassl/ctaocrypt/md4.h \
cyassl/ctaocrypt/md5.h \
cyassl/ctaocrypt/misc.h \
cyassl/ctaocrypt/port.h \
cyassl/ctaocrypt/pwdbased.h \
cyassl/ctaocrypt/rabbit.h \
cyassl/ctaocrypt/random.h \

3
cyassl/ctaocrypt/integer.h
View File

@@ -225,6 +225,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y);
/* functions added to support above needed, removed TOOM and KARATSUBA */
int mp_count_bits (mp_int * a);
int mp_leading_bit (mp_int * a);
int mp_init_copy (mp_int * a, mp_int * b);
int mp_copy (mp_int * a, mp_int * b);
int mp_grow (mp_int * a, int size);
@@ -304,7 +305,7 @@ int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
#endif
#if defined(HAVE_ECC) || !defined(NO_PWDBASED)
#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(CYASSL_SNIFFER)
int mp_sub_d (mp_int * a, mp_digit b, mp_int * c);
#endif

111
cyassl/ctaocrypt/port.h Normal file
View File

@@ -0,0 +1,111 @@
/* port.h
*
* Copyright (C) 2006-2013 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifndef CTAO_CRYPT_PORT_H
#define CTAO_CRYPT_PORT_H
#ifdef __cplusplus
extern "C" {
#endif
#ifdef USE_WINDOWS_API
#ifdef CYASSL_GAME_BUILD
#include "system/xtl.h"
#else
#ifndef WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN
#endif
#if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
/* On WinCE winsock2.h must be included before windows.h */
#include <winsock2.h>
#endif
#include <windows.h>
#endif
#elif defined(THREADX)
#ifndef SINGLE_THREADED
#include "tx_api.h"
#endif
#elif defined(MICRIUM)
/* do nothing, just don't pick Unix */
#elif defined(FREERTOS) || defined(CYASSL_SAFERTOS)
/* do nothing */
#elif defined(EBSNET)
/* do nothing */
#elif defined(FREESCALE_MQX)
/* do nothing */
#elif defined(CYASSL_MDK_ARM)
#include <rtl.h>
#else
#ifndef SINGLE_THREADED
#define CYASSL_PTHREADS
#include <pthread.h>
#endif
#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
#include <unistd.h> /* for close of BIO */
#endif
#endif
#ifdef SINGLE_THREADED
typedef int CyaSSL_Mutex;
#else /* MULTI_THREADED */
/* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
#ifdef FREERTOS
typedef xSemaphoreHandle CyaSSL_Mutex;
#elif defined(CYASSL_SAFERTOS)
typedef struct CyaSSL_Mutex {
signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
xSemaphoreHandle mutex;
} CyaSSL_Mutex;
#elif defined(USE_WINDOWS_API)
typedef CRITICAL_SECTION CyaSSL_Mutex;
#elif defined(CYASSL_PTHREADS)
typedef pthread_mutex_t CyaSSL_Mutex;
#elif defined(THREADX)
typedef TX_MUTEX CyaSSL_Mutex;
#elif defined(MICRIUM)
typedef OS_MUTEX CyaSSL_Mutex;
#elif defined(EBSNET)
typedef RTP_MUTEX CyaSSL_Mutex;
#elif defined(FREESCALE_MQX)
typedef MUTEX_STRUCT CyaSSL_Mutex;
#elif defined(CYASSL_MDK_ARM)
typedef OS_MUT CyaSSL_Mutex;
#else
#error Need a mutex type in multithreaded mode
#endif /* USE_WINDOWS_API */
#endif /* SINGLE_THREADED */
CYASSL_LOCAL int InitMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* CTAO_CRYPT_PORT_H */

16
cyassl/ctaocrypt/settings.h
View File

@@ -144,12 +144,26 @@
#define NO_HC128
#endif /* MBED */
#ifdef CYASSL_TYTO
#define FREERTOS
#define NO_FILESYSTEM
#define CYASSL_USER_IO
#define NO_DEV_RANDOM
#endif
#ifdef FREERTOS_WINSIM
#define FREERTOS
#define USE_WINDOWS_API
#endif
/* Micrium will use Visual Studio for compilation but not the Win32 API */
#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) \
&& !defined(EBSNET)
#define USE_WINDOWS_API
#endif
#if defined(CYASSL_LEANPSK) && !defined(XMALLOC_USER)
#include <stdlib.h>
#define XMALLOC(s, h, type) malloc((s))
@@ -285,6 +299,8 @@
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define FREESCALE_K70_RNGA
/* #define FREESCALE_K53_RNGB */
#include "mqx.h"
#ifndef NO_FILESYSTEM
#include "mfs.h"
#include "fio.h"

6
cyassl/ctaocrypt/tfm.h
View File

@@ -293,7 +293,7 @@ typedef struct {
#define TFM_MUL12
#define TFM_MUL17
#endif
#ifdef TFM_SMALL_SET
#ifdef TFM_HUGE_SET
#define TFM_MUL20
#define TFM_MUL24
#define TFM_MUL28
@@ -316,7 +316,7 @@ typedef struct {
#define TFM_SQR12
#define TFM_SQR17
#endif
#ifdef TFM_SMALL_SET
#ifdef TFM_HUGE_SET
#define TFM_SQR20
#define TFM_SQR24
#define TFM_SQR28
@@ -490,6 +490,7 @@ int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
/* radix conersions */
int fp_count_bits(fp_int *a);
int fp_leading_bit(fp_int *a);
int fp_unsigned_bin_size(fp_int *a);
void fp_read_unsigned_bin(fp_int *a, unsigned char *b, int c);
@@ -655,6 +656,7 @@ int mp_copy(fp_int* a, fp_int* b);
int mp_isodd(mp_int* a);
int mp_iszero(mp_int* a);
int mp_count_bits(mp_int *a);
int mp_leading_bit(mp_int *a);
int mp_set_int(fp_int *a, fp_digit b);
void mp_rshb(mp_int *a, int x);

17
cyassl/ctaocrypt/types.h
View File

@@ -24,6 +24,7 @@
#define CTAO_CRYPT_TYPES_H
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ctaocrypt/port.h>
#ifdef __cplusplus
extern "C" {
@@ -188,15 +189,23 @@ enum {
#define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
#define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
#ifndef USE_WINDOWS_API
#define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
#define XSNPRINTF snprintf
#else
#define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
#define XSNPRINTF _snprintf
#endif
#endif
#if defined(HAVE_ECC) || defined(HAVE_OCSP)
#ifndef CTYPE_USER
#include <ctype.h>
#ifndef CTYPE_USER
#include <ctype.h>
#if defined(HAVE_ECC) || defined(HAVE_OCSP)
#define XTOUPPER(c) toupper((c))
#define XISALPHA(c) isalpha((c))
#endif
/* needed by CyaSSL_check_domain_name() */
#define XTOLOWER(c) tolower((c))
#endif

1
cyassl/error.h
View File

@@ -88,7 +88,6 @@ enum CyaSSL_ErrorCodes {
ECC_MAKEKEY_ERROR = -253, /* Bad Make ECC Key */
ECC_EXPORT_ERROR = -254, /* Bad ECC Export Key */
ECC_SHARED_ERROR = -255, /* Bad ECC Shared Secret */
BAD_MUTEX_ERROR = -256, /* Bad mutex */
NOT_CA_ERROR = -257, /* Not a CA cert error */
BAD_PATH_ERROR = -258, /* Bad path for opendir */
BAD_CERT_MANAGER_ERROR = -259, /* Bad Cert Manager */

117
cyassl/internal.h
View File

@@ -37,6 +37,7 @@
#include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/camellia.h>
#include <cyassl/ctaocrypt/logging.h>
#include <cyassl/ctaocrypt/hmac.h>
#ifndef NO_RC4
#include <cyassl/ctaocrypt/arc4.h>
#endif
@@ -519,21 +520,7 @@ enum {
};
#if defined(CYASSL_SHA384)
#define MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
#elif !defined(NO_SHA256)
#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
#elif !defined(NO_MD5) && !defined(NO_SHA)
#define MAX_DIGEST_SIZE (SHA_DIGEST_SIZE + MD5_DIGEST_SIZE)
#else
#error "You have configured the build so there isn't any hashing."
#endif
enum Misc {
SERVER_END = 0,
CLIENT_END,
ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
SEND_CERT = 1,
@@ -962,41 +949,6 @@ struct CYASSL_CIPHER {
};
#ifdef SINGLE_THREADED
typedef int CyaSSL_Mutex;
#else /* MULTI_THREADED */
/* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
#ifdef FREERTOS
typedef xSemaphoreHandle CyaSSL_Mutex;
#elif defined(CYASSL_SAFERTOS)
typedef struct CyaSSL_Mutex {
signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
xSemaphoreHandle mutex;
} CyaSSL_Mutex;
#elif defined(USE_WINDOWS_API)
typedef CRITICAL_SECTION CyaSSL_Mutex;
#elif defined(CYASSL_PTHREADS)
typedef pthread_mutex_t CyaSSL_Mutex;
#elif defined(THREADX)
typedef TX_MUTEX CyaSSL_Mutex;
#elif defined(MICRIUM)
typedef OS_MUTEX CyaSSL_Mutex;
#elif defined(EBSNET)
typedef RTP_MUTEX CyaSSL_Mutex;
#elif defined(FREESCALE_MQX)
typedef MUTEX_STRUCT CyaSSL_Mutex;
#elif defined(CYASSL_MDK_ARM)
typedef OS_MUT CyaSSL_Mutex;
#else
#error Need a mutex type in multithreaded mode
#endif /* USE_WINDOWS_API */
#endif /* SINGLE_THREADED */
CYASSL_LOCAL int InitMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
typedef struct OCSP_Entry OCSP_Entry;
#ifdef SHA_DIGEST_SIZE
@@ -1263,6 +1215,22 @@ struct CYASSL_CTX {
#ifdef HAVE_TLS_EXTENSIONS
TLSX* extensions; /* RFC 6066 TLS Extensions data */
#endif
#ifdef ATOMIC_USER
CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
#endif
#ifdef HAVE_PK_CALLBACKS
#ifdef HAVE_ECC
CallbackEccSign EccSignCb; /* User EccSign Callback handler */
CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
#endif /* HAVE_ECC */
#ifndef NO_RSA
CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */
CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */
CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
#endif /* NO_RSA */
#endif /* HAVE_PK_CALLBACKS */
};
@@ -1305,24 +1273,6 @@ typedef struct CipherSpecs {
void InitCipherSpecs(CipherSpecs* cs);
/* Supported Ciphers from page 43 */
enum BulkCipherAlgorithm {
cipher_null,
rc4,
rc2,
des,
triple_des, /* leading 3 (3des) not valid identifier */
des40,
idea,
aes,
aes_gcm,
aes_ccm,
camellia,
hc128, /* CyaSSL extensions */
rabbit
};
/* Supported Message Authentication Codes from page 43 */
enum MACAlgorithm {
no_mac,
@@ -1421,6 +1371,7 @@ typedef struct Keys {
#endif
word32 encryptSz; /* last size of encrypted data */
word32 padSz; /* how much to advance after decrypt part */
byte encryptionOn; /* true after change cipher spec */
byte decryptedCur; /* only decrypt current record once */
} Keys;
@@ -1572,6 +1523,14 @@ typedef struct Buffers {
#ifdef CYASSL_DTLS
CYASSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
#endif
#ifdef HAVE_PK_CALLBACKS
#ifdef HAVE_ECC
buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
#endif /* HAVE_ECC */
#ifndef NO_RSA
buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
#endif /* NO_RSA */
#endif /* HAVE_PK_CALLBACKS */
} Buffers;
typedef struct Options {
@@ -1666,6 +1625,14 @@ struct CYASSL_X509 {
int serialSz;
byte serial[EXTERNAL_SERIAL_SIZE];
char subjectCN[ASN_NAME_MAX]; /* common name short cut */
#ifdef CYASSL_SEP
int deviceTypeSz;
byte deviceType[EXTERNAL_SERIAL_SIZE];
int hwTypeSz;
byte hwType[EXTERNAL_SERIAL_SIZE];
int hwSerialNumSz;
byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
#endif
buffer derCert; /* may need */
DNS_entry* altNames; /* alt names list */
DNS_entry* altNamesNext; /* hint for retrieval */
@@ -1835,6 +1802,22 @@ struct CYASSL {
int sessionIndex; /* Session's location in the cache. */
#endif
CYASSL_ALERT_HISTORY alert_history;
#ifdef ATOMIC_USER
void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
#endif
#ifdef HAVE_PK_CALLBACKS
#ifdef HAVE_ECC
void* EccSignCtx; /* Ecc Sign Callback Context */
void* EccVerifyCtx; /* Ecc Verify Callback Context */
#endif /* HAVE_ECC */
#ifndef NO_RSA
void* RsaSignCtx; /* Rsa Sign Callback Context */
void* RsaVerifyCtx; /* Rsa Verify Callback Context */
void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
#endif /* NO_RSA */
#endif /* HAVE_PK_CALLBACKS */
};

