diff --git a/configure.ac b/configure.ac index 4895003e7..ba20a229d 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[3.0.3],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com]) +AC_INIT([cyassl],[3.0.0],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -81,7 +81,6 @@ AC_CHECK_HEADERS([errno.h]) AC_CHECK_LIB(network,socket) AC_CHECK_SIZEOF(long long, 8) AC_CHECK_SIZEOF(long, 4) -AC_CHECK_TYPES(__uint128_t) AC_C_BIGENDIAN # mktime check takes forever on some systems, if time supported it would be # highly unusual for mktime to be missing @@ -391,16 +390,28 @@ then then # GCC needs these flags, icc doesn't # opt levels greater than 2 may cause problems on systems w/o aesni - if test "$CC" != "icc" - then - AM_CFLAGS="$AM_CFLAGS -maes -msse4" - fi + AM_CFLAGS="$AM_CFLAGS -maes -msse4" fi fi AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"]) +# POLY1305 +AC_ARG_ENABLE([poly1305], + [ --enable-poly1305 Enable CyaSSL POLY1305 support (default: disabled)], + [ ENABLED_POLY1305=$enableval ], + [ ENABLED_POLY1305=no ] + ) + +if test "$ENABLED_POLY1305" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305" +fi + +AM_CONDITIONAL([BUILD_POLY1305], [test "x$ENABLED_POLY1305" = "xyes"]) + + # Camellia AC_ARG_ENABLE([camellia], [ --enable-camellia Enable CyaSSL Camellia support (default: disabled)], @@ -1062,6 +1073,21 @@ fi AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"]) +# CHACHA +AC_ARG_ENABLE([chacha], + [ --enable-chacha Enable CHACHA (default: disabled)], + [ ENABLED_CHACHA=$enableval ], + [ ENABLED_CHACHA=no ] + ) + +if test "$ENABLED_CHACHA" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA" +fi + +AM_CONDITIONAL([BUILD_CHACHA], [test "x$ENABLED_CHACHA" = "xyes"]) + + # FIPS AC_ARG_ENABLE([fips], [ --enable-fips Enable FIPS 140-2 (default: disabled)], @@ -1209,44 +1235,21 @@ AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"]) # NTRU -ENABLED_NTRU="no" -tryntrudir="" -AC_ARG_WITH([ntru], - [ --with-ntru=PATH Path to NTRU install (default /usr/) ], - [ - AC_MSG_CHECKING([for NTRU]) - CPPFLAGS="$CPPFLAGS -DHAVE_NTRU" - LIBS="$LIBS -lNTRUEncrypt" +ntruHome=`pwd`/NTRU_algorithm +ntruInclude=$ntruHome/cryptolib +ntruLib=$ntruHome +AC_ARG_ENABLE([ntru], + [ --enable-ntru Enable NTRU (default: disabled)], + [ ENABLED_NTRU=$enableval ], + [ ENABLED_NTRU=no ] + ) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ]) - - if test "x$ntru_linked" == "xno" ; then - if test "x$withval" != "xno" ; then - tryntrudir=$withval - fi - if test "x$withval" == "xyes" ; then - tryntrudir="/usr" - fi - - LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib" - CPPFLAGS="$CPPFLAGS -I$tryntrudir/include" - - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ]) - - if test "x$ntru_linked" == "xno" ; then - AC_MSG_ERROR([NTRU isn't found. - If it's already installed, specify its path using --with-ntru=/dir/]) - fi - AC_MSG_RESULT([yes]) - AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib" - else - AC_MSG_RESULT([yes]) - fi - - AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU" - ENABLED_NTRU="yes" - ] -) +if test "$ENABLED_NTRU" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -I$ntruInclude" + AM_LDFLAGS="$AM_LDFLAGS -L$ntruLib" + LIBS="$LIBS -lntru_encrypt" +fi AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"]) @@ -1662,13 +1665,6 @@ then fi fi -# ICC command line warning for non supported warning flags -if test "$CC" = "icc" -then - AM_CFLAGS="$AM_CFLAGS -wd10006" -fi - - LIB_SOCKET_NSL AX_HARDEN_CC_COMPILER_FLAGS @@ -1717,7 +1713,7 @@ echo "Generating user options header..." OPTION_FILE="cyassl/options.h" rm -f $OPTION_FILE -echo "/* cyassl options.h" > $OPTION_FILE +echo "/* cyassl options.h" >> $OPTION_FILE echo " * generated from configure options" >> $OPTION_FILE echo " *" >> $OPTION_FILE echo " * Copyright (C) 2006-2014 wolfSSL Inc." >> $OPTION_FILE @@ -1797,11 +1793,13 @@ echo " * certgen: $ENABLED_CERTGEN" echo " * certreq: $ENABLED_CERTREQ" echo " * HC-128: $ENABLED_HC128" echo " * RABBIT: $ENABLED_RABBIT" +echo " * CHACHA: $ENABLED_CHACHA" echo " * Hash DRBG: $ENABLED_HASHDRBG" echo " * PWDBASED: $ENABLED_PWDBASED" echo " * HKDF: $ENABLED_HKDF" echo " * MD4: $ENABLED_MD4" echo " * PSK: $ENABLED_PSK" +echo " * Poly1305: $ENABLED_POLY1305" echo " * LEANPSK: $ENABLED_LEANPSK" echo " * RSA: $ENABLED_RSA" echo " * DSA: $ENABLED_DSA" diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 5363fc95c..500dcefa5 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -34,7 +34,9 @@ #include #include #include +#include #include +#include #include #include #include @@ -82,10 +84,12 @@ void bench_des(void); void bench_arc4(void); void bench_hc128(void); void bench_rabbit(void); +void bench_chacha(void); void bench_aes(int); void bench_aesgcm(void); void bench_aesccm(void); void bench_aesctr(void); +void bench_poly1305(void); void bench_camellia(void); void bench_md5(void); @@ -128,9 +132,6 @@ static int OpenNitroxDevice(int dma_mode,int dev_id) #endif -#if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND) - CYASSL_API int CyaSSL_Debugging_ON(); -#endif /* so embedded projects can pull in tests on their own */ #if !defined(NO_MAIN_DRIVER) @@ -145,10 +146,6 @@ int benchmark_test(void *args) { #endif - #if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND) - CyaSSL_Debugging_ON(); - #endif - #ifdef HAVE_CAVIUM int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); if (ret != 0) { @@ -183,6 +180,9 @@ int benchmark_test(void *args) #ifndef NO_RABBIT bench_rabbit(); #endif +#ifdef HAVE_CHACHA + bench_chacha(); +#endif #ifndef NO_DES3 bench_des(); #endif @@ -192,6 +192,9 @@ int benchmark_test(void *args) #ifndef NO_MD5 bench_md5(); #endif +#ifdef HAVE_POLY1305 + bench_poly1305(); +#endif #ifndef NO_SHA bench_sha(); #endif @@ -407,6 +410,41 @@ void bench_aesccm(void) #endif +#ifdef HAVE_POLY1305 +void bench_poly1305() +{ + Poly1305 enc; + byte mac[16]; + double start, total, persec; + int i; + int ret; + + + ret = Poly1305SetKey(&enc, key, 32); + if (ret != 0) { + printf("Poly1305SetKey failed, ret = %d\n", ret); + return; + } + start = current_time(1); + + for(i = 0; i < numBlocks; i++) + Poly1305Update(&enc, plain, sizeof(plain)); + + Poly1305Final(&enc, mac); + total = current_time(0) - start; + + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + + printf("POLY1305 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, + blockType, total, persec); +} +#endif /* HAVE_POLY1305 */ + + #ifdef HAVE_CAMELLIA void bench_camellia(void) { @@ -562,6 +600,33 @@ void bench_rabbit(void) #endif /* NO_RABBIT */ +#ifdef HAVE_CHACHA +void bench_chacha(void) +{ + ChaCha enc; + double start, total, persec; + int i; + + Chacha_SetKey(&enc, key, 16); + start = current_time(1); + + for (i = 0; i < numBlocks; i++) { + Chacha_SetIV(&enc, iv, 0); + Chacha_Process(&enc, cipher, plain, sizeof(plain)); + } + total = current_time(0) - start; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + + printf("CHACHA %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); + +} +#endif /* HAVE_CHACHA*/ + + #ifndef NO_MD5 void bench_md5(void) { @@ -903,10 +968,7 @@ static const char *certDHname = "certs/dh2048.der" ; void bench_dh(void) { -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - int ret; -#endif - int i ; + int i, ret; byte tmp[1024]; size_t bytes; word32 idx = 0, pubSz, privSz = 0, pubSz2, privSz2, agreeSz; @@ -1149,6 +1211,7 @@ void bench_eccKeyAgree(void) } #endif /* HAVE_ECC */ + #ifdef _WIN32 #define WIN32_LEAN_AND_MEAN @@ -1175,10 +1238,10 @@ void bench_eccKeyAgree(void) #elif defined MICROCHIP_PIC32 #if defined(CYASSL_MICROCHIP_PIC32MZ) - #define CLOCK 80000000.0 + #define CLOCK 8000000.0 #else #include - #define CLOCK 40000000.0 + #define CLOCK 4000000.0 #endif double current_time(int reset) @@ -1196,10 +1259,10 @@ void bench_eccKeyAgree(void) return ( ns / CLOCK * 2.0); } -#elif defined(CYASSL_IAR_ARM) || defined (CYASSL_MDK_ARM) - #warning "Write your current_time()" - double current_time(int reset) { return 0.0 ; } - +#elif defined CYASSL_MDK_ARM + + extern double current_time(int reset) ; + #elif defined FREERTOS double current_time(int reset) diff --git a/ctaocrypt/ctaocrypt.vcproj b/ctaocrypt/ctaocrypt.vcproj index d07147d57..0bd771d95 100755 --- a/ctaocrypt/ctaocrypt.vcproj +++ b/ctaocrypt/ctaocrypt.vcproj @@ -216,6 +216,10 @@ RelativePath=".\include\rabbit.h" > + + @@ -297,13 +301,17 @@ > + + diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index e25b5d873..bc38012a4 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -804,11 +804,6 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, iv = (byte*)aes->reg; enc_key = (byte*)aes->key; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad cau_aes_encrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); @@ -841,11 +836,6 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, iv = (byte*)aes->reg; dec_key = (byte*)aes->key; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad cau_aes_decrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); @@ -1551,34 +1541,31 @@ static const word32 Td[5][256] = { #ifdef CYASSL_AESNI -/* Each platform needs to query info type 1 from cpuid to see if aesni is - * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts - */ - #ifndef _MSC_VER - #define cpuid(reg, func)\ + #define cpuid(func,ax,bx,cx,dx)\ __asm__ __volatile__ ("cpuid":\ - "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\ - "a" (func)); + "=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func)); - #define XASM_LINK(f) asm(f) #else - #include - #define cpuid(a,b) __cpuid((int*)a,b) - - #define XASM_LINK(f) + #define cpuid(func,ax,bx,cx,dx)\ + __asm mov eax, func \ + __asm cpuid \ + __asm mov ax, eax \ + __asm mov bx, ebx \ + __asm mov cx, ecx \ + __asm mov dx, edx #endif /* _MSC_VER */ static int Check_CPU_support_AES(void) { - unsigned int reg[4]; /* put a,b,c,d into 0,1,2,3 */ - cpuid(reg, 1); /* query info 1 */ + unsigned int a,b,c,d; + cpuid(1,a,b,c,d); - if (reg[2] & 0x2000000) + if (c & 0x2000000) return 1; return 0; @@ -1593,34 +1580,34 @@ static int haveAESNI = 0; void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned char* ivec, unsigned long length, const unsigned char* KS, int nr) - XASM_LINK("AES_CBC_encrypt"); + asm ("AES_CBC_encrypt"); void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned char* ivec, unsigned long length, const unsigned char* KS, int nr) - XASM_LINK("AES_CBC_decrypt"); + asm ("AES_CBC_decrypt"); void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long length, const unsigned char* KS, int nr) - XASM_LINK("AES_ECB_encrypt"); + asm ("AES_ECB_encrypt"); void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long length, const unsigned char* KS, int nr) - XASM_LINK("AES_ECB_decrypt"); + asm ("AES_ECB_decrypt"); void AES_128_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) - XASM_LINK("AES_128_Key_Expansion"); + asm ("AES_128_Key_Expansion"); void AES_192_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) - XASM_LINK("AES_192_Key_Expansion"); + asm ("AES_192_Key_Expansion"); void AES_256_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) - XASM_LINK("AES_256_Key_Expansion"); + asm ("AES_256_Key_Expansion"); static int AES_set_encrypt_key(const unsigned char *userKey, const int bits, @@ -2241,7 +2228,6 @@ int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) if ((word)in % 16) { #ifndef NO_CYASSL_ALLOC_ALIGN byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - CYASSL_MSG("AES-CBC encrypt with bad alignment"); if (tmp == NULL) return MEMORY_E; XMEMCPY(tmp, in, sz); diff --git a/ctaocrypt/src/aes_asm.s b/ctaocrypt/src/aes_asm.s index b5f5bc9c1..382d9b313 100755 --- a/ctaocrypt/src/aes_asm.s +++ b/ctaocrypt/src/aes_asm.s @@ -24,8 +24,6 @@ * by Intel Mobility Group, Israel Development Center, Israel Shay Gueron */ -/* This file is in at&t asm syntax, see .asm for intel syntax */ - /* AES_CBC_encrypt (const unsigned char *in, diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index eb1af4bc3..de4328df3 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -53,7 +53,7 @@ #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "crypto_ntru.h" #endif #ifdef HAVE_ECC @@ -626,7 +626,7 @@ CYASSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, if (b == ASN_TAG_NULL) { b = input[i++]; - if (b != 0) + if (b != 0) return ASN_EXPECT_0_E; } else @@ -1270,7 +1270,6 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) cert->signature = 0; cert->subjectCN = 0; cert->subjectCNLen = 0; - cert->subjectCNEnc = CTC_UTF8; cert->subjectCNStored = 0; cert->altNames = NULL; #ifndef IGNORE_NAME_CONSTRAINTS @@ -1309,22 +1308,16 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) #ifdef CYASSL_CERT_GEN cert->subjectSN = 0; cert->subjectSNLen = 0; - cert->subjectSNEnc = CTC_UTF8; cert->subjectC = 0; cert->subjectCLen = 0; - cert->subjectCEnc = CTC_PRINTABLE; cert->subjectL = 0; cert->subjectLLen = 0; - cert->subjectLEnc = CTC_UTF8; cert->subjectST = 0; cert->subjectSTLen = 0; - cert->subjectSTEnc = CTC_UTF8; cert->subjectO = 0; cert->subjectOLen = 0; - cert->subjectOEnc = CTC_UTF8; cert->subjectOU = 0; cert->subjectOULen = 0; - cert->subjectOUEnc = CTC_UTF8; cert->subjectEmail = 0; cert->subjectEmailLen = 0; #endif /* CYASSL_CERT_GEN */ @@ -1544,9 +1537,8 @@ static int GetKey(DecodedCert* cert) byte* next = (byte*)key; word16 keyLen; byte keyBlob[MAX_NTRU_KEY_SZ]; - word32 rc; - rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, + word32 rc = crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, &keyLen, NULL, &next); if (rc != NTRU_OK) @@ -1554,8 +1546,8 @@ static int GetKey(DecodedCert* cert) if (keyLen > sizeof(keyBlob)) return ASN_NTRU_KEY_E; - rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, - &keyLen, keyBlob, &next); + rc = crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key,&keyLen, + keyBlob, &next); if (rc != NTRU_OK) return ASN_NTRU_KEY_E; @@ -1715,7 +1707,8 @@ static int GetName(DecodedCert* cert, int nameType) cert->srcIdx += 2; id = cert->source[cert->srcIdx++]; - b = cert->source[cert->srcIdx++]; /* encoding */ + b = cert->source[cert->srcIdx++]; /* strType */ + (void)b; /* may want to validate? */ if (GetLength(cert->source, &cert->srcIdx, &strLen, cert->maxIdx) < 0) @@ -1731,7 +1724,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectCN = (char *)&cert->source[cert->srcIdx]; cert->subjectCNLen = strLen; - cert->subjectCNEnc = b; } if (!tooBig) { @@ -1754,7 +1746,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectSN = (char*)&cert->source[cert->srcIdx]; cert->subjectSNLen = strLen; - cert->subjectSNEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1772,7 +1763,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectC = (char*)&cert->source[cert->srcIdx]; cert->subjectCLen = strLen; - cert->subjectCEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1790,7 +1780,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectL = (char*)&cert->source[cert->srcIdx]; cert->subjectLLen = strLen; - cert->subjectLEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1808,7 +1797,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectST = (char*)&cert->source[cert->srcIdx]; cert->subjectSTLen = strLen; - cert->subjectSTEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1826,7 +1814,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectO = (char*)&cert->source[cert->srcIdx]; cert->subjectOLen = strLen; - cert->subjectOEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1844,7 +1831,6 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectOU = (char*)&cert->source[cert->srcIdx]; cert->subjectOULen = strLen; - cert->subjectOUEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -3500,8 +3486,8 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert) } if (input[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) { - CYASSL_MSG("\tinfo: OPTIONAL item 0, not available\n"); - return 0; + CYASSL_MSG("\tfail: wanted OPTIONAL item 0, not available\n"); + return ASN_PARSE_E; } if (GetLength(input, &idx, &length, sz) < 0) { @@ -4464,35 +4450,21 @@ void InitCert(Cert* cert) XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE); cert->issuer.country[0] = '\0'; - cert->issuer.countryEnc = CTC_PRINTABLE; cert->issuer.state[0] = '\0'; - cert->issuer.stateEnc = CTC_UTF8; cert->issuer.locality[0] = '\0'; - cert->issuer.localityEnc = CTC_UTF8; cert->issuer.sur[0] = '\0'; - cert->issuer.surEnc = CTC_UTF8; cert->issuer.org[0] = '\0'; - cert->issuer.orgEnc = CTC_UTF8; cert->issuer.unit[0] = '\0'; - cert->issuer.unitEnc = CTC_UTF8; cert->issuer.commonName[0] = '\0'; - cert->issuer.commonNameEnc = CTC_UTF8; cert->issuer.email[0] = '\0'; cert->subject.country[0] = '\0'; - cert->subject.countryEnc = CTC_PRINTABLE; cert->subject.state[0] = '\0'; - cert->subject.stateEnc = CTC_UTF8; cert->subject.locality[0] = '\0'; - cert->subject.localityEnc = CTC_UTF8; cert->subject.sur[0] = '\0'; - cert->subject.surEnc = CTC_UTF8; cert->subject.org[0] = '\0'; - cert->subject.orgEnc = CTC_UTF8; cert->subject.unit[0] = '\0'; - cert->subject.unitEnc = CTC_UTF8; cert->subject.commonName[0] = '\0'; - cert->subject.commonNameEnc = CTC_UTF8; cert->subject.email[0] = '\0'; #ifdef CYASSL_CERT_REQ @@ -4851,37 +4823,6 @@ static const char* GetOneName(CertName* name, int idx) } -/* Get Which Name Encoding from index */ -static char GetNameType(CertName* name, int idx) -{ - switch (idx) { - case 0: - return name->countryEnc; - - case 1: - return name->stateEnc; - - case 2: - return name->localityEnc; - - case 3: - return name->surEnc; - - case 4: - return name->orgEnc; - - case 5: - return name->unitEnc; - - case 6: - return name->commonNameEnc; - - default: - return 0; - } -} - - /* Get ASN Name from index */ static byte GetNameId(int idx) { @@ -5031,7 +4972,10 @@ static int SetName(byte* output, CertName* name) /* id type */ names[i].encoded[idx++] = bType; /* str type */ - names[i].encoded[idx++] = GetNameType(name, i); + if (bType == ASN_COUNTRY_NAME) + names[i].encoded[idx++] = 0x13; /* printable */ + else + names[i].encoded[idx++] = 0x0c; /* utf8 */ } /* second length */ XMEMCPY(names[i].encoded + idx, secondLen, secondSz); @@ -5116,15 +5060,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, word32 rc; word16 encodedSz; - rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, - ntruKey, &encodedSz, NULL); + rc = crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, + ntruKey, &encodedSz, NULL); if (rc != NTRU_OK) return PUBLIC_KEY_E; if (encodedSz > MAX_PUBLIC_KEY_SZ) return PUBLIC_KEY_E; - rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, - ntruKey, &encodedSz, der->publicKey); + rc = crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz, + ntruKey, &encodedSz, der->publicKey); if (rc != NTRU_OK) return PUBLIC_KEY_E; @@ -5755,49 +5699,42 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz) CTC_NAME_SIZE - 1; strncpy(cn->commonName, decoded.subjectCN, CTC_NAME_SIZE); cn->commonName[sz] = 0; - cn->commonNameEnc = decoded.subjectCNEnc; } if (decoded.subjectC) { sz = (decoded.subjectCLen < CTC_NAME_SIZE) ? decoded.subjectCLen : CTC_NAME_SIZE - 1; strncpy(cn->country, decoded.subjectC, CTC_NAME_SIZE); cn->country[sz] = 0; - cn->countryEnc = decoded.subjectCEnc; } if (decoded.subjectST) { sz = (decoded.subjectSTLen < CTC_NAME_SIZE) ? decoded.subjectSTLen : CTC_NAME_SIZE - 1; strncpy(cn->state, decoded.subjectST, CTC_NAME_SIZE); cn->state[sz] = 0; - cn->stateEnc = decoded.subjectSTEnc; } if (decoded.subjectL) { sz = (decoded.subjectLLen < CTC_NAME_SIZE) ? decoded.subjectLLen : CTC_NAME_SIZE - 1; strncpy(cn->locality, decoded.subjectL, CTC_NAME_SIZE); cn->locality[sz] = 0; - cn->localityEnc = decoded.subjectLEnc; } if (decoded.subjectO) { sz = (decoded.subjectOLen < CTC_NAME_SIZE) ? decoded.subjectOLen : CTC_NAME_SIZE - 1; strncpy(cn->org, decoded.subjectO, CTC_NAME_SIZE); cn->org[sz] = 0; - cn->orgEnc = decoded.subjectOEnc; } if (decoded.subjectOU) { sz = (decoded.subjectOULen < CTC_NAME_SIZE) ? decoded.subjectOULen : CTC_NAME_SIZE - 1; strncpy(cn->unit, decoded.subjectOU, CTC_NAME_SIZE); cn->unit[sz] = 0; - cn->unitEnc = decoded.subjectOUEnc; } if (decoded.subjectSN) { sz = (decoded.subjectSNLen < CTC_NAME_SIZE) ? decoded.subjectSNLen : CTC_NAME_SIZE - 1; strncpy(cn->sur, decoded.subjectSN, CTC_NAME_SIZE); cn->sur[sz] = 0; - cn->surEnc = decoded.subjectSNEnc; } if (decoded.subjectEmail) { sz = (decoded.subjectEmailLen < CTC_NAME_SIZE) ? diff --git a/ctaocrypt/src/chacha.c b/ctaocrypt/src/chacha.c new file mode 100644 index 000000000..86c94278c --- /dev/null +++ b/ctaocrypt/src/chacha.c @@ -0,0 +1,244 @@ +/* chacha.c + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * + * chacha-ref.c version 20080118 + * D. J. Bernstein + * Public domain. + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef HAVE_CHACHA + +#include +#include +#include +#ifdef NO_INLINE + #include +#else + #include +#endif + +#ifdef CHACHA_AEAD_TEST + #include +#endif + +#ifdef BIG_ENDIAN_ORDER + #define LITTLE32(x) ByteReverseWord32(x) +#else + #define LITTLE32(x) (x) +#endif + +/* Number of rounds */ +#define ROUNDS 20 + +#define U32C(v) (v##U) +#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF)) +#define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0]) + +#define ROTATE(v,c) rotlFixed(v, c) +#define XOR(v,w) ((v) ^ (w)) +#define PLUS(v,w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v),1)) + +#define QUARTERROUND(a,b,c,d) \ + x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \ + x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \ + x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \ + x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7); + + +/** + * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version + * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB. + */ +int Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter) +{ + word32 temp[3]; /* used for alignment of memory */ + XMEMSET(temp, 0, 12); + +#ifdef CHACHA_AEAD_TEST + int k; + printf("NONCE : "); + for (k = 0; k < 12; k++) { + printf("%02x", nonce[k]); + } + printf("\n"); +#endif + + XMEMCPY(temp, inIv, 12); + + ctx->X[12] = counter; /* block counter */ + ctx->X[13] = temp[0]; /* fixed variable from nonce */ + ctx->X[14] = temp[1]; /* counter from nonce */ + ctx->X[15] = temp[2]; /* counter from nonce */ + + return 0; +} + +/* "expand 32-byte k" as unsigned 32 byte */ +static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574}; +/* "expand 16-byte k" as unsigned 16 byte */ +static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574}; + +/** + * Key setup. 8 word iv (nonce) + */ +int Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz) +{ + const word32* constants; + const byte* k; + + if (ctx == NULL) + return BAD_FUNC_ARG; + +#ifdef XSTREAM_ALIGN + word32 alignKey[4]; + if ((word)key % 4) { + CYASSL_MSG("ChachaSetKey unaligned key"); + XMEMCPY(alignKey, key, sizeof(alignKey)); + k = (byte*)alignKey; + } + else { + k = key; + } +#else + k = key; +#endif /* XSTREAM_ALIGN */ + +#ifdef CHACHA_AEAD_TEST + int k; + printf("ChaCha key used : "); + for (k = 0; k < keySz; k++) { + printf("%02x", key[k]); + } + printf("\n"); +#endif + + ctx->X[4] = U8TO32_LITTLE(k + 0); + ctx->X[5] = U8TO32_LITTLE(k + 4); + ctx->X[6] = U8TO32_LITTLE(k + 8); + ctx->X[7] = U8TO32_LITTLE(k + 12); + if (keySz == 32) { + k += 16; + constants = sigma; + } + else { + /* key size of 128 */ + if (keySz != 16) + return BAD_FUNC_ARG; + + constants = tau; + } + ctx->X[ 8] = U8TO32_LITTLE(k + 0); + ctx->X[ 9] = U8TO32_LITTLE(k + 4); + ctx->X[10] = U8TO32_LITTLE(k + 8); + ctx->X[11] = U8TO32_LITTLE(k + 12); + ctx->X[ 0] = U8TO32_LITTLE(constants + 0); + ctx->X[ 1] = U8TO32_LITTLE(constants + 1); + ctx->X[ 2] = U8TO32_LITTLE(constants + 2); + ctx->X[ 3] = U8TO32_LITTLE(constants + 3); + + return 0; +} + +/** + * Converts word into bytes with rotations having been done. + */ +static INLINE void Chacha_wordtobyte(word32 output[16], const word32 input[16]) +{ + word32 x[16]; + word32 i; + + for (i = 0; i < 16; i++) { + x[i] = input[i]; + } + + for (i = (ROUNDS); i > 0; i -= 2) { + QUARTERROUND(0, 4, 8, 12) + QUARTERROUND(1, 5, 9, 13) + QUARTERROUND(2, 6, 10, 14) + QUARTERROUND(3, 7, 11, 15) + QUARTERROUND(0, 5, 10, 15) + QUARTERROUND(1, 6, 11, 12) + QUARTERROUND(2, 7, 8, 13) + QUARTERROUND(3, 4, 9, 14) + } + + for (i = 0; i < 16; i++) { + x[i] = PLUS(x[i], input[i]); + } + + for (i = 0; i < 16; i++) { + output[i] = LITTLE32(x[i]); + } +} + +/** + * Encrypt a stream of bytes + */ +static void Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, + word32 bytes) +{ + byte* output; + word32 temp[16]; /* used to make sure aligned */ + word32 i; + + output = (byte*)temp; + + if (!bytes) return; + for (;;) { + Chacha_wordtobyte(temp, ctx->X); + ctx->X[12] = PLUSONE(ctx->X[12]); + if (bytes <= 64) { + for (i = 0; i < bytes; ++i) { + c[i] = m[i] ^ output[i]; + } + return; + } + for (i = 0; i < 64; ++i) { + c[i] = m[i] ^ output[i]; + } + bytes -= 64; + c += 64; + m += 64; + } +} + +/** + * API to encrypt/decrypt a message of any size. + */ +int Chacha_Process(ChaCha* ctx, byte* output, const byte* input, word32 msglen) +{ + if (ctx == NULL) + return BAD_FUNC_ARG; + + Chacha_encrypt_bytes(ctx, input, output, msglen); + + return 0; +} + +#endif /* HAVE_CHACHA*/ + diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index b2bd74c3c..a704b7910 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -34,7 +34,6 @@ #include #include -#include #ifdef NO_INLINE #include @@ -170,22 +169,19 @@ CRYP_Cmd(DISABLE); } - int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_CBC); - return 0; } - int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des, out, in, sz, DES_DECRYPTION, DES_CBC); - return 0; } - int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_ECB); - return 0; } void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz, @@ -393,16 +389,14 @@ static void Des_Cbc(byte* out, const byte* in, word32 sz, } -int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) +void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_ENCRYPT) ; - return 0; } -int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) +void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_DECRYPT) ; - return 0; } int Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz) @@ -562,7 +556,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) return ret; } - int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { int i; int offset = 0; @@ -572,11 +566,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad cau_des_encrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -594,10 +583,10 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); } - return 0; + return; } - int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { int i; int offset = 0; @@ -607,11 +596,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad cau_des_decrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -629,7 +613,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) offset += DES_BLOCK_SIZE; } - return 0; + return; } int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) @@ -643,11 +627,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad 3ede cau_des_encrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -681,11 +660,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) iv = (byte*)des->reg; - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad 3ede cau_des_decrypt alignment"); - return BAD_ALIGN_E; - } - while (len > 0) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); @@ -819,18 +793,16 @@ int Des3_SetIV(Des3* des, const byte* iv); ByteReverseWords((word32*)out, (word32 *)KVA0_TO_KVA1(out), sz); } - int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des->key, des->reg, out, in, sz, PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC ); - return 0; } - int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { DesCrypt(des->key, des->reg, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC); - return 0; } int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) @@ -1278,7 +1250,7 @@ static void Des3ProcessBlock(Des3* des, const byte* in, byte* out) } -int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) +void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; @@ -1290,11 +1262,10 @@ int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } - return 0; } -int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) +void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; byte hold[DES_BLOCK_SIZE]; @@ -1311,7 +1282,6 @@ int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } - return 0; } @@ -1362,7 +1332,7 @@ int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) #ifdef CYASSL_DES_ECB /* One block, compatibility only */ -int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) +void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; @@ -1372,7 +1342,6 @@ int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } - return 0; } #endif /* CYASSL_DES_ECB */ @@ -1401,6 +1370,7 @@ int Des3_SetIV(Des3* des, const byte* iv) #ifdef HAVE_CAVIUM +#include #include "cavium_common.h" /* Initiliaze Des3 for use with Nitrox device */ diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c index ce9d1d046..3b629ae08 100644 --- a/ctaocrypt/src/error.c +++ b/ctaocrypt/src/error.c @@ -22,7 +22,7 @@ #ifdef HAVE_CONFIG_H #include #endif - + #include #include @@ -32,261 +32,334 @@ #pragma warning(disable: 4996) #endif -const char* CTaoCryptGetErrorString(int error) + +void CTaoCryptErrorString(int error, char* buffer) { + const int max = CYASSL_MAX_ERROR_SZ; /* shorthand */ + #ifdef NO_ERROR_STRINGS (void)error; - return "no support for error strings built in"; + XSTRNCPY(buffer, "no support for error strings built in", max); #else switch (error) { - case OPEN_RAN_E : - return "opening random device error"; + case OPEN_RAN_E : + XSTRNCPY(buffer, "opening random device error", max); + break; case READ_RAN_E : - return "reading random device error"; + XSTRNCPY(buffer, "reading random device error", max); + break; case WINCRYPT_E : - return "windows crypt init error"; + XSTRNCPY(buffer, "windows crypt init error", max); + break; - case CRYPTGEN_E : - return "windows crypt generation error"; + case CRYPTGEN_E : + XSTRNCPY(buffer, "windows crypt generation error", max); + break; - case RAN_BLOCK_E : - return "random device read would