From 6c96166c48dfd8373fda28cc2699c50d58db209e Mon Sep 17 00:00:00 2001 From: Todd A Ouska Date: Mon, 25 Apr 2011 09:24:21 -0700 Subject: [PATCH] more logging messages --- ctaocrypt/src/aes.c | 9 ++- ctaocrypt/src/asn.c | 69 +++++++++++++-------- ctaocrypt/src/coding.c | 5 +- ctaocrypt/src/random.c | 16 +++-- ctaocrypt/src/rsa.c | 9 ++- src/cyassl_int.c | 80 ++++++++++++++++++------ src/cyassl_io.c | 55 +++++++++++------ src/keys.c | 2 + src/ssl.c | 137 +++++++++++++++++++++++++++++++++++++++-- 9 files changed, 306 insertions(+), 76 deletions(-) diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index f55147437..bf2073274 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -23,6 +23,7 @@ #include "ctc_aes.h" #include "error.h" +#include "logging.h" #ifdef NO_INLINE #include "misc.h" #else @@ -974,8 +975,10 @@ void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) word32 r = aes->rounds >> 1; const word32* rk = aes->key; - if (r > 7) + if (r > 7) { + CYASSL_MSG("AesEncrypt encountered improper key, set it up"); return; /* stop instead of segfaulting, set up your keys! */ + } /* * map byte array block to cipher state * and add initial round key: @@ -1110,8 +1113,10 @@ void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) word32 r = aes->rounds >> 1; const word32* rk = aes->key; - if (r > 7) + if (r > 7) { + CYASSL_MSG("AesDecrypt encountered improper key, set it up"); return; /* stop instead of segfaulting, set up your keys! */ + } /* * map byte array block to cipher state * and add initial round key: diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 69da0dc4d..9a76e3d87 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -32,6 +32,7 @@ #include "pwdbased.h" #include "des3.h" #include "sha256.h" +#include "logging.h" #ifdef HAVE_NTRU #include "crypto_ntru.h" @@ -1458,8 +1459,10 @@ static int ValidateDate(const byte* date, byte format, int dateType) GetTime(&certTime.tm_min, date, &i); GetTime(&certTime.tm_sec, date, &i); - if (date[i] != 'Z') /* only Zulu supported for this profile */ + if (date[i] != 'Z') { /* only Zulu supported for this profile */ + CYASSL_MSG("Only Zulu time supported for this profile"); return 0; + } localTime = XGMTIME(<ime); @@ -1680,6 +1683,7 @@ static word32 SetAlgoID(int algoOID, byte* output, int type) break; default: + CYASSL_MSG("Unknown Hash Algo"); return 0; /* UNKOWN_HASH_E; */ } } @@ -1691,7 +1695,8 @@ static word32 SetAlgoID(int algoOID, byte* output, int type) break; default: - return 0; /* UNKOWN_HASH_E; */ + CYASSL_MSG("Unknown Signature Algo"); + return 0; } } else if (type == keyType) { /* keyType */ @@ -1702,12 +1707,14 @@ static word32 SetAlgoID(int algoOID, byte* output, int type) break; default: - return 0; /* UNKOWN_HASH_E; */ + CYASSL_MSG("Unknown Key Algo"); + return 0; } } - else - return 0; /* UNKNOWN_TYPE */ - + else { + CYASSL_MSG("Unknown Algo type"); + return 0; + } idSz = SetLength(algoSz - 2, ID_Length); /* don't include TAG_NULL/0 */ seqSz = SetSequence(idSz + algoSz + 1, seqArray); @@ -1784,8 +1791,8 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz, } #endif else { - // TAO CYASSL_MSG("Verify Signautre has unsupported type"); - return 0; /* ASN_SIG_HASH_E; */ + CYASSL_MSG("Verify Signautre has unsupported type"); + return 0; } if (keyOID == RSAk) { @@ -1796,24 +1803,30 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz, int sigSz, verifySz; byte* out; - if (cert->sigLength > MAX_ENCODED_SIG_SZ) - return 0; /* the key is too big */ + if (cert->sigLength > MAX_ENCODED_SIG_SZ) { + CYASSL_MSG("Verify Signautre is too big"); + return 0; + } InitRsaKey(&pubKey, cert->heap); - if (RsaPublicKeyDecode(key, &idx, &pubKey, keySz) < 0) - ret = 0; /* ASN_KEY_DECODE_E; */ - + if (RsaPublicKeyDecode(key, &idx, &pubKey, keySz) < 0) { + CYASSL_MSG("ASN Key decode error RSA"); + ret = 0; + } else { XMEMCPY(plain, cert->signature, cert->sigLength); if ( (verifySz = RsaSSL_VerifyInline(plain, cert->sigLength, &out, &pubKey)) < 0) { - ret = 0; /* ASN_VERIFY_E; */ + CYASSL_MSG("Rsa SSL verify error"); + ret = 0; } else { /* make sure we're right justified */ sigSz = EncodeSignature(encodedSig, digest, digestSz, hashType); - if (sigSz != verifySz || XMEMCMP(out, encodedSig, sigSz) != 0) - ret = 0; /* ASN_VERIFY_MATCH_E; */ + if (sigSz != verifySz || XMEMCMP(out, encodedSig, sigSz) != 0){ + CYASSL_MSG("Rsa SSL verify match encode error"); + ret = 0; + } else ret = 1; /* match */ @@ -1846,8 +1859,10 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz, ecc_key pubKey; int verify = 0; - if (ecc_import_x963(key, keySz, &pubKey) < 0) - return 0; /* ASN_KEY_DECODE_E */ + if (ecc_import_x963(key, keySz, &pubKey) < 0) { + CYASSL_MSG("ASN Key import error ECC"); + return 0; + } ret = ecc_verify_hash(cert->signature, cert->sigLength, digest, digestSz, &verify, &pubKey); @@ -1855,11 +1870,13 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz, if (ret == 0 && verify == 1) return 1; /* match */ - return 0; /* ASN_VERIFY_E */ + CYASSL_MSG("ECC Verify didn't match"); + return 0; } #endif /* HAVE_ECC */ else { - return 0; /* ASN_SIG_KEY_E; */ + CYASSL_MSG("Verify Key type unknown"); + return 0; } } @@ -1932,15 +1949,19 @@ int ParseCertRelative(DecodedCert* cert, word32 inSz, int type, int verify, if (verify && type != CA_TYPE) { Signer* ca = GetCA(signers, cert->issuerHash); - + CYASSL_MSG("About to verify certificate signature"); + if (ca) { /* try to confirm/verify signature */ if (!ConfirmSignature(cert, ca->publicKey, - ca->pubKeySize, ca->keyOID)) + ca->pubKeySize, ca->keyOID)) { + CYASSL_MSG("Confirm signature failed"); return ASN_SIG_CONFIRM_E; + } } else { /