134
cyassl/ssl.h
View File

@@ -783,6 +783,18 @@ CYASSL_API int CyaSSL_cmp_peer_cert_to_file(CYASSL*, const char*);
CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*);
CYASSL_API
CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format);
#ifdef CYASSL_SEP
CYASSL_API unsigned char*
CyaSSL_X509_get_device_type(CYASSL_X509*, unsigned char*, int*);
CYASSL_API unsigned char*
CyaSSL_X509_get_hw_type(CYASSL_X509*, unsigned char*, int*);
CYASSL_API unsigned char*
CyaSSL_X509_get_hw_serial_number(CYASSL_X509*, unsigned char*, int*);
#endif
/* connect enough to get peer cert */
CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl);
@@ -930,6 +942,126 @@ CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
typedef void (*CbMissingCRL)(const char* url);
/* User Atomic Record Layer CallBacks */
typedef int (*CallbackMacEncrypt)(CYASSL* ssl, unsigned char* macOut,
const unsigned char* macIn, unsigned int macInSz, int macContent,
int macVerify, unsigned char* encOut, const unsigned char* encIn,
unsigned int encSz, void* ctx);
CYASSL_API void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX*, CallbackMacEncrypt);
CYASSL_API void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx);
CYASSL_API void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl);
typedef int (*CallbackDecryptVerify)(CYASSL* ssl,
unsigned char* decOut, const unsigned char* decIn,
unsigned int decSz, int content, int verify, unsigned int* padSz,
void* ctx);
CYASSL_API void CyaSSL_CTX_SetDecryptVerifyCb(CYASSL_CTX*,
CallbackDecryptVerify);
CYASSL_API void CyaSSL_SetDecryptVerifyCtx(CYASSL* ssl, void *ctx);
CYASSL_API void* CyaSSL_GetDecryptVerifyCtx(CYASSL* ssl);
CYASSL_API const unsigned char* CyaSSL_GetMacSecret(CYASSL*, int);
CYASSL_API const unsigned char* CyaSSL_GetClientWriteKey(CYASSL*);
CYASSL_API const unsigned char* CyaSSL_GetClientWriteIV(CYASSL*);
CYASSL_API const unsigned char* CyaSSL_GetServerWriteKey(CYASSL*);
CYASSL_API const unsigned char* CyaSSL_GetServerWriteIV(CYASSL*);
CYASSL_API int CyaSSL_GetKeySize(CYASSL*);
CYASSL_API int CyaSSL_GetSide(CYASSL*);
CYASSL_API int CyaSSL_IsTLSv1_1(CYASSL*);
CYASSL_API int CyaSSL_GetBulkCipher(CYASSL*);
CYASSL_API int CyaSSL_GetCipherBlockSize(CYASSL*);
CYASSL_API int CyaSSL_GetAeadMacSize(CYASSL*);
CYASSL_API int CyaSSL_GetHmacSize(CYASSL*);
CYASSL_API int CyaSSL_GetHmacType(CYASSL*);
CYASSL_API int CyaSSL_GetCipherType(CYASSL*);
CYASSL_API int CyaSSL_SetTlsHmacInner(CYASSL*, unsigned char*,
unsigned int, int, int);
/* Atomic User Needs */
enum {
CYASSL_SERVER_END = 0,
CYASSL_CLIENT_END = 1,
CYASSL_BLOCK_TYPE = 2,
CYASSL_STREAM_TYPE = 3,
CYASSL_AEAD_TYPE = 4,
CYASSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
};
/* for GetBulkCipher and internal use */
enum BulkCipherAlgorithm {
cyassl_cipher_null,
cyassl_rc4,
cyassl_rc2,
cyassl_des,
cyassl_triple_des, /* leading 3 (3des) not valid identifier */
cyassl_des40,
cyassl_idea,
cyassl_aes,
cyassl_aes_gcm,
cyassl_aes_ccm,
cyassl_camellia,
cyassl_hc128, /* CyaSSL extensions */
cyassl_rabbit
};
/* Public Key Callback support */
typedef int (*CallbackEccSign)(CYASSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, unsigned int* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
CYASSL_API void CyaSSL_CTX_SetEccSignCb(CYASSL_CTX*, CallbackEccSign);
CYASSL_API void CyaSSL_SetEccSignCtx(CYASSL* ssl, void *ctx);
CYASSL_API void* CyaSSL_GetEccSignCtx(CYASSL* ssl);
typedef int (*CallbackEccVerify)(CYASSL* ssl,
const unsigned char* sig, unsigned int sigSz,
const unsigned char* hash, unsigned int hashSz,
const unsigned char* keyDer, unsigned int keySz,
int* result, void* ctx);
CYASSL_API void CyaSSL_CTX_SetEccVerifyCb(CYASSL_CTX*, CallbackEccVerify);
CYASSL_API void CyaSSL_SetEccVerifyCtx(CYASSL* ssl, void *ctx);
CYASSL_API void* CyaSSL_GetEccVerifyCtx(CYASSL* ssl);
typedef int (*CallbackRsaSign)(CYASSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, unsigned int* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
CYASSL_API void CyaSSL_CTX_SetRsaSignCb(CYASSL_CTX*, CallbackRsaSign);
CYASSL_API void CyaSSL_SetRsaSignCtx(CYASSL* ssl, void *ctx);
CYASSL_API void* CyaSSL_GetRsaSignCtx(CYASSL* ssl);
typedef int (*CallbackRsaVerify)(CYASSL* ssl,
unsigned char* sig, unsigned int sigSz,
unsigned char** out,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
CYASSL_API void CyaSSL_CTX_SetRsaVerifyCb(CYASSL_CTX*, CallbackRsaVerify);
CYASSL_API void CyaSSL_SetRsaVerifyCtx(CYASSL* ssl, void *ctx);
CYASSL_API void* CyaSSL_GetRsaVerifyCtx(CYASSL* ssl);
/* RSA Public Encrypt cb */
typedef int (*CallbackRsaEnc)(CYASSL* ssl,
const unsigned char* in, unsigned int inSz,
unsigned char* out, unsigned int* outSz,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
CYASSL_API void CyaSSL_CTX_SetRsaEncCb(CYASSL_CTX*, CallbackRsaEnc);
CYASSL_API void CyaSSL_SetRsaEncCtx(CYASSL* ssl, void *ctx);
CYASSL_API void* CyaSSL_GetRsaEncCtx(CYASSL* ssl);
/* RSA Private Decrypt cb */
typedef int (*CallbackRsaDec)(CYASSL* ssl,
unsigned char* in, unsigned int inSz,
unsigned char** out,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
CYASSL_API void CyaSSL_CTX_SetRsaDecCb(CYASSL_CTX*, CallbackRsaDec);
CYASSL_API void CyaSSL_SetRsaDecCtx(CYASSL* ssl, void *ctx);
CYASSL_API void* CyaSSL_GetRsaDecCtx(CYASSL* ssl);
#ifndef NO_CERTS
CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);
@@ -1067,7 +1199,7 @@ CYASSL_API int CyaSSL_accept_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack,
#endif /* CYASSL_CALLBACKS */
CYASSL_API long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX*, long);
CYASSL_API int CyaSSL_CTX_OCSP_set_options(CYASSL_CTX*, int);
CYASSL_API int CyaSSL_CTX_OCSP_set_override_url(CYASSL_CTX*, const char*);
/* OCSP Options */