block error"; + case RAN_BLOCK_E : + XSTRNCPY(buffer, "random device read would block error", max); + break; - case BAD_MUTEX_E : - return "Bad mutex, operation failed"; + case BAD_MUTEX_E : + XSTRNCPY(buffer, "Bad mutex, operation failed", max); + break; case MP_INIT_E : - return "mp_init error state"; + XSTRNCPY(buffer, "mp_init error state", max); + break; case MP_READ_E : - return "mp_read error state"; + XSTRNCPY(buffer, "mp_read error state", max); + break; case MP_EXPTMOD_E : - return "mp_exptmod error state"; + XSTRNCPY(buffer, "mp_exptmod error state", max); + break; case MP_TO_E : - return "mp_to_xxx error state, can't convert"; + XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max); + break; case MP_SUB_E : - return "mp_sub error state, can't subtract"; + XSTRNCPY(buffer, "mp_sub error state, can't subtract", max); + break; case MP_ADD_E : - return "mp_add error state, can't add"; + XSTRNCPY(buffer, "mp_add error state, can't add", max); + break; case MP_MUL_E : - return "mp_mul error state, can't multiply"; + XSTRNCPY(buffer, "mp_mul error state, can't multiply", max); + break; case MP_MULMOD_E : - return "mp_mulmod error state, can't multiply mod"; + XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max); + break; case MP_MOD_E : - return "mp_mod error state, can't mod"; + XSTRNCPY(buffer, "mp_mod error state, can't mod", max); + break; case MP_INVMOD_E : - return "mp_invmod error state, can't inv mod"; - + XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max); + break; + case MP_CMP_E : - return "mp_cmp error state"; - + XSTRNCPY(buffer, "mp_cmp error state", max); + break; + case MP_ZERO_E : - return "mp zero result, not expected"; - + XSTRNCPY(buffer, "mp zero result, not expected", max); + break; + case MEMORY_E : - return "out of memory error"; + XSTRNCPY(buffer, "out of memory error", max); + break; case RSA_WRONG_TYPE_E : - return "RSA wrong block type for RSA function"; + XSTRNCPY(buffer, "RSA wrong block type for RSA function", max); + break; case RSA_BUFFER_E : - return "RSA buffer error, output too small or input too big"; + XSTRNCPY(buffer, "RSA buffer error, output too small or input too big", + max); + break; case BUFFER_E : - return "Buffer error, output too small or input too big"; + XSTRNCPY(buffer, "Buffer error, output too small or input too big",max); + break; case ALGO_ID_E : - return "Setting Cert AlogID error"; + XSTRNCPY(buffer, "Setting Cert AlogID error", max); + break; case PUBLIC_KEY_E : - return "Setting Cert Public Key error"; + XSTRNCPY(buffer, "Setting Cert Public Key error", max); + break; case DATE_E : - return "Setting Cert Date validity error"; + XSTRNCPY(buffer, "Setting Cert Date validity error", max); + break; case SUBJECT_E : - return "Setting Cert Subject name error"; + XSTRNCPY(buffer, "Setting Cert Subject name error", max); + break; case ISSUER_E : - return "Setting Cert Issuer name error"; + XSTRNCPY(buffer, "Setting Cert Issuer name error", max); + break; case CA_TRUE_E : - return "Setting basic constraint CA true error"; + XSTRNCPY(buffer, "Setting basic constraint CA true error", max); + break; case EXTENSIONS_E : - return "Setting extensions error"; + XSTRNCPY(buffer, "Setting extensions error", max); + break; case ASN_PARSE_E : - return "ASN parsing error, invalid input"; + XSTRNCPY(buffer, "ASN parsing error, invalid input", max); + break; case ASN_VERSION_E : - return "ASN version error, invalid number"; + XSTRNCPY(buffer, "ASN version error, invalid number", max); + break; case ASN_GETINT_E : - return "ASN get big int error, invalid data"; + XSTRNCPY(buffer, "ASN get big int error, invalid data", max); + break; case ASN_RSA_KEY_E : - return "ASN key init error, invalid input"; + XSTRNCPY(buffer, "ASN key init error, invalid input", max); + break; case ASN_OBJECT_ID_E : - return "ASN object id error, invalid id"; + XSTRNCPY(buffer, "ASN object id error, invalid id", max); + break; case ASN_TAG_NULL_E : - return "ASN tag error, not null"; + XSTRNCPY(buffer, "ASN tag error, not null", max); + break; case ASN_EXPECT_0_E : - return "ASN expect error, not zero"; + XSTRNCPY(buffer, "ASN expect error, not zero", max); + break; case ASN_BITSTR_E : - return "ASN bit string error, wrong id"; + XSTRNCPY(buffer, "ASN bit string error, wrong id", max); + break; case ASN_UNKNOWN_OID_E : - return "ASN oid error, unknown sum id"; + XSTRNCPY(buffer, "ASN oid error, unknown sum id", max); + break; case ASN_DATE_SZ_E : - return "ASN date error, bad size"; + XSTRNCPY(buffer, "ASN date error, bad size", max); + break; case ASN_BEFORE_DATE_E : - return "ASN date error, current date before"; + XSTRNCPY(buffer, "ASN date error, current date before", max); + break; case ASN_AFTER_DATE_E : - return "ASN date error, current date after"; + XSTRNCPY(buffer, "ASN date error, current date after", max); + break; case ASN_SIG_OID_E : - return "ASN signature error, mismatched oid"; + XSTRNCPY(buffer, "ASN signature error, mismatched oid", max); + break; case ASN_TIME_E : - return "ASN time error, unkown time type"; + XSTRNCPY(buffer, "ASN time error, unkown time type", max); + break; case ASN_INPUT_E : - return "ASN input error, not enough data"; + XSTRNCPY(buffer, "ASN input error, not enough data", max); + break; case ASN_SIG_CONFIRM_E : - return "ASN sig error, confirm failure"; + XSTRNCPY(buffer, "ASN sig error, confirm failure", max); + break; case ASN_SIG_HASH_E : - return "ASN sig error, unsupported hash type"; + XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max); + break; case ASN_SIG_KEY_E : - return "ASN sig error, unsupported key type"; + XSTRNCPY(buffer, "ASN sig error, unsupported key type", max); + break; case ASN_DH_KEY_E : - return "ASN key init error, invalid input"; + XSTRNCPY(buffer, "ASN key init error, invalid input", max); + break; case ASN_NTRU_KEY_E : - return "ASN NTRU key decode error, invalid input"; + XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max); + break; case ASN_CRIT_EXT_E: - return "X.509 Critical extension ignored"; + XSTRNCPY(buffer, "X.509 Critical extension ignored", max); + break; case ECC_BAD_ARG_E : - return "ECC input argument wrong type, invalid input"; + XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max); + break; case ASN_ECC_KEY_E : - return "ECC ASN1 bad key data, invalid input"; + XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max); + break; case ECC_CURVE_OID_E : - return "ECC curve sum OID unsupported, invalid input"; + XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max); + break; case BAD_FUNC_ARG : - return "Bad function argument"; + XSTRNCPY(buffer, "Bad function argument", max); + break; case NOT_COMPILED_IN : - return "Feature not compiled in"; + XSTRNCPY(buffer, "Feature not compiled in", max); + break; case UNICODE_SIZE_E : - return "Unicode password too big"; + XSTRNCPY(buffer, "Unicode password too big", max); + break; case NO_PASSWORD : - return "No password provided by user"; + XSTRNCPY(buffer, "No password provided by user", max); + break; case ALT_NAME_E : - return "Alt Name problem, too big"; + XSTRNCPY(buffer, "Alt Name problem, too big", max); + break; case AES_GCM_AUTH_E: - return "AES-GCM Authentication check fail"; + XSTRNCPY(buffer, "AES-GCM Authentication check fail", max); + break; case AES_CCM_AUTH_E: - return "AES-CCM Authentication check fail"; + XSTRNCPY(buffer, "AES-CCM Authentication check fail", max); + break; case CAVIUM_INIT_E: - return "Cavium Init type error"; + XSTRNCPY(buffer, "Cavium Init type error", max); + break; case COMPRESS_INIT_E: - return "Compress Init error"; + XSTRNCPY(buffer, "Compress Init error", max); + break; case COMPRESS_E: - return "Compress error"; + XSTRNCPY(buffer, "Compress error", max); + break; case DECOMPRESS_INIT_E: - return "DeCompress Init error"; + XSTRNCPY(buffer, "DeCompress Init error", max); + break; case DECOMPRESS_E: - return "DeCompress error"; + XSTRNCPY(buffer, "DeCompress error", max); + break; case BAD_ALIGN_E: - return "Bad alignment error, no alloc help"; + XSTRNCPY(buffer, "Bad alignment error, no alloc help", max); + break; case ASN_NO_SIGNER_E : - return "ASN no signer error to confirm failure"; + XSTRNCPY(buffer, "ASN no signer error to confirm failure", max); + break; case ASN_CRL_CONFIRM_E : - return "ASN CRL sig error, confirm failure"; + XSTRNCPY(buffer, "ASN CRL sig error, confirm failure", max); + break; case ASN_CRL_NO_SIGNER_E : - return "ASN CRL no signer error to confirm failure"; + XSTRNCPY(buffer, "ASN CRL no signer error to confirm failure", max); + break; case ASN_OCSP_CONFIRM_E : - return "ASN OCSP sig error, confirm failure"; + XSTRNCPY(buffer, "ASN OCSP sig error, confirm failure", max); + break; case BAD_ENC_STATE_E: - return "Bad ecc encrypt state operation"; + XSTRNCPY(buffer, "Bad ecc encrypt state operation", max); + break; case BAD_PADDING_E: - return "Bad padding, message wrong length"; + XSTRNCPY(buffer, "Bad padding, message wrong length", max); + break; case REQ_ATTRIBUTE_E: - return "Setting cert request attributes error"; + XSTRNCPY(buffer, "Setting cert request attributes error", max); + break; case PKCS7_OID_E: - return "PKCS#7 error: mismatched OID value"; + XSTRNCPY(buffer, "PKCS#7 error: mismatched OID value", max); + break; case PKCS7_RECIP_E: - return "PKCS#7 error: no matching recipient found"; + XSTRNCPY(buffer, "PKCS#7 error: no matching recipient found", max); + break; case FIPS_NOT_ALLOWED_E: - return "FIPS mode not allowed error"; + XSTRNCPY(buffer, "FIPS mode not allowed error", max); + break; case ASN_NAME_INVALID_E: - return "Name Constraint error"; - - case RNG_FAILURE_E: - return "Random Number Generator failed"; + XSTRNCPY(buffer, "Name Constraint error", max); + break; default: - return "unknown error number"; + XSTRNCPY(buffer, "unknown error number", max); } #endif /* NO_ERROR_STRINGS */ } - -void CTaoCryptErrorString(int error, char* buffer) -{ - XSTRNCPY(buffer, CTaoCryptGetErrorString(error), CYASSL_MAX_ERROR_SZ); -} diff --git a/ctaocrypt/src/include.am b/ctaocrypt/src/include.am index 6664dab22..580d3f553 100644 --- a/ctaocrypt/src/include.am +++ b/ctaocrypt/src/include.am @@ -2,8 +2,7 @@ # All paths should be given relative to the root EXTRA_DIST += ctaocrypt/src/misc.c -EXTRA_DIST += ctaocrypt/src/asm.c -EXTRA_DIST += ctaocrypt/src/aes_asm.asm +EXTRA_DIST += ctaocrypt/src/asm.c EXTRA_DIST += \ ctaocrypt/src/ecc_fp.c \ diff --git a/ctaocrypt/src/integer.c b/ctaocrypt/src/integer.c index 56598f451..e885ca04b 100644 --- a/ctaocrypt/src/integer.c +++ b/ctaocrypt/src/integer.c @@ -1854,15 +1854,15 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, } /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times*/ - if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { + if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) { goto LBL_RES; } for (x = 0; x < (winsize - 1); x++) { - if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { + if ((err = mp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)])) != MP_OKAY) { goto LBL_RES; } - if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, mp)) != MP_OKAY) { + if ((err = redux (&M[1 << (winsize - 1)], P, mp)) != MP_OKAY) { goto LBL_RES; } } @@ -3250,19 +3250,19 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode) /* compute the value at M[1<<(winsize-1)] by squaring * M[1] (winsize-1) times */ - if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { + if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) { goto LBL_MU; } for (x = 0; x < (winsize - 1); x++) { /* square it */ - if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], - &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { + if ((err = mp_sqr (&M[1 << (winsize - 1)], + &M[1 << (winsize - 1)])) != MP_OKAY) { goto LBL_MU; } /* reduce modulo P */ - if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, &mu)) != MP_OKAY) { + if ((err = redux (&M[1 << (winsize - 1)], P, &mu)) != MP_OKAY) { goto LBL_MU; } } diff --git a/ctaocrypt/src/misc.c b/ctaocrypt/src/misc.c index 7d4d33594..69fd4a449 100644 --- a/ctaocrypt/src/misc.c +++ b/ctaocrypt/src/misc.c @@ -45,8 +45,6 @@ #include /* get intrinsic definitions */ - /* for non visual studio probably need no long version, 32 bit only - * i.e., _rotl and _rotr */ #pragma intrinsic(_lrotl, _lrotr) STATIC INLINE word32 rotlFixed(word32 x, word32 y) diff --git a/ctaocrypt/src/poly1305.c b/ctaocrypt/src/poly1305.c new file mode 100644 index 000000000..c246394f9 --- /dev/null +++ b/ctaocrypt/src/poly1305.c @@ -0,0 +1,521 @@ +/* poly1305.c + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_POLY1305 + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include +#include +#ifdef NO_INLINE + #include +#else + #include +#endif + +#ifdef _MSC_VER + /* 4127 warning constant while(1) */ + #pragma warning(disable: 4127) +#endif + +#ifdef BIG_ENDIAN_ORDER + #define LITTLE32(x) ByteReverseWord32(x) +#else + #define LITTLE32(x) (x) +#endif + +#ifdef POLY130564 +#if defined(_MSC_VER) + #define POLY1305_NOINLINE __declspec(noinline) +#elif defined(__GNUC__) + #define POLY1305_NOINLINE __attribute__((noinline)) +#else + #define POLY1305_NOINLINE +#endif + +#if defined(_MSC_VER) + #include + + typedef struct word128 { + word64 lo; + word64 hi; + } word128; + + #define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi) + #define ADD(out, in) { word64 t = out.lo; out.lo += in.lo; + out.hi += (out.lo < t) + in.hi; } + #define ADDLO(out, in) { word64 t = out.lo; out.lo += in; + out.hi += (out.lo < t); } + #define SHR(in, shift) (__shiftright128(in.lo, in.hi, (shift))) + #define LO(in) (in.lo) + +#elif defined(__GNUC__) + #if defined(__SIZEOF_INT128__) + typedef unsigned __int128 word128; + #else + typedef unsigned word128 __attribute__((mode(TI))); + #endif + + #define MUL(out, x, y) out = ((word128)x * y) + #define ADD(out, in) out += in + #define ADDLO(out, in) out += in + #define SHR(in, shift) (word64)(in >> (shift)) + #define LO(in) (word64)(in) +#endif + +static word64 U8TO64(const byte* p) { + return + (((word64)(p[0] & 0xff) ) | + ((word64)(p[1] & 0xff) << 8) | + ((word64)(p[2] & 0xff) << 16) | + ((word64)(p[3] & 0xff) << 24) | + ((word64)(p[4] & 0xff) << 32) | + ((word64)(p[5] & 0xff) << 40) | + ((word64)(p[6] & 0xff) << 48) | + ((word64)(p[7] & 0xff) << 56)); +} + +static void U64TO8(byte* p, word64 v) { + p[0] = (v ) & 0xff; + p[1] = (v >> 8) & 0xff; + p[2] = (v >> 16) & 0xff; + p[3] = (v >> 24) & 0xff; + p[4] = (v >> 32) & 0xff; + p[5] = (v >> 40) & 0xff; + p[6] = (v >> 48) & 0xff; + p[7] = (v >> 56) & 0xff; +} +#else /* if not 64 bit then use 32 bit */ +static word32 U8TO32(const byte *p) { + return + (((word32)(p[0] & 0xff) ) | + ((word32)(p[1] & 0xff) << 8) | + ((word32)(p[2] & 0xff) << 16) | + ((word32)(p[3] & 0xff) << 24)); +} + +static void U32TO8(byte *p, word32 v) { + p[0] = (v ) & 0xff; + p[1] = (v >> 8) & 0xff; + p[2] = (v >> 16) & 0xff; + p[3] = (v >> 24) & 0xff; +} +#endif + +int Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) { + + if (keySz != 32) + return 1; + +#ifdef CHACHA_AEAD_TEST + int k; + printf("Poly key used: "); + for (k = 0; k < keySz; k++) + printf("%02x", key[k]); + printf("\n"); +#endif + +#ifdef POLY130564 + word64 t0,t1; + + /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ + t0 = U8TO64(key + 0); + t1 = U8TO64(key + 8); + + ctx->r[0] = ( t0 ) & 0xffc0fffffff; + ctx->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff; + ctx->r[2] = ((t1 >> 24) ) & 0x00ffffffc0f; + + /* h (accumulator) = 0 */ + ctx->h[0] = 0; + ctx->h[1] = 0; + ctx->h[2] = 0; + + /* save pad for later */ + ctx->pad[0] = U8TO64(key + 16); + ctx->pad[1] = U8TO64(key + 24); + +#else /* if not 64 bit then use 32 bit */ + + /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ + ctx->r[0] = (U8TO32(key + 0) ) & 0x3ffffff; + ctx->r[1] = (U8TO32(key + 3) >> 2) & 0x3ffff03; + ctx->r[2] = (U8TO32(key + 6) >> 4) & 0x3ffc0ff; + ctx->r[3] = (U8TO32(key + 9) >> 6) & 0x3f03fff; + ctx->r[4] = (U8TO32(key + 12) >> 8) & 0x00fffff; + + /* h = 0 */ + ctx->h[0] = 0; + ctx->h[1] = 0; + ctx->h[2] = 0; + ctx->h[3] = 0; + ctx->h[4] = 0; + + /* save pad for later */ + ctx->pad[0] = U8TO32(key + 16); + ctx->pad[1] = U8TO32(key + 20); + ctx->pad[2] = U8TO32(key + 24); + ctx->pad[3] = U8TO32(key + 28); +#endif + + ctx->leftover = 0; + ctx->final = 0; + + return 0; +} + +static void poly1305_blocks(Poly1305* ctx, const unsigned char *m, + size_t bytes) { +#ifdef POLY130564 + + const word64 hibit = (ctx->final) ? 0 : ((word64)1 << 40); /* 1 << 128 */ + word64 r0,r1,r2; + word64 s1,s2; + word64 h0,h1,h2; + word64 c; + word128 d0,d1,d2,d; + + r0 = ctx->r[0]; + r1 = ctx->r[1]; + r2 = ctx->r[2]; + + h0 = ctx->h[0]; + h1 = ctx->h[1]; + h2 = ctx->h[2]; + + s1 = r1 * (5 << 2); + s2 = r2 * (5 << 2); + + while (bytes >= POLY1305_BLOCK_SIZE) { + word64 t0,t1; + + /* h += m[i] */ + t0 = U8TO64(&m[0]); + t1 = U8TO64(&m[8]); + + h0 += (( t0 ) & 0xfffffffffff); + h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff); + h2 += (((t1 >> 24) ) & 0x3ffffffffff) | hibit; + + /* h *= r */ + MUL(d0, h0, r0); MUL(d, h1, s2); ADD(d0, d); MUL(d, h2, s1); ADD(d0, d); + MUL(d1, h0, r1); MUL(d, h1, r0); ADD(d1, d); MUL(d, h2, s2); ADD(d1, d); + MUL(d2, h0, r2); MUL(d, h1, r1); ADD(d2, d); MUL(d, h2, r0); ADD(d2, d); + + /* (partial) h %= p */ + c = SHR(d0, 44); h0 = LO(d0) & 0xfffffffffff; + ADDLO(d1, c); c = SHR(d1, 44); h1 = LO(d1) & 0xfffffffffff; + ADDLO(d2, c); c = SHR(d2, 42); h2 = LO(d2) & 0x3ffffffffff; + h0 += c * 5; c = (h0 >> 44); h0 = h0 & 0xfffffffffff; + h1 += c; + + m += POLY1305_BLOCK_SIZE; + bytes -= POLY1305_BLOCK_SIZE; + } + + ctx->h[0] = h0; + ctx->h[1] = h1; + ctx->h[2] = h2; + +#else /* if not 64 bit then use 32 bit */ + + const word32 hibit = (ctx->final) ? 0 : (1 << 24); /* 1 << 128 */ + word32 r0,r1,r2,r3,r4; + word32 s1,s2,s3,s4; + word32 h0,h1,h2,h3,h4; + word64 d0,d1,d2,d3,d4; + word32 c; + + r0 = ctx->r[0]; + r1 = ctx->r[1]; + r2 = ctx->r[2]; + r3 = ctx->r[3]; + r4 = ctx->r[4]; + + s1 = r1 * 5; + s2 = r2 * 5; + s3 = r3 * 5; + s4 = r4 * 5; + + h0 = ctx->h[0]; + h1 = ctx->h[1]; + h2 = ctx->h[2]; + h3 = ctx->h[3]; + h4 = ctx->h[4]; + + while (bytes >= POLY1305_BLOCK_SIZE) { + /* h += m[i] */ + h0 += (U8TO32(m+ 0) ) & 0x3ffffff; + h1 += (U8TO32(m+ 3) >> 2) & 0x3ffffff; + h2 += (U8TO32(m+ 6) >> 4) & 0x3ffffff; + h3 += (U8TO32(m+ 9) >> 6) & 0x3ffffff; + h4 += (U8TO32(m+12) >> 8) | hibit; + + /* h *= r */ + d0 = ((word64)h0 * r0) + ((word64)h1 * s4) + ((word64)h2 * s3) + + ((word64)h3 * s2) + ((word64)h4 * s1); + d1 = ((word64)h0 * r1) + ((word64)h1 * r0) + ((word64)h2 * s4) + + ((word64)h3 * s3) + ((word64)h4 * s2); + d2 = ((word64)h0 * r2) + ((word64)h1 * r1) + ((word64)h2 * r0) + + ((word64)h3 * s4) + ((word64)h4 * s3); + d3 = ((word64)h0 * r3) + ((word64)h1 * r2) + ((word64)h2 * r1) + + ((word64)h3 * r0) + ((word64)h4 * s4); + d4 = ((word64)h0 * r4) + ((word64)h1 * r3) + ((word64)h2 * r2) + + ((word64)h3 * r1) + ((word64)h4 * r0); + + /* (partial) h %= p */ + c = (word32)(d0 >> 26); h0 = (word32)d0 & 0x3ffffff; + d1 += c; c = (word32)(d1 >> 26); h1 = (word32)d1 & 0x3ffffff; + d2 += c; c = (word32)(d2 >> 26); h2 = (word32)d2 & 0x3ffffff; + d3 += c; c = (word32)(d3 >> 26); h3 = (word32)d3 & 0x3ffffff; + d4 += c; c = (word32)(d4 >> 26); h4 = (word32)d4 & 0x3ffffff; + h0 += c * 5; c = (h0 >> 26); h0 = h0 & 0x3ffffff; + h1 += c; + + m += POLY1305_BLOCK_SIZE; + bytes -= POLY1305_BLOCK_SIZE; + } + + ctx->h[0] = h0; + ctx->h[1] = h1; + ctx->h[2] = h2; + ctx->h[3] = h3; + ctx->h[4] = h4; + +#endif + +} + +int Poly1305Final(Poly1305* ctx, byte* mac) { + +#ifdef POLY130564 + + word64 h0,h1,h2,c; + word64 g0,g1,g2; + word64 t0,t1; + + /* process the remaining block */ + if (ctx->leftover) { + size_t i = ctx->leftover; + ctx->buffer[i] = 1; + for (i = i + 1; i < POLY1305_BLOCK_SIZE; i++) + ctx->buffer[i] = 0; + ctx->final = 1; + poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE); + } + + /* fully carry h */ + h0 = ctx->h[0]; + h1 = ctx->h[1]; + h2 = ctx->h[2]; + + c = (h1 >> 44); h1 &= 0xfffffffffff; + h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff; + h0 += c * 5; c = (h0 >> 44); h0 &= 0xfffffffffff; + h1 += c; c = (h1 >> 44); h1 &= 0xfffffffffff; + h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff; + h0 += c * 5; c = (h0 >> 44); h0 &= 0xfffffffffff; + h1 += c; + + /* compute h + -p */ + g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff; + g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff; + g2 = h2 + c - ((word64)1 << 42); + + /* select h if h < p, or h + -p if h >= p */ + c = (g2 >> ((sizeof(word64) * 8) - 1)) - 1; + g0 &= c; + g1 &= c; + g2 &= c; + c = ~c; + h0 = (h0 & c) | g0; + h1 = (h1 & c) | g1; + h2 = (h2 & c) | g2; + + /* h = (h + pad) */ + t0 = ctx->pad[0]; + t1 = ctx->pad[1]; + + h0 += (( t0 ) & 0xfffffffffff) ; + c = (h0 >> 44); h0 &= 0xfffffffffff; + h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff) + c; + c = (h1 >> 44); h1 &= 0xfffffffffff; + h2 += (((t1 >> 24) ) & 0x3ffffffffff) + c; + h2 &= 0x3ffffffffff; + + /* mac = h % (2^128) */ + h0 = ((h0 ) | (h1 << 44)); + h1 = ((h1 >> 20) | (h2 << 24)); + + U64TO8(mac + 0, h0); + U64TO8(mac + 8, h1); + + /* zero out the state */ + ctx->h[0] = 0; + ctx->h[1] = 0; + ctx->h[2] = 0; + ctx->r[0] = 0; + ctx->r[1] = 0; + ctx->r[2] = 0; + ctx->pad[0] = 0; + ctx->pad[1] = 0; + +#else /* if not 64 bit then use 32 bit */ + + word32 h0,h1,h2,h3,h4,c; + word32 g0,g1,g2,g3,g4; + word64 f; + word32 mask; + + /* process the remaining block */ + if (ctx->leftover) { + size_t i = ctx->leftover; + ctx->buffer[i++] = 1; + for (; i < POLY1305_BLOCK_SIZE; i++) + ctx->buffer[i] = 0; + ctx->final = 1; + poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE); + } + + /* fully carry h */ + h0 = ctx->h[0]; + h1 = ctx->h[1]; + h2 = ctx->h[2]; + h3 = ctx->h[3]; + h4 = ctx->h[4]; + + c = h1 >> 26; h1 = h1 & 0x3ffffff; + h2 += c; c = h2 >> 26; h2 = h2 & 0x3ffffff; + h3 += c; c = h3 >> 26; h3 = h3 & 0x3ffffff; + h4 += c; c = h4 >> 26; h4 = h4 & 0x3ffffff; + h0 += c * 5; c = h0 >> 26; h0 = h0 & 0x3ffffff; + h1 += c; + + /* compute h + -p */ + g0 = h0 + 5; c = g0 >> 26; g0 &= 0x3ffffff; + g1 = h1 + c; c = g1 >> 26; g1 &= 0x3ffffff; + g2 = h2 + c; c = g2 >> 26; g2 &= 0x3ffffff; + g3 = h3 + c; c = g3 >> 26; g3 &= 0x3ffffff; + g4 = h4 + c - (1 << 26); + + /* select h if h < p, or h + -p if h >= p */ + mask = (g4 >> ((sizeof(word32) * 8) - 1)) - 1; + g0 &= mask; + g1 &= mask; + g2 &= mask; + g3 &= mask; + g4 &= mask; + mask = ~mask; + h0 = (h0 & mask) | g0; + h1 = (h1 & mask) | g1; + h2 = (h2 & mask) | g2; + h3 = (h3 & mask) | g3; + h4 = (h4 & mask) | g4; + + /* h = h % (2^128) */ + h0 = ((h0 ) | (h1 << 26)) & 0xffffffff; + h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff; + h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff; + h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff; + + /* mac = (h + pad) % (2^128) */ + f = (word64)h0 + ctx->pad[0] ; h0 = (word64)f; + f = (word64)h1 + ctx->pad[1] + (f >> 32); h1 = (word64)f; + f = (word64)h2 + ctx->pad[2] + (f >> 32); h2 = (word64)f; + f = (word64)h3 + ctx->pad[3] + (f >> 32); h3 = (word64)f; + + U32TO8(mac + 0, h0); + U32TO8(mac + 4, h1); + U32TO8(mac + 8, h2); + U32TO8(mac + 12, h3); + + /* zero out the state */ + ctx->h[0] = 0; + ctx->h[1] = 0; + ctx->h[2] = 0; + ctx->h[3] = 0; + ctx->h[4] = 0; + ctx->r[0] = 0; + ctx->r[1] = 0; + ctx->r[2] = 0; + ctx->r[3] = 0; + ctx->r[4] = 0; + ctx->pad[0] = 0; + ctx->pad[1] = 0; + ctx->pad[2] = 0; + ctx->pad[3] = 0; + +#endif + + return 0; +} + + +int Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) { + size_t i; + +#ifdef CHACHA_AEAD_TEST + int k; + printf("Raw input to poly: "); + for (k = 0; k < bytes; k++) + printf("%02x", m[k]); + printf("\n"); +#endif + + /* handle leftover */ + if (ctx->leftover) { + size_t want = (POLY1305_BLOCK_SIZE - ctx->leftover); + if (want > bytes) + want = bytes; + for (i = 0; i < want; i++) + ctx->buffer[ctx->leftover + i] = m[i]; + bytes -= want; + m += want; + ctx->leftover += want; + if (ctx->leftover < POLY1305_BLOCK_SIZE) + return 0; + poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE); + ctx->leftover = 0; + } + + /* process full blocks */ + if (bytes >= POLY1305_BLOCK_SIZE) { + size_t want = (bytes & ~(POLY1305_BLOCK_SIZE - 1)); + poly1305_blocks(ctx, m, want); + m += want; + bytes -= want; + } + + /* store leftover */ + if (bytes) { + for (i = 0; i < bytes; i++) + ctx->buffer[ctx->leftover + i] = m[i]; + ctx->leftover += bytes; + } + + return 0; +} +#endif /* HAVE_POLY1305 */ + diff --git a/ctaocrypt/src/port.c b/ctaocrypt/src/port.c new file mode 100644 index 000000000..c51062185 --- /dev/null +++ b/ctaocrypt/src/port.c @@ -0,0 +1,436 @@ +/* port.c + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include + + +#ifdef _MSC_VER + /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ + #pragma warning(disable: 4996) +#endif + + + +#ifdef SINGLE_THREADED + +int InitMutex(CyaSSL_Mutex* m) +{ + (void)m; + return 0; +} + + +int FreeMutex(CyaSSL_Mutex *m) +{ + (void)m; + return 0; +} + + +int LockMutex(CyaSSL_Mutex *m) +{ + (void)m; + return 0; +} + + +int UnLockMutex(CyaSSL_Mutex *m) +{ + (void)m; + return 0; +} + +#else /* MULTI_THREAD */ + + #if defined(FREERTOS) + + int InitMutex(CyaSSL_Mutex* m) + { + int iReturn; + + *m = ( CyaSSL_Mutex ) xSemaphoreCreateMutex(); + if( *m != NULL ) + iReturn = 0; + else + iReturn = BAD_MUTEX_E; + + return iReturn; + } + + int FreeMutex(CyaSSL_Mutex* m) + { + vSemaphoreDelete( *m ); + return 0; + } + + int LockMutex(CyaSSL_Mutex* m) + { + /* Assume an infinite block, or should there be zero block? */ + xSemaphoreTake( *m, portMAX_DELAY ); + return 0; + } + + int UnLockMutex(CyaSSL_Mutex* m) + { + xSemaphoreGive( *m ); + return 0; + } + + #elif defined(CYASSL_SAFERTOS) + + int InitMutex(CyaSSL_Mutex* m) + { + vSemaphoreCreateBinary(m->mutexBuffer, m->mutex); + if (m->mutex == NULL) + return BAD_MUTEX_E; + + return 0; + } + + int FreeMutex(CyaSSL_Mutex* m) + { + (void)m; + return 0; + } + + int LockMutex(CyaSSL_Mutex* m) + { + /* Assume an infinite block */ + xSemaphoreTake(m->mutex, portMAX_DELAY); + return 0; + } + + int UnLockMutex(CyaSSL_Mutex* m) + { + xSemaphoreGive(m->mutex); + return 0; + } + + + #elif defined(USE_WINDOWS_API) + + int InitMutex(CyaSSL_Mutex* m) + { + InitializeCriticalSection(m); + return 0; + } + + + int FreeMutex(CyaSSL_Mutex* m) + { + DeleteCriticalSection(m); + return 0; + } + + + int LockMutex(CyaSSL_Mutex* m) + { + EnterCriticalSection(m); + return 0; + } + + + int UnLockMutex(CyaSSL_Mutex* m) + { + LeaveCriticalSection(m); + return 0; + } + + #elif defined(CYASSL_PTHREADS) + + int InitMutex(CyaSSL_Mutex* m) + { + if (pthread_mutex_init(m, 0) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int FreeMutex(CyaSSL_Mutex* m) + { + if (pthread_mutex_destroy(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int LockMutex(CyaSSL_Mutex* m) + { + if (pthread_mutex_lock(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int UnLockMutex(CyaSSL_Mutex* m) + { + if (pthread_mutex_unlock(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + #elif defined(THREADX) + + int InitMutex(CyaSSL_Mutex* m) + { + if (tx_mutex_create(m, "CyaSSL Mutex", TX_NO_INHERIT) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int FreeMutex(CyaSSL_Mutex* m) + { + if (tx_mutex_delete(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int LockMutex(CyaSSL_Mutex* m) + { + if (tx_mutex_get(m, TX_WAIT_FOREVER) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int UnLockMutex(CyaSSL_Mutex* m) + { + if (tx_mutex_put(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + #elif defined(MICRIUM) + + int InitMutex(CyaSSL_Mutex* m) + { + #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) + if (NetSecure_OS_MutexCreate(m) == 0) + return 0; + else + return BAD_MUTEX_E; + #else + return 0; + #endif + } + + + int FreeMutex(CyaSSL_Mutex* m) + { + #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) + if (NetSecure_OS_FreeMutex(m) == 0) + return 0; + else + return BAD_MUTEX_E; + #else + return 0; + #endif + } + + + int LockMutex(CyaSSL_Mutex* m) + { + #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) + if (NetSecure_OS_LockMutex(m) == 0) + return 0; + else + return BAD_MUTEX_E; + #else + return 0; + #endif + } + + + int UnLockMutex(CyaSSL_Mutex* m) + { + #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) + if (NetSecure_OS_UnLockMutex(m) == 0) + return 0; + else + return BAD_MUTEX_E; + #else + return 0; + #endif + + } + + #elif defined(EBSNET) + + int InitMutex(CyaSSL_Mutex* m) + { + if (rtp_sig_mutex_alloc(m, "CyaSSL Mutex") == -1) + return BAD_MUTEX_E; + else + return 0; + } + + int FreeMutex(CyaSSL_Mutex* m) + { + rtp_sig_mutex_free(*m); + return 0; + } + + int LockMutex(CyaSSL_Mutex* m) + { + if (rtp_sig_mutex_claim_timed(*m, RTIP_INF) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + int UnLockMutex(CyaSSL_Mutex* m) + { + rtp_sig_mutex_release(*m); + return 0; + } + + #elif defined(FREESCALE_MQX) + + int InitMutex(CyaSSL_Mutex* m) + { + if (_mutex_init(m, NULL) == MQX_EOK) + return 0; + else + return BAD_MUTEX_E; + } + + int FreeMutex(CyaSSL_Mutex* m) + { + if (_mutex_destroy(m) == MQX_EOK) + return 0; + else + return BAD_MUTEX_E; + } + + int LockMutex(CyaSSL_Mutex* m) + { + if (_mutex_lock(m) == MQX_EOK) + return 0; + else + return BAD_MUTEX_E; + } + + int UnLockMutex(CyaSSL_Mutex* m) + { + if (_mutex_unlock(m) == MQX_EOK) + return 0; + else + return BAD_MUTEX_E; + } + + #elif defined(CYASSL_MDK_ARM)|| defined(CYASSL_CMSIS_RTOS) + + #if defined(CYASSL_CMSIS_RTOS) + #include "cmsis_os.h" + #define CMSIS_NMUTEX 10 + osMutexDef(CyaSSL_mt0) ; osMutexDef(CyaSSL_mt1) ; osMutexDef(CyaSSL_mt2) ; + osMutexDef(CyaSSL_mt3) ; osMutexDef(CyaSSL_mt4) ; osMutexDef(CyaSSL_mt5) ; + osMutexDef(CyaSSL_mt6) ; osMutexDef(CyaSSL_mt7) ; osMutexDef(CyaSSL_mt8) ; + osMutexDef(CyaSSL_mt9) ; + + static const osMutexDef_t *CMSIS_mutex[] = { osMutex(CyaSSL_mt0), + osMutex(CyaSSL_mt1), osMutex(CyaSSL_mt2), osMutex(CyaSSL_mt3), + osMutex(CyaSSL_mt4), osMutex(CyaSSL_mt5), osMutex(CyaSSL_mt6), + osMutex(CyaSSL_mt7), osMutex(CyaSSL_mt8), osMutex(CyaSSL_mt9) } ; + + static osMutexId CMSIS_mutexID[CMSIS_NMUTEX] = {0} ; + + int InitMutex(CyaSSL_Mutex* m) + { + int i ; + for (i=0; i #include #if defined(HAVE_HASHDRBG) || defined(NO_RC4) - #include #ifdef NO_INLINE @@ -80,16 +74,9 @@ #define NONCE_SZ (ENTROPY_SZ/2) #define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ) -/* Internal return codes */ -#define DRBG_SUCCESS 0 -#define DRBG_ERROR 1 -#define DRBG_FAILURE 2 -#define DRBG_NEED_RESEED 3 - -/* RNG health states */ -#define DRBG_NOT_INIT 0 -#define DRBG_OK 1 -#define DRBG_FAILED 2 +#define DRBG_SUCCESS 0 +#define DRBG_ERROR 1 +#define DRBG_NEED_RESEED 2 enum { @@ -101,11 +88,10 @@ enum { }; -/* Hash Derivation Function */ -/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, - const byte* inA, word32 inASz, - const byte* inB, word32 inBSz) + byte* inA, word32 inASz, + byte* inB, word32 inBSz, + byte* inC, word32 inCSz) { byte ctr; int i; @@ -121,29 +107,33 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, for (i = 0, ctr = 1; i < len; i++, ctr++) { if (InitSha256(&rng->sha) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; if (Sha256Update(&rng->sha, &ctr, sizeof(ctr)) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; if (Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits)) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; /* churning V is the only string that doesn't have * the type added */ if (type != drbgInitV) if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; if (Sha256Update(&rng->sha, inA, inASz) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; if (inB != NULL && inBSz > 0) if (Sha256Update(&rng->sha, inB, inBSz) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; + + if (inC != NULL && inCSz > 0) + if (Sha256Update(&rng->sha, inC, inCSz) != 0) + return DRBG_ERROR; if (Sha256Final(&rng->sha, rng->digest) != 0) - return DRBG_FAILURE; + return DRBG_ERROR; if (outSz > OUTPUT_BLOCK_LEN) { XMEMCPY(out, rng->digest, OUTPUT_BLOCK_LEN); @@ -159,26 +149,26 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, } -/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ -static int Hash_DRBG_Reseed(RNG* rng, const byte* entropy, word32 entropySz) +static int Hash_DRBG_Reseed(RNG* rng, byte* entropy, word32 entropySz) { + int ret; byte seed[DRBG_SEED_LEN]; - if (Hash_df(rng, seed, sizeof(seed), drbgReseed, rng->V, sizeof(rng->V), - entropy, entropySz) != DRBG_SUCCESS) { - return DRBG_FAILURE; - } + ret = Hash_df(rng, seed, sizeof(seed), drbgReseed, rng->V, sizeof(rng->V), + entropy, entropySz, NULL, 0); + if (ret != 0) + return ret; XMEMCPY(rng->V, seed, sizeof(rng->V)); XMEMSET(seed, 0, sizeof(seed)); - if (Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, - sizeof(rng->V), NULL, 0) != DRBG_SUCCESS) { - return DRBG_FAILURE; - } + ret = Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, + sizeof(rng->V), NULL, 0, NULL, 0); + if (ret != 0) + return ret; rng->reseedCtr = 1; - return DRBG_SUCCESS; + return 0; } static INLINE void array_add_one(byte* data, word32 dataSz) @@ -192,23 +182,26 @@ static INLINE void array_add_one(byte* data, word32 dataSz) } } - -/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ -static int Hash_gen(RNG* rng, byte* out, word32 outSz, const byte* V) +static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V) { byte data[DRBG_SEED_LEN]; - int i; + int i, ret; int len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); XMEMCPY(data, V, sizeof(data)); for (i = 0; i < len; i++) { - if (InitSha256(&rng->sha) != 0 || - Sha256Update(&rng->sha, data, sizeof(data)) != 0 || - Sha256Final(&rng->sha, rng->digest) != 0) { + ret = InitSha256(&rng->sha); + if (ret != 0) + return ret; - return DRBG_FAILURE; - } + ret = Sha256Update(&rng->sha, data, sizeof(data)); + if (ret != 0) + return ret; + + ret = Sha256Final(&rng->sha, rng->digest); + if (ret != 0) + return ret; if (outSz > OUTPUT_BLOCK_LEN) { XMEMCPY(out, rng->digest, OUTPUT_BLOCK_LEN); @@ -222,11 +215,11 @@ static int Hash_gen(RNG* rng, byte* out, word32 outSz, const byte* V) } XMEMSET(data, 0, sizeof(data)); - return DRBG_SUCCESS; + return 0; } -static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) +static INLINE void array_add(byte* d, word32 dLen, byte* s, word32 sLen) { word16 carry = 0; @@ -245,67 +238,74 @@ static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) } -/* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */ static int Hash_DRBG_Generate(RNG* rng, byte* out, word32 outSz) { - int ret = DRBG_NEED_RESEED; + int ret; if (rng->reseedCtr != RESEED_INTERVAL) { byte type = drbgGenerateH; word32 reseedCtr = rng->reseedCtr; rng->reseedCtr++; - if (Hash_gen(rng, out, outSz, rng->V) != 0 || - InitSha256(&rng->sha) != 0 || - Sha256Update(&rng->sha, &type, sizeof(type)) != 0 || - Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0 || - Sha256Final(&rng->sha, rng->digest) != 0) { + if (Hash_gen(rng, out, outSz, rng->V) != 0) + return DRBG_ERROR; + if (InitSha256(&rng->sha) != 0) + return DRBG_ERROR; + if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0) + return DRBG_ERROR; + if (Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0) + return DRBG_ERROR; + if (Sha256Final(&rng->sha, rng->digest) != 0) + return DRBG_ERROR; - ret = DRBG_FAILURE; - } - else { - array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest)); - array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C)); - #ifdef LITTLE_ENDIAN_ORDER - reseedCtr = ByteReverseWord32(reseedCtr); - #endif - array_add(rng->V, sizeof(rng->V), - (byte*)&reseedCtr, sizeof(reseedCtr)); - ret = DRBG_SUCCESS; - } - } - - return ret; -} - - -/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ -static int Hash_DRBG_Instantiate(RNG* rng, const byte* seed, word32 seedSz, - const byte* nonce, word32 nonceSz) -{ - int ret = DRBG_FAILURE; - - XMEMSET(rng, 0, sizeof(*rng)); - - if (Hash_df(rng, rng->V, sizeof(rng->V), drbgInitV, seed, seedSz, - nonce, nonceSz) == DRBG_SUCCESS && - Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, - sizeof(rng->V), NULL, 0) == DRBG_SUCCESS) { - - rng->reseedCtr = 1; + array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest)); + array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C)); + #ifdef LITTLE_ENDIAN_ORDER + reseedCtr = ByteReverseWord32(reseedCtr); + #endif + array_add(rng->V, sizeof(rng->V), (byte*)&reseedCtr, sizeof(reseedCtr)); ret = DRBG_SUCCESS; } - + else { + ret = DRBG_NEED_RESEED; + } return ret; } -/* Returns: DRBG_SUCCESS */ +static int Hash_DRBG_Instantiate(RNG* rng, byte* seed, word32 seedSz, + byte* nonce, word32 nonceSz, byte* personal, word32 personalSz) +{ + int ret; + + XMEMSET(rng, 0, sizeof(*rng)); + ret = Hash_df(rng, rng->V, sizeof(rng->V), drbgInitV, seed, seedSz, + nonce, nonceSz, personal, personalSz); + + if (ret != 0) + return ret; + + ret = Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V, + sizeof(rng->V), NULL, 0, NULL, 0); + if (ret != 0) + return ret; + + rng->reseedCtr = 1; + + return 0; +} + + static int Hash_DRBG_Uninstantiate(RNG* rng) { - XMEMSET(rng, 0, sizeof(*rng)); + int result = DRBG_ERROR; - return DRBG_SUCCESS; + if (rng != NULL) { + XMEMSET(rng, 0, sizeof(*rng)); + result = DRBG_SUCCESS; + } + + return result; } /* End NIST DRBG Code */ @@ -314,27 +314,17 @@ static int Hash_DRBG_Uninstantiate(RNG* rng) /* Get seed and key cipher */ int InitRng(RNG* rng) { - int ret = BAD_FUNC_ARG; + byte entropy[ENTROPY_NONCE_SZ]; + int ret = DRBG_ERROR; - if (rng != NULL) { - byte entropy[ENTROPY_NONCE_SZ]; + /* This doesn't use a separate nonce. The entropy input will be + * the default size plus the size of the nonce making the seed + * size. */ + if (GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0) + ret = Hash_DRBG_Instantiate(rng, entropy, ENTROPY_NONCE_SZ, + NULL, 0, NULL, 0); - /* This doesn't use a separate nonce. The entropy input will be - * the default size plus the size of the nonce making the seed - * size. */ - if (GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0 && - Hash_DRBG_Instantiate(rng, entropy, ENTROPY_NONCE_SZ, - NULL, 0) == DRBG_SUCCESS) { - rng->status = DRBG_OK; - ret = 0; - } - else { - rng->status = DRBG_FAILED; - ret = RNG_FAILURE_E; - } - - XMEMSET(entropy, 0, ENTROPY_NONCE_SZ); - } + XMEMSET(entropy, 0, ENTROPY_NONCE_SZ); return ret; } @@ -345,36 +335,24 @@ int RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) { int ret; - if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN) - return BAD_FUNC_ARG; - - if (rng->status != DRBG_OK) - return RNG_FAILURE_E; - + XMEMSET(output, 0, sz); ret = Hash_DRBG_Generate(rng, output, sz); - if (ret == DRBG_SUCCESS) { - ret = 0; - } - else if (ret == DRBG_NEED_RESEED) { + + if (ret == DRBG_NEED_RESEED) { byte entropy[ENTROPY_SZ]; - if (GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 && - Hash_DRBG_Reseed(rng, entropy, ENTROPY_SZ) == DRBG_SUCCESS && - Hash_DRBG_Generate(rng, output, sz) == DRBG_SUCCESS) { + ret = GenerateSeed(&rng->seed, entropy, ENTROPY_SZ); + if (ret == 0) { + ret = Hash_DRBG_Reseed(rng, entropy, ENTROPY_SZ); - ret = 0; - } - else { - ret = RNG_FAILURE_E; - rng->status = DRBG_FAILED; + if (ret == 0) + ret = Hash_DRBG_Generate(rng, output, sz); } + else + ret = DRBG_ERROR; XMEMSET(entropy, 0, ENTROPY_SZ); } - else { - ret = RNG_FAILURE_E; - rng->status = DRBG_FAILED; - } return ret; } @@ -386,59 +364,11 @@ int RNG_GenerateByte(RNG* rng, byte* b) } -int FreeRng(RNG* rng) +void FreeRng(RNG* rng) { - int ret = BAD_FUNC_ARG; - - if (rng != NULL) { - if (Hash_DRBG_Uninstantiate(rng) == DRBG_SUCCESS) - ret = 0; - else - ret = RNG_FAILURE_E; - } - - return ret; + Hash_DRBG_Uninstantiate(rng); } - -int RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, - const byte* entropyB, word32 entropyBSz, - const byte* output, word32 outputSz) -{ - RNG rng; - byte check[SHA256_DIGEST_SIZE * 4]; - - if (Hash_DRBG_Instantiate(&rng, entropyA, entropyASz, NULL, 0) != 0) - return -1; - - if (reseed) { - if (Hash_DRBG_Reseed(&rng, entropyB, entropyBSz) != 0) { - Hash_DRBG_Uninstantiate(&rng); - return -1; - } - } - - if (Hash_DRBG_Generate(&rng, check, sizeof(check)) != 0) { - Hash_DRBG_Uninstantiate(&rng); - return -1; - } - - if (Hash_DRBG_Generate(&rng, check, sizeof(check)) != 0) { - Hash_DRBG_Uninstantiate(&rng); - return -1; - } - - if (outputSz != sizeof(check) || XMEMCMP(output, check, sizeof(check))) { - Hash_DRBG_Uninstantiate(&rng); - return -1; - } - - Hash_DRBG_Uninstantiate(&rng); - - return 0; -} - - #else /* HAVE_HASHDRBG || NO_RC4 */ /* Get seed and key cipher */ diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index c2c5d7f4e..0a3b2e11a 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -48,12 +48,14 @@ #include #include #include +#include #include #include #include #include #include #include +#include #include #include #ifdef HAVE_ECC @@ -101,7 +103,7 @@ #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "crypto_ntru.h" #endif #ifdef HAVE_CAVIUM #include "cavium_sysdep.h" @@ -152,9 +154,11 @@ int hkdf_test(void); int arc4_test(void); int hc128_test(void); int rabbit_test(void); +int chacha_test(void); int des_test(void); int des3_test(void); int aes_test(void); +int poly1305_test(void); int aesgcm_test(void); int gmac_test(void); int aesccm_test(void); @@ -367,6 +371,13 @@ void ctaocrypt_test(void* args) printf( "Rabbit test passed!\n"); #endif +#ifdef HAVE_CHACHA + if ( (ret = chacha_test()) != 0) + err_sys("Chacha test failed!\n", ret); + else + printf( "Chacha test passed!\n"); +#endif + #ifndef NO_DES3 if ( (ret = des_test()) != 0) err_sys("DES test failed!\n", ret); @@ -387,6 +398,13 @@ void ctaocrypt_test(void* args) else printf( "AES test passed!\n"); +#ifdef HAVE_POLY1305 + if ( (ret = poly1305_test()) != 0) + err_sys("POLY1305 test failed!\n", ret); + else + printf( "POLY1305 test passed!\n"); +#endif + #ifdef HAVE_AESGCM if ( (ret = aesgcm_test()) != 0) err_sys("AES-GCM test failed!\n", ret); @@ -1800,6 +1818,107 @@ int rabbit_test(void) #endif /* NO_RABBIT */ +#ifdef HAVE_CHACHA +int chacha_test(void) +{ + byte cipher[32]; + byte plain[32]; + byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + word32 keySz; + int i; + int times = 4; + + const byte key1[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + const byte key2[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + + const byte key3[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + /* 128 bit key */ + const byte key4[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + + const byte* keys[] = {key1, key2, key3, key4}; + + const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01}; + const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + + + const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4}; + + + byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90}; + byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96}; + byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5}; + byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd}; + + byte* test_chacha[4]; + + test_chacha[0] = a; + test_chacha[1] = b; + test_chacha[2] = c; + test_chacha[3] = d; + + for (i = 0; i < times; ++i) { + if (i < 3) { + keySz = 32; + } + else { + keySz = 16; + } + ChaCha enc; + ChaCha dec; + + XMEMCPY(plain, keys[i], keySz); + XMEMSET(cipher, 0, 32); + XMEMCPY(cipher + 4, ivs[i], 8); + + Chacha_SetKey(&enc, keys[i], keySz); + Chacha_SetKey(&dec, keys[i], keySz); + + Chacha_SetIV(&enc, cipher,0); + Chacha_SetIV(&dec, cipher,0); + XMEMCPY(plain, input, 8); + + Chacha_Process(&enc, cipher, plain, (word32)8); + Chacha_Process(&dec, plain, cipher, (word32)8); + + if (memcmp(test_chacha[i], cipher, 8)) + return -130 - 5 - i; + + if (memcmp(plain, input, 8)) + return -130 - i; + } + + return 0; +} +#endif /* HAVE_CHACHA */ + + #ifndef NO_DES3 int des_test(void) { @@ -2110,6 +2229,96 @@ int aes_test(void) return 0; } +#ifdef HAVE_POLY1305 +int poly1305_test(void) +{ + int ret = 0; + int i; + byte tag[16]; + Poly1305 enc; + + const byte msg[] = + { + 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72, + 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f, + 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65, + 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f, + 0x75,0x70 + }; + + const byte msg2[] = + { + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72, + 0x6c,0x64,0x21 + }; + + const byte msg3[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + const byte correct[] = + { + 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6, + 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9 + + }; + + const byte correct2[] = + { + 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16, + 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0 + }; + + const byte correct3[] = + { + 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6, + 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07 + }; + + const byte key[] = { + 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33, + 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8, + 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd, + 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b + }; + + const byte key2[] = { + 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20, + 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20, + 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20, + 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35 + }; + + const byte* msgs[] = {msg, msg2, msg3}; + word32 szm[] = {sizeof(msg),sizeof(msg2),sizeof(msg3)}; + const byte* keys[] = {key, key2, key2}; + const byte* tests[] = {correct, correct2, correct3}; + + for (i = 0; i < 3; i++) { + ret = Poly1305SetKey(&enc, keys[i], 32); + if (ret != 0) + return -1001; + + ret = Poly1305Update(&enc, msgs[i], szm[i]); + if (ret != 0) + return -1005; + + ret = Poly1305Final(&enc, tag); + if (ret != 0) + return -60; + + if (memcmp(tag, tests[i], sizeof(tag))) + return -61; + } + + return 0; +} +#endif /* HAVE_POLY1305 */ + #ifdef HAVE_AESGCM int aesgcm_test(void) { @@ -2581,74 +2790,6 @@ int camellia_test(void) #endif /* HAVE_CAMELLIA */ -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) - -int random_test(void) -{ - const byte test1Entropy[] = - { - 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3, - 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19, - 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31, - 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e - }; - const byte test1Output[] = - { - 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64, - 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5, - 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3, - 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11, - 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81, - 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63, - 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7, - 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c, - 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91, - 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d, - 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf - }; - const byte test2EntropyA[] = - { - 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4, - 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00, - 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f, - 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68 - }; - const byte test2EntropyB[] = - { - 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3, - 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22, - 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3 - }; - const byte test2Output[] = - { - 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb, - 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79, - 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc, - 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac, - 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71, - 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0, - 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8, - 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d, - 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22, - 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07, - 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17 - }; - int ret; - - ret = RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0, - test1Output, sizeof(test1Output)); - if (ret != 0) return -39; - - ret = RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA), - test2EntropyB, sizeof(test2EntropyB), - test2Output, sizeof(test2Output)); - if (ret != 0) return -40; - - return 0; -} - -#else /* HAVE_HASHDRBG || NO_RC4 */ - int random_test(void) { RNG rng; @@ -2668,8 +2809,6 @@ int random_test(void) return 0; } -#endif /* HAVE_HASHDRBG || NO_RC4 */ - #ifdef HAVE_NTRU @@ -2858,8 +2997,8 @@ int rsa_test(void) int pemSz = 0; RsaKey derIn; RsaKey genKey; - FILE* keyFile; - FILE* pemFile; + FILE* keyFile; + FILE* pemFile; ret = InitRsaKey(&genKey, 0); if (ret != 0) @@ -3053,7 +3192,7 @@ int rsa_test(void) int pemSz; size_t bytes3; word32 idx3 = 0; - FILE* file3 ; + FILE* file3 ; #ifdef CYASSL_TEST_CERT DecodedCert decode; #endif @@ -3354,46 +3493,38 @@ int rsa_test(void) static uint8_t const pers_str[] = { 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't' }; - word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, - sizeof(pers_str), GetEntropy, &drbg); + word32 rc = crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), + GetEntropy, &drbg); if (rc != DRBG_OK) { - free(derCert); - free(pem); - return -448; - } - - rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, - &public_key_len, NULL, - &private_key_len, NULL); - if (rc != NTRU_OK) { - free(derCert); - free(pem); - return -449; - } - - rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, - &public_key_len, public_key, - &private_key_len, private_key); - if (rc != NTRU_OK) { free(derCert); free(pem); return -450; } - rc = ntru_crypto_drbg_uninstantiate(drbg); - + rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, + NULL, &private_key_len, NULL); if (rc != NTRU_OK) { free(derCert); free(pem); return -451; } + rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, + public_key, &private_key_len, private_key); + crypto_drbg_uninstantiate(drbg); + + if (rc != NTRU_OK) { + free(derCert); + free(pem); + return -452; + } + caFile = fopen(caKeyFile, "rb"); if (!caFile) { free(derCert); free(pem); - return -452; + return -453; } bytes = fread(tmp, 1, FOURK_BUF, caFile); @@ -3403,7 +3534,7 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); - return -453; + return -459; } ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); if (ret != 0) { @@ -3780,7 +3911,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_md5()); - EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen); + EVP_DigestUpdate(&md_ctx, a.input, a.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0) @@ -3797,7 +3928,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha1()); - EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen); + EVP_DigestUpdate(&md_ctx, b.input, b.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0) @@ -3814,7 +3945,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha256()); - EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen); + EVP_DigestUpdate(&md_ctx, d.input, d.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, d.output, SHA256_DIGEST_SIZE) != 0) @@ -3858,7 +3989,7 @@ int openssl_test(void) EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha512()); - EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); + EVP_DigestUpdate(&md_ctx, f.input, f.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0) diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index 69d86abf3..c36dfd5f5 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -41,8 +41,6 @@ #if defined (__GNUC__) #define ALIGN16 __attribute__ ( (aligned (16))) #elif defined(_MSC_VER) - /* disable align warning, we want alignment ! */ - #pragma warning(disable: 4324) #define ALIGN16 __declspec (align (16)) #else #define ALIGN16 diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index bc51e529c..239c07491 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -189,7 +189,7 @@ enum Block_Sum { enum Key_Sum { DSAk = 515, RSAk = 645, - NTRUk = 274, + NTRUk = 364, ECDSAk = 518 }; @@ -340,8 +340,7 @@ struct DecodedCert { #endif /* HAVE_OCSP */ byte* signature; /* not owned, points into raw cert */ char* subjectCN; /* CommonName */ - int subjectCNLen; /* CommonName Length */ - char subjectCNEnc; /* CommonName Encoding */ + int subjectCNLen; int subjectCNStored; /* have we saved a copy we own */ char issuer[ASN_NAME_MAX]; /* full name including common name */ char subject[ASN_NAME_MAX]; /* full name including common name */ @@ -412,22 +411,16 @@ struct DecodedCert { /* easy access to subject info for other sign */ char* subjectSN; int subjectSNLen; - char subjectSNEnc; char* subjectC; int subjectCLen; - char subjectCEnc; char* subjectL; int subjectLLen; - char subjectLEnc; char* subjectST; int subjectSTLen; - char subjectSTEnc; char* subjectO; int subjectOLen; - char subjectOEnc; char* subjectOU; int subjectOULen; - char subjectOUEnc; char* subjectEmail; int subjectEmailLen; #endif /* CYASSL_CERT_GEN */ diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index 34c899dc0..3ad601709 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -62,11 +62,6 @@ enum Ctc_SigType { CTC_SHA512wECDSA = 526 }; -enum Ctc_Encoding { - CTC_UTF8 = 0x0c, /* utf8 */ - CTC_PRINTABLE = 0x13 /* printable */ -}; - #ifdef CYASSL_CERT_GEN @@ -75,27 +70,20 @@ enum Ctc_Encoding { #endif enum Ctc_Misc { - CTC_NAME_SIZE = 64, - CTC_DATE_SIZE = 32, - CTC_MAX_ALT_SIZE = 16384, /* may be huge */ - CTC_SERIAL_SIZE = 8 + CTC_NAME_SIZE = 64, + CTC_DATE_SIZE = 32, + CTC_MAX_ALT_SIZE = 8192, /* may be huge */ + CTC_SERIAL_SIZE = 8 }; typedef struct CertName { char country[CTC_NAME_SIZE]; - char countryEnc; char state[CTC_NAME_SIZE]; - char stateEnc; char locality[CTC_NAME_SIZE]; - char localityEnc; char sur[CTC_NAME_SIZE]; - char surEnc; char org[CTC_NAME_SIZE]; - char orgEnc; char unit[CTC_NAME_SIZE]; - char unitEnc; char commonName[CTC_NAME_SIZE]; - char commonNameEnc; char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */ } CertName; diff --git a/cyassl/ctaocrypt/chacha.h b/cyassl/ctaocrypt/chacha.h new file mode 100644 index 000000000..baad676af --- /dev/null +++ b/cyassl/ctaocrypt/chacha.h @@ -0,0 +1,55 @@ +/* chacha.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef CHACHA_H +#define CHACHA_H + +#include "types.h" + +#ifdef __cplusplus + extern "C" { +#endif + + +enum { + CHACHA_ENC_TYPE = 7 /* cipher unique type */ +}; + +typedef struct ChaCha { + word32 X[16]; /* state of cipher */ +} ChaCha; + +CYASSL_API int Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain, + word32 msglen); +CYASSL_API int Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz); + +/** + * IV(nonce) changes with each record + * counter is for what value the block counter should start ... usually 0 + */ +CYASSL_API int Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif + diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index 0c8f64006..13da7e28a 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -82,9 +82,9 @@ typedef struct Des3 { CYASSL_API int Des_SetKey(Des* des, const byte* key, const byte* iv, int dir); CYASSL_API void Des_SetIV(Des* des, const byte* iv); -CYASSL_API int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz); -CYASSL_API int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); -CYASSL_API int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz); +CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz); +CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); +CYASSL_API void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz); CYASSL_API int Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir); CYASSL_API int Des3_SetIV(Des3* des, const byte* iv); diff --git a/cyassl/ctaocrypt/error-crypt.h b/cyassl/ctaocrypt/error-crypt.h index ced5a4748..113d2d73a 100644 --- a/cyassl/ctaocrypt/error-crypt.h +++ b/cyassl/ctaocrypt/error-crypt.h @@ -125,14 +125,11 @@ enum { FIPS_NOT_ALLOWED_E = -197, /* FIPS not allowed error */ ASN_NAME_INVALID_E = -198, /* ASN name constraint error */ - RNG_FAILURE_E = -199, /* RNG Failed, Reinitialize */ - MIN_CODE_E = -200 /* errors -101 - -199 */ }; CYASSL_API void CTaoCryptErrorString(int err, char* buff); -CYASSL_API const char* CTaoCryptGetErrorString(int error); #ifdef __cplusplus diff --git a/cyassl/ctaocrypt/include.am b/cyassl/ctaocrypt/include.am index b3cf210a4..2f71f6ebd 100644 --- a/cyassl/ctaocrypt/include.am +++ b/cyassl/ctaocrypt/include.am @@ -6,6 +6,7 @@ nobase_include_HEADERS+= \ cyassl/ctaocrypt/arc4.h \ cyassl/ctaocrypt/asn.h \ cyassl/ctaocrypt/asn_public.h \ + cyassl/ctaocrypt/poly1305.h \ cyassl/ctaocrypt/camellia.h \ cyassl/ctaocrypt/coding.h \ cyassl/ctaocrypt/compress.h \ @@ -23,9 +24,10 @@ nobase_include_HEADERS+= \ cyassl/ctaocrypt/md5.h \ cyassl/ctaocrypt/misc.h \ cyassl/ctaocrypt/pkcs7.h \ - cyassl/ctaocrypt/wc_port.h \ + cyassl/ctaocrypt/port.h \ cyassl/ctaocrypt/pwdbased.h \ cyassl/ctaocrypt/rabbit.h \ + cyassl/ctaocrypt/chacha.h \ cyassl/ctaocrypt/random.h \ cyassl/ctaocrypt/ripemd.h \ cyassl/ctaocrypt/rsa.h \ diff --git a/cyassl/ctaocrypt/integer.h b/cyassl/ctaocrypt/integer.h index 77b5552c7..8f20f901b 100644 --- a/cyassl/ctaocrypt/integer.h +++ b/cyassl/ctaocrypt/integer.h @@ -70,10 +70,6 @@ extern "C" { #define MP_64BIT #endif #endif -/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */ -#if defined(MP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T) - #undef MP_64BIT -#endif /* some default configurations. * diff --git a/cyassl/ctaocrypt/poly1305.h b/cyassl/ctaocrypt/poly1305.h new file mode 100644 index 000000000..9584305f9 --- /dev/null +++ b/cyassl/ctaocrypt/poly1305.h @@ -0,0 +1,88 @@ +/* poly1305.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifdef HAVE_POLY1305 + +#ifndef CTAO_CRYPT_POLY1305_H +#define CTAO_CRYPT_POLY1305_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +//#define POLY1305_BLOCK_SIZE 16 + +/* auto detect between 32bit / 64bit */ +#define HAS_SIZEOF_INT128_64BIT (defined(__SIZEOF_INT128__) && defined(__LP64__)) +#define HAS_MSVC_64BIT (defined(_MSC_VER) && defined(_M_X64)) +#define HAS_GCC_4_4_64BIT (defined(__GNUC__) && defined(__LP64__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)))) + +#if (HAS_SIZEOF_INT128_64BIT || HAS_MSVC_64BIT || HAS_GCC_4_4_64BIT) +#define POLY130564 +#else +#define POLY130532 +#endif + +enum { + POLY1305 = 7, + POLY1305_BLOCK_SIZE = 16, + POLY1305_DIGEST_SIZE = 16, + POLY1305_PAD_SIZE = 56 +}; + + +/* Poly1305 state */ +typedef struct Poly1305 { +#ifdef POLY130564 + word64 r[3]; + word64 h[3]; + word64 pad[2]; + size_t leftover; + unsigned char buffer[POLY1305_BLOCK_SIZE]; + unsigned char final; +#else + word32 r[5]; + word32 h[5]; + word32 pad[4]; + size_t leftover; + unsigned char buffer[POLY1305_BLOCK_SIZE]; + unsigned char final; +#endif +} Poly1305; + + +/* does init */ + +CYASSL_API int Poly1305SetKey(Poly1305* poly1305, const byte* key, word32 kySz); +CYASSL_API int Poly1305Update(Poly1305* poly1305, const byte*, word32); +CYASSL_API int Poly1305Final(Poly1305* poly1305, byte* tag); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* CTAO_CRYPT_POLY1305_H */ + +#endif /* HAVE_POLY1305 */ + diff --git a/cyassl/ctaocrypt/port.h b/cyassl/ctaocrypt/port.h new file mode 100644 index 000000000..9f8a46d80 --- /dev/null +++ b/cyassl/ctaocrypt/port.h @@ -0,0 +1,195 @@ +/* port.