388
cyassl/test.h
View File

@@ -10,6 +10,19 @@
#include <cyassl/ssl.h>
#include <cyassl/ctaocrypt/types.h>
#ifdef ATOMIC_USER
#include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/arc4.h>
#include <cyassl/ctaocrypt/hmac.h>
#endif
#ifdef HAVE_PK_CALLBACKS
#include <cyassl/ctaocrypt/random.h>
#include <cyassl/ctaocrypt/asn.h>
#ifdef HAVE_ECC
#include <cyassl/ctaocrypt/ecc.h>
#endif /* HAVE_ECC */
#endif /*HAVE_PK_CALLBACKS */
#ifdef USE_WINDOWS_API
#include <winsock2.h>
#include <process.h>
@@ -850,6 +863,7 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
{
(void)preverify;
char buffer[CYASSL_MAX_ERROR_SZ];
#ifdef OPENSSL_EXTRA
@@ -1286,6 +1300,380 @@ static INLINE void StackTrap(void)
#endif /* STACK_TRAP */
#ifdef ATOMIC_USER
/* Atomic Encrypt Context example */
typedef struct AtomicEncCtx {
int keySetup; /* have we done key setup yet */
Aes aes; /* for aes example */
} AtomicEncCtx;
/* Atomic Decrypt Context example */
typedef struct AtomicDecCtx {
int keySetup; /* have we done key setup yet */
Aes aes; /* for aes example */
} AtomicDecCtx;
static INLINE int myMacEncryptCb(CYASSL* ssl, unsigned char* macOut,
const unsigned char* macIn, unsigned int macInSz, int macContent,
int macVerify, unsigned char* encOut, const unsigned char* encIn,
unsigned int encSz, void* ctx)
{
int ret;
Hmac hmac;
byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
const char* tlsStr = "TLS";
/* example supports (d)tls aes */
if (CyaSSL_GetBulkCipher(ssl) != cyassl_aes) {
printf("myMacEncryptCb not using AES\n");
return -1;
}
if (strstr(CyaSSL_get_version(ssl), tlsStr) == NULL) {
printf("myMacEncryptCb not using (D)TLS\n");
return -1;
}
/* hmac, not needed if aead mode */
CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
CyaSSL_GetMacSecret(ssl, macVerify), CyaSSL_GetHmacSize(ssl));
HmacUpdate(&hmac, myInner, sizeof(myInner));
HmacUpdate(&hmac, macIn, macInSz);
HmacFinal(&hmac, macOut);
/* encrypt setup on first time */
if (encCtx->keySetup == 0) {
int keyLen = CyaSSL_GetKeySize(ssl);
const byte* key;
const byte* iv;
if (CyaSSL_GetSide(ssl) == CYASSL_CLIENT_END) {
key = CyaSSL_GetClientWriteKey(ssl);
iv = CyaSSL_GetClientWriteIV(ssl);
}
else {
key = CyaSSL_GetServerWriteKey(ssl);
iv = CyaSSL_GetServerWriteIV(ssl);
}
ret = AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("AesSetKey failed in myMacEncryptCb\n");
return ret;
}
encCtx->keySetup = 1;
}
/* encrypt */
return AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
}
static INLINE int myDecryptVerifyCb(CYASSL* ssl,
unsigned char* decOut, const unsigned char* decIn,
unsigned int decSz, int macContent, int macVerify,
unsigned int* padSz, void* ctx)
{
AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
int ret = 0;
int macInSz = 0;
int ivExtra = 0;
int digestSz = CyaSSL_GetHmacSize(ssl);
unsigned int pad = 0;
unsigned int padByte = 0;
Hmac hmac;
byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
byte verify[MAX_DIGEST_SIZE];
const char* tlsStr = "TLS";
/* example supports (d)tls aes */
if (CyaSSL_GetBulkCipher(ssl) != cyassl_aes) {
printf("myMacEncryptCb not using AES\n");
return -1;
}
if (strstr(CyaSSL_get_version(ssl), tlsStr) == NULL) {
printf("myMacEncryptCb not using (D)TLS\n");
return -1;
}
/*decrypt */
if (decCtx->keySetup == 0) {
int keyLen = CyaSSL_GetKeySize(ssl);
const byte* key;
const byte* iv;
/* decrypt is from other side (peer) */
if (CyaSSL_GetSide(ssl) == CYASSL_SERVER_END) {
key = CyaSSL_GetClientWriteKey(ssl);
iv = CyaSSL_GetClientWriteIV(ssl);
}
else {
key = CyaSSL_GetServerWriteKey(ssl);
iv = CyaSSL_GetServerWriteIV(ssl);
}
ret = AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
if (ret != 0) {
printf("AesSetKey failed in myDecryptVerifyCb\n");
return ret;
}
decCtx->keySetup = 1;
}
/* decrypt */
ret = AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
if (CyaSSL_GetCipherType(ssl) == CYASSL_AEAD_TYPE) {
*padSz = CyaSSL_GetAeadMacSize(ssl);
return 0; /* hmac, not needed if aead mode */
}
if (CyaSSL_GetCipherType(ssl) == CYASSL_BLOCK_TYPE) {
pad = *(decOut + decSz - 1);
padByte = 1;
if (CyaSSL_IsTLSv1_1(ssl))
ivExtra = CyaSSL_GetCipherBlockSize(ssl);
}
*padSz = CyaSSL_GetHmacSize(ssl) + pad + padByte;
macInSz = decSz - ivExtra - digestSz - pad - padByte;
CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
CyaSSL_GetMacSecret(ssl, macVerify), digestSz);
HmacUpdate(&hmac, myInner, sizeof(myInner));
HmacUpdate(&hmac, decOut + ivExtra, macInSz);
HmacFinal(&hmac, verify);
if (memcmp(verify, decOut + decSz - digestSz - pad - padByte,
digestSz) != 0) {
printf("myDecryptVerify verify failed\n");
return -1;
}
return ret;
}
static INLINE void SetupAtomicUser(CYASSL_CTX* ctx, CYASSL* ssl)
{
AtomicEncCtx* encCtx;
AtomicDecCtx* decCtx;
encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
if (encCtx == NULL)
err_sys("AtomicEncCtx malloc failed");
memset(encCtx, 0, sizeof(AtomicEncCtx));
decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx));
if (decCtx == NULL) {
free(encCtx);
err_sys("AtomicDecCtx malloc failed");
}
memset(decCtx, 0, sizeof(AtomicDecCtx));
CyaSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
CyaSSL_SetMacEncryptCtx(ssl, encCtx);
CyaSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
CyaSSL_SetDecryptVerifyCtx(ssl, decCtx);
}
static INLINE void FreeAtomicUser(CYASSL* ssl)
{
AtomicEncCtx* encCtx = CyaSSL_GetMacEncryptCtx(ssl);
AtomicDecCtx* decCtx = CyaSSL_GetDecryptVerifyCtx(ssl);
free(decCtx);
free(encCtx);
}
#endif /* ATOMIC_USER */
#ifdef HAVE_PK_CALLBACKS
#ifdef HAVE_ECC
static INLINE int myEccSign(CYASSL* ssl, const byte* in, word32 inSz,
byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
{
RNG rng;
int ret;
word32 idx = 0;
ecc_key myKey;
(void)ssl;
(void)ctx;
InitRng(&rng);
ecc_init(&myKey);
ret = EccPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
ecc_free(&myKey);
return ret;
}
static INLINE int myEccVerify(CYASSL* ssl, const byte* sig, word32 sigSz,
const byte* hash, word32 hashSz, const byte* key, word32 keySz,
int* result, void* ctx)
{
int ret;
ecc_key myKey;
(void)ssl;
(void)ctx;
ecc_init(&myKey);
ret = ecc_import_x963(key, keySz, &myKey);
if (ret == 0)
ret = ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
ecc_free(&myKey);
return ret;
}
#endif /* HAVE_ECC */
#ifndef NO_RSA
static INLINE int myRsaSign(CYASSL* ssl, const byte* in, word32 inSz,
byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
{
RNG rng;
int ret;
word32 idx = 0;
RsaKey myKey;
(void)ssl;
(void)ctx;
InitRng(&rng);
InitRsaKey(&myKey, NULL);
ret = RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
if (ret > 0) { /* save and convert to 0 success */
*outSz = ret;
ret = 0;
}
FreeRsaKey(&myKey);
return ret;
}
static INLINE int myRsaVerify(CYASSL* ssl, byte* sig, word32 sigSz,
byte** out,
const byte* key, word32 keySz,
void* ctx)
{
int ret;
word32 idx = 0;
RsaKey myKey;
(void)ssl;
(void)ctx;
InitRsaKey(&myKey, NULL);
ret = RsaPublicKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
FreeRsaKey(&myKey);
return ret;
}
static INLINE int myRsaEnc(CYASSL* ssl, const byte* in, word32 inSz,
byte* out, word32* outSz, const byte* key,
word32 keySz, void* ctx)
{
int ret;
word32 idx = 0;
RsaKey myKey;
RNG rng;
(void)ssl;
(void)ctx;
InitRng(&rng);
InitRsaKey(&myKey, NULL);
ret = RsaPublicKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0) {
ret = RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
if (ret > 0) {
*outSz = ret;
ret = 0; /* reset to success */
}
}
FreeRsaKey(&myKey);
return ret;
}
static INLINE int myRsaDec(CYASSL* ssl, byte* in, word32 inSz,
byte** out,
const byte* key, word32 keySz, void* ctx)
{
int ret;
word32 idx = 0;
RsaKey myKey;
(void)ssl;
(void)ctx;
InitRsaKey(&myKey, NULL);
ret = RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0) {
ret = RsaPrivateDecryptInline(in, inSz, out, &myKey);
}
FreeRsaKey(&myKey);
return ret;
}
#endif /* NO_RSA */
static INLINE void SetupPkCallbacks(CYASSL_CTX* ctx, CYASSL* ssl)
{
(void)ctx;
(void)ssl;
#ifdef HAVE_ECC
CyaSSL_CTX_SetEccSignCb(ctx, myEccSign);
CyaSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
#endif /* HAVE_ECC */
#ifndef NO_RSA
CyaSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
CyaSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
CyaSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
CyaSSL_CTX_SetRsaDecCb(ctx, myRsaDec);
#endif /* NO_RSA */
}
#endif /* HAVE_PK_CALLBACKS */
#if defined(__hpux__) || defined(__MINGW32__)
/* HP/UX doesn't have strsep, needed by test/suites.c */

4
cyassl/version.h
View File

@@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBCYASSL_VERSION_STRING "2.7.2"
#define LIBCYASSL_VERSION_HEX 0x02007002
#define LIBCYASSL_VERSION_STRING "2.8.2"
#define LIBCYASSL_VERSION_HEX 0x02008002
#ifdef __cplusplus
}

39
examples/client/client.c
View File

@@ -143,11 +143,14 @@ static void Usage(void)
printf("-o Perform OCSP lookup on peer certificate\n");
printf("-O <url> Perform OCSP lookup using <url> as responder\n");
#endif
#ifdef ATOMIC_USER
printf("-U Atomic User Record Layer Callbacks\n");
#endif
#ifdef HAVE_PK_CALLBACKS
printf("-P Public Key Callbacks\n");
#endif
}
#ifdef CYASSL_MDK_SHELL
#define exit(code) return(code)
#endif
#ifdef CYASSL_MDK_SHELL
#define exit(code) return(code)
@@ -189,6 +192,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
int trackMemory = 0;
int useClientCert = 1;
int fewerPackets = 0;
int atomicUser = 0;
int pkCallbacks = 0;
char* cipherList = NULL;
char* verifyCert = (char*)caCert;
char* ourCert = (char*)cliCert;
@@ -224,11 +229,13 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
(void)session;
(void)sslResume;
(void)trackMemory;
(void)atomicUser;
(void)pkCallbacks;
StackTrap();
while ((ch = mygetopt(argc, argv,
"?gdusmNrtfxh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
"?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
switch (ch) {
case '?' :
Usage();
@@ -268,6 +275,18 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
fewerPackets = 1;
break;
case 'U' :
#ifdef ATOMIC_USER
atomicUser = 1;
#endif
break;
case 'P' :
#ifdef HAVE_PK_CALLBACKS
pkCallbacks = 1;
#endif
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
@@ -596,6 +615,14 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
err_sys("can't load crl, check crlfile and date validity");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
#endif
#ifdef ATOMIC_USER
if (atomicUser)
SetupAtomicUser(ctx, ssl);
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx, ssl);
#endif
if (matchName && doPeerCheck)
CyaSSL_check_domain_name(ssl, domain);
@@ -668,6 +695,10 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
if (doDTLS == 0) /* don't send alert after "break" command */
CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */
#ifdef ATOMIC_USER
if (atomicUser)
FreeAtomicUser(ssl);
#endif
CyaSSL_free(ssl);
CloseSocket(sockfd);

17
examples/server/server.c
View File

@@ -127,6 +127,9 @@ static void Usage(void)
printf("-o Perform OCSP lookup on peer certificate\n");
printf("-O <url> Perform OCSP lookup using <url> as responder\n");
#endif
#ifdef HAVE_PK_CALLBACKS
printf("-P Public Key Callbacks\n");
#endif
}
#ifdef CYASSL_MDK_SHELL
@@ -157,6 +160,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int nonBlocking = 0;
int trackMemory = 0;
int fewerPackets = 0;
int pkCallbacks = 0;
char* cipherList = NULL;
char* verifyCert = (char*)cliCert;
char* ourCert = (char*)svrCert;
@@ -181,8 +185,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
ourKey = (char*)eccKey;
#endif
(void)trackMemory;
(void)pkCallbacks;
while ((ch = mygetopt(argc, argv, "?dbstnNufp:v:l:A:c:k:S:oO:")) != -1) {
while ((ch = mygetopt(argc, argv, "?dbstnNufPp:v:l:A:c:k:S:oO:")) != -1) {
switch (ch) {
case '?' :
Usage();
@@ -218,6 +223,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
fewerPackets = 1;
break;
case 'P' :
#ifdef HAVE_PK_CALLBACKS
pkCallbacks = 1;
#endif
break;
case 'p' :
port = atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
@@ -454,6 +465,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
CyaSSL_CTX_OCSP_set_override_url(ctx, ocspUrl);
}
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx, ssl);
#endif
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS);
if (!doDTLS)

4
m4/ax_append_to_file.m4
View File

@@ -19,9 +19,9 @@
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 7
#serial 8
AC_DEFUN([AX_APPEND_TO_FILE],[
AC_REQUIRE([AX_FILE_ESCAPES])
printf "$2" >> "$1"
printf "$2\n" >> "$1"
])

95
m4/ax_check_library.m4 Normal file
View File

@@ -0,0 +1,95 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_check_library.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_CHECK_LIBRARY(VARIABLE-PREFIX, HEADER-FILE, LIBRARY-FILE,
# [ACTION-IF-FOUND], [ACTION-IF-NOT_FOUND])
#
# DESCRIPTION
#
# Provides a generic test for a given library, similar in concept to the
# PKG_CHECK_MODULES macro used by pkg-config.
#
# Most simplest libraries can be checked against simply through the
# presence of a header file and a library to link to. This macro allows to
# wrap around the test so that it doesn't have to be recreated each time.
#
# Rather than define --with-$LIBRARY arguments, it uses variables in the
# same way that PKG_CHECK_MODULES does. It doesn't, though, use the same
# names, since you shouldn't provide a value for LIBS or CFLAGS but rather
# for LDFLAGS and CPPFLAGS, to tell the linker and compiler where to find
# libraries and headers respectively.
#
# If the library is find, HAVE_PREFIX is defined, and in all cases
# PREFIX_LDFLAGS and PREFIX_CPPFLAGS are substituted.
#
# Example:
#
# AX_CHECK_LIBRARY([LIBEVENT], [event.h], [event], [],
# [AC_MSG_ERROR([Unable to find libevent])])
#
# LICENSE
#
# Copyright (c) 2012 Brian Aker <brian@tangent.org>
# Copyright (c) 2010 Diego Elio Petteno` <flameeyes@gmail.com>
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 7
AC_DEFUN([AX_CHECK_LIBRARY],
[AC_ARG_VAR($1[_CPPFLAGS],[C preprocessor flags for ]$1[ headers])
AC_ARG_VAR($1[_LDFLAGS],[linker flags for ]$1[ libraries])
AC_CACHE_VAL(AS_TR_SH([ax_cv_have_]$1),
[AX_SAVE_FLAGS
AS_IF([test "x$]$1[_CPPFLAGS" != "x"],
[CPPFLAGS="$CPPFLAGS $]$1[_CPPFLAGS"])
AS_IF([test "x$]$1[_LDFLAGS" != "x"],
[LDFLAGS="$LDFLAGS $]$1[_LDFLAGS"])
AC_CHECK_HEADER($2, [
AC_CHECK_LIB($3, [main],
[AS_TR_SH([ax_cv_have_]$1)=yes],
[AS_TR_SH([ax_cv_have_]$1)=no])
], [AS_TR_SH([ax_cv_have_]$1)=no])
AX_RESTORE_FLAGS
])
AS_IF([test "$]AS_TR_SH([ax_cv_have_]$1)[" = "yes"],
[AC_DEFINE([HAVE_]$1, [1], [Define to 1 if ]$1[ is found])
AC_SUBST($1[_CPPFLAGS])
AC_SUBST($1[_LDFLAGS])
AC_SUBST($1[_LIB],[-l]$3)
ifelse([$4], , :, [$4])],
[ifelse([$5], , :, [$5])])
])

126
m4/ax_compiler_version.m4
View File

@@ -1,36 +1,100 @@
AC_DEFUN([AX_C_COMPILER_VERSION],[
# ===========================================================================
# https://github.com/BrianAker/ddm4/
# ===========================================================================
#
# SYNOPSIS
#
# AX_COMPILER_VERSION()
#
# DESCRIPTION
#
# Capture version of C/C++ compiler
#
# LICENSE
#
# Copyright (C) 2012 Brian Aker
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# * The names of its contributors may not be used to endorse or
# promote products derived from this software without specific prior
# written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
dnl Print version of C compiler
AC_MSG_CHECKING("C Compiler version--$GCC")
AS_IF([test "$GCC" = "yes"],[
CC_VERSION=`$CC --version | sed 1q` ],[
test "$SUNCC" = "yes"],[
CC_VERSION=`$CC -V 2>&1 | sed 1q` ],[
test "$CLANG" = "yes"],[
CC_VERSION=`$CC --version 2>&1 | sed 1q` ],[
CC_VERSION=""
])
AC_MSG_RESULT("$CC_VERSION")
AC_SUBST(CC_VERSION)
])
#serial 5
AC_DEFUN([_C_COMPILER_VERSION],
[AC_MSG_CHECKING([C Compiler version])
AS_CASE(["$ax_cv_c_compiler_vendor"],
[sun],[ax_c_compiler_version=`$CC -V 2>&1 | sed 1q`],
[intel],[ax_c_compiler_version=`$CC --version 2>&1 | sed 1q`],
[clang],[ax_c_compiler_version=`$CC --version 2>&1 | sed 1q`],
[gnu],[ax_c_compiler_version=`$CC --version | sed 1q`],
[mingw],[ax_c_compiler_version=`$CC --version | sed 1q`],
[ax_c_compiler_version="unknown: $ax_cv_c_compiler_vendor"])
AC_DEFUN([AX_CXX_COMPILER_VERSION], [
dnl Check C version while at it
AC_REQUIRE([AX_C_COMPILER_VERSION])
dnl Print version of CXX compiler
AC_MSG_CHECKING("C++ Compiler version")
AS_IF([test "$GCC" = "yes"],[
CXX_VERSION=`$CXX --version | sed 1q` ],[
test "$SUNCC" = "yes"],[
CXX_VERSION=`$CXX -V 2>&1 | sed 1q` ],[
test "$CLANG" = "yes"],[
CXX_VERSION=`$CXX --version 2>&1 | sed 1q` ],[
CXX_VERSION=""
])
AC_MSG_RESULT("$CXX_VERSION")
AC_SUBST(CXX_VERSION)
AC_MSG_RESULT(["$ax_c_compiler_version"])
AC_SUBST([CC_VERSION_VENDOR],["$ax_cv_c_compiler_vendor"])
AC_SUBST([CC_VERSION],["$ax_c_compiler_version"])
])
AC_DEFUN([_CXX_COMPILER_VERSION],
[AC_MSG_CHECKING([C++ Compiler version])
AS_CASE(["$ax_cv_c_compiler_vendor"],
[sun],[ax_cxx_compiler_version=`$CXX -V 2>&1 | sed 1q`],
[intel],[ax_cxx_compiler_version=`$CXX --version 2>&1 | sed 1q`],
[clang],[ax_cxx_compiler_version=`$CXX --version 2>&1 | sed 1q`],
[gnu],[ax_cxx_compiler_version=`$CXX --version | sed 1q`],
[mingw],[ax_cxx_compiler_version=`$CXX --version | sed 1q`],
[ax_cxx_compiler_version="unknown: $ax_cv_c_compiler_vendor"])
AC_MSG_RESULT(["$ax_cxx_compiler_version"])
AC_SUBST([CXX_VERSION_VENDOR],["$ax_cv_c_compiler_vendor"])
AC_SUBST([CXX_VERSION],["$ax_cxx_compiler_version"])
])
AC_DEFUN([AX_COMPILER_VERSION],
[AC_REQUIRE([AX_COMPILER_VENDOR])
AC_MSG_CHECKING([MINGW])
AC_CHECK_DECL([__MINGW32__],
[MINGW=yes
ax_c_compiler_version_vendor=mingw],
[MINGW=no])
AC_MSG_RESULT([$MINGW])
AC_REQUIRE([_C_COMPILER_VERSION])
AC_REQUIRE([_CXX_COMPILER_VERSION])
AS_IF([test "x$GCC" = xyes],
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#if !defined(__GNUC__) || (__GNUC__ < 4) || ((__GNUC__ >= 4) && (__GNUC_MINOR__ < 7))
# error GCC is Too Old!
#endif
]])],
[ac_c_gcc_recent=yes],
[ac_c_gcc_recent=no])
])
])

23
m4/ax_debug.m4
View File

@@ -43,19 +43,22 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#serial 2
#serial 6
AC_DEFUN([AX_DEBUG],[
AC_DEFUN([AX_DEBUG],
[AC_PREREQ([2.63])dnl
AC_ARG_ENABLE([debug],
[AS_HELP_STRING([--enable-debug],
[Add debug code/turns off optimizations (yes|no) @<:@default=no@:>@])],[
ax_enable_debug=$enableval
AC_DEFINE(DEBUG, [ 1 ], [Define to 1 to enable debugging code.])
],[
ax_enable_debug=no
AC_DEFINE(DEBUG, [ 0 ], [Define to 1 to enable debugging code.])
])
[Add debug code/turns off optimizations (yes|no) @<:@default=no@:>@])],
[ax_enable_debug=yes
AC_DEFINE([DEBUG],[1],[Define to 1 to enable debugging code.])
AX_CHECK_LIBRARY([MCHECK],[mcheck.h],[mcheck],[AX_APPEND_LINK_FLAGS([-lmcheck])])
AX_ADD_AM_MACRO([--debug],[AM_YFLAGS])
AX_ADD_AM_MACRO([-D_GLIBCXX_DEBUG],[AM_CPPFLAGS])],
[ax_enable_debug=no
AC_SUBST([MCHECK])
AC_DEFINE([DEBUG],[0],[Define to 1 to enable debugging code.])])
AC_MSG_CHECKING([for debug])
AC_MSG_RESULT([$ax_enable_debug])
])
AM_CONDITIONAL([DEBUG],[test "x${ax_enable_debug}" = "xyes"])])

1
m4/ax_harden_compiler_flags.m4
View File

@@ -67,7 +67,6 @@
AC_REQUIRE([AX_CHECK_LINK_FLAG])
AC_REQUIRE([AX_VCS_CHECKOUT])
AC_REQUIRE([AX_DEBUG])
AC_REQUIRE([AX_CXX_COMPILER_VERSION])
dnl If we are inside of VCS we append -Werror, otherwise we just use it to test other flags
AX_HARDEN_LIB=

34
m4/ax_pthread.m4
View File

@@ -82,7 +82,7 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 19
#serial 20
AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD])
AC_DEFUN([AX_PTHREAD], [
@@ -159,12 +159,12 @@ case ${host_os} in
ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags"
;;
darwin12* | darwin11.4*)
ax_pthread_flags="$ax_pthread_flags"
;;
darwin*)
ax_pthread_flags="-pthreads $ax_pthread_flags"
if test "$CC" = "clang"; then
ax_pthread_flags="$ax_pthread_flags"
else
ax_pthread_flags="-pthread $ax_pthread_flags"
fi
;;
esac
@@ -287,16 +287,24 @@ if test "x$ax_pthread_ok" = xyes; then
LIBS="$save_LIBS"
CFLAGS="$save_CFLAGS"
# More AIX lossage: must compile with xlc_r or cc_r
if test x"$GCC" != xyes; then
AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC})
else
PTHREAD_CC=$CC
# More AIX lossage: compile with *_r variant
if test "x$GCC" != xyes; then
case $host_os in
aix*)
AS_CASE(["x/$CC"],
[x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6],
[#handle absolute path differently from PATH based program lookup
AS_CASE(["x$CC"],
[x/*],
[AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])],
[AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])])
;;
esac
fi
else
PTHREAD_CC="$CC"
fi
test -n "$PTHREAD_CC" || PTHREAD_CC="$CC"
AC_SUBST(PTHREAD_LIBS)
AC_SUBST(PTHREAD_CFLAGS)
AC_SUBST(PTHREAD_CC)

34
m4/ax_vcs_checkout.m4
View File

@@ -45,15 +45,31 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#serial 1
AC_DEFUN([AX_VCS_CHECKOUT],[
AC_CACHE_CHECK([for vcs checkout], [ac_cv_vcs_checkout], [
AS_IF([test -d ".bzr"],[ac_cv_vcs_checkout=yes])
AS_IF([test -d ".svn"],[ac_cv_vcs_checkout=yes])
AS_IF([test -d ".hg"], [ac_cv_vcs_checkout=yes])
AS_IF([test -d ".git"],[ac_cv_vcs_checkout=yes])
#serial 6
AC_DEFUN([AX_VCS_SYSTEM],
[AC_PREREQ([2.63])dnl
AC_CACHE_CHECK([for vcs system], [ac_cv_vcs_system],
[ac_cv_vcs_system="none"
AS_IF([test -d ".bzr"],[ac_cv_vcs_system="bazaar"])
AS_IF([test -d ".svn"],[ac_cv_vcs_system="svn"])
AS_IF([test -d ".hg"],[ac_cv_vcs_system="mercurial"])
AS_IF([test -d ".git"],[ac_cv_vcs_system="git"])
])
AC_DEFINE_UNQUOTED([VCS_SYSTEM],["$ac_cv_vcs_system"],[VCS system])
])
AC_DEFUN([AX_VCS_CHECKOUT],
[AC_PREREQ([2.63])dnl
AC_REQUIRE([AX_VCS_SYSTEM])
AC_CACHE_CHECK([for vcs checkout],[ac_cv_vcs_checkout],
[AS_IF([test "x$ac_cv_vcs_system" != "xnone"],
[ac_cv_vcs_checkout=yes],
[ac_cv_vcs_checkout=no])
])
AS_IF([test "$ac_cv_vcs_checkout" = yes], [])
AM_CONDITIONAL([IS_VCS_CHECKOUT],[test "x$ac_cv_vcs_checkout" = "xyes"])
AS_IF([test "x$ac_cv_vcs_checkout" = "xyes"],
[AC_DEFINE([VCS_CHECKOUT],[1],[Define if the code was built from VCS.])],
[AC_DEFINE([VCS_CHECKOUT],[0],[Define if the code was built from VCS.])])
])