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifndef CTAO_CRYPT_PORT_H +#define CTAO_CRYPT_PORT_H + + +#ifdef __cplusplus + extern "C" { +#endif + + +#ifdef USE_WINDOWS_API + #ifdef CYASSL_GAME_BUILD + #include "system/xtl.h" + #else + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) + /* On WinCE winsock2.h must be included before windows.h */ + #include + #endif + #include + #endif +#elif defined(THREADX) + #ifndef SINGLE_THREADED + #include "tx_api.h" + #endif +#elif defined(MICRIUM) + /* do nothing, just don't pick Unix */ +#elif defined(FREERTOS) || defined(CYASSL_SAFERTOS) + /* do nothing */ +#elif defined(EBSNET) + /* do nothing */ +#elif defined(FREESCALE_MQX) + /* do nothing */ +#elif defined(CYASSL_MDK_ARM) + #if defined(CYASSL_MDK5) + #include "cmsis_os.h" + #else + #include + #endif +#elif defined(CYASSL_CMSIS_RTOS) + #include "cmsis_os.h" +#else + #ifndef SINGLE_THREADED + #define CYASSL_PTHREADS + #include + #endif + #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) + #include /* for close of BIO */ + #endif +#endif + + +#ifdef SINGLE_THREADED + typedef int CyaSSL_Mutex; +#else /* MULTI_THREADED */ + /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */ + #ifdef FREERTOS + typedef xSemaphoreHandle CyaSSL_Mutex; + #elif defined(CYASSL_SAFERTOS) + typedef struct CyaSSL_Mutex { + signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES]; + xSemaphoreHandle mutex; + } CyaSSL_Mutex; + #elif defined(USE_WINDOWS_API) + typedef CRITICAL_SECTION CyaSSL_Mutex; + #elif defined(CYASSL_PTHREADS) + typedef pthread_mutex_t CyaSSL_Mutex; + #elif defined(THREADX) + typedef TX_MUTEX CyaSSL_Mutex; + #elif defined(MICRIUM) + typedef OS_MUTEX CyaSSL_Mutex; + #elif defined(EBSNET) + typedef RTP_MUTEX CyaSSL_Mutex; + #elif defined(FREESCALE_MQX) + typedef MUTEX_STRUCT CyaSSL_Mutex; + #elif defined(CYASSL_MDK_ARM) + #if defined(CYASSL_CMSIS_RTOS) + typedef osMutexId CyaSSL_Mutex; + #else + typedef OS_MUT CyaSSL_Mutex; + #endif + #elif defined(CYASSL_CMSIS_RTOS) + typedef osMutexId CyaSSL_Mutex; + #else + #error Need a mutex type in multithreaded mode + #endif /* USE_WINDOWS_API */ +#endif /* SINGLE_THREADED */ + +CYASSL_LOCAL int InitMutex(CyaSSL_Mutex*); +CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*); +CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*); +CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*); + + +/* filesystem abstraction layer, used by ssl.c */ +#ifndef NO_FILESYSTEM + +#if defined(EBSNET) + #define XFILE int + #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0); + #define XFSEEK vf_lseek + #define XFTELL vf_tell + #define XREWIND vf_rewind + #define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT) + #define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT) + #define XFCLOSE vf_close + #define XSEEK_END VSEEK_END + #define XBADFILE -1 +#elif defined(LSR_FS) + #include + #define XFILE struct fs_file* + #define XFOPEN(NAME, MODE) fs_open((char*)NAME); + #define XFSEEK(F, O, W) (void)F + #define XFTELL(F) (F)->len + #define XREWIND(F) (void)F + #define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT) + #define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT) + #define XFCLOSE fs_close + #define XSEEK_END 0 + #define XBADFILE NULL +#elif defined(FREESCALE_MQX) + #define XFILE MQX_FILE_PTR + #define XFOPEN fopen + #define XFSEEK fseek + #define XFTELL ftell + #define XREWIND(F) fseek(F, 0, IO_SEEK_SET) + #define XFREAD fread + #define XFWRITE fwrite + #define XFCLOSE fclose + #define XSEEK_END IO_SEEK_END + #define XBADFILE NULL +#elif defined(MICRIUM) + #include + #define XFILE FS_FILE* + #define XFOPEN fs_fopen + #define XFSEEK fs_fseek + #define XFTELL fs_ftell + #define XREWIND fs_rewind + #define XFREAD fs_fread + #define XFWRITE fs_fwrite + #define XFCLOSE fs_fclose + #define XSEEK_END FS_SEEK_END + #define XBADFILE NULL +#else + /* stdio, default case */ + #define XFILE FILE* + #if defined(CYASSL_MDK_ARM) + #include + extern FILE * CyaSSL_fopen(const char *name, const char *mode) ; + #define XFOPEN CyaSSL_fopen + #else + #define XFOPEN fopen + #endif + #define XFSEEK fseek + #define XFTELL ftell + #define XREWIND rewind + #define XFREAD fread + #define XFWRITE fwrite + #define XFCLOSE fclose + #define XSEEK_END SEEK_END + #define XBADFILE NULL +#endif + +#endif /* NO_FILESYSTEM */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* CTAO_CRYPT_PORT_H */ + diff --git a/cyassl/ctaocrypt/random.h b/cyassl/ctaocrypt/random.h index 728c22209..8111ac494 100644 --- a/cyassl/ctaocrypt/random.h +++ b/cyassl/ctaocrypt/random.h @@ -84,7 +84,6 @@ typedef struct RNG { byte V[DRBG_SEED_LEN]; byte C[DRBG_SEED_LEN]; word32 reseedCtr; - byte status; } RNG; @@ -120,33 +119,10 @@ CYASSL_API int RNG_GenerateByte(RNG*, byte*); #if defined(HAVE_HASHDRBG) || defined(NO_RC4) - CYASSL_API int FreeRng(RNG*); - CYASSL_API int RNG_HealthTest(int reseed, - const byte* entropyA, word32 entropyASz, - const byte* entropyB, word32 entropyBSz, - const byte* output, word32 outputSz); + CYASSL_API void FreeRng(RNG*); #endif /* HAVE_HASHDRBG || NO_RC4 */ -#ifdef HAVE_FIPS - /* fips wrapper calls, user can call direct */ - CYASSL_API int InitRng_fips(RNG* rng); - CYASSL_API int FreeRng_fips(RNG* rng); - CYASSL_API int RNG_GenerateBlock_fips(RNG* rng, byte* buf, word32 bufSz); - CYASSL_API int RNG_HealthTest_fips(int reseed, - const byte* entropyA, word32 entropyASz, - const byte* entropyB, word32 entropyBSz, - const byte* output, word32 outputSz); - #ifndef FIPS_NO_WRAPPERS - /* if not impl or fips.c impl wrapper force fips calls if fips build */ - #define InitRng InitRng_fips - #define FreeRng FreeRng_fips - #define RNG_GenerateBlock RNG_GenerateBlock_fips - #define RNG_HealthTest RNG_HealthTest_fips - #endif /* FIPS_NO_WRAPPERS */ -#endif /* HAVE_FIPS */ - - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index 57bb8290e..c8bd28f14 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -647,11 +647,6 @@ #endif -/* FreeScale MMCAU hardware crypto has 4 byte alignment */ -#ifdef FREESCALE_MMCAU - #define CYASSL_MMCAU_ALIGNMENT 4 -#endif - /* if using hardware crypto and have alignment requirements, specify the requirement here. The record header of SSL/TLS will prvent easy alignment. This hint tries to help as much as possible. */ @@ -660,8 +655,6 @@ #define CYASSL_GENERAL_ALIGNMENT 16 #elif defined(XSTREAM_ALIGNMENT) #define CYASSL_GENERAL_ALIGNMENT 4 - #elif defined(FREESCALE_MMCAU) - #define CYASSL_GENERAL_ALIGNMENT CYASSL_MMCAU_ALIGNMENT #else #define CYASSL_GENERAL_ALIGNMENT 0 #endif @@ -673,12 +666,6 @@ #define NO_SKID #endif - -#ifdef __INTEL_COMPILER - #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */ -#endif - - /* Place any other flags or defines here */ diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index f4e98c152..abb588f78 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -73,11 +73,6 @@ #if defined(__x86_64__) && !defined(FP_64BIT) #define FP_64BIT #endif -/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */ -#if defined(FP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T) - #undef FP_64BIT - #undef TFM_X86_64 -#endif #endif /* NO_64BIT */ /* try to detect x86-32 */ diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 33cdb780e..194b50b76 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -24,7 +24,7 @@ #define CTAO_CRYPT_TYPES_H #include -#include +#include #ifdef __cplusplus extern "C" { diff --git a/cyassl/internal.h b/cyassl/internal.h index 1d1e017a6..532f83c72 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -31,10 +31,12 @@ #include #include #include +#include #include #include #include #include +#include #include #include #include @@ -240,14 +242,6 @@ void c32to24(word32 in, word24 out); #ifdef HAVE_AESCCM #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 - #define BUILD_TLS_PSK_WITH_AES_128_CCM - #define BUILD_TLS_PSK_WITH_AES_256_CCM - #endif - #endif - #ifdef CYASSL_SHA384 - #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - #ifdef HAVE_AESGCM - #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 #endif #endif #endif @@ -268,9 +262,6 @@ void c32to24(word32 in, word24 out); #ifndef NO_SHA256 #define BUILD_TLS_PSK_WITH_NULL_SHA256 #endif - #ifdef CYASSL_SHA384 - #define BUILD_TLS_PSK_WITH_NULL_SHA384 - #endif #endif #endif @@ -308,33 +299,6 @@ void c32to24(word32 in, word24 out); #endif #endif - -#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \ - defined(OPENSSL_EXTRA) - #ifndef NO_SHA256 - #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - #ifdef HAVE_NULL_CIPHER - #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - #endif - #ifdef HAVE_AESGCM - #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - #endif - #ifdef HAVE_AESGCM - #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - #endif - #endif - #ifdef CYASSL_SHA384 - #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - #ifdef HAVE_NULL_CIPHER - #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - #endif - #ifdef HAVE_AESGCM - #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - #endif - #endif -#endif - #if defined(HAVE_ECC) && !defined(NO_TLS) #if !defined(NO_AES) #if !defined(NO_SHA) @@ -465,13 +429,17 @@ void c32to24(word32 in, word24 out); #define BUILD_ARC4 #endif +#ifdef HAVE_CHACHA + #define CHACHA20_BLOCK_SIZE 16 + #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 +#endif - -#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) +#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_CHACHA) #define HAVE_AEAD #endif + /* actual cipher values, 2nd byte */ enum { TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, @@ -481,10 +449,8 @@ enum { TLS_RSA_WITH_NULL_SHA = 0x02, TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, - TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, TLS_PSK_WITH_NULL_SHA256 = 0xb0, - TLS_PSK_WITH_NULL_SHA384 = 0xb1, TLS_PSK_WITH_NULL_SHA = 0x2c, SSL_RSA_WITH_RC4_128_SHA = 0x05, SSL_RSA_WITH_RC4_128_MD5 = 0x04, @@ -518,6 +484,7 @@ enum { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, + /* CyaSSL extension - eSTREAM */ TLS_RSA_WITH_HC_128_MD5 = 0xFB, TLS_RSA_WITH_HC_128_SHA = 0xFC, @@ -531,7 +498,7 @@ enum { /* CyaSSL extension - NTRU */ TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, - TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ + TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */ TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, /* SHA256 */ @@ -540,22 +507,12 @@ enum { TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, TLS_RSA_WITH_NULL_SHA256 = 0x3b, - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, - TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, - - /* SHA384 */ - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, - TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, /* AES-GCM */ TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, - TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, - TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, @@ -579,10 +536,7 @@ enum { TLS_PSK_WITH_AES_256_CCM = 0xa5, TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, - TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, - TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, - /* Camellia */ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, @@ -592,13 +546,16 @@ enum { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, + TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 = 0x13, + /* Renegotiation Indication Extension Special Suite */ TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff }; enum Misc { - ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ + ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ + CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ SEND_CERT = 1, SEND_BLANK_CERT = 2, @@ -687,7 +644,7 @@ enum Misc { TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ - MAX_PRF_HALF = 256, /* Maximum half secret len */ + MAX_PRF_HALF = 128, /* Maximum half secret len */ MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ MAX_PRF_DIG = 224, /* Maximum digest len */ MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ @@ -721,6 +678,12 @@ enum Misc { CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ CAMELLIA_IV_SIZE = 16, /* always block size */ + CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */ + CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */ + CHACHA20_IV_SIZE = 8, /* 64 bits for iv */ + + POLY1305_AUTH_SZ = 16, /* 128 bits */ + HC_128_KEY_SIZE = 16, /* 128 bits */ HC_128_IV_SIZE = 16, /* also 128 bits */ @@ -1379,6 +1342,7 @@ void InitCipherSpecs(CipherSpecs* cs); enum MACAlgorithm { no_mac, md5_mac, + poly1305_mac, sha_mac, sha224_mac, sha256_mac, @@ -1396,7 +1360,6 @@ enum KeyExchangeAlgorithm { diffie_hellman_kea, fortezza_kea, psk_kea, - dhe_psk_kea, ntru_kea, ecc_diffie_hellman_kea, ecc_static_diffie_hellman_kea /* for verify suite only */ @@ -1517,6 +1480,12 @@ typedef struct Ciphers { #ifdef HAVE_CAMELLIA Camellia* cam; #endif +#ifdef HAVE_CHACHA + ChaCha* chacha; +#endif +#ifdef HAVE_POLY1305 + Poly1305* poly1305; +#endif #ifdef HAVE_HC128 HC128* hc128; #endif @@ -2142,6 +2111,8 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength); CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*); CYASSL_LOCAL int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, int content, int verify); + CYASSL_LOCAL int TLS_poly1305(CYASSL* ssl, byte* digest, const byte* in, + word32 sz, int content, int verify); #endif #ifndef NO_CYASSL_CLIENT diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index acb6b0104..0fb6d453a 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -142,7 +142,6 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX; #define ERR_error_string CyaSSL_ERR_error_string #define ERR_error_string_n CyaSSL_ERR_error_string_n -#define ERR_reason_error_string CyaSSL_ERR_reason_error_string #define SSL_set_ex_data CyaSSL_set_ex_data #define SSL_get_shutdown CyaSSL_get_shutdown diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 941734c41..0679f38ed 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -312,7 +312,6 @@ CYASSL_API int CyaSSL_ERR_GET_REASON(int err); CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*); CYASSL_API void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long sz); -CYASSL_API const char* CyaSSL_ERR_reason_error_string(unsigned long); /* extras */ @@ -1045,7 +1044,8 @@ enum BulkCipherAlgorithm { cyassl_aes_ccm, cyassl_camellia, cyassl_hc128, /* CyaSSL extensions */ - cyassl_rabbit + cyassl_rabbit, + cyassl_chacha }; diff --git a/cyassl/version.h b/cyassl/version.h index f520844e6..9df3246e7 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBCYASSL_VERSION_STRING "3.0.3" -#define LIBCYASSL_VERSION_HEX 0x03000003 +#define LIBCYASSL_VERSION_STRING "3.0.0" +#define LIBCYASSL_VERSION_HEX 0x03000000 #ifdef __cplusplus } diff --git a/pre-commit.sh b/pre-commit.sh index d670919cf..d570d381a 100755 --- a/pre-commit.sh +++ b/pre-commit.sh @@ -14,8 +14,8 @@ git stash -q --keep-index # do the commit tests echo "\n\nRunning commit tests...\n\n" -./commit-tests.sh -RESULT=$? +#./commit-tests.sh +#RESULT=$? # restore modified files not part of this commit echo "\n\nPopping any stashed modified files not part of commit\n" diff --git a/src/include.am b/src/include.am index d4a32684b..bd6fc8b3f 100644 --- a/src/include.am +++ b/src/include.am @@ -19,7 +19,7 @@ src_libcyassl_la_SOURCES += \ ctaocrypt/src/random.c \ ctaocrypt/src/sha256.c \ ctaocrypt/src/logging.c \ - ctaocrypt/src/wc_port.c \ + ctaocrypt/src/port.c \ ctaocrypt/src/error.c src_libcyassl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${CYASSL_LIBRARY_VERSION} src_libcyassl_la_LIBADD = $(LIBM) @@ -55,6 +55,10 @@ if BUILD_AES src_libcyassl_la_SOURCES += ctaocrypt/src/aes.c endif +if BUILD_POLY1305 +src_libcyassl_la_SOURCES += ctaocrypt/src/poly1305.c +endif + if BUILD_DES3 src_libcyassl_la_SOURCES += ctaocrypt/src/des3.c endif @@ -119,6 +123,10 @@ if BUILD_RABBIT src_libcyassl_la_SOURCES += ctaocrypt/src/rabbit.c endif +if BUILD_CHACHA +src_libcyassl_la_SOURCES += ctaocrypt/src/chacha.c +endif + if !BUILD_INLINE src_libcyassl_la_SOURCES += ctaocrypt/src/misc.c endif diff --git a/src/internal.c b/src/internal.c index 68579aec3..68553ec32 100644 --- a/src/internal.c +++ b/src/internal.c @@ -35,10 +35,10 @@ #endif #ifdef HAVE_NTRU - #include "ntru_crypto.h" + #include "crypto_ntru.h" #endif -#if defined(DEBUG_CYASSL) || defined(SHOW_SECRETS) +#if defined(DEBUG_CYASSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) #ifdef FREESCALE_MQX #include #else @@ -529,6 +529,14 @@ void InitCiphers(CYASSL* ssl) #ifdef BUILD_RABBIT ssl->encrypt.rabbit = NULL; ssl->decrypt.rabbit = NULL; +#endif +#ifdef HAVE_CHACHA + ssl->encrypt.chacha = NULL; + ssl->decrypt.chacha = NULL; +#endif +#ifdef HAVE_POLY1305 + ssl->encrypt.poly1305 = NULL; + ssl->decrypt.poly1305 = NULL; #endif ssl->encrypt.setup = 0; ssl->decrypt.setup = 0; @@ -581,6 +589,14 @@ void FreeCiphers(CYASSL* ssl) XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER); #endif +#ifdef HAVE_CHACHA + XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); +#endif +#ifdef HAVE_POLY1305 + XFREE(ssl->encrypt.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); +#endif } @@ -893,6 +909,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 + if (tls && haveRSA) { + suites->suites[idx++] = CHACHA_BYTE; + suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256; + } +#endif + #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA if (tls && haveRSAsig && haveStaticECC) { suites->suites[idx++] = ECC_BYTE; @@ -956,6 +979,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif + #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA if (tls && haveDH && haveRSA) { suites->suites[idx++] = 0; @@ -1026,20 +1050,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - if (tls1_2 && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - if (tls1_2 && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384; - } -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1047,41 +1057,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - if (tls && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384; - } -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - if (tls1_2 && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - if (tls1_2 && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256; - } -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256; - } -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1096,34 +1071,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - if (tls && haveDH && havePSK) { - suites->suites[idx++] = ECC_BYTE; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM; - } -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - if (tls && haveDH && havePSK) { - suites->suites[idx++] = ECC_BYTE; - suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CCM; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - if (tls && havePSK) { - suites->suites[idx++] = ECC_BYTE; - suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - if (tls && havePSK) { - suites->suites[idx++] = ECC_BYTE; - suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM; - } -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 if (tls && havePSK) { suites->suites[idx++] = ECC_BYTE; @@ -1138,27 +1085,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384; - } -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - if (tls && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384; - } -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - if (tls && haveDH && havePSK) { - suites->suites[idx++] = 0; - suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256; - } -#endif - #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -2493,6 +2419,7 @@ static int HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz) #ifndef NO_MD5 Md5Update(&ssl->hashMd5, adj, sz); #endif +// Poly1305Update(&ssl->hashPoly1395, adj, sz); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -2534,6 +2461,7 @@ static int HashInput(CYASSL* ssl, const byte* input, int sz) #ifndef NO_MD5 Md5Update(&ssl->hashMd5, adj, sz); #endif +// Poly1305Update(&ssl->hashMd5, adj, sz); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -3047,6 +2975,25 @@ static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender) } +///* calculate POLY13055 hash for finished */ +//static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender) +//{ +// byte poly1305_result[POLY1305_DIGEST_SIZE]; +// +// /* make poly1305 inner */ +// Poly1305Update(&ssl->hashPoly1305, sender, SIZEOF_SENDER); +// Poly1305Update(&ssl->hashPoly1305, ssl->arrays->masterSecret, SECRET_LEN); +// Poly1305Update(&ssl->hashPoly1305, PAD1, PAD_POLY1305); +// Poly1305Final(&ssl->hashPoly1305, poly1305_result); +// +// /* make poly1305 outer */ +// Poly1305Update(&ssl->hashPoly1305, ssl->arrays->masterSecret, SECRET_LEN); +// Poly1305Update(&ssl->hashPoly1305, PAD2, PAD_POLY1305); +// Poly1305Update(&ssl->hashPoly1305, poly1305_result, POLY1305_DIGEST_SIZE); +// +// Poly1305Final(&ssl->hashPoly1305, hashes->poly1305); +//} + /* calculate SHA hash for finished */ static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender) { @@ -3075,6 +3022,9 @@ static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) #ifndef NO_MD5 Md5 md5 = ssl->hashMd5; #endif + +// Poly1305 poly1305 = ssl->hashPoly1305; + #ifndef NO_SHA Sha sha = ssl->hashSha; #endif @@ -3097,6 +3047,7 @@ static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) if (!ssl->options.tls) { BuildMD5(ssl, hashes, sender); BuildSHA(ssl, hashes, sender); +// BuildPOLY1305(ssl, hashes, sender); } #endif @@ -3841,8 +3792,10 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx, /* access beyond input + size should be checked against totalSz */ if ((word32) (*inOutIdx + ssl->specs.hash_size + padSz) > totalSz) - return INCOMPLETE_DATA; - + { + printf("line 3799\n"); + return INCOMPLETE_DATA; + } /* verify */ if (XMEMCMP(input + *inOutIdx, verify, ssl->specs.hash_size) != 0) { CYASSL_MSG(" hello_request verify mac error"); @@ -3883,8 +3836,9 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size, /* increment beyond input + size should be checked against totalSz */ if (*inOutIdx + size + ssl->keys.padSz > totalSz) + { printf("line 3842\n"); return INCOMPLETE_DATA; - + } /* force input exhaustion at ProcessReply consuming padSz */ *inOutIdx += size + ssl->keys.padSz; @@ -3931,8 +3885,9 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, /* make sure can read the message */ if (*inOutIdx + size > totalSz) + {printf("line 3891\n"); return INCOMPLETE_DATA; - + } ret = HashInput(ssl, input + *inOutIdx, size); if (ret != 0) return ret; @@ -4105,7 +4060,7 @@ static INLINE int DtlsCheckWindow(DtlsState* state) if ((next > DTLS_SEQ_BITS) && (cur < next - DTLS_SEQ_BITS)) { return 0; } - else if ((cur < next) && (window & ((DtlsSeq)1 << (next - cur - 1)))) { + else if ((cur < next) && (window & (1 << (next - cur - 1)))) { return 0; } @@ -4131,7 +4086,7 @@ static INLINE int DtlsUpdateWindow(DtlsState* state) cur = state->curSeq; if (cur < *next) { - *window |= ((DtlsSeq)1 << (*next - cur - 1)); + *window |= (1 << (*next - cur - 1)); } else { *window <<= (1 + cur - *next); @@ -4182,8 +4137,9 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, return PARSE_ERROR; if (*inOutIdx + fragSz > totalSz) + {printf("line 4143\n"); return INCOMPLETE_DATA; - + } /* Check the handshake sequence number first. If out of order, * add the current message to the list. If the message is in order, * but it is a fragment, add the current message to the list, then @@ -4266,7 +4222,6 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) CYASSL_MSG("Encrypt ciphers not setup"); return ENCRYPT_ERROR; } - switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 case cyassl_rc4: @@ -4287,11 +4242,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) #ifdef BUILD_AESGCM case cyassl_aes_gcm: { - byte additional[AEAD_AUTH_DATA_SZ]; + byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; const byte* additionalSrc = input - 5; - XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); + XMEMSET(additional, 0, AES_BLOCK_SIZE); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 0), @@ -4300,10 +4255,8 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) /* Store the type, version. Unfortunately, they are in * the input buffer ahead of the plaintext. */ #ifdef CYASSL_DTLS - if (ssl->options.dtls) { - c16toa(ssl->keys.dtls_epoch, additional); + if (ssl->options.dtls) additionalSrc -= DTLS_HANDSHAKE_EXTRA; - } #endif XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); @@ -4320,8 +4273,8 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, nonce, AEAD_NONCE_SZ, out + sz - ssl->specs.aead_mac_size, - ssl->specs.aead_mac_size, - additional, AEAD_AUTH_DATA_SZ); + ssl->specs.aead_mac_size, additional, + AEAD_AUTH_DATA_SZ); AeadIncrementExpIV(ssl); XMEMSET(nonce, 0, AEAD_NONCE_SZ); } @@ -4331,11 +4284,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) #ifdef HAVE_AESCCM case cyassl_aes_ccm: { - byte additional[AEAD_AUTH_DATA_SZ]; + byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; const byte* additionalSrc = input - 5; - XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); + XMEMSET(additional, 0, AES_BLOCK_SIZE); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 0), @@ -4368,8 +4321,9 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) additional, AEAD_AUTH_DATA_SZ); AeadIncrementExpIV(ssl); XMEMSET(nonce, 0, AEAD_NONCE_SZ); + + break; } - break; #endif #ifdef HAVE_CAMELLIA @@ -4383,11 +4337,98 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) return Hc128_Process(ssl->encrypt.hc128, out, input, sz); #endif - #ifdef BUILD_RABBIT + #ifdef BILD_RABBIT case cyassl_rabbit: return RabbitProcess(ssl->encrypt.rabbit, out, input, sz); #endif + #ifdef HAVE_CHACHA + case cyassl_chacha: + { + const byte* additionalSrc = input - 5; + byte tag[16]; + byte additional[CHACHA20_BLOCK_SIZE]; + byte nonce[AEAD_NONCE_SZ]; + byte cipher[32]; /* generated key for poly1305 */ + int padding2 = (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) + + (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16; + byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; + + XMEMSET(tag, 0, 16); + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); + XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); + + /* opaque SEQ number stored for AD */ + c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET); + + /* Store the type, version. Unfortunately, they are in + * the input buffer ahead of the plaintext. */ + #ifdef CYASSL_DTLS + if (ssl->options.dtls) { + c16toa(ssl->keys.dtls_epoch, additional); + additionalSrc -= DTLS_HANDSHAKE_EXTRA; + } + #endif + + XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); + +#ifdef CHACHA_AEAD_TEST + int i; + printf("Encrypt Additional : "); + for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { + printf("%02x", additional[i]); + } + printf("\n"); +#endif + + /* get nonce using implicit and explicit IV */ + XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ); + XMEMCPY(nonce + AEAD_IMP_IV_SZ, + ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); + + /* set the nonce for chacha and get poly1305 key */ + Chacha_SetIV(ssl->encrypt.chacha, nonce, 0); + Chacha_Process(ssl->encrypt.chacha, cipher, cipher, 32); + + /* encrypt the plain text */ + Chacha_Process(ssl->encrypt.chacha, out + AEAD_EXP_IV_SZ, + input + AEAD_EXP_IV_SZ, sz - AEAD_EXP_IV_SZ - + ssl->specs.aead_mac_size); + + /* create input to poly1305 */ + XMEMCPY(ssl->keys.server_write_MAC_secret, cipher, 32); + XMEMCPY(p, additional, CHACHA20_BLOCK_SIZE); + XMEMCPY((p + CHACHA20_BLOCK_SIZE), out + AEAD_EXP_IV_SZ, + sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); + + /* add size of AD and size of cipher to poly input */ + (p + CHACHA20_BLOCK_SIZE + padding2)[0] = + (CHACHA20_BLOCK_SIZE); + ((p + CHACHA20_BLOCK_SIZE + padding2))[8] = + (byte)(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); + + /* generate tag */ + Poly1305SetKey(ssl->encrypt.poly1305, + ssl->keys.server_write_MAC_secret, + sizeof(ssl->keys.server_write_MAC_secret)); + Poly1305Update(ssl->encrypt.poly1305, p, sizeof(p)); + Poly1305Final(ssl->encrypt.poly1305, tag); + + /* append Poly1305 tag to ciphertext */ + XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag)); + + #ifdef CHACHA_AEAD_TEST + printf("output after encrypt : "); + for (i = 0; i < sz; i++) { + printf("%02x", out[i]); + } + printf("\n"); + #endif + } + break; /* end of chacha-poly1305 encrypt process */ + #endif + #ifdef HAVE_NULL_CIPHER case cyassl_cipher_null: if (input != out) { @@ -4438,19 +4479,14 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, #ifdef BUILD_AESGCM case cyassl_aes_gcm: { - byte additional[AEAD_AUTH_DATA_SZ]; + byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; - XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); + XMEMSET(additional, 0, AES_BLOCK_SIZE); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); - - #ifdef CYASSL_DTLS - if (ssl->options.dtls) - c16toa(ssl->keys.dtls_state.curEpoch, additional); - #endif - + additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; @@ -4472,17 +4508,17 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, return VERIFY_MAC_ERROR; } XMEMSET(nonce, 0, AEAD_NONCE_SZ); + break; } - break; #endif #ifdef HAVE_AESCCM case cyassl_aes_ccm: { - byte additional[AEAD_AUTH_DATA_SZ]; + byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; - XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); + XMEMSET(additional, 0, AES_BLOCK_SIZE); /* sequence number field is 64-bits, we only use 32-bits */ c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); @@ -4513,8 +4549,8 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, return VERIFY_MAC_ERROR; } XMEMSET(nonce, 0, AEAD_NONCE_SZ); + break; } - break; #endif #ifdef HAVE_CAMELLIA @@ -4533,6 +4569,102 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz); #endif + #ifdef HAVE_CHACHA + case cyassl_chacha: + { + byte additional[CHACHA20_BLOCK_SIZE]; + byte nonce[AEAD_NONCE_SZ]; + byte tag[16]; + byte cipher[32]; + int padding2 = (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) + + (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16; + + byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; + int i; + int ret; + + XMEMSET(tag, 0, 16); + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); + XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); + + /* sequence number field is 64-bits, we only use 32-bits */ + c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET); + + /* get AD info */ + additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; + additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; + additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; + + /* Store the type, version. */ + #ifdef CYASSL_DTLS + if (ssl->options.dtls) + c16toa(ssl->keys.dtls_state.curEpoch, additional); + #endif + + /* get nonce */ + XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); + XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ); + +#ifdef CHACHA_AEAD_TEST + printf("Decrypt Additional : "); + for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { + printf("%02x", additional[i]); + } + printf("\n"); +#endif + + /* set nonce and get poly1305 key */ + Chacha_SetIV(ssl->decrypt.chacha, nonce, 0); + Chacha_Process(ssl->decrypt.chacha, cipher, cipher, 32); + + /* create Poly1305 tag */ + XMEMCPY(ssl->keys.server_write_MAC_secret, cipher, 32); + XMEMCPY(p, additional, CHACHA20_BLOCK_SIZE); + XMEMCPY((p + (CHACHA20_BLOCK_SIZE)), input + AEAD_EXP_IV_SZ, + sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); + + (p + CHACHA20_BLOCK_SIZE + padding2)[0] = + (CHACHA20_BLOCK_SIZE); + ((p + CHACHA20_BLOCK_SIZE + padding2))[8] = + (byte)(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size); + + Poly1305SetKey(ssl->decrypt.poly1305, + ssl->keys.server_write_MAC_secret, + sizeof(ssl->keys.server_write_MAC_secret)); + Poly1305Update(ssl->decrypt.poly1305, p, sizeof(p)); + Poly1305Final(ssl->decrypt.poly1305, tag); + + /* check mac sent along with packet */ + ret = 0; + for (i = 0; i < ssl->specs.aead_mac_size; i++) { + if ((input + sz - ssl->specs.aead_mac_size)[i] != tag[i]) + ret = 1; + } + + if (ret == 1) { + SendAlert(ssl, alert_fatal, bad_record_mac); + XMEMSET(nonce, 0, AEAD_NONCE_SZ); + return VERIFY_MAC_ERROR; + } + + /* if mac was good decrypt message */ + Chacha_Process(ssl->decrypt.chacha, plain + AEAD_EXP_IV_SZ, + input + AEAD_EXP_IV_SZ, sz - AEAD_EXP_IV_SZ - + ssl->specs.aead_mac_size); + + #ifdef CHACHA_AEAD_TEST + printf("plain after decrypt : "); + for (i = 0; i < sz; i++) { + printf("%02x", plain[i]); + } + printf("\n"); + #endif + + } + break; + #endif + #ifdef HAVE_NULL_CIPHER case cyassl_cipher_null: if (input != plain) { @@ -5590,7 +5722,6 @@ static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest) Md5Final(&ssl->hashMd5, digest); } - static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest) { byte sha_result[SHA_DIGEST_SIZE]; @@ -5618,6 +5749,7 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) /* store current states, building requires get_digest which resets state */ #ifndef NO_OLD_TLS Md5 md5 = ssl->hashMd5; +// Poly1305 poly1305 = ssl->hashPoly1305; Sha sha = ssl->hashSha; #endif #ifndef NO_SHA256 @@ -5630,6 +5762,7 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) if (ssl->options.tls) { #if ! defined( NO_OLD_TLS ) Md5Final(&ssl->hashMd5, hashes->md5); +// Poly1305Final(&ssl->hashPoly1305, hashes->poly1305); ShaFinal(&ssl->hashSha, hashes->sha); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -5654,8 +5787,8 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) } /* restore */ - ssl->hashMd5 = md5; - ssl->hashSha = sha; + ssl->hashMd5 = md5; + ssl->hashSha = sha; #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 @@ -5672,8 +5805,8 @@ static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) #endif /* CYASSL_LEANPSK */ /* Build SSL Message, encrypted */ -static int BuildMessage(CYASSL* ssl, byte* output, int outSz, - const byte* input, int inSz, int type) +static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, + int type) { #ifdef HAVE_TRUNCATED_HMAC word32 digestSz = min(ssl->specs.hash_size, @@ -5728,10 +5861,6 @@ static int BuildMessage(CYASSL* ssl, byte* output, int outSz, XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); } #endif - if (sz > (word32)outSz) { - CYASSL_MSG("Oops, want to write past output buffer size"); - return BUFFER_E; - } size = (word16)(sz - headerSz); /* include mac and digest */ AddRecordHeader(output, size, (byte)type, ssl); @@ -5800,7 +5929,6 @@ int SendFinished(CYASSL* ssl) Hashes* hashes; int ret; int headerSz = HANDSHAKE_HEADER_SZ; - int outputSz; #ifdef CYASSL_DTLS word32 sequence_number = ssl->keys.dtls_sequence_number; @@ -5809,8 +5937,7 @@ int SendFinished(CYASSL* ssl) /* check for available size */ - outputSz = sizeof(input) + MAX_MSG_EXTRA; - if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) + if ((ret = CheckAvailableSize(ssl, sizeof(input) + MAX_MSG_EXTRA)) != 0) return ret; #ifdef CYASSL_DTLS @@ -5835,10 +5962,7 @@ int SendFinished(CYASSL* ssl) ssl->options.side == CYASSL_CLIENT_END ? client : server); if (ret != 0) return ret; - sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz, - handshake); - if (sendSz < 0) - return BUILD_MSG_ERROR; + sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake); #ifdef CYASSL_DTLS if (ssl->options.dtls) { @@ -5847,6 +5971,9 @@ int SendFinished(CYASSL* ssl) } #endif + if (sendSz < 0) + return BUILD_MSG_ERROR; + if (!ssl->options.resuming) { #ifndef NO_SESSION_CACHE AddSession(ssl); /* just try */ @@ -6079,8 +6206,7 @@ int SendData(CYASSL* ssl, const void* data, int sz) { int sent = 0, /* plainText size */ sendSz, - ret, - dtlsExtra = 0; + ret; if (ssl->error == WANT_WRITE) ssl->error = 0; @@ -6108,12 +6234,6 @@ int SendData(CYASSL* ssl, const void* data, int sz) } } -#ifdef CYASSL_DTLS - if (ssl->options.dtls) { - dtlsExtra = DTLS_RECORD_EXTRA; - } -#endif - for (;;) { #ifdef HAVE_MAX_FRAGMENT int len = min(sz - sent, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)); @@ -6122,8 +6242,7 @@ int SendData(CYASSL* ssl, const void* data, int sz) #endif byte* out; byte* sendBuffer = (byte*)data + sent; /* may switch on comp */ - int buffSz = len; /* may switch on comp */ - int outputSz; + int buffSz = len; /* may switch on comp */ #ifdef HAVE_LIBZ byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif @@ -6138,8 +6257,8 @@ int SendData(CYASSL* ssl, const void* data, int sz) #endif /* check for available size */ - outputSz = len + COMP_EXTRA + dtlsExtra + MAX_MSG_EXTRA; - if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) + if ((ret = CheckAvailableSize(ssl, len + COMP_EXTRA + + MAX_MSG_EXTRA)) != 0) return ssl->error = ret; /* get ouput buffer */ @@ -6155,10 +6274,8 @@ int SendData(CYASSL* ssl, const void* data, int sz) sendBuffer = comp; } #endif - sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz, + sendSz = BuildMessage(ssl, out, sendBuffer, buffSz, application_data); - if (sendSz < 0) - return BUILD_MSG_ERROR; ssl->buffers.outputBuffer.length += sendSz; @@ -6251,7 +6368,6 @@ int SendAlert(CYASSL* ssl, int severity, int type) byte *output; int sendSz; int ret; - int outputSz; int dtlsExtra = 0; /* if sendalert is called again for nonbloking */ @@ -6268,8 +6384,8 @@ int SendAlert(CYASSL* ssl, int severity, int type) #endif /* check for available size */ - outputSz = ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra; - if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) + if ((ret = CheckAvailableSize(ssl, + ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra)) != 0) return ret; /* get ouput buffer */ @@ -6287,7 +6403,7 @@ int SendAlert(CYASSL* ssl, int severity, int type) /* only send encrypted alert if handshake actually complete, otherwise other side may not be able to handle it */ if (ssl->keys.encryptionOn && ssl->options.handShakeState == HANDSHAKE_DONE) - sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE, alert); + sendSz = BuildMessage(ssl, output, input, ALERT_SIZE, alert); else { AddRecordHeader(output, ALERT_SIZE, alert, ssl); @@ -6304,8 +6420,6 @@ int SendAlert(CYASSL* ssl, int severity, int type) sendSz += DTLS_RECORD_EXTRA; #endif } - if (sendSz < 0) - return BUILD_MSG_ERROR; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -6320,293 +6434,377 @@ int SendAlert(CYASSL* ssl, int severity, int type) return SendBuffered(ssl); } -const char* CyaSSL_ERR_reason_error_string(unsigned long e) + + +void SetErrorString(int error, char* str) { + const int max = CYASSL_MAX_ERROR_SZ; /* shorthand */ + #ifdef NO_ERROR_STRINGS - (void)e; - return "no support for error strings built in"; + (void)error; + XSTRNCPY(str, "no support for error strings built in", max); #else - int error = (int)e; - /* pass to CTaoCrypt */ if (error < MAX_CODE_E && error > MIN_CODE_E) { - return CTaoCryptGetErrorString(error); + CTaoCryptErrorString(error, str); + return; } switch (error) { case UNSUPPORTED_SUITE : - return "unsupported cipher suite"; + XSTRNCPY(str, "unsupported cipher suite", max); + break; case INPUT_CASE_ERROR : - return "input state error"; + XSTRNCPY(str, "input state error", max); + break; case PREFIX_ERROR : - return "bad index to key rounds"; + XSTRNCPY(str, "bad index to key rounds", max); + break; case MEMORY_ERROR : - return "out of memory"; + XSTRNCPY(str, "out of memory", max); + break; case VERIFY_FINISHED_ERROR : - return "verify problem on finished"; + XSTRNCPY(str, "verify problem on finished", max); + break; case VERIFY_MAC_ERROR : - return "verify mac problem"; + XSTRNCPY(str, "verify mac problem", max); + break; case PARSE_ERROR : - return "parse error on header"; + XSTRNCPY(str, "parse error on header", max); + break; case SIDE_ERROR : - return "wrong client/server type"; + XSTRNCPY(str, "wrong client/server type", max); + break; case NO_PEER_CERT : - return "peer didn't send cert"; + XSTRNCPY(str, "peer didn't send cert", max); + break; case UNKNOWN_HANDSHAKE_TYPE : - return "weird handshake type"; + XSTRNCPY(str, "weird handshake type", max); + break; case SOCKET_ERROR_E : - return "error state on socket"; + XSTRNCPY(str, "error state on socket", max); + break; case SOCKET_NODATA : - return "expected data, not there"; + XSTRNCPY(str, "expected data, not there", max); + break; case INCOMPLETE_DATA : - return "don't have enough data to complete task"; + XSTRNCPY(str, "don't have enough data to complete task", max); + break; case UNKNOWN_RECORD_TYPE : - return "unknown type in record hdr"; + XSTRNCPY(str, "unknown type in record hdr", max); + break; case DECRYPT_ERROR : - return "error during decryption"; + XSTRNCPY(str, "error during decryption", max); + break; case FATAL_ERROR : - return "revcd alert fatal error"; + XSTRNCPY(str, "revcd alert fatal error", max); + break; case ENCRYPT_ERROR : - return "error during encryption"; + XSTRNCPY(str, "error during encryption", max); + break; case FREAD_ERROR : - return "fread problem"; + XSTRNCPY(str, "fread problem", max); + break; case NO_PEER_KEY : - return "need peer's key"; + XSTRNCPY(str, "need peer's key", max); + break; case NO_PRIVATE_KEY : - return "need the private key"; + XSTRNCPY(str, "need the private key", max); + break; case NO_DH_PARAMS : - return "server missing DH params"; + XSTRNCPY(str, "server missing DH params", max); + break; case RSA_PRIVATE_ERROR : - return "error during rsa priv op"; + XSTRNCPY(str, "error during rsa priv op", max); + break; case MATCH_SUITE_ERROR : - return "can't match cipher suite"; + XSTRNCPY(str, "can't match cipher suite", max); + break; case BUILD_MSG_ERROR : - return "build message failure"; + XSTRNCPY(str, "build message failure", max); + break; case BAD_HELLO : - return "client hello malformed"; + XSTRNCPY(str, "client hello malformed", max); + break; case DOMAIN_NAME_MISMATCH : - return "peer subject name mismatch"; + XSTRNCPY(str, "peer subject name mismatch", max); + break; case WANT_READ : case SSL_ERROR_WANT_READ : - return "non-blocking socket wants data to be read"; + XSTRNCPY(str, "non-blocking socket wants data to be read", max); + break; case NOT_READY_ERROR : - return "handshake layer not ready yet, complete first"; + XSTRNCPY(str, "handshake layer not ready yet, complete first", max); + break; case PMS_VERSION_ERROR : - return "premaster secret version mismatch error"; + XSTRNCPY(str, "premaster secret version mismatch error", max); + break; case VERSION_ERROR : - return "record layer version error"; + XSTRNCPY(str, "record layer version error", max); + break; case WANT_WRITE : case SSL_ERROR_WANT_WRITE : - return "non-blocking socket write buffer full"; + XSTRNCPY(str, "non-blocking socket write buffer full", max); + break; case BUFFER_ERROR : - return "malformed buffer input error"; + XSTRNCPY(str, "malformed buffer input error", max); + break; case VERIFY_CERT_ERROR : - return "verify problem on certificate"; + XSTRNCPY(str, "verify problem on certificate", max); + break; case VERIFY_SIGN_ERROR : - return "verify problem based on signature"; + XSTRNCPY(str, "verify problem based on signature", max); + break; case CLIENT_ID_ERROR : - return "psk client identity error"; + XSTRNCPY(str, "psk client identity error", max); + break; case SERVER_HINT_ERROR: - return "psk server hint error"; + XSTRNCPY(str, "psk server hint error", max); + break; case PSK_KEY_ERROR: - return "psk key callback error"; + XSTRNCPY(str, "psk key callback error", max); + break; case NTRU_KEY_ERROR: - return "NTRU key error"; + XSTRNCPY(str, "NTRU key error", max); + break; case NTRU_DRBG_ERROR: - return "NTRU drbg error"; + XSTRNCPY(str, "NTRU drbg error", max); + break; case NTRU_ENCRYPT_ERROR: - return "NTRU encrypt error"; + XSTRNCPY(str, "NTRU encrypt error", max); + break; case NTRU_DECRYPT_ERROR: - return "NTRU decrypt error"; + XSTRNCPY(str, "NTRU decrypt error", max); + break; case ZLIB_INIT_ERROR: - return "zlib init error"; + XSTRNCPY(str, "zlib init error", max); + break; case ZLIB_COMPRESS_ERROR: - return "zlib compress error"; + XSTRNCPY(str, "zlib compress error", max); + break; case ZLIB_DECOMPRESS_ERROR: - return "zlib decompress error"; + XSTRNCPY(str, "zlib decompress error", max); + break; case GETTIME_ERROR: - return "gettimeofday() error"; + XSTRNCPY(str, "gettimeofday() error", max); + break; case GETITIMER_ERROR: - return "getitimer() error"; + XSTRNCPY(str, "getitimer() error", max); + break; case SIGACT_ERROR: - return "sigaction() error"; + XSTRNCPY(str, "sigaction() error", max); + break; case SETITIMER_ERROR: - return "setitimer() error"; + XSTRNCPY(str, "setitimer() error", max); + break; case LENGTH_ERROR: - return "record layer length error"; + XSTRNCPY(str, "record layer length error", max); + break; case PEER_KEY_ERROR: - return "cant decode peer key"; + XSTRNCPY(str, "cant decode peer key", max); + break; case ZERO_RETURN: case SSL_ERROR_ZERO_RETURN: - return "peer sent close notify alert"; + XSTRNCPY(str, "peer sent close notify alert", max); + break; case ECC_CURVETYPE_ERROR: - return "Bad ECC Curve Type or unsupported"; + XSTRNCPY(str, "Bad ECC Curve Type or unsupported", max); + break; case ECC_CURVE_ERROR: - return "Bad ECC Curve or unsupported"; + XSTRNCPY(str, "Bad ECC Curve or unsupported", max); + break; case ECC_PEERKEY_ERROR: - return "Bad ECC Peer Key"; + XSTRNCPY(str, "Bad ECC Peer Key", max); + break; case ECC_MAKEKEY_ERROR: - return "ECC Make Key failure"; + XSTRNCPY(str, "ECC Make Key failure", max); + break; case ECC_EXPORT_ERROR: - return "ECC Export Key failure"; + XSTRNCPY(str, "ECC Export Key failure", max); + break; case ECC_SHARED_ERROR: - return "ECC DHE shared failure"; + XSTRNCPY(str, "ECC DHE shared failure", max); + break; case NOT_CA_ERROR: - return "Not a CA by basic constraint error"; + XSTRNCPY(str, "Not a CA by basic constraint error", max); + break; case BAD_PATH_ERROR: - return "Bad path for opendir error"; + XSTRNCPY(str, "Bad path for opendir error", max); + break; case BAD_CERT_MANAGER_ERROR: - return "Bad Cert Manager error"; + XSTRNCPY(str, "Bad Cert Manager error", max); + break; case OCSP_CERT_REVOKED: - return "OCSP Cert revoked"; + XSTRNCPY(str, "OCSP Cert revoked", max); + break; case CRL_CERT_REVOKED: - return "CRL Cert revoked"; + XSTRNCPY(str, "CRL Cert revoked", max); + break; case CRL_MISSING: - return "CRL missing, not loaded"; + XSTRNCPY(str, "CRL missing, not loaded", max); + break; case MONITOR_RUNNING_E: - return "CRL monitor already running"; + XSTRNCPY(str, "CRL monitor already running", max); + break; case THREAD_CREATE_E: - return "Thread creation problem"; + XSTRNCPY(str, "Thread creation problem", max); + break; case OCSP_NEED_URL: - return "OCSP need URL"; + XSTRNCPY(str, "OCSP need URL", max); + break; case OCSP_CERT_UNKNOWN: - return "OCSP Cert unknown"; + XSTRNCPY(str, "OCSP Cert unknown", max); + break; case OCSP_LOOKUP_FAIL: - return "OCSP Responder lookup fail"; + XSTRNCPY(str, "OCSP Responder lookup fail", max); + break; case MAX_CHAIN_ERROR: - return "Maximum Chain Depth Exceeded"; + XSTRNCPY(str, "Maximum Chain Depth Exceeded", max); + break; case COOKIE_ERROR: - return "DTLS Cookie Error"; + XSTRNCPY(str, "DTLS Cookie Error", max); + break; case SEQUENCE_ERROR: - return "DTLS Sequence Error"; + XSTRNCPY(str, "DTLS Sequence Error", max); + break; case SUITES_ERROR: - return "Suites Pointer Error"; + XSTRNCPY(str, "Suites Pointer Error", max); + break; case SSL_NO_PEM_HEADER: - return "No PEM Header Error"; + XSTRNCPY(str, "No PEM Header Error", max); + break; case OUT_OF_ORDER_E: - return "Out of order message, fatal"; + XSTRNCPY(str, "Out of order message, fatal", max); + break; case BAD_KEA_TYPE_E: - return "Bad KEA type found"; + XSTRNCPY(str, "Bad KEA type found", max); + break; case SANITY_CIPHER_E: - return "Sanity check on ciphertext failed"; + XSTRNCPY(str, "Sanity check on ciphertext failed", max); + break; case RECV_OVERFLOW_E: - return "Receive callback returned more than requested"; + XSTRNCPY(str, "Receive callback returned more than requested", max); + break; case GEN_COOKIE_E: - return "Generate Cookie Error"; + XSTRNCPY(str, "Generate Cookie Error", max); + break; case NO_PEER_VERIFY: - return "Need peer certificate verify Error"; + XSTRNCPY(str, "Need peer certificate verify Error", max); + break; case FWRITE_ERROR: - return "fwrite Error"; + XSTRNCPY(str, "fwrite Error", max); + break; case CACHE_MATCH_ERROR: - return "Cache restore header match Error"; + XSTRNCPY(str, "Cache restore header match Error", max); + break; case UNKNOWN_SNI_HOST_NAME_E: - return "Unrecognized host name Error"; + XSTRNCPY(str, "Unrecognized host name Error", max); + break; case KEYUSE_SIGNATURE_E: - return "Key Use digitalSignature not set Error"; + XSTRNCPY(str, "Key Use digitalSignature not set Error", max); + break; case KEYUSE_ENCIPHER_E: - return "Key Use keyEncipherment not set Error"; + XSTRNCPY(str, "Key Use keyEncipherment not set Error", max); + break; case EXTKEYUSE_AUTH_E: - return "Ext Key Use server/client auth not set Error"; + XSTRNCPY(str, "Ext Key Use server/client auth not set Error", max); + break; default : - return "unknown error number"; + XSTRNCPY(str, "unknown error number", max); } #endif /* NO_ERROR_STRINGS */ } -void SetErrorString(int error, char* str) -{ - XSTRNCPY(str, CyaSSL_ERR_reason_error_string(error), CYASSL_MAX_ERROR_SZ); -} /* be sure to add to cipher_name_idx too !!!! */ @@ -6648,34 +6846,6 @@ static const char* const cipher_names[] = "DHE-RSA-AES256-SHA", #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - "DHE-PSK-AES256-GCM-SHA384", -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - "DHE-PSK-AES128-GCM-SHA256", -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - "PSK-AES256-GCM-SHA384", -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - "PSK-AES128-GCM-SHA256", -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - "DHE-PSK-AES256-CBC-SHA384", -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - "DHE-PSK-AES128-CBC-SHA256", -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - "PSK-AES256-CBC-SHA384", -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256", #endif @@ -6688,22 +6858,6 @@ static const char* const cipher_names[] = "PSK-AES256-CBC-SHA", #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - "DHE-PSK-AES128-CCM", -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - "DHE-PSK-AES256-CCM", -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - "PSK-AES128-CCM", -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - "PSK-AES256-CCM", -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM-8", #endif @@ -6712,18 +6866,6 @@ static const char* const cipher_names[] = "PSK-AES256-CCM-8", #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - "DHE-PSK-NULL-SHA384", -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - "DHE-PSK-NULL-SHA256", -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - "PSK-NULL-SHA384", -#endif - #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256", #endif @@ -6980,6 +7122,18 @@ static const char* const cipher_names[] = "ECDH-ECDSA-AES256-SHA384", #endif +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 + "ECDHE-RSA-CHACHA20-256-POLY1305-SHA256", +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_CHACHA20_256_SHA + "ECDH-RSA-CHACHA20-256-SHA", +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_POLY1305 + "ECDH-RSA-RC4-128-POLY1305" +#endif + }; @@ -7024,34 +7178,6 @@ static int cipher_name_idx[] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA, #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - TLS_PSK_WITH_AES_256_GCM_SHA384, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - TLS_PSK_WITH_AES_128_GCM_SHA256, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - TLS_PSK_WITH_AES_256_CBC_SHA384, -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 TLS_PSK_WITH_AES_128_CBC_SHA256, #endif @@ -7064,22 +7190,6 @@ static int cipher_name_idx[] = TLS_PSK_WITH_AES_256_CBC_SHA, #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - TLS_DHE_PSK_WITH_AES_128_CCM, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - TLS_DHE_PSK_WITH_AES_256_CCM, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - TLS_PSK_WITH_AES_128_CCM, -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - TLS_PSK_WITH_AES_256_CCM, -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 TLS_PSK_WITH_AES_128_CCM_8, #endif @@ -7088,18 +7198,6 @@ static int cipher_name_idx[] = TLS_PSK_WITH_AES_256_CCM_8, #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - TLS_DHE_PSK_WITH_NULL_SHA384, -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - TLS_DHE_PSK_WITH_NULL_SHA256, -#endif - -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - TLS_PSK_WITH_NULL_SHA384, -#endif - #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 TLS_PSK_WITH_NULL_SHA256, #endif @@ -7353,7 +7451,23 @@ static int cipher_name_idx[] = #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, +#endif + +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_128_POLY1305_SHA256 + TLS_ECDHE_RSA_WITH_CHACHA20_128_POLY1305_SHA256, +#endif + +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 + TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256, +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_CHACHA20_256_SHA + TLS_ECDH_RSA_WITH_CHACHA20_256_SHA, +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_POLY1305_SHA + TLS_ECDH_RSA_WITH_RC4_128_POLY1305 #endif }; @@ -7400,8 +7514,12 @@ int SetCipherList(Suites* s, const char* list) for (i = 0; i < suiteSz; i++) if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) { - if (XSTRSTR(name, "EC") || XSTRSTR(name, "CCM")) - s->suites[idx++] = ECC_BYTE; /* ECC suite */ + if (XSTRSTR(name, "EC") || XSTRSTR(name, "CCM")) { + if (XSTRSTR(name, "CHACHA")) + s->suites[idx++] = CHACHA_BYTE; + else + s->suites[idx++] = ECC_BYTE; /* ECC suite */ + } else s->suites[idx++] = 0x00; /* normal */ s->suites[idx++] = (byte)cipher_name_idx[i]; @@ -8216,95 +8334,12 @@ static void PickHashSigAlgo(CYASSL* ssl, } #endif /* HAVE_ECC */ - #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) - if (ssl->specs.kea == dhe_psk_kea) { - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &length); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; - - XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx, - min(length, MAX_PSK_ID_LEN)); - - ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0; - *inOutIdx += length; - - /* p */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &length); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; - - ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap, - DYNAMIC_TYPE_DH); - - if (ssl->buffers.serverDH_P.buffer) - ssl->buffers.serverDH_P.length = length; - else - return MEMORY_ERROR; - - XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length); - *inOutIdx += length; - - /* g */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &length); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; - - ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap, - DYNAMIC_TYPE_DH); - - if (ssl->buffers.serverDH_G.buffer) - ssl->buffers.serverDH_G.length = length; - else - return MEMORY_ERROR; - - XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length); - *inOutIdx += length; - - /* pub */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &length); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; - - ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap, - DYNAMIC_TYPE_DH); - - if (ssl->buffers.serverDH_Pub.buffer) - ssl->buffers.serverDH_Pub.length = length; - else - return MEMORY_ERROR; - - XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); - *inOutIdx += length; - } - #endif /* OPENSSL_EXTRA || !NO_PSK */ - #if defined(OPENSSL_EXTRA) || defined(HAVE_ECC) - if (ssl->specs.kea == ecc_diffie_hellman_kea || - ssl->specs.kea == diffie_hellman_kea) { #ifndef NO_OLD_TLS - Md5 md5; - Sha sha; + Md5 md5; +// Poly1305 poly1305; + Sha sha; #endif #ifndef NO_SHA256 Sha256 sha256; @@ -8363,8 +8398,16 @@ static void PickHashSigAlgo(CYASSL* ssl, ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN); ShaUpdate(&sha, messageVerify, verifySz); ShaFinal(&sha, hash + MD5_DIGEST_SIZE); + #endif + /* poly1305 */ + InitMd5(&md5); + Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN); + Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN); + Md5Update(&md5, messageVerify, verifySz); + Md5Final(&md5, hash); + #ifndef NO_SHA256 ret = InitSha256(&sha256); if (ret != 0) @@ -8543,8 +8586,9 @@ static void PickHashSigAlgo(CYASSL* ssl, *inOutIdx += length; ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; + + return 0; } - return 0; #else /* HAVE_OPENSSL or HAVE_ECC */ return NOT_COMPILED_IN; /* not supported by build */ #endif /* HAVE_OPENSSL or HAVE_ECC */ @@ -8667,73 +8711,6 @@ static void PickHashSigAlgo(CYASSL* ssl, } break; #endif /* NO_PSK */ - #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) - case dhe_psk_kea: - { - byte* pms = ssl->arrays->preMasterSecret; - byte* es = encSecret; - buffer serverP = ssl->buffers.serverDH_P; - buffer serverG = ssl->buffers.serverDH_G; - buffer serverPub = ssl->buffers.serverDH_Pub; - byte priv[ENCRYPT_LEN]; - word32 privSz = 0; - word32 pubSz = 0; - word32 esSz = 0; - DhKey key; - - if (serverP.buffer == 0 || serverG.buffer == 0 || - serverPub.buffer == 0) - return NO_PEER_KEY; - - ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl, - ssl->arrays->server_hint, ssl->arrays->client_identity, - MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); - if (ssl->arrays->psk_keySz == 0 || - ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) - return PSK_KEY_ERROR; - esSz = (word32)XSTRLEN(ssl->arrays->client_identity); - - if (esSz > MAX_PSK_ID_LEN) - return CLIENT_ID_ERROR; - c16toa((word16)esSz, es); - es += OPAQUE16_LEN; - XMEMCPY(es, ssl->arrays->client_identity, esSz); - es += esSz; - encSz = esSz + OPAQUE16_LEN; - - InitDhKey(&key); - ret = DhSetKey(&key, serverP.buffer, serverP.length, - serverG.buffer, serverG.length); - if (ret == 0) - /* for DH, encSecret is Yc, agree is pre-master */ - ret = DhGenerateKeyPair(&key, ssl->rng, priv, &privSz, - es + OPAQUE16_LEN, &pubSz); - if (ret == 0) - ret = DhAgree(&key, pms + OPAQUE16_LEN, - &ssl->arrays->preMasterSz, priv, privSz, - serverPub.buffer, serverPub.length); - FreeDhKey(&key); - if (ret != 0) - return ret; - - c16toa((word16)pubSz, es); - encSz += pubSz + OPAQUE16_LEN; - c16toa((word16)ssl->arrays->preMasterSz, pms); - ssl->arrays->preMasterSz += OPAQUE16_LEN; - pms += ssl->arrays->preMasterSz; - - /* make psk pre master secret */ - /* length of key + length 0s + length of key + key */ - c16toa((word16)ssl->arrays->psk_keySz, pms); - pms += OPAQUE16_LEN; - XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); - ssl->arrays->preMasterSz += - ssl->arrays->psk_keySz + OPAQUE16_LEN; - XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); - ssl->arrays->psk_keySz = 0; /* No further need */ - } - break; - #endif /* OPENSSL_EXTRA && !NO_PSK */ #ifdef HAVE_NTRU case ntru_kea: { @@ -8754,18 +8731,18 @@ static void PickHashSigAlgo(CYASSL* ssl, if (ssl->peerNtruKeyPresent == 0) return NO_PEER_KEY; - rc = ntru_crypto_drbg_instantiate(MAX_NTRU_BITS, cyasslStr, - sizeof(cyasslStr), GetEntropy, - &drbg); + rc = crypto_drbg_instantiate(MAX_NTRU_BITS, cyasslStr, + sizeof(cyasslStr), GetEntropy, + &drbg); if (rc != DRBG_OK) return NTRU_DRBG_ERROR; - rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen, - ssl->peerNtruKey, - ssl->arrays->preMasterSz, - ssl->arrays->preMasterSecret, - &cipherLen, encSecret); - ntru_crypto_drbg_uninstantiate(drbg); + rc = crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen, + ssl->peerNtruKey, + ssl->arrays->preMasterSz, + ssl->arrays->preMasterSecret, + &cipherLen, encSecret); + crypto_drbg_uninstantiate(drbg); if (rc != NTRU_OK) return NTRU_ENCRYPT_ERROR; @@ -8833,8 +8810,7 @@ static void PickHashSigAlgo(CYASSL* ssl, if (ssl->options.tls || ssl->specs.kea == diffie_hellman_kea) tlsSz = 2; - if (ssl->specs.kea == ecc_diffie_hellman_kea || - ssl->specs.kea == dhe_psk_kea) /* always off */ + if (ssl->specs.kea == ecc_diffie_hellman_kea) /* always off */ tlsSz = 0; sendSz = encSz + tlsSz + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; @@ -9380,126 +9356,6 @@ static void PickHashSigAlgo(CYASSL* ssl, } #endif /*NO_PSK */ - #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) - if (ssl->specs.kea == dhe_psk_kea) { - byte *output; - word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - word32 hintLen; - int sendSz; - DhKey dhKey; - - if (ssl->buffers.serverDH_P.buffer == NULL || - ssl->buffers.serverDH_G.buffer == NULL) - return NO_DH_PARAMS; - - if (ssl->buffers.serverDH_Pub.buffer == NULL) { - ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( - ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, - DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Pub.buffer == NULL) - return MEMORY_E; - } - - if (ssl->buffers.serverDH_Priv.buffer == NULL) { - ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( - ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, - DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Priv.buffer == NULL) - return MEMORY_E; - } - - InitDhKey(&dhKey); - ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret == 0) - ret = DhGenerateKeyPair(&dhKey, ssl->rng, - ssl->buffers.serverDH_Priv.buffer, - &ssl->buffers.serverDH_Priv.length, - ssl->buffers.serverDH_Pub.buffer, - &ssl->buffers.serverDH_Pub.length); - FreeDhKey(&dhKey); - if (ret != 0) - return ret; - - length = LENGTH_SZ * 3 + /* p, g, pub */ - ssl->buffers.serverDH_P.length + - ssl->buffers.serverDH_G.length + - ssl->buffers.serverDH_Pub.length; - - /* include size part */ - hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); - if (hintLen > MAX_PSK_ID_LEN) - return SERVER_HINT_ERROR; - length += hintLen + HINT_LEN_SZ; - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; - - #ifdef CYASSL_DTLS - if (ssl->options.dtls) { - sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - } - #endif - /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) - return ret; - - /* get ouput buffer */ - output = ssl->buffers.outputBuffer.buffer + - ssl->buffers.outputBuffer.length; - - AddHeaders(output, length, server_key_exchange, ssl); - - /* key data */ - c16toa((word16)hintLen, output + idx); - idx += HINT_LEN_SZ; - XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen); - idx += hintLen; - - /* add p, g, pub */ - c16toa((word16)ssl->buffers.serverDH_P.