2
rpm/spec.in
View File

@@ -61,7 +61,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/libcyassl.la
%{_libdir}/libcyassl.so
%{_libdir}/libcyassl.so.5
%{_libdir}/libcyassl.so.5.0.1
%{_libdir}/libcyassl.so.5.0.2
%files devel
%defattr(-,root,root,-)

6
src/crl.c
View File

@@ -48,7 +48,7 @@ int InitCRL(CYASSL_CRL* crl, CYASSL_CERT_MANAGER* cm)
crl->tid = 0;
#endif
if (InitMutex(&crl->crlLock) != 0)
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
return 0;
}
@@ -134,7 +134,7 @@ int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert)
if (LockMutex(&crl->crlLock) != 0) {
CYASSL_MSG("LockMutex failed");
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
crle = crl->crlList;
@@ -217,7 +217,7 @@ static int AddCRL(CYASSL_CRL* crl, DecodedCRL* dcrl)
CYASSL_MSG("LockMutex failed");
FreeCRL_Entry(crle);
XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
crle->next = crl->crlList;
crl->crlList = crle;

1
src/include.am
View File

@@ -13,6 +13,7 @@ src_libcyassl_la_SOURCES = \
ctaocrypt/src/random.c \
ctaocrypt/src/sha256.c \
ctaocrypt/src/logging.c \
ctaocrypt/src/port.c \
ctaocrypt/src/error.c
src_libcyassl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${CYASSL_LIBRARY_VERSION}
src_libcyassl_la_LIBADD = $(LIBM)

1195
src/internal.c
View File

File diff suppressed because it is too large Load Diff

25
src/io.c
View File

@@ -107,6 +107,7 @@
#define SOCKET_EPIPE WSAEPIPE
#define SOCKET_ECONNREFUSED WSAENOTCONN
#define SOCKET_ECONNABORTED WSAECONNABORTED
#define close(s) closesocket(s)
#elif defined(__PPU)
#define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK
#define SOCKET_EAGAIN SYS_NET_EAGAIN
@@ -552,7 +553,7 @@ static INLINE int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
static int build_http_request(const char* domainName, const char* path,
int ocspReqSz, byte* buf, int bufSize)
{
return snprintf((char*)buf, bufSize,
return XSNPRINTF((char*)buf, bufSize,
"POST %s HTTP/1.1\r\n"
"Host: %s\r\n"
"Content-Length: %d\r\n"
@@ -563,7 +564,7 @@ static int build_http_request(const char* domainName, const char* path,
static int decode_url(const char* url, int urlSz,
char* outName, char* outPath, int* outPort)
char* outName, char* outPath, word16* outPort)
{
int result = -1;
@@ -596,6 +597,7 @@ static int decode_url(const char* url, int urlSz,
if (cur < urlSz && url[cur] == ':') {
char port[6];
int j;
word32 bigPort = 0;
i = 0;
cur++;
while (cur < urlSz && url[cur] != 0 && url[cur] != '/' &&
@@ -603,11 +605,11 @@ static int decode_url(const char* url, int urlSz,
port[i++] = url[cur++];
}
*outPort = 0;
for (j = 0; j < i; j++) {
if (port[j] < '0' || port[j] > '9') return -1;
*outPort = (*outPort * 10) + (port[j] - '0');
bigPort = (bigPort * 10) + (port[j] - '0');
}
*outPort = (word16)bigPort;
}
else
*outPort = 80;
@@ -648,7 +650,7 @@ static int process_http_response(int sfd, byte** respBuf,
start = end = NULL;
do {
if (end == NULL) {
result = (int)recv(sfd, httpBuf+len, httpBufSz-len-1, 0);
result = (int)recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0);
if (result > 0) {
len += result;
start = (char*)httpBuf;
@@ -679,7 +681,8 @@ static int process_http_response(int sfd, byte** respBuf,
}
else {
*end = 0;
len -= end - start + 2;
len -= (int)(end - start) + 2;
/* adjust len to remove the first line including the /r/n */
if (XSTRNCASECMP(start, "HTTP/1", 6) == 0) {
start += 9;
@@ -734,7 +737,7 @@ static int process_http_response(int sfd, byte** respBuf,
/* receive the OCSP response data */
do {
result = (int)recv(sfd, recvBuf+len, recvBufSz-len, 0);
result = (int)recv(sfd, (char*)recvBuf+len, recvBufSz-len, 0);
if (result > 0)
len += result;
else {
@@ -754,7 +757,9 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
{
char domainName[80], path[80];
int port, httpBufSz, sfd = -1;
int httpBufSz;
SOCKET_T sfd;
word16 port;
int ocspRespSz = 0;
byte* httpBuf = NULL;
@@ -790,9 +795,9 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
if ((tcp_connect(&sfd, domainName, port) == 0) && (sfd > 0)) {
int written;
written = (int)send(sfd, httpBuf, httpBufSz, 0);
written = (int)send(sfd, (char*)httpBuf, httpBufSz, 0);
if (written == httpBufSz) {
written = (int)send(sfd, ocspReqBuf, ocspReqSz, 0);
written = (int)send(sfd, (char*)ocspReqBuf, ocspReqSz, 0);
if (written == ocspReqSz) {
ocspRespSz = process_http_response(sfd, ocspRespBuf,
httpBuf, SCRATCH_BUFFER_SIZE);

188
src/keys.c
View File

@@ -48,7 +48,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -64,7 +64,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -80,7 +80,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -96,7 +96,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -112,7 +112,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -128,7 +128,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -144,7 +144,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -160,7 +160,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -176,7 +176,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -193,7 +193,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -210,7 +210,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -227,7 +227,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -244,7 +244,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -261,7 +261,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -278,7 +278,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -295,7 +295,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -312,7 +312,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -329,7 +329,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -346,7 +346,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -363,7 +363,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -380,7 +380,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -397,7 +397,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -414,7 +414,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -431,7 +431,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -448,7 +448,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -466,7 +466,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -484,7 +484,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -502,7 +502,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -520,7 +520,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -538,7 +538,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -556,7 +556,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -574,7 +574,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -592,7 +592,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -610,7 +610,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
@@ -629,7 +629,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
case TLS_RSA_WITH_AES_128_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@@ -647,7 +647,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
case TLS_RSA_WITH_AES_256_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@@ -665,7 +665,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
case TLS_PSK_WITH_AES_128_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
@@ -684,7 +684,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
case TLS_PSK_WITH_AES_256_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
@@ -711,7 +711,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
case SSL_RSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@@ -728,7 +728,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
case TLS_NTRU_RSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
@@ -745,7 +745,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
case SSL_RSA_WITH_RC4_128_MD5 :
ssl->specs.bulk_cipher_algorithm = rc4;
ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = md5_mac;
ssl->specs.kea = rsa_kea;
@@ -762,7 +762,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@@ -779,7 +779,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = triple_des;
ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
@@ -796,7 +796,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
case TLS_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@@ -813,7 +813,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
case TLS_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@@ -830,7 +830,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
case TLS_RSA_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@@ -847,7 +847,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
case TLS_RSA_WITH_NULL_SHA256 :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@@ -864,7 +864,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
@@ -881,7 +881,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
case TLS_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@@ -898,7 +898,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@@ -915,7 +915,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
@@ -932,7 +932,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
@@ -950,7 +950,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = psk_kea;
@@ -968,7 +968,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
case TLS_PSK_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = psk_kea;
@@ -986,7 +986,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
case TLS_PSK_WITH_NULL_SHA256 :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
@@ -1004,7 +1004,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
case TLS_PSK_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = psk_kea;
@@ -1022,7 +1022,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
@@ -1039,7 +1039,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
@@ -1056,7 +1056,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
@@ -1073,7 +1073,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
@@ -1090,7 +1090,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
case TLS_RSA_WITH_HC_128_CBC_MD5 :
ssl->specs.bulk_cipher_algorithm = hc128;
ssl->specs.bulk_cipher_algorithm = cyassl_hc128;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = md5_mac;
ssl->specs.kea = rsa_kea;
@@ -1107,7 +1107,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
case TLS_RSA_WITH_HC_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = hc128;
ssl->specs.bulk_cipher_algorithm = cyassl_hc128;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@@ -1124,7 +1124,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
case TLS_RSA_WITH_RABBIT_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = rabbit;
ssl->specs.bulk_cipher_algorithm = cyassl_rabbit;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@@ -1141,7 +1141,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
case TLS_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@@ -1159,7 +1159,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
case TLS_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = rsa_kea;
@@ -1177,7 +1177,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
@@ -1195,7 +1195,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_gcm;
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = diffie_hellman_kea;
@@ -1213,7 +1213,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@@ -1230,7 +1230,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
@@ -1247,7 +1247,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@@ -1264,7 +1264,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
@@ -1281,7 +1281,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
@@ -1298,7 +1298,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
@@ -1315,7 +1315,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
@@ -1332,7 +1332,7 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = camellia;
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
@@ -1420,7 +1420,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
{
#ifdef BUILD_ARC4
word32 sz = specs->key_size;
if (specs->bulk_cipher_algorithm == rc4) {
if (specs->bulk_cipher_algorithm == cyassl_rc4) {
if (enc->arc4 == NULL)
enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
if (enc->arc4 == NULL)
@@ -1441,7 +1441,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
}
#endif
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
Arc4SetKey(enc->arc4, keys->client_write_key, sz);
Arc4SetKey(dec->arc4, keys->server_write_key, sz);
}
@@ -1455,7 +1455,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef HAVE_HC128
if (specs->bulk_cipher_algorithm == hc128) {
if (specs->bulk_cipher_algorithm == cyassl_hc128) {
int hcRet;
if (enc->hc128 == NULL)
enc->hc128 =
@@ -1467,7 +1467,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
(HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
if (dec->hc128 == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
hcRet = Hc128_SetKey(enc->hc128, keys->client_write_key,
keys->client_write_IV);
if (hcRet != 0) return hcRet;
@@ -1489,7 +1489,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef BUILD_RABBIT
if (specs->bulk_cipher_algorithm == rabbit) {
if (specs->bulk_cipher_algorithm == cyassl_rabbit) {
int rabRet;
if (enc->rabbit == NULL)
enc->rabbit =
@@ -1501,7 +1501,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
(Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
if (dec->rabbit == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
rabRet = RabbitSetKey(enc->rabbit, keys->client_write_key,
keys->client_write_IV);
if (rabRet != 0) return rabRet;
@@ -1523,7 +1523,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef BUILD_DES3
if (specs->bulk_cipher_algorithm == triple_des) {
if (specs->bulk_cipher_algorithm == cyassl_triple_des) {
if (enc->des3 == NULL)
enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
if (enc->des3 == NULL)
@@ -1544,7 +1544,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
}
#endif
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
Des3_SetKey(enc->des3, keys->client_write_key,
keys->client_write_IV, DES_ENCRYPTION);
Des3_SetKey(dec->des3, keys->server_write_key,
@@ -1562,7 +1562,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef BUILD_AES
if (specs->bulk_cipher_algorithm == aes) {
if (specs->bulk_cipher_algorithm == cyassl_aes) {
if (enc->aes == NULL)
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL)
@@ -1583,7 +1583,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
}
#endif
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
AesSetKey(enc->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV,
AES_ENCRYPTION);
@@ -1605,7 +1605,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef BUILD_AESGCM
if (specs->bulk_cipher_algorithm == aes_gcm) {
if (specs->bulk_cipher_algorithm == cyassl_aes_gcm) {
if (enc->aes == NULL)
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL)
@@ -1615,7 +1615,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec->aes == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
AesGcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
XMEMCPY(keys->aead_enc_imp_IV,
keys->client_write_IV, AEAD_IMP_IV_SZ);
@@ -1637,7 +1637,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef HAVE_AESCCM
if (specs->bulk_cipher_algorithm == aes_ccm) {
if (specs->bulk_cipher_algorithm == cyassl_aes_ccm) {
if (enc->aes == NULL)
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL)
@@ -1647,7 +1647,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec->aes == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
XMEMCPY(keys->aead_enc_imp_IV,
keys->client_write_IV, AEAD_IMP_IV_SZ);
@@ -1669,7 +1669,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef HAVE_CAMELLIA
if (specs->bulk_cipher_algorithm == camellia) {
if (specs->bulk_cipher_algorithm == cyassl_camellia) {
if (enc->cam == NULL)
enc->cam =
(Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
@@ -1680,7 +1680,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
(Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
if (dec->cam == NULL)
return MEMORY_E;
if (side == CLIENT_END) {
if (side == CYASSL_CLIENT_END) {
CamelliaSetKey(enc->cam, keys->client_write_key,
specs->key_size, keys->client_write_IV);
CamelliaSetKey(dec->cam, keys->server_write_key,
@@ -1698,7 +1698,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#endif
#ifdef HAVE_NULL_CIPHER
if (specs->bulk_cipher_algorithm == cipher_null) {
if (specs->bulk_cipher_algorithm == cyassl_cipher_null) {
enc->setup = 1;
dec->setup = 1;
}
@@ -1748,8 +1748,8 @@ int StoreKeys(CYASSL* ssl, const byte* keyData)
#ifdef HAVE_AEAD
if (ssl->specs.cipher_type == aead) {
/* Initialize the AES-GCM explicit IV to a random number. */
RNG_GenerateBlock(ssl->rng, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
/* Initialize the AES-GCM/CCM explicit IV to a zero. */
XMEMSET(ssl->keys.aead_exp_IV, 0, AEAD_EXP_IV_SZ);
}
#endif

66
src/sniffer.c
View File

@@ -889,9 +889,9 @@ static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
if (session) {
if (ipInfo->dst == session->context->server &&
tcpInfo->dstPort == session->context->port)
session->flags.side = SERVER_END;
session->flags.side = CYASSL_SERVER_END;
else
session->flags.side = CLIENT_END;
session->flags.side = CYASSL_CLIENT_END;
}
return session;
@@ -1438,7 +1438,7 @@ static int ProcessFinished(const byte* input, int* sslBytes,
word32 inOutIdx = 0;
int ret;
if (session->flags.side == SERVER_END)
if (session->flags.side == CYASSL_SERVER_END)
ssl = session->sslServer;
else
ssl = session->sslClient;
@@ -1547,37 +1547,37 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
{
switch (ssl->specs.bulk_cipher_algorithm) {
#ifdef BUILD_ARC4
case rc4:
case cyassl_rc4:
Arc4Process(ssl->decrypt.arc4, output, input, sz);
break;
#endif
#ifdef BUILD_DES3
case triple_des:
case cyassl_triple_des:
Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz);
break;
#endif
#ifdef BUILD_AES
case aes:
case cyassl_aes:
AesCbcDecrypt(ssl->decrypt.aes, output, input, sz);
break;
#endif
#ifdef HAVE_HC128
case hc128:
case cyassl_hc128:
Hc128_Process(ssl->decrypt.hc128, output, input, sz);
break;
#endif
#ifdef BUILD_RABBIT
case rabbit:
case cyassl_rabbit:
RabbitProcess(ssl->decrypt.rabbit, output, input, sz);
break;
#endif
#ifdef HAVE_CAMELLIA
case camellia:
case cyassl_camellia:
CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz);
break;
#endif
@@ -1709,7 +1709,7 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
return 0;
}
/* put server back into server mode */
session->sslServer->options.side = SERVER_END;
session->sslServer->options.side = CYASSL_SERVER_END;
row = SessionHash(ipInfo, tcpInfo);
@@ -1731,9 +1731,9 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
/* determine headed side */
if (ipInfo->dst == session->context->server &&
tcpInfo->dstPort == session->context->port)
session->flags.side = SERVER_END;
session->flags.side = CYASSL_SERVER_END;
else
session->flags.side = CLIENT_END;
session->flags.side = CYASSL_CLIENT_END;
return session;
}
@@ -1940,8 +1940,8 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
int sslBytes, SnifferSession* session, char* error)
{
PacketBuffer* add;
PacketBuffer** front = (from == SERVER_END) ? &session->cliReassemblyList:
&session->srvReassemblyList;
PacketBuffer** front = (from == CYASSL_SERVER_END) ?
&session->cliReassemblyList: &session->srvReassemblyList;
PacketBuffer* curr = *front;
PacketBuffer* prev = curr;
@@ -2020,7 +2020,7 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
/* returns 1 for success (end) */
static int AddFinCapture(SnifferSession* session, word32 sequence)
{
if (session->flags.side == SERVER_END) {
if (session->flags.side == CYASSL_SERVER_END) {
if (session->finCaputre.cliCounted == 0)
session->finCaputre.cliFinSeq = sequence;
}
@@ -2037,12 +2037,12 @@ static int AddFinCapture(SnifferSession* session, word32 sequence)
static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
int* sslBytes, const byte** sslFrame, char* error)
{
word32 seqStart = (session->flags.side == SERVER_END) ?
word32 seqStart = (session->flags.side == CYASSL_SERVER_END) ?
session->cliSeqStart :session->srvSeqStart;
word32 real = tcpInfo->sequence - seqStart;
word32* expected = (session->flags.side == SERVER_END) ?
word32* expected = (session->flags.side == CYASSL_SERVER_END) ?
&session->cliExpected : &session->srvExpected;
PacketBuffer* reassemblyList = (session->flags.side == SERVER_END) ?
PacketBuffer* reassemblyList = (session->flags.side == CYASSL_SERVER_END) ?
session->cliReassemblyList : session->srvReassemblyList;
/* handle rollover of sequence */
@@ -2106,10 +2106,10 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
{
if (tcpInfo->ack) {
word32 seqStart = (session->flags.side == SERVER_END) ?
word32 seqStart = (session->flags.side == CYASSL_SERVER_END) ?
session->srvSeqStart :session->cliSeqStart;
word32 real = tcpInfo->ackNumber - seqStart;
word32 expected = (session->flags.side == SERVER_END) ?
word32 expected = (session->flags.side == CYASSL_SERVER_END) ?
session->srvExpected : session->cliExpected;
/* handle rollover of sequence */
@@ -2164,8 +2164,8 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
int* sslBytes, const byte** end, char* error)
{
word32 length;
SSL* ssl = ((*session)->flags.side == SERVER_END) ? (*session)->sslServer :
(*session)->sslClient;
SSL* ssl = ((*session)->flags.side == CYASSL_SERVER_END) ?
(*session)->sslServer : (*session)->sslClient;
/* remove SnifferSession on 2nd FIN or RST */
if (tcpInfo->fin || tcpInfo->rst) {
/* flag FIN and RST */
@@ -2228,21 +2228,21 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
{
/* sequence and reassembly based on from, not to */
int moreInput = 0;
PacketBuffer** front = (session->flags.side == SERVER_END) ?
PacketBuffer** front = (session->flags.side == CYASSL_SERVER_END) ?
&session->cliReassemblyList : &session->srvReassemblyList;
word32* expected = (session->flags.side == SERVER_END) ?
word32* expected = (session->flags.side == CYASSL_SERVER_END) ?
&session->cliExpected : &session->srvExpected;
/* buffer is on receiving end */
word32* length = (session->flags.side == SERVER_END) ?
word32* length = (session->flags.side == CYASSL_SERVER_END) ?
&session->sslServer->buffers.inputBuffer.length :
&session->sslClient->buffers.inputBuffer.length;
byte* myBuffer = (session->flags.side == SERVER_END) ?
byte* myBuffer = (session->flags.side == CYASSL_SERVER_END) ?
session->sslServer->buffers.inputBuffer.buffer :
session->sslClient->buffers.inputBuffer.buffer;
word32 bufferSize = (session->flags.side == SERVER_END) ?
word32 bufferSize = (session->flags.side == CYASSL_SERVER_END) ?
session->sslServer->buffers.inputBuffer.bufferSize :
session->sslClient->buffers.inputBuffer.bufferSize;
SSL* ssl = (session->flags.side == SERVER_END) ?
SSL* ssl = (session->flags.side == CYASSL_SERVER_END) ?
session->sslServer : session->sslClient;
while (*front && ((*front)->begin == *expected) ) {
@@ -2294,7 +2294,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
int ret;
int decoded = 0; /* bytes stored for user in data */
int notEnough; /* notEnough bytes yet flag */
SSL* ssl = (session->flags.side == SERVER_END) ?
SSL* ssl = (session->flags.side == CYASSL_SERVER_END) ?
session->sslServer : session->sslClient;
doMessage:
notEnough = 0;
@@ -2331,8 +2331,10 @@ doMessage:
tmp = sslFrame + rhSize; /* may have more than one record to process */
/* decrypt if needed */
if ((session->flags.side == SERVER_END && session->flags.serverCipherOn)
|| (session->flags.side == CLIENT_END && session->flags.clientCipherOn)) {
if ((session->flags.side == CYASSL_SERVER_END &&
session->flags.serverCipherOn)
|| (session->flags.side == CYASSL_CLIENT_END &&
session->flags.clientCipherOn)) {
if (CheckAvailableSize(ssl, rhSize) < 0) {
SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
return -1;
@@ -2352,7 +2354,7 @@ doMessage:
}
break;
case change_cipher_spec:
if (session->flags.side == SERVER_END)
if (session->flags.side == CYASSL_SERVER_END)
session->flags.serverCipherOn = 1;
else
session->flags.clientCipherOn = 1;