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length); - idx += ssl->buffers.serverDH_P.length; - - /* g */ - c16toa((word16)ssl->buffers.serverDH_G.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - idx += ssl->buffers.serverDH_G.length; - - /* pub */ - c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx); - idx += LENGTH_SZ; - XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer, - ssl->buffers.serverDH_Pub.length); - idx += ssl->buffers.serverDH_Pub.length; - - ret = HashOutput(ssl, output, sendSz, 0); - - if (ret != 0) - return ret; - - #ifdef CYASSL_CALLBACKS - if (ssl->hsInfoOn) - AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); - if (ssl->toInfoOn) - AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, - output, sendSz, ssl->heap); - #endif - - ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) - ret = 0; - else - ret = SendBuffered(ssl); - ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; - } - #endif /* OPENSSL_EXTRA && !NO_PSK */ - #ifdef HAVE_ECC if (ssl->specs.kea == ecc_diffie_hellman_kea) { @@ -10147,11 +10003,22 @@ static void PickHashSigAlgo(CYASSL* ssl, the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */ static int CipherRequires(byte first, byte second, int requirement) { + + if (first == CHACHA_BYTE) { + + switch (second) { + + case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + break; + } + } + /* ECC extensions */ if (first == ECC_BYTE) { switch (second) { - #ifndef NO_RSA case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : if (requirement == REQUIRES_RSA) @@ -10348,20 +10215,12 @@ static void PickHashSigAlgo(CYASSL* ssl, return 1; break; - case TLS_DHE_PSK_WITH_AES_128_CCM: - case TLS_DHE_PSK_WITH_AES_256_CCM: - if (requirement == REQUIRES_PSK) - return 1; - if (requirement == REQUIRES_DHE) - return 1; - break; - default: CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); return 0; } /* switch */ } /* if */ - if (first != ECC_BYTE) { /* normal suites */ + if (first != ECC_BYTE && first != CHACHA_BYTE) { /* normal suites */ switch (second) { #ifndef NO_RSA @@ -10427,31 +10286,15 @@ static void PickHashSigAlgo(CYASSL* ssl, break; #endif - case TLS_PSK_WITH_AES_128_GCM_SHA256 : - case TLS_PSK_WITH_AES_256_GCM_SHA384 : case TLS_PSK_WITH_AES_128_CBC_SHA256 : - case TLS_PSK_WITH_AES_256_CBC_SHA384 : case TLS_PSK_WITH_AES_128_CBC_SHA : case TLS_PSK_WITH_AES_256_CBC_SHA : - case TLS_PSK_WITH_NULL_SHA384 : case TLS_PSK_WITH_NULL_SHA256 : case TLS_PSK_WITH_NULL_SHA : if (requirement == REQUIRES_PSK) return 1; break; - case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : - case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : - case TLS_DHE_PSK_WITH_NULL_SHA384 : - case TLS_DHE_PSK_WITH_NULL_SHA256 : - if (requirement == REQUIRES_DHE) - return 1; - if (requirement == REQUIRES_PSK) - return 1; - break; - #ifndef NO_RSA case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : if (requirement == REQUIRES_RSA) @@ -11623,7 +11466,7 @@ static void PickHashSigAlgo(CYASSL* ssl, if ((*inOutIdx - begin) + cipherLen > size) return BUFFER_ERROR; - if (NTRU_OK != ntru_crypto_ntru_decrypt( + if (NTRU_OK != crypto_ntru_decrypt( (word16) ssl->buffers.key.length, ssl->buffers.key.buffer, cipherLen, input + *inOutIdx, &plainLen, @@ -11720,84 +11563,6 @@ static void PickHashSigAlgo(CYASSL* ssl, } break; #endif /* OPENSSL_EXTRA */ - #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) - case dhe_psk_kea: - { - byte* pms = ssl->arrays->preMasterSecret; - word16 clientSz; - DhKey dhKey; - - /* Read in the PSK hint */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &clientSz); - *inOutIdx += OPAQUE16_LEN; - if (clientSz > MAX_PSK_ID_LEN) - return CLIENT_ID_ERROR; - - if ((*inOutIdx - begin) + clientSz > size) - return BUFFER_ERROR; - - XMEMCPY(ssl->arrays->client_identity, - input + *inOutIdx, clientSz); - *inOutIdx += clientSz; - ssl->arrays->client_identity[min(clientSz, MAX_PSK_ID_LEN-1)] = - 0; - - /* Read in the DHE business */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; - - ato16(input + *inOutIdx, &clientSz); - *inOutIdx += OPAQUE16_LEN; - - if ((*inOutIdx - begin) + clientSz > size) - return BUFFER_ERROR; - - InitDhKey(&dhKey); - ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret == 0) - ret = DhAgree(&dhKey, pms + OPAQUE16_LEN, - &ssl->arrays->preMasterSz, - ssl->buffers.serverDH_Priv.buffer, - ssl->buffers.serverDH_Priv.length, - input + *inOutIdx, clientSz); - FreeDhKey(&dhKey); - - *inOutIdx += clientSz; - c16toa((word16)ssl->arrays->preMasterSz, pms); - ssl->arrays->preMasterSz += OPAQUE16_LEN; - pms += ssl->arrays->preMasterSz; - - /* Use the PSK hint to look up the PSK and add it to the - * preMasterSecret here. */ - ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, - ssl->arrays->client_identity, ssl->arrays->psk_key, - MAX_PSK_KEY_LEN); - - if (ssl->arrays->psk_keySz == 0 || - ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) - return PSK_KEY_ERROR; - - c16toa((word16) ssl->arrays->psk_keySz, pms); - pms += OPAQUE16_LEN; - - XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); - ssl->arrays->preMasterSz += - ssl->arrays->psk_keySz + OPAQUE16_LEN; - if (ret == 0) - ret = MakeMasterSecret(ssl); - - /* No further need for PSK */ - XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); - ssl->arrays->psk_keySz = 0; - } - break; - #endif /* OPENSSL_EXTRA && !NO_PSK */ default: { CYASSL_MSG("Bad kea type"); diff --git a/src/keys.c b/src/keys.c index 130d118d5..704a0eb04 100644 --- a/src/keys.c +++ b/src/keys.c @@ -28,7 +28,7 @@ #include #include -#ifdef SHOW_SECRETS +#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) #ifdef FREESCALE_MQX #include #else @@ -46,13 +46,42 @@ int SetCipherSpecs(CYASSL* ssl) return UNSUPPORTED_SUITE; } } + + /* Chacha extensions, 0xcc */ + if (ssl->options.cipherSuite0 == CHACHA_BYTE) { + + switch (ssl->options.cipherSuite) { +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 + case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = cyassl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + + break; +#endif + + default: + CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha"); + return UNSUPPORTED_SUITE; + } + } + /* ECC extensions, or AES-CCM */ if (ssl->options.cipherSuite0 == ECC_BYTE) { switch (ssl->options.cipherSuite) { #ifdef HAVE_ECC - + #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -708,88 +737,13 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif -#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - case TLS_PSK_WITH_AES_128_CCM : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - case TLS_PSK_WITH_AES_256_CCM : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - case TLS_DHE_PSK_WITH_AES_128_CCM : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - case TLS_DHE_PSK_WITH_AES_256_CCM : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - default: CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC"); return UNSUPPORTED_SUITE; } /* switch */ } /* if */ - if (ssl->options.cipherSuite0 != ECC_BYTE) { /* normal suites */ + if (ssl->options.cipherSuite0 != ECC_BYTE && + ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */ switch (ssl->options.cipherSuite) { #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA @@ -1013,82 +967,6 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif -#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - case TLS_PSK_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - case TLS_PSK_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 case TLS_PSK_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -1107,60 +985,6 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif -#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - case TLS_PSK_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA case TLS_PSK_WITH_AES_128_CBC_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -1215,24 +1039,6 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif -#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - case TLS_PSK_WITH_NULL_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - #ifdef BUILD_TLS_PSK_WITH_NULL_SHA case TLS_PSK_WITH_NULL_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; @@ -1251,42 +1057,6 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - case TLS_DHE_PSK_WITH_NULL_SHA256 : - ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - -#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - case TLS_DHE_PSK_WITH_NULL_SHA384 : - ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = dhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; - - ssl->options.usingPSK_cipher = 1; - break; -#endif - #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -1529,6 +1299,10 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif + + + + #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_camellia; @@ -1771,7 +1545,62 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, dec->setup = 1; } #endif + +#ifdef HAVE_POLY1305 + /* set up memory space for poly1305 */ + if (enc->poly1305 == NULL) + enc->poly1305 = (Poly1305*)malloc(sizeof(Poly1305)); + if (enc->poly1305 == NULL) + return MEMORY_E; + if (dec->poly1305 == NULL) + dec->poly1305 = + (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER); + if (dec->poly1305 == NULL) + return MEMORY_E; +#endif +#ifdef HAVE_CHACHA + if (specs->bulk_cipher_algorithm == cyassl_chacha) { + int chachaRet; + if (enc->chacha == NULL) + enc->chacha = (ChaCha*)malloc(sizeof(ChaCha)); + if (enc->chacha == NULL) + return MEMORY_E; + if (dec->chacha == NULL) + dec->chacha = + (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER); + if (dec->chacha == NULL) + return MEMORY_E; + if (side == CYASSL_CLIENT_END) { + chachaRet = Chacha_SetKey(enc->chacha, keys->client_write_key, + specs->key_size); + XMEMCPY(keys->aead_enc_imp_IV, + keys->client_write_IV, AEAD_IMP_IV_SZ); + if (chachaRet != 0) return chachaRet; + chachaRet = Chacha_SetKey(dec->chacha, keys->server_write_key, + specs->key_size); + XMEMCPY(keys->aead_dec_imp_IV, + keys->server_write_IV, AEAD_IMP_IV_SZ); + if (chachaRet != 0) return chachaRet; + } + else { + chachaRet = Chacha_SetKey(enc->chacha, keys->server_write_key, + specs->key_size); + XMEMCPY(keys->aead_enc_imp_IV, + keys->server_write_IV, AEAD_IMP_IV_SZ); + if (chachaRet != 0) return chachaRet; + chachaRet = Chacha_SetKey(dec->chacha, keys->client_write_key, + specs->key_size); + XMEMCPY(keys->aead_dec_imp_IV, + keys->client_write_IV, AEAD_IMP_IV_SZ); + if (chachaRet != 0) return chachaRet; + } + + enc->setup = 1; + dec->setup = 1; + } +#endif + #ifdef HAVE_HC128 if (specs->bulk_cipher_algorithm == cyassl_hc128) { int hcRet; @@ -2103,7 +1932,9 @@ int StoreKeys(CYASSL* ssl, const byte* keyData) /* Initialize the AES-GCM/CCM explicit IV to a zero. */ XMEMSET(ssl->keys.aead_exp_IV, 0, AEAD_EXP_IV_SZ); } + #endif + return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs, ssl->options.side, ssl->heap, devId); @@ -2209,8 +2040,8 @@ static int MakeSslMasterSecret(CYASSL* ssl) XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz); for (i = 0; i < MASTER_ROUNDS; ++i) { - byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */ - if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */ + byte prefix[PREFIX]; + if (!SetPrefix(prefix, i)) { return PREFIX_ERROR; } diff --git a/src/sniffer.c b/src/sniffer.c index 2c6860c83..3596fc4e9 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1594,6 +1594,12 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) break; #endif + #ifdef BUILD_CHACHA + case cyassl_chacha: + Chacha_Process(ssl->decrypt.chacha, output, input, sz); + break; + #endif + #ifdef HAVE_CAMELLIA case cyassl_camellia: CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz); diff --git a/src/ssl.c b/src/ssl.c index cc4f0a121..3e9492b80 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -324,6 +324,9 @@ int CyaSSL_GetObjectSize(void) #endif #ifndef NO_RABBIT printf(" sizeof rabbit = %lu\n", sizeof(Rabbit)); +#endif +#ifdef HAVE_CHACHA + printf(" sizeof chacha = %lu\n", sizeof(Chacha)); #endif printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs)); printf("sizeof keys = %lu\n", sizeof(Keys)); @@ -8301,14 +8304,21 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) CYASSL_ENTER("SSL_CIPHER_get_name"); #ifndef NO_ERROR_STRINGS if (cipher) { -#if defined(HAVE_ECC) || defined(HAVE_AESCCM) - /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected, - * but the AES-CCM cipher suites also use it, even the ones that - * aren't ECC. */ + if (cipher->ssl->options.cipherSuite0 == CHACHA_BYTE) { + /* ChaCha suites */ + switch (cipher->ssl->options.cipherSuite) { +#ifdef HAVE_CHACHA + #ifndef NO_RSA + case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 : + return "TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256"; + #endif +#endif + } + } +#ifdef HAVE_ECC if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) { /* ECC suites */ switch (cipher->ssl->options.cipherSuite) { -#ifdef HAVE_ECC #ifndef NO_RSA case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; @@ -8375,6 +8385,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) #ifndef NO_RSA case TLS_ECDH_RSA_WITH_RC4_128_SHA : return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; + #endif case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; @@ -8411,7 +8422,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; #endif -#endif /* HAVE_ECC */ #ifdef HAVE_AESCCM #ifndef NO_RSA @@ -8420,26 +8430,10 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) case TLS_RSA_WITH_AES_256_CCM_8 : return "TLS_RSA_WITH_AES_256_CCM_8"; #endif - #ifndef NO_PSK - case TLS_PSK_WITH_AES_128_CCM_8 : - return "TLS_PSK_WITH_AES_128_CCM_8"; - case TLS_PSK_WITH_AES_256_CCM_8 : - return "TLS_PSK_WITH_AES_256_CCM_8"; - case TLS_PSK_WITH_AES_128_CCM : - return "TLS_PSK_WITH_AES_128_CCM"; - case TLS_PSK_WITH_AES_256_CCM : - return "TLS_PSK_WITH_AES_256_CCM"; - case TLS_DHE_PSK_WITH_AES_128_CCM : - return "TLS_DHE_PSK_WITH_AES_128_CCM"; - case TLS_DHE_PSK_WITH_AES_256_CCM : - return "TLS_DHE_PSK_WITH_AES_256_CCM"; - #endif - #ifdef HAVE_ECC case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"; case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"; - #endif #endif default: @@ -8447,7 +8441,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) } } #endif /* ECC */ - if (cipher->ssl->options.cipherSuite0 != ECC_BYTE) { + if (cipher->ssl->options.cipherSuite0 != ECC_BYTE && cipher->ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */ switch (cipher->ssl->options.cipherSuite) { #ifndef NO_RSA @@ -8489,6 +8483,8 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_RSA_WITH_NULL_SHA256"; #endif /* NO_RSA */ #ifndef NO_PSK + case TLS_PSK_WITH_AES_128_CBC_SHA256 : + return "TLS_PSK_WITH_AES_128_CBC_SHA256"; #ifndef NO_SHA case TLS_PSK_WITH_AES_128_CBC_SHA : return "TLS_PSK_WITH_AES_128_CBC_SHA"; @@ -8496,36 +8492,14 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_PSK_WITH_AES_256_CBC_SHA"; #endif #ifndef NO_SHA256 - case TLS_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_PSK_WITH_AES_128_CBC_SHA256"; + #ifdef HAVE_AESCCM + case TLS_PSK_WITH_AES_128_CCM_8 : + return "TLS_PSK_WITH_AES_128_CCM_8"; + case TLS_PSK_WITH_AES_256_CCM_8 : + return "TLS_PSK_WITH_AES_256_CCM_8"; + #endif case TLS_PSK_WITH_NULL_SHA256 : return "TLS_PSK_WITH_NULL_SHA256"; - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"; - case TLS_DHE_PSK_WITH_NULL_SHA256 : - return "TLS_DHE_PSK_WITH_NULL_SHA256"; - #ifdef HAVE_AESGCM - case TLS_PSK_WITH_AES_128_GCM_SHA256 : - return "TLS_PSK_WITH_AES_128_GCM_SHA256"; - case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : - return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"; - #endif - #endif - #ifdef CYASSL_SHA384 - case TLS_PSK_WITH_AES_256_CBC_SHA384 : - return "TLS_PSK_WITH_AES_256_CBC_SHA384"; - case TLS_PSK_WITH_NULL_SHA384 : - return "TLS_PSK_WITH_NULL_SHA384"; - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : - return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"; - case TLS_DHE_PSK_WITH_NULL_SHA384 : - return "TLS_DHE_PSK_WITH_NULL_SHA384"; - #ifdef HAVE_AESGCM - case TLS_PSK_WITH_AES_256_GCM_SHA384 : - return "TLS_PSK_WITH_AES_256_GCM_SHA384"; - case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : - return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"; - #endif #endif #ifndef NO_SHA case TLS_PSK_WITH_NULL_SHA : diff --git a/src/tls.c b/src/tls.c index 420ea15ba..36195d934 100644 --- a/src/tls.c +++ b/src/tls.c @@ -23,13 +23,17 @@ #include #endif +#ifdef CHACHA_AEAD_TEST + #include +#endif + #include #include #include #include #include - +#include #ifndef NO_TLS @@ -481,6 +485,7 @@ int CyaSSL_GetHmacType(CYASSL* ssl) if (ssl == NULL) return BAD_FUNC_ARG; + printf("getting mac \n"); switch (ssl->specs.mac_algorithm) { #ifndef NO_MD5 case md5_mac: @@ -488,6 +493,13 @@ int CyaSSL_GetHmacType(CYASSL* ssl) return MD5; } #endif + #ifdef HAVE_POLY1305 + case poly1305_mac: + { + printf("poly1305 selected\n"); + return POLY1305; + } + #endif #ifndef NO_SHA256 case sha256_mac: { @@ -547,30 +559,31 @@ int CyaSSL_SetTlsHmacInner(CYASSL* ssl, byte* inner, word32 sz, int content, int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, int content, int verify) { - Hmac hmac; int ret; - byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; - + if (ssl == NULL) return BAD_FUNC_ARG; - CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); + Hmac hmac; + byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; - ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), + CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); + + ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); - if (ret != 0) - return ret; - ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); - if (ret != 0) - return ret; - ret = HmacUpdate(&hmac, in, sz); /* content */ - if (ret != 0) - return ret; - ret = HmacFinal(&hmac, digest); - if (ret != 0) - return ret; + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, in, sz); /* content */ + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, digest); + if (ret != 0) + return ret; - return 0; + return 0; } #ifdef HAVE_TLS_EXTENSIONS diff --git a/stdout.txt b/stdout.txt new file mode 100644 index 000000000..e81bd87b0 --- /dev/null +++ b/stdout.txt @@ -0,0 +1,10173 @@ +starting unit tests... + Begin API Tests + CyaSSL_Init(): passed + CyaSSLv3_server_method(): passed + CyaSSLv3_client_method(): passed + CyaTLSv1_server_method(): passed + CyaTLSv1_client_method(): passed + CyaTLSv1_1_server_method(): passed + CyaTLSv1_1_client_method(): passed + CyaTLSv1_2_server_method(): passed + CyaTLSv1_2_client_method(): passed + CyaSSLv23_client_method(): passed + CyaDTLSv1_server_method(): passed + CyaDTLSv1_client_method(): passed + CyaSSL_CTX_new(NULL): passed + CyaSSL_CTX_new(method): passed + CyaSSL_CTX_use_certificate_file(NULL, NULL, 9999): passed + CyaSSL_CTX_use_certificate_file(ctx, bogusFile, SSL_FILETYPE_PEM): passed + CyaSSL_CTX_use_certificate_file(ctx, svrCert, 9999): passed + CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM): passed + CyaSSL_CTX_use_PrivateKey_file(NULL, NULL, 9999): passed + CyaSSL_CTX_use_PrivateKey_file(ctx, bogusFile, SSL_FILETYPE_PEM): passed + CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, 9999): passed + CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM): passed + CyaSSL_CTX_load_verify_locations(NULL, NULL, NULL): passed + CyaSSL_CTX_load_verify_locations(ctx, NULL, NULL): passed + CyaSSL_CTX_load_verify_locations(ctx, NULL, NULL): passed + CyaSSL_CTX_load_verify_locations(ctx, caCert, bogusFile): passed + CyaSSL_CTX_load_verify_locations(ctx, caCert, 0): passed + CyaSSL_new(NULL) server: passed + CyaSSL_new(ctx_nocert) server: passed + CyaSSL_new(ctx) server: passed + CyaSSL_new(NULL) client: passed + CyaSSL_new(ctx_nocert) client: passed + CyaSSL_new(ctx) client: passed +getting mac +getting mac +getting mac +getting mac +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! + CyaSSL_Cleanup(): passed + End API Tests + Begin HASH Tests + MD5 test passed! + SHA test passed! + SHA-256 test passed! + HMAC-MD5 test passed! + HMAC-SHA test passed! + HMAC-SHA256 test passed! + End HASH Tests + Begin Cipher Suite Tests +starting default cipher suite tests +notice: using default file tests/test.conf +trying server command line[1]: SuiteTest -v 0 -l RC4-SHA +trying client command line[1]: SuiteTest -v 0 -l RC4-SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[2]: SuiteTest -v 0 -l RC4-SHA -N +trying client command line[2]: SuiteTest -v 0 -l RC4-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[3]: SuiteTest -v 0 -l RC4-SHA -d +trying client command line[3]: SuiteTest -v 0 -l RC4-SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[4]: SuiteTest -v 0 -l RC4-SHA -d -N +trying client command line[4]: SuiteTest -v 0 -l RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +Server response: I hear you fa shizzle! +trying server command line[5]: SuiteTest -v 0 -l RC4-MD5 +trying client command line[5]: SuiteTest -v 0 -l RC4-MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[6]: SuiteTest -v 0 -l RC4-MD5 -N +trying client command line[6]: SuiteTest -v 0 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +... server would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[7]: SuiteTest -v 0 -l RC4-MD5 -d +trying client command line[7]: SuiteTest -v 0 -l RC4-MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[8]: SuiteTest -v 0 -l RC4-MD5 -d -N +trying client command line[8]: SuiteTest -v 0 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +Server response: I hear you fa shizzle! +trying server command line[9]: SuiteTest -v 0 -l DES-CBC3-SHA +trying client command line[9]: SuiteTest -v 0 -l DES-CBC3-SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[10]: SuiteTest -v 0 -l DES-CBC3-SHA -N +trying client command line[10]: SuiteTest -v 0 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... client would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[11]: SuiteTest -v 0 -l DES-CBC3-SHA -d +trying client command line[11]: SuiteTest -v 0 -l DES-CBC3-SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +Client message: hello cyassl! +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[12]: SuiteTest -v 0 -l DES-CBC3-SHA -d -N +trying client command line[12]: SuiteTest -v 0 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +... client would read block +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +SSL version is SSLv3 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +Server response: I hear you fa shizzle! +trying server command line[13]: SuiteTest -v 1 -l RC4-SHA +trying client command line[13]: SuiteTest -v 1 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[14]: SuiteTest -v 1 -l RC4-SHA -N +trying client command line[14]: SuiteTest -v 1 -l RC4-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[15]: SuiteTest -v 1 -l RC4-SHA -d +trying client command line[15]: SuiteTest -v 1 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[16]: SuiteTest -v 1 -l RC4-SHA -d -N +trying client command line[16]: SuiteTest -v 1 -l RC4-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[17]: SuiteTest -v 1 -l RC4-MD5 +trying client command line[17]: SuiteTest -v 1 -l RC4-MD5 +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with non blocking on +trying server command line[18]: SuiteTest -v 1 -l RC4-MD5 -N +trying client command line[18]: SuiteTest -v 1 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[19]: SuiteTest -v 1 -l RC4-MD5 -d +trying client command line[19]: SuiteTest -v 1 -l RC4-MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[20]: SuiteTest -v 1 -l RC4-MD5 -d -N +trying client command line[20]: SuiteTest -v 1 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[21]: SuiteTest -v 1 -l DES-CBC3-SHA +trying client command line[21]: SuiteTest -v 1 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[22]: SuiteTest -v 1 -l DES-CBC3-SHA -N +trying client command line[22]: SuiteTest -v 1 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[23]: SuiteTest -v 1 -l DES-CBC3-SHA -d +trying client command line[23]: SuiteTest -v 1 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[24]: SuiteTest -v 1 -l DES-CBC3-SHA -d -N +trying client command line[24]: SuiteTest -v 1 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[25]: SuiteTest -v 1 -l AES128-SHA +trying client command line[25]: SuiteTest -v 1 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[26]: SuiteTest -v 1 -l AES128-SHA -N +trying client command line[26]: SuiteTest -v 1 -l AES128-SHA -N +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[27]: SuiteTest -v 1 -l AES128-SHA -d +trying client command line[27]: SuiteTest -v 1 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[28]: SuiteTest -v 1 -l AES128-SHA -d -N +trying client command line[28]: SuiteTest -v 1 -l AES128-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[29]: SuiteTest -v 1 -l AES256-SHA +trying client command line[29]: SuiteTest -v 1 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[30]: SuiteTest -v 1 -l AES256-SHA -N +trying client command line[30]: SuiteTest -v 1 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[31]: SuiteTest -v 1 -l AES256-SHA -d +trying client command line[31]: SuiteTest -v 1 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[32]: SuiteTest -v 1 -l AES256-SHA -d -N +trying client command line[32]: SuiteTest -v 1 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[33]: SuiteTest -v 1 -l AES128-SHA256 +trying client command line[33]: SuiteTest -v 1 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[34]: SuiteTest -v 1 -l AES128-SHA256 -N +trying client command line[34]: SuiteTest -v 1 -l AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[35]: SuiteTest -v 1 -l AES128-SHA256 -d +trying client command line[35]: SuiteTest -v 1 -l AES128-SHA256 +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[36]: SuiteTest -v 1 -l AES128-SHA256 -d -N +trying client command line[36]: SuiteTest -v 1 -l AES128-SHA256 -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[37]: SuiteTest -v 1 -l AES256-SHA256 +trying client command line[37]: SuiteTest -v 1 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[38]: SuiteTest -v 1 -l AES256-SHA256 -N +trying client command line[38]: SuiteTest -v 1 -l AES256-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[39]: SuiteTest -v 1 -l AES256-SHA256 -d +trying client command line[39]: SuiteTest -v 1 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[40]: SuiteTest -v 1 -l AES256-SHA256 -d -N +trying client command line[40]: SuiteTest -v 1 -l AES256-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[41]: SuiteTest -v 2 -l RC4-SHA +trying client command line[41]: SuiteTest -v 2 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[42]: SuiteTest -v 2 -l RC4-SHA -N +trying client command line[42]: SuiteTest -v 2 -l RC4-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[43]: SuiteTest -v 2 -l RC4-SHA -d +trying client command line[43]: SuiteTest -v 2 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[44]: SuiteTest -v 2 -l RC4-SHA -d -N +trying client command line[44]: SuiteTest -v 2 -l RC4-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[45]: SuiteTest -v 2 -l RC4-MD5 +trying client command line[45]: SuiteTest -v 2 -l RC4-MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[46]: SuiteTest -v 2 -l RC4-MD5 -N +trying client command line[46]: SuiteTest -v 2 -l RC4-MD5 -N +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[47]: SuiteTest -v 2 -l RC4-MD5 -d +trying client command line[47]: SuiteTest -v 2 -l RC4-MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[48]: SuiteTest -v 2 -l RC4-MD5 -d -N +trying client command line[48]: SuiteTest -v 2 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[49]: SuiteTest -v 2 -l DES-CBC3-SHA +trying client command line[49]: SuiteTest -v 2 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[50]: SuiteTest -v 2 -l DES-CBC3-SHA -N +trying client command line[50]: SuiteTest -v 2 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[51]: SuiteTest -v 2 -l DES-CBC3-SHA -d +trying client command line[51]: SuiteTest -v 2 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[52]: SuiteTest -v 2 -l DES-CBC3-SHA -d -N +trying client command line[52]: SuiteTest -v 2 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[53]: SuiteTest -v 2 -l AES128-SHA +trying client command line[53]: SuiteTest -v 2 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[54]: SuiteTest -v 2 -l AES128-SHA -N +trying client command line[54]: SuiteTest -v 2 -l AES128-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[55]: SuiteTest -v 2 -l AES128-SHA -d +trying client command line[55]: SuiteTest -v 2 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[56]: SuiteTest -v 2 -l AES128-SHA -d -N +trying client command line[56]: SuiteTest -v 2 -l AES128-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[57]: SuiteTest -v 2 -l AES256-SHA +trying client command line[57]: SuiteTest -v 2 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[58]: SuiteTest -v 2 -l AES256-SHA -N +trying client command line[58]: SuiteTest -v 2 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[59]: SuiteTest -v 2 -l AES256-SHA -d +trying client command line[59]: SuiteTest -v 2 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[60]: SuiteTest -v 2 -l AES256-SHA -d -N +trying client command line[60]: SuiteTest -v 2 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[61]: SuiteTest -v 2 -l AES128-SHA256 +trying client command line[61]: SuiteTest -v 2 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[62]: SuiteTest -v 2 -l AES128-SHA256 -N +trying client command line[62]: SuiteTest -v 2 -l AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[63]: SuiteTest -v 2 -l AES128-SHA256 -d +trying client command line[63]: SuiteTest -v 2 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[64]: SuiteTest -v 2 -l AES128-SHA256 -d -N +trying client command line[64]: SuiteTest -v 2 -l AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[65]: SuiteTest -v 2 -l AES256-SHA256 +trying client command line[65]: SuiteTest -v 2 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[66]: SuiteTest -v 2 -l AES256-SHA256 -N +trying client command line[66]: SuiteTest -v 2 -l AES256-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[67]: SuiteTest -v 2 -l AES256-SHA256 -d +trying client command line[67]: SuiteTest -v 2 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[68]: SuiteTest -v 2 -l AES256-SHA256 -d -N +trying client command line[68]: SuiteTest -v 2 -l AES256-SHA256 -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[69]: SuiteTest -v 3 -l RC4-SHA +trying client command line[69]: SuiteTest -v 3 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[70]: SuiteTest -v 3 -l RC4-SHA -N +trying client command line[70]: SuiteTest -v 3 -l RC4-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[71]: SuiteTest -v 3 -l RC4-SHA -d +trying client command line[71]: SuiteTest -v 3 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[72]: SuiteTest -v 3 -l RC4-SHA -d -N +trying client command line[72]: SuiteTest -v 3 -l RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[73]: SuiteTest -v 3 -l RC4-MD5 +trying client command line[73]: SuiteTest -v 3 -l RC4-MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[74]: SuiteTest -v 3 -l RC4-MD5 -N +trying client command line[74]: SuiteTest -v 3 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[75]: SuiteTest -v 3 -l RC4-MD5 -d +trying client command line[75]: SuiteTest -v 3 -l RC4-MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[76]: SuiteTest -v 3 -l RC4-MD5 -d -N +trying client command line[76]: SuiteTest -v 3 -l RC4-MD5 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_MD5 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[77]: SuiteTest -v 3 -l DES-CBC3-SHA +trying client command line[77]: SuiteTest -v 3 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[78]: SuiteTest -v 3 -l DES-CBC3-SHA -N +trying client command line[78]: SuiteTest -v 3 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[79]: SuiteTest -v 3 -l DES-CBC3-SHA -d +trying client command line[79]: SuiteTest -v 3 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[80]: SuiteTest -v 3 -l DES-CBC3-SHA -d -N +trying client command line[80]: SuiteTest -v 3 -l DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[81]: SuiteTest -v 3 -l AES128-SHA +trying client command line[81]: SuiteTest -v 3 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[82]: SuiteTest -v 3 -l AES128-SHA -N +trying client command line[82]: SuiteTest -v 3 -l AES128-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[83]: SuiteTest -v 3 -l AES128-SHA -d +trying client command line[83]: SuiteTest -v 3 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[84]: SuiteTest -v 3 -l AES128-SHA -d -N +trying client command line[84]: SuiteTest -v 3 -l AES128-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[85]: SuiteTest -v 3 -l AES256-SHA +trying client command line[85]: SuiteTest -v 3 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[86]: SuiteTest -v 3 -l AES256-SHA -N +trying client command line[86]: SuiteTest -v 3 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[87]: SuiteTest -v 3 -l AES256-SHA -d +trying client command line[87]: SuiteTest -v 3 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[88]: SuiteTest -v 3 -l AES256-SHA -d -N +trying client command line[88]: SuiteTest -v 3 -l AES256-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[89]: SuiteTest -v 3 -l AES128-SHA256 +trying client command line[89]: SuiteTest -v 3 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[90]: SuiteTest -v 3 -l AES128-SHA256 -N +trying client command line[90]: SuiteTest -v 3 -l AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[91]: SuiteTest -v 3 -l AES128-SHA256 -d +trying client command line[91]: SuiteTest -v 3 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[92]: SuiteTest -v 3 -l AES128-SHA256 -d -N +trying client command line[92]: SuiteTest -v 3 -l AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[93]: SuiteTest -v 3 -l AES256-SHA256 +trying client command line[93]: SuiteTest -v 3 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[94]: SuiteTest -v 3 -l AES256-SHA256 -N +trying client command line[94]: SuiteTest -v 3 -l AES256-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[95]: SuiteTest -v 3 -l AES256-SHA256 -d +trying client command line[95]: SuiteTest -v 3 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[96]: SuiteTest -v 3 -l AES256-SHA256 -d -N +trying client command line[96]: SuiteTest -v 3 -l AES256-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[97]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA +trying client command line[97]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[98]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -N +trying client command line[98]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[99]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -d +trying client command line[99]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[100]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -d -N +trying client command line[100]: SuiteTest -v 1 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[101]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA +trying client command line[101]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[102]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -N +trying client command line[102]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[103]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -d +trying client command line[103]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[104]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -d -N +trying client command line[104]: SuiteTest -v 1 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[105]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA +trying client command line[105]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with non blocking on +trying server command line[106]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -N +trying client command line[106]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[107]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -d +trying client command line[107]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[108]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -d -N +trying client command line[108]: SuiteTest -v 1 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +getting mac +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[109]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA +trying client command line[109]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[110]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -N +trying client command line[110]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[111]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -d +trying client command line[111]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[112]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -d -N +trying client command line[112]: SuiteTest -v 1 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[113]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA +trying client command line[113]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[114]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -N +trying client command line[114]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[115]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -d +trying client command line[115]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[116]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -d -N +trying client command line[116]: SuiteTest -v 2 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[117]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA +trying client command line[117]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[118]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +trying client command line[118]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[119]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d +trying client command line[119]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[120]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d -N +trying client command line[120]: SuiteTest -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[121]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA +trying client command line[121]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[122]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -N +trying client command line[122]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[123]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -d +trying client command line[123]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[124]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -d -N +trying client command line[124]: SuiteTest -v 2 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[125]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA +trying client command line[125]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[126]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -N +trying client command line[126]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[127]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -d +trying client command line[127]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[128]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -d -N +trying client command line[128]: SuiteTest -v 2 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[129]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA +trying client command line[129]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[130]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -N +trying client command line[130]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[131]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -d +trying client command line[131]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[132]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -d -N +trying client command line[132]: SuiteTest -v 3 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[133]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA +trying client command line[133]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[134]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +trying client command line[134]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[135]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d +trying client command line[135]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[136]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d -N +trying client command line[136]: SuiteTest -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[137]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA +trying client command line[137]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[138]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -N +trying client command line[138]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[139]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -d +trying client command line[139]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[140]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -d -N +trying client command line[140]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[141]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 +trying client command line[141]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[142]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -N +trying client command line[142]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[143]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -d +trying client command line[143]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[144]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -d -N +trying client command line[144]: SuiteTest -v 3 -l ECDHE-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[145]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA +trying client command line[145]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[146]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -N +trying client command line[146]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[147]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -d +trying client command line[147]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[148]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -d -N +trying client command line[148]: SuiteTest -v 3 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[149]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[149]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with non blocking on +trying server command line[150]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[150]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[151]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[151]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[152]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[152]: SuiteTest -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +getting mac +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[153]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[153]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[154]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[154]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[155]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[155]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[156]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[156]: SuiteTest -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[157]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[157]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[158]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[158]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[159]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[159]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[160]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[160]: SuiteTest -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[161]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[161]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[162]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[162]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[163]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[163]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[164]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[164]: SuiteTest -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[165]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[165]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[166]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[166]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[167]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[167]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[168]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[168]: SuiteTest -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[169]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[169]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[170]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[170]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[171]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[171]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[172]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[172]: SuiteTest -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[173]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[173]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[174]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[174]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[175]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[175]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[176]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[176]: SuiteTest -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[177]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[177]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[178]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[178]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[179]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[179]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[180]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[180]: SuiteTest -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[181]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[181]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[182]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[182]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[183]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[183]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[184]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[184]: SuiteTest -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[185]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[185]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[186]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[186]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[187]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[187]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[188]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[188]: SuiteTest -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[189]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[189]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[190]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[190]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[191]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[191]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[192]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[192]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[193]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[193]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[194]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[194]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[195]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[195]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[196]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[196]: SuiteTest -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[197]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[197]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[198]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[198]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[199]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[199]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[200]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[200]: SuiteTest -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[201]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[201]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[202]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[202]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[203]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[203]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[204]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[204]: SuiteTest -v 1 -l ECDH-RSA-RC4-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[205]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[205]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[206]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[206]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[207]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[207]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[208]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[208]: SuiteTest -v 1 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[209]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[209]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[210]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[210]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[211]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[211]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[212]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[212]: SuiteTest -v 1 -l ECDH-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[213]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[213]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[214]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[214]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[215]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[215]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[216]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[216]: SuiteTest -v 1 -l ECDH-RSA-AES256-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[217]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[217]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[218]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[218]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[219]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[219]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[220]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[220]: SuiteTest -v 2 -l ECDH-RSA-RC4-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[221]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[221]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[222]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[222]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[223]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[223]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[224]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[224]: SuiteTest -v 2 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[225]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[225]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with non blocking on +trying server command line[226]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[226]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[227]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[227]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[228]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[228]: SuiteTest -v 2 -l ECDH-RSA-AES128-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[229]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[229]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[230]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[230]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[231]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[231]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[232]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[232]: SuiteTest -v 2 -l ECDH-RSA-AES256-SHA -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[233]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[233]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[234]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[234]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[235]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[235]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[236]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[236]: SuiteTest -v 3 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[237]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[237]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[238]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[238]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[239]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[239]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[240]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[240]: SuiteTest -v 3 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[241]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[241]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[242]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[242]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[243]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[243]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[244]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[244]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[245]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[245]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[246]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[246]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[247]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[247]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[248]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[248]: SuiteTest -v 3 -l ECDH-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[249]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[249]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[250]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[250]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[251]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[251]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[252]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[252]: SuiteTest -v 3 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[253]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[253]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[254]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[254]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[255]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[255]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[256]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[256]: SuiteTest -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[257]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[257]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[258]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[258]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[259]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[259]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[260]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[260]: SuiteTest -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[261]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[261]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[262]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[262]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[263]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[263]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[264]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[264]: SuiteTest -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[265]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[265]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[266]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[266]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[267]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[267]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[268]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[268]: SuiteTest -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[269]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[269]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[270]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[270]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[271]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[271]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[272]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[272]: SuiteTest -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[273]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[273]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[274]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[274]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[275]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[275]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[276]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[276]: SuiteTest -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[277]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[277]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[278]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[278]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[279]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[279]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[280]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[280]: SuiteTest -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[281]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[281]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with non blocking on +trying server command line[282]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[282]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +getting mac +repeating test with client cert request off +trying server command line[283]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[283]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[284]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[284]: SuiteTest -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.1 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[285]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[285]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[286]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[286]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[287]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[287]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[288]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[288]: SuiteTest -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[289]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[289]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[290]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[290]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +getting mac +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[291]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[291]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[292]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[292]: SuiteTest -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[293]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[293]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[294]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[294]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[295]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[295]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[296]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[296]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[297]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[297]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[298]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[298]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[299]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[299]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[300]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[300]: SuiteTest -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +trying server command line[301]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[301]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[302]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[302]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +trying server command line[303]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[303]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[304]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[304]: SuiteTest -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +... client would read block +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +starting dtls extra cipher suite tests +trying server command line[305]: SuiteTest -u -v 2 -l RC4-SHA +trying client command line[305]: SuiteTest -u -v 2 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[306]: SuiteTest -u -v 2 -l RC4-SHA -N +trying client command line[306]: SuiteTest -u -v 2 -l RC4-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[307]: SuiteTest -u -v 2 -l RC4-SHA -d +trying client command line[307]: SuiteTest -u -v 2 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[308]: SuiteTest -u -v 2 -l RC4-SHA -d -N +trying client command line[308]: SuiteTest -u -v 2 -l RC4-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[309]: SuiteTest -u -v 3 -l RC4-SHA +trying client command line[309]: SuiteTest -u -v 3 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[310]: SuiteTest -u -v 3 -l RC4-SHA -N +trying client command line[310]: SuiteTest -u -v 3 -l RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[311]: SuiteTest -u -v 3 -l RC4-SHA -d +trying client command line[311]: SuiteTest -u -v 3 -l RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[312]: SuiteTest -u -v 3 -l RC4-SHA -d -N +trying client command line[312]: SuiteTest -u -v 3 -l RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[313]: SuiteTest -u -v 2 -l DES-CBC3-SHA +trying client command line[313]: SuiteTest -u -v 2 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[314]: SuiteTest -u -v 2 -l DES-CBC3-SHA -N +trying client command line[314]: SuiteTest -u -v 2 -l DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[315]: SuiteTest -u -v 2 -l DES-CBC3-SHA -d +trying client command line[315]: SuiteTest -u -v 2 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[316]: SuiteTest -u -v 2 -l DES-CBC3-SHA -d -N +trying client command line[316]: SuiteTest -u -v 2 -l DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[317]: SuiteTest -u -v 3 -l DES-CBC3-SHA +trying client command line[317]: SuiteTest -u -v 3 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[318]: SuiteTest -u -v 3 -l DES-CBC3-SHA -N +trying client command line[318]: SuiteTest -u -v 3 -l DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[319]: SuiteTest -u -v 3 -l DES-CBC3-SHA -d +trying client command line[319]: SuiteTest -u -v 3 -l DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[320]: SuiteTest -u -v 3 -l DES-CBC3-SHA -d -N +trying client command line[320]: SuiteTest -u -v 3 -l DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is SSL_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[321]: SuiteTest -u -v 2 -l AES128-SHA +trying client command line[321]: SuiteTest -u -v 2 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[322]: SuiteTest -u -v 2 -l AES128-SHA -N +trying client command line[322]: SuiteTest -u -v 2 -l AES128-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[323]: SuiteTest -u -v 2 -l AES128-SHA -d +trying client command line[323]: SuiteTest -u -v 2 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[324]: SuiteTest -u -v 2 -l AES128-SHA -d -N +trying client command line[324]: SuiteTest -u -v 2 -l AES128-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[325]: SuiteTest -u -v 3 -l AES128-SHA +trying client command line[325]: SuiteTest -u -v 3 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[326]: SuiteTest -u -v 3 -l AES128-SHA -N +trying client command line[326]: SuiteTest -u -v 3 -l AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[327]: SuiteTest -u -v 3 -l AES128-SHA -d +trying client command line[327]: SuiteTest -u -v 3 -l AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[328]: SuiteTest -u -v 3 -l AES128-SHA -d -N +trying client command line[328]: SuiteTest -u -v 3 -l AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[329]: SuiteTest -u -v 2 -l AES256-SHA +trying client command line[329]: SuiteTest -u -v 2 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[330]: SuiteTest -u -v 2 -l AES256-SHA -N +trying client command line[330]: SuiteTest -u -v 2 -l AES256-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[331]: SuiteTest -u -v 2 -l AES256-SHA -d +trying client command line[331]: SuiteTest -u -v 2 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[332]: SuiteTest -u -v 2 -l AES256-SHA -d -N +trying client command line[332]: SuiteTest -u -v 2 -l AES256-SHA -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[333]: SuiteTest -u -v 3 -l AES256-SHA +trying client command line[333]: SuiteTest -u -v 3 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[334]: SuiteTest -u -v 3 -l AES256-SHA -N +trying client command line[334]: SuiteTest -u -v 3 -l AES256-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[335]: SuiteTest -u -v 3 -l AES256-SHA -d +trying client command line[335]: SuiteTest -u -v 3 -l AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[336]: SuiteTest -u -v 3 -l AES256-SHA -d -N +trying client command line[336]: SuiteTest -u -v 3 -l AES256-SHA -N +... client would read block +... server would read block +... server would read block +... client would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[337]: SuiteTest -u -v 2 -l AES128-SHA256 +trying client command line[337]: SuiteTest -u -v 2 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[338]: SuiteTest -u -v 2 -l AES128-SHA256 -N +trying client command line[338]: SuiteTest -u -v 2 -l AES128-SHA256 -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[339]: SuiteTest -u -v 2 -l AES128-SHA256 -d +trying client command line[339]: SuiteTest -u -v 2 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[340]: SuiteTest -u -v 2 -l AES128-SHA256 -d -N +trying client command line[340]: SuiteTest -u -v 2 -l AES128-SHA256 -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[341]: SuiteTest -u -v 3 -l AES128-SHA256 +trying client command line[341]: SuiteTest -u -v 3 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[342]: SuiteTest -u -v 3 -l AES128-SHA256 -N +trying client command line[342]: SuiteTest -u -v 3 -l AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[343]: SuiteTest -u -v 3 -l AES128-SHA256 -d +trying client command line[343]: SuiteTest -u -v 3 -l AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[344]: SuiteTest -u -v 3 -l AES128-SHA256 -d -N +trying client command line[344]: SuiteTest -u -v 3 -l AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[345]: SuiteTest -u -v 2 -l AES256-SHA256 +trying client command line[345]: SuiteTest -u -v 2 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[346]: SuiteTest -u -v 2 -l AES256-SHA256 -N +trying client command line[346]: SuiteTest -u -v 2 -l AES256-SHA256 -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[347]: SuiteTest -u -v 2 -l AES256-SHA256 -d +trying client command line[347]: SuiteTest -u -v 2 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[348]: SuiteTest -u -v 2 -l AES256-SHA256 -d -N +trying client command line[348]: SuiteTest -u -v 2 -l AES256-SHA256 -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[349]: SuiteTest -u -v 3 -l AES256-SHA256 +trying client command line[349]: SuiteTest -u -v 3 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[350]: SuiteTest -u -v 3 -l AES256-SHA256 -N +trying client command line[350]: SuiteTest -u -v 3 -l AES256-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[351]: SuiteTest -u -v 3 -l AES256-SHA256 -d +trying client command line[351]: SuiteTest -u -v 3 -l AES256-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[352]: SuiteTest -u -v 3 -l AES256-SHA256 -d -N +trying client command line[352]: SuiteTest -u -v 3 -l AES256-SHA256 -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_RSA_WITH_AES_256_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[353]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA +trying client command line[353]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[354]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -N +trying client command line[354]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[355]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -d +trying client command line[355]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[356]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -d -N +trying client command line[356]: SuiteTest -u -v 2 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[357]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA +trying client command line[357]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[358]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +trying client command line[358]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[359]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d +trying client command line[359]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[360]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -d -N +trying client command line[360]: SuiteTest -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[361]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA +trying client command line[361]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[362]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -N +trying client command line[362]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[363]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -d +trying client command line[363]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[364]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -d -N +trying client command line[364]: SuiteTest -u -v 2 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[365]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA +trying client command line[365]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[366]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -N +trying client command line[366]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[367]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -d +trying client command line[367]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[368]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -d -N +trying client command line[368]: SuiteTest -u -v 2 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[369]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA +trying client command line[369]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[370]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -N +trying client command line[370]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[371]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -d +trying client command line[371]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[372]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -d -N +trying client command line[372]: SuiteTest -u -v 3 -l ECDHE-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[373]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA +trying client command line[373]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[374]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +trying client command line[374]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[375]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d +trying client command line[375]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[376]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -d -N +trying client command line[376]: SuiteTest -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[377]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA +trying client command line[377]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[378]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -N +trying client command line[378]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[379]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -d +trying client command line[379]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[380]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -d -N +trying client command line[380]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[381]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 +trying client command line[381]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[382]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -N +trying client command line[382]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[383]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -d +trying client command line[383]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[384]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -d -N +trying client command line[384]: SuiteTest -u -v 3 -l ECDHE-RSA-AES128-SHA256 -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[385]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA +trying client command line[385]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[386]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -N +trying client command line[386]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[387]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -d +trying client command line[387]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[388]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -d -N +trying client command line[388]: SuiteTest -u -v 3 -l ECDHE-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[389]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[389]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[390]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[390]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[391]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[391]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[392]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[392]: SuiteTest -u -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[393]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[393]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[394]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[394]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[395]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[395]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[396]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[396]: SuiteTest -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[397]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[397]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[398]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[398]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[399]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[399]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[400]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[400]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[401]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[401]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[402]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[402]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[403]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[403]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[404]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[404]: SuiteTest -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[405]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[405]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[406]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[406]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[407]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[407]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[408]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[408]: SuiteTest -u -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[409]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[409]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[410]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[410]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[411]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[411]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[412]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[412]: SuiteTest -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[413]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[413]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[414]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[414]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[415]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[415]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[416]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[416]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[417]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[417]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[418]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[418]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +Client message: hello cyassl! +getting mac +getting mac +repeating test with client cert request off +trying server command line[419]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[419]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[420]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[420]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[421]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[421]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[422]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[422]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[423]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[423]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[424]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[424]: SuiteTest -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[425]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[425]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[426]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[426]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[427]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[427]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[428]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[428]: SuiteTest -u -v 2 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[429]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[429]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[430]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[430]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[431]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[431]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[432]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[432]: SuiteTest -u -v 2 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[433]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[433]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[434]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[434]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[435]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[435]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[436]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[436]: SuiteTest -u -v 2 -l ECDH-RSA-AES128-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[437]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[437]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[438]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[438]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[439]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[439]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[440]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[440]: SuiteTest -u -v 2 -l ECDH-RSA-AES256-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[441]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[441]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[442]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[442]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[443]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[443]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA +getting mac +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[444]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[444]: SuiteTest -u -v 3 -l ECDH-RSA-RC4-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[445]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[445]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[446]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[446]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[447]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[447]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[448]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[448]: SuiteTest -u -v 3 -l ECDH-RSA-DES-CBC3-SHA -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[449]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[449]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[450]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[450]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[451]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[451]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[452]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[452]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[453]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[453]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[454]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[454]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[455]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[455]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[456]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[456]: SuiteTest -u -v 3 -l ECDH-RSA-AES128-SHA256 -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[457]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem +trying client command line[457]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[458]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -N +trying client command line[458]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[459]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d +trying client command line[459]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[460]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -d -N +trying client command line[460]: SuiteTest -u -v 3 -l ECDH-RSA-AES256-SHA -N +... client would read block +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[461]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[461]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[462]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[462]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[463]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[463]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[464]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[464]: SuiteTest -u -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[465]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[465]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[466]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[466]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[467]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[467]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[468]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[468]: SuiteTest -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[469]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[469]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[470]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[470]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[471]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[471]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[472]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[472]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[473]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[473]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with non blocking on +trying server command line[474]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[474]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[475]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[475]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[476]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[476]: SuiteTest -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLS +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +Client message: hello cyassl! +getting mac +getting mac +trying server command line[477]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[477]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[478]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[478]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[479]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[479]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[480]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[480]: SuiteTest -u -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_RC4_128_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[481]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[481]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[482]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[482]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[483]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[483]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[484]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[484]: SuiteTest -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[485]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[485]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[486]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[486]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[487]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[487]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[488]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[488]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[489]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[489]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[490]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[490]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[491]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[491]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +Server response: I hear you fa shizzle! +getting mac +repeating test with client cert request off +repeating test with non blocking on +trying server command line[492]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[492]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +getting mac +getting mac +Server response: I hear you fa shizzle! +trying server command line[493]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem +trying client command line[493]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with non blocking on +trying server command line[494]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -N +trying client command line[494]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... server would read block +... client would read block +... server would read block +... server would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +trying server command line[495]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d +trying client command line[495]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Client message: hello cyassl! +getting mac +getting mac +getting mac +Server response: I hear you fa shizzle! +repeating test with client cert request off +repeating test with non blocking on +trying server command line[496]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -d -N +trying client command line[496]: SuiteTest -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -N +... client would read block +... client would read block +... client would read block +... server would read block +getting mac +... client would read block +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +getting mac +SSL version is DTLSv1.2 +SSL cipher suite is TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +getting mac +getting mac +Server response: I hear you fa shizzle! + End Cipher Suite Tests