590
src/ssl.c
View File

@@ -294,12 +294,12 @@ int CyaSSL_negotiate(CYASSL* ssl)
CYASSL_ENTER("CyaSSL_negotiate");
#ifndef NO_CYASSL_SERVER
if (ssl->options.side == SERVER_END)
if (ssl->options.side == CYASSL_SERVER_END)
err = CyaSSL_accept(ssl);
#endif
#ifndef NO_CYASSL_CLIENT
if (ssl->options.side == CLIENT_END)
if (ssl->options.side == CYASSL_CLIENT_END)
err = CyaSSL_connect(ssl);
#endif
@@ -375,7 +375,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
CYASSL_ENTER("CyaSSL_SetTmpDH");
if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
if (ssl->options.side != SERVER_END)
if (ssl->options.side != CYASSL_SERVER_END)
return SIDE_ERROR;
if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH)
@@ -795,6 +795,186 @@ void CyaSSL_FreeArrays(CYASSL* ssl)
}
const byte* CyaSSL_GetMacSecret(CYASSL* ssl, int verify)
{
if (ssl == NULL)
return NULL;
if ( (ssl->options.side == CYASSL_CLIENT_END && !verify) ||
(ssl->options.side == CYASSL_SERVER_END && verify) )
return ssl->keys.client_write_MAC_secret;
else
return ssl->keys.server_write_MAC_secret;
}
#ifdef ATOMIC_USER
void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX* ctx, CallbackMacEncrypt cb)
{
if (ctx)
ctx->MacEncryptCb = cb;
}
void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx)
{
if (ssl)
ssl->MacEncryptCtx = ctx;
}
void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl)
{
if (ssl)
return ssl->MacEncryptCtx;
return NULL;
}
void CyaSSL_CTX_SetDecryptVerifyCb(CYASSL_CTX* ctx, CallbackDecryptVerify cb)
{
if (ctx)
ctx->DecryptVerifyCb = cb;
}
void CyaSSL_SetDecryptVerifyCtx(CYASSL* ssl, void *ctx)
{
if (ssl)
ssl->DecryptVerifyCtx = ctx;
}
void* CyaSSL_GetDecryptVerifyCtx(CYASSL* ssl)
{
if (ssl)
return ssl->DecryptVerifyCtx;
return NULL;
}
const byte* CyaSSL_GetClientWriteKey(CYASSL* ssl)
{
if (ssl)
return ssl->keys.client_write_key;
return NULL;
}
const byte* CyaSSL_GetClientWriteIV(CYASSL* ssl)
{
if (ssl)
return ssl->keys.client_write_IV;
return NULL;
}
const byte* CyaSSL_GetServerWriteKey(CYASSL* ssl)
{
if (ssl)
return ssl->keys.server_write_key;
return NULL;
}
const byte* CyaSSL_GetServerWriteIV(CYASSL* ssl)
{
if (ssl)
return ssl->keys.server_write_IV;
return NULL;
}
int CyaSSL_GetKeySize(CYASSL* ssl)
{
if (ssl)
return ssl->specs.key_size;
return BAD_FUNC_ARG;
}
int CyaSSL_GetBulkCipher(CYASSL* ssl)
{
if (ssl)
return ssl->specs.bulk_cipher_algorithm;
return BAD_FUNC_ARG;
}
int CyaSSL_GetCipherType(CYASSL* ssl)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
if (ssl->specs.cipher_type == block)
return CYASSL_BLOCK_TYPE;
if (ssl->specs.cipher_type == stream)
return CYASSL_STREAM_TYPE;
if (ssl->specs.cipher_type == aead)
return CYASSL_AEAD_TYPE;
return -1;
}
int CyaSSL_GetCipherBlockSize(CYASSL* ssl)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
return ssl->specs.block_size;
}
int CyaSSL_GetAeadMacSize(CYASSL* ssl)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
return ssl->specs.aead_mac_size;
}
int CyaSSL_IsTLSv1_1(CYASSL* ssl)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
if (ssl->options.tls1_1)
return 1;
return 0;
}
int CyaSSL_GetSide(CYASSL* ssl)
{
if (ssl)
return ssl->options.side;
return BAD_FUNC_ARG;
}
int CyaSSL_GetHmacSize(CYASSL* ssl)
{
if (ssl)
return ssl->specs.hash_size;
return BAD_FUNC_ARG;
}
#endif /* ATOMIC_USER */
#ifndef NO_CERTS
CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void)
@@ -854,7 +1034,7 @@ int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm)
return BAD_FUNC_ARG;
if (LockMutex(&cm->caLock) != 0)
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
@@ -1171,7 +1351,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
}
else {
CYASSL_MSG(" CA Mutex Lock failed");
ret = BAD_MUTEX_ERROR;
ret = BAD_MUTEX_E;
FreeSigner(signer, cm->heap);
}
}
@@ -1272,15 +1452,15 @@ int CyaSSL_Init(void)
if (initRefCount == 0) {
#ifndef NO_SESSION_CACHE
if (InitMutex(&session_mutex) != 0)
ret = BAD_MUTEX_ERROR;
ret = BAD_MUTEX_E;
#endif
if (InitMutex(&count_mutex) != 0)
ret = BAD_MUTEX_ERROR;
ret = BAD_MUTEX_E;
}
if (ret == SSL_SUCCESS) {
if (LockMutex(&count_mutex) != 0) {
CYASSL_MSG("Bad Lock Mutex count");
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
initRefCount++;
UnLockMutex(&count_mutex);
@@ -2960,7 +3140,7 @@ int CyaSSL_memsave_session_cache(void* mem, int sz)
if (LockMutex(&session_mutex) != 0) {
CYASSL_MSG("Session cache mutex lock failed");
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
for (i = 0; i < cache_header.rows; ++i)
@@ -3009,7 +3189,7 @@ int CyaSSL_memrestore_session_cache(const void* mem, int sz)
if (LockMutex(&session_mutex) != 0) {
CYASSL_MSG("Session cache mutex lock failed");
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
for (i = 0; i < cache_header.rows; ++i)
@@ -3063,7 +3243,7 @@ int CyaSSL_save_session_cache(const char *fname)
if (LockMutex(&session_mutex) != 0) {
CYASSL_MSG("Session cache mutex lock failed");
XFCLOSE(file);
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
/* session cache */
@@ -3134,7 +3314,7 @@ int CyaSSL_restore_session_cache(const char *fname)
if (LockMutex(&session_mutex) != 0) {
CYASSL_MSG("Session cache mutex lock failed");
XFCLOSE(file);
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
/* session cache */
@@ -3481,7 +3661,7 @@ int CM_SaveCertCache(CYASSL_CERT_MANAGER* cm, const char* fname)
if (LockMutex(&cm->caLock) != 0) {
CYASSL_MSG("LockMutex on caLock failed");
XFCLOSE(file);
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
memSz = GetCertCacheMemSize(cm);
@@ -3571,7 +3751,7 @@ int CM_MemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
if (LockMutex(&cm->caLock) != 0) {
CYASSL_MSG("LockMutex on caLock failed");
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
ret = DoMemSaveCertCache(cm, mem, sz);
@@ -3610,7 +3790,7 @@ int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER* cm, const void* mem, int sz)
if (LockMutex(&cm->caLock) != 0) {
CYASSL_MSG("LockMutex on caLock failed");
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
@@ -3640,7 +3820,7 @@ int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
if (LockMutex(&cm->caLock) != 0) {
CYASSL_MSG("LockMutex on caLock failed");
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
sz = GetCertCacheMemSize(cm);
@@ -3707,7 +3887,13 @@ int CyaSSL_dtls_set_timeout_init(CYASSL* ssl, int timeout)
if (ssl == NULL || timeout < 0)
return BAD_FUNC_ARG;
if (timeout > ssl->dtls_timeout_max) {
CYASSL_MSG("Can't set dtls timeout init greater than dtls timeout max");
return BAD_FUNC_ARG;
}
ssl->dtls_timeout_init = timeout;
ssl->dtls_timeout = timeout;
return SSL_SUCCESS;
}
@@ -3719,7 +3905,7 @@ int CyaSSL_dtls_set_timeout_max(CYASSL* ssl, int timeout)
if (ssl == NULL || timeout < 0)
return BAD_FUNC_ARG;
if (ssl->dtls_timeout_max < ssl->dtls_timeout_init) {
if (timeout < ssl->dtls_timeout_init) {
CYASSL_MSG("Can't set dtls timeout max less than dtls timeout init");
return BAD_FUNC_ARG;
}
@@ -3798,7 +3984,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
errno = 0;
#endif
if (ssl->options.side != CLIENT_END) {
if (ssl->options.side != CYASSL_CLIENT_END) {
CYASSL_ERROR(ssl->error = SIDE_ERROR);
return SSL_FATAL_ERROR;
}
@@ -4014,7 +4200,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_ENTER("SSLv3_server_method");
if (method) {
InitSSL_Method(method, MakeSSLv3());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@@ -4030,7 +4216,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_ENTER("DTLSv1_server_method");
if (method) {
InitSSL_Method(method, MakeDTLSv1());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@@ -4043,7 +4229,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
CYASSL_ENTER("DTLSv1_2_server_method");
if (method) {
InitSSL_Method(method, MakeDTLSv1_2());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@@ -4064,7 +4250,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
#endif
(void)havePSK;
if (ssl->options.side != SERVER_END) {
if (ssl->options.side != CYASSL_SERVER_END) {
CYASSL_ERROR(ssl->error = SIDE_ERROR);
return SSL_FATAL_ERROR;
}
@@ -4283,7 +4469,7 @@ int CyaSSL_Cleanup(void)
if (LockMutex(&count_mutex) != 0) {
CYASSL_MSG("Bad Lock Mutex count");
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
release = initRefCount-- == 1;
@@ -4297,10 +4483,14 @@ int CyaSSL_Cleanup(void)
#ifndef NO_SESSION_CACHE
if (FreeMutex(&session_mutex) != 0)
ret = BAD_MUTEX_ERROR;
ret = BAD_MUTEX_E;
#endif
if (FreeMutex(&count_mutex) != 0)
ret = BAD_MUTEX_ERROR;
ret = BAD_MUTEX_E;
#if defined(HAVE_ECC) && defined(FP_ECC)
ecc_fp_free();
#endif
return ret;
}
@@ -4403,7 +4593,7 @@ CYASSL_SESSION* GetSessionClient(CYASSL* ssl, const byte* id, int len)
CYASSL_ENTER("GetSessionClient");
if (ssl->options.side == SERVER_END)
if (ssl->options.side == CYASSL_SERVER_END)
return NULL;
len = min(SERVER_ID_LEN, (word32)len);
@@ -4549,7 +4739,7 @@ int AddSession(CYASSL* ssl)
row = HashSession(ssl->arrays->sessionID, ID_LEN) % SESSION_ROWS;
if (LockMutex(&session_mutex) != 0)
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
idx = SessionCache[row].nextIdx++;
#ifdef SESSION_INDEX
@@ -4579,7 +4769,7 @@ int AddSession(CYASSL* ssl)
SessionCache[row].nextIdx = 0;
#ifndef NO_CLIENT_CACHE
if (ssl->options.side == CLIENT_END && ssl->session.idLen) {
if (ssl->options.side == CYASSL_CLIENT_END && ssl->session.idLen) {
word32 clientRow, clientIdx;
CYASSL_MSG("Adding client cache entry");
@@ -4604,7 +4794,7 @@ int AddSession(CYASSL* ssl)
#endif /* NO_CLIENT_CACHE */
if (UnLockMutex(&session_mutex) != 0)
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
return 0;
}
@@ -4620,17 +4810,17 @@ int CyaSSL_GetSessionIndex(CYASSL* ssl)
}
int CyaSSL_GetSessionAtIndex(int index, CYASSL_SESSION* session)
int CyaSSL_GetSessionAtIndex(int idx, CYASSL_SESSION* session)
{
int row, col, result = SSL_FAILURE;
CYASSL_ENTER("CyaSSL_GetSessionAtIndex");
row = index >> SESSIDX_ROW_SHIFT;
col = index & SESSIDX_IDX_MASK;
row = idx >> SESSIDX_ROW_SHIFT;
col = idx & SESSIDX_IDX_MASK;
if (LockMutex(&session_mutex) != 0) {
return BAD_MUTEX_ERROR;
return BAD_MUTEX_E;
}
if (row < SESSION_ROWS &&
@@ -4641,7 +4831,7 @@ int CyaSSL_GetSessionAtIndex(int index, CYASSL_SESSION* session)
}
if (UnLockMutex(&session_mutex) != 0)
result = BAD_MUTEX_ERROR;
result = BAD_MUTEX_E;
CYASSL_LEAVE("CyaSSL_GetSessionAtIndex", result);
return result;
@@ -4921,11 +5111,11 @@ int CyaSSL_set_compression(CYASSL* ssl)
/* do main work */
#ifndef NO_CYASSL_CLIENT
if (ssl->options.side == CLIENT_END)
if (ssl->options.side == CYASSL_CLIENT_END)
ret = CyaSSL_connect(ssl);
#endif
#ifndef NO_CYASSL_SERVER
if (ssl->options.side == SERVER_END)
if (ssl->options.side == CYASSL_SERVER_END)
ret = CyaSSL_accept(ssl);
#endif
@@ -5323,7 +5513,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
byte havePSK = 0;
CYASSL_ENTER("SSL_set_accept_state");
ssl->options.side = SERVER_END;
ssl->options.side = CYASSL_SERVER_END;
/* reset suites in case user switched */
#ifdef NO_RSA
@@ -6903,6 +7093,177 @@ int CyaSSL_set_compression(CYASSL* ssl)
return x509->derCert.buffer;
}
#ifdef CYASSL_SEP
/* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
malloc buffer, call responsible for freeing. Actual size returned in
*inOutSz. Requires inOutSz be non-null */
byte* CyaSSL_X509_get_device_type(CYASSL_X509* x509, byte* in, int *inOutSz)
{
int copySz;
CYASSL_ENTER("CyaSSL_X509_get_dev_type");
if (inOutSz == NULL) return NULL;
if (!x509->deviceTypeSz) return in;
copySz = min(*inOutSz, x509->deviceTypeSz);
if (!in) {
in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
if (!in) return in;
copySz = x509->deviceTypeSz;
}
XMEMCPY(in, x509->deviceType, copySz);
*inOutSz = copySz;
return in;
}
byte* CyaSSL_X509_get_hw_type(CYASSL_X509* x509, byte* in, int* inOutSz)
{
int copySz;
CYASSL_ENTER("CyaSSL_X509_get_hw_type");
if (inOutSz == NULL) return NULL;
if (!x509->hwTypeSz) return in;
copySz = min(*inOutSz, x509->hwTypeSz);
if (!in) {
in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
if (!in) return in;
copySz = x509->hwTypeSz;
}
XMEMCPY(in, x509->hwType, copySz);
*inOutSz = copySz;
return in;
}
byte* CyaSSL_X509_get_hw_serial_number(CYASSL_X509* x509,byte* in,int* inOutSz)
{
int copySz;
CYASSL_ENTER("CyaSSL_X509_get_hw_serial_number");
if (inOutSz == NULL) return NULL;
if (!x509->hwTypeSz) return in;
copySz = min(*inOutSz, x509->hwSerialNumSz);
if (!in) {
in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL);
if (!in) return in;
copySz = x509->hwSerialNumSz;
}
XMEMCPY(in, x509->hwSerialNum, copySz);
*inOutSz = copySz;
return in;
}
#endif /* CYASSL_SEP */
CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
{
byte staticBuffer[FILE_BUFFER_SIZE];
byte* fileBuffer = staticBuffer;
int dynamic = 0;
long sz = 0;
XFILE file;
CYASSL_X509* x509 = NULL;
buffer der;
CYASSL_ENTER("CyaSSL_X509_load_certificate");
/* Check the inputs */
if ((fname == NULL) ||
(format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM))
return NULL;
file = XFOPEN(fname, "rb");
if (file == XBADFILE) return NULL;
XFSEEK(file, 0, XSEEK_END);
sz = XFTELL(file);
XREWIND(file);
if (sz > (long)sizeof(staticBuffer)) {
fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
if (fileBuffer == NULL) {
XFCLOSE(file);
return NULL;
}
dynamic = 1;
}
if ((int)XFREAD(fileBuffer, sz, 1, file) < 0) {
XFCLOSE(file);
if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
return NULL;
}
XFCLOSE(file);
der.buffer = NULL;
der.length = 0;
if (format == SSL_FILETYPE_PEM) {
EncryptedInfo info;
int ecc = 0;
info.set = 0;
info.ctx = NULL;
info.consumed = 0;
if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, &info, &ecc) != 0)
{
/* Only time this should fail, and leave `der` with a buffer
is when the Base64 Decode fails. Release `der.buffer` in
that case. */
if (der.buffer != NULL) {
XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
der.buffer = NULL;
}
}
}
else {
der.buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_CERT);
if (der.buffer != NULL) {
XMEMCPY(der.buffer, fileBuffer, sz);
der.length = (word32)sz;
}
}
if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
/* At this point we want `der` to have the certificate in DER format */
/* ready to be decoded. */
if (der.buffer != NULL) {
DecodedCert cert;
InitDecodedCert(&cert, der.buffer, der.length, NULL);
if (ParseCertRelative(&cert, CERT_TYPE, 0, NULL) == 0) {
x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509),
NULL, DYNAMIC_TYPE_X509);
if (x509 != NULL) {
InitX509(x509, 1);
if (CopyDecodedToX509(x509, &cert) != 0) {
XFREE(x509, NULL, DYNAMIC_TYPE_X509);
x509 = NULL;
}
}
}
FreeDecodedCert(&cert);
XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
}
return x509;
}
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
@@ -10005,7 +10366,7 @@ const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session)
#endif /* SESSION_CERTS */
long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, long options)
int CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, int options)
{
CYASSL_ENTER("CyaSSL_CTX_OCSP_set_options");
#ifdef HAVE_OCSP
@@ -10013,9 +10374,9 @@ long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, long options)
ctx->ocsp.enabled = (options & CYASSL_OCSP_ENABLE) != 0;
ctx->ocsp.useOverrideUrl = (options & CYASSL_OCSP_URL_OVERRIDE) != 0;
ctx->ocsp.useNonce = (options & CYASSL_OCSP_NO_NONCE) == 0;
return 1;
return SSL_SUCCESS;
}
return 0;
return SSL_FAILURE;
#else
(void)ctx;
(void)options;
@@ -10037,3 +10398,152 @@ int CyaSSL_CTX_OCSP_set_override_url(CYASSL_CTX* ctx, const char* url)
}
#ifndef NO_CERTS
#ifdef HAVE_PK_CALLBACKS
#ifdef HAVE_ECC
void CyaSSL_CTX_SetEccSignCb(CYASSL_CTX* ctx, CallbackEccSign cb)
{
if (ctx)
ctx->EccSignCb = cb;
}
void CyaSSL_SetEccSignCtx(CYASSL* ssl, void *ctx)
{
if (ssl)
ssl->EccSignCtx = ctx;
}
void* CyaSSL_GetEccSignCtx(CYASSL* ssl)
{
if (ssl)
return ssl->EccSignCtx;
return NULL;
}
void CyaSSL_CTX_SetEccVerifyCb(CYASSL_CTX* ctx, CallbackEccVerify cb)
{
if (ctx)
ctx->EccVerifyCb = cb;
}
void CyaSSL_SetEccVerifyCtx(CYASSL* ssl, void *ctx)
{
if (ssl)
ssl->EccVerifyCtx = ctx;
}
void* CyaSSL_GetEccVerifyCtx(CYASSL* ssl)
{
if (ssl)
return ssl->EccVerifyCtx;
return NULL;
}
#endif /* HAVE_ECC */
#ifndef NO_RSA
void CyaSSL_CTX_SetRsaSignCb(CYASSL_CTX* ctx, CallbackRsaSign cb)
{
if (ctx)
ctx->RsaSignCb = cb;
}
void CyaSSL_SetRsaSignCtx(CYASSL* ssl, void *ctx)
{
if (ssl)
ssl->RsaSignCtx = ctx;
}
void* CyaSSL_GetRsaSignCtx(CYASSL* ssl)
{
if (ssl)
return ssl->RsaSignCtx;
return NULL;
}
void CyaSSL_CTX_SetRsaVerifyCb(CYASSL_CTX* ctx, CallbackRsaVerify cb)
{
if (ctx)
ctx->RsaVerifyCb = cb;
}
void CyaSSL_SetRsaVerifyCtx(CYASSL* ssl, void *ctx)
{
if (ssl)
ssl->RsaVerifyCtx = ctx;
}
void* CyaSSL_GetRsaVerifyCtx(CYASSL* ssl)
{
if (ssl)
return ssl->RsaVerifyCtx;
return NULL;
}
void CyaSSL_CTX_SetRsaEncCb(CYASSL_CTX* ctx, CallbackRsaEnc cb)
{
if (ctx)
ctx->RsaEncCb = cb;
}
void CyaSSL_SetRsaEncCtx(CYASSL* ssl, void *ctx)
{
if (ssl)
ssl->RsaEncCtx = ctx;
}
void* CyaSSL_GetRsaEncCtx(CYASSL* ssl)
{
if (ssl)
return ssl->RsaEncCtx;
return NULL;
}
void CyaSSL_CTX_SetRsaDecCb(CYASSL_CTX* ctx, CallbackRsaDec cb)
{
if (ctx)
ctx->RsaDecCb = cb;
}
void CyaSSL_SetRsaDecCtx(CYASSL* ssl, void *ctx)
{
if (ssl)
ssl->RsaDecCtx = ctx;
}
void* CyaSSL_GetRsaDecCtx(CYASSL* ssl)
{
if (ssl)
return ssl->RsaDecCtx;
return NULL;
}
#endif /* NO_RSA */
#endif /* HAVE_PK_CALLBACKS */
#endif /* NO_CERTS */

144
src/tls.c
View File

@@ -361,7 +361,7 @@ int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len,
}
/*** next for static INLINE s copied from cyassl_int.c ***/
/*** next for static INLINE s copied internal.c ***/
/* convert 16 bit integer to opaque */
static INLINE void c16toa(word16 u16, byte* c)
@@ -417,16 +417,73 @@ static INLINE word32 GetEpoch(CYASSL* ssl, int verify)
#endif /* CYASSL_DTLS */
static INLINE const byte* GetMacSecret(CYASSL* ssl, int verify)
/*** end copy ***/
/* return HMAC digest type in CyaSSL format */
int CyaSSL_GetHmacType(CYASSL* ssl)
{
if ( (ssl->options.side == CLIENT_END && !verify) ||
(ssl->options.side == SERVER_END && verify) )
return ssl->keys.client_write_MAC_secret;
else
return ssl->keys.server_write_MAC_secret;
if (ssl == NULL)
return BAD_FUNC_ARG;
switch (ssl->specs.mac_algorithm) {
#ifndef NO_MD5
case md5_mac:
{
return MD5;
}
break;
#endif
#ifndef NO_SHA256
case sha256_mac:
{
return SHA256;
}
break;
#endif
#ifdef CYASSL_SHA384
case sha384_mac:
{
return SHA384;
}
break;
#endif
#ifndef NO_SHA
case sha_mac:
{
return SHA;
}
break;
#endif
default:
{
return SSL_FATAL_ERROR;
}
break;
}
}
/*** end copy ***/
int CyaSSL_SetTlsHmacInner(CYASSL* ssl, byte* inner, word32 sz, int content,
int verify)
{
if (ssl == NULL || inner == NULL)
return BAD_FUNC_ARG;
XMEMSET(inner, 0, CYASSL_TLS_HMAC_INNER_SZ);
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
c16toa((word16)GetEpoch(ssl, verify), inner);
#endif
c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]);
inner[SEQ_SZ] = (byte)content;
inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
return 0;
}
/* TLS type HMAC */
@@ -434,58 +491,13 @@ void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify)
{
Hmac hmac;
byte seq[SEQ_SZ];
byte length[LENGTH_SZ];
byte inner[ENUM_LEN + VERSION_SZ + LENGTH_SZ]; /* type + version +len */
int type;
byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
XMEMSET(seq, 0, SEQ_SZ);
c16toa((word16)sz, length);
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
c16toa((word16)GetEpoch(ssl, verify), seq);
#endif
c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]);
switch (ssl->specs.mac_algorithm) {
#ifndef NO_MD5
case md5_mac:
{
type = MD5;
}
break;
#endif
#ifndef NO_SHA256
case sha256_mac:
{
type = SHA256;
}
break;
#endif
#ifdef CYASSL_SHA384
case sha384_mac:
{
type = SHA384;
}
break;
#endif
#ifndef NO_SHA
case sha_mac:
default:
{
type = SHA;
}
break;
#endif
}
HmacSetKey(&hmac, type, GetMacSecret(ssl, verify), ssl->specs.hash_size);
HmacUpdate(&hmac, seq, SEQ_SZ); /* seq_num */
inner[0] = (byte)content; /* type */
inner[ENUM_LEN] = ssl->version.major;
inner[ENUM_LEN + ENUM_LEN] = ssl->version.minor; /* version */
XMEMCPY(&inner[ENUM_LEN + VERSION_SZ], length, LENGTH_SZ); /* length */
HmacUpdate(&hmac, inner, sizeof(inner));
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, verify),
ssl->specs.hash_size);
HmacUpdate(&hmac, myInner, sizeof(myInner));
HmacUpdate(&hmac, in, sz); /* content */
HmacFinal(&hmac, digest);
}
@@ -1030,7 +1042,7 @@ void TLSX_FreeAll(TLSX* list)
break;
case TRUNCATED_HMAC:
// Nothing to do.
/* Nothing to do. */
break;
}
@@ -1069,7 +1081,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
break;
case TRUNCATED_HMAC:
// empty extension.
/* empty extension. */
break;
}
@@ -1113,7 +1125,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
break;
case TRUNCATED_HMAC:
// empty extension.
/* empty extension. */
break;
}
@@ -1392,7 +1404,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@@ -1405,7 +1417,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1_1());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@@ -1421,7 +1433,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1_2());
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
}
return method;
}
@@ -1440,7 +1452,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
#else
InitSSL_Method(method, MakeTLSv1_1());
#endif
method->side = SERVER_END;
method->side = CYASSL_SERVER_END;
#ifndef NO_OLD_TLS
method->downgrade = 1;
#endif /* !NO_OLD_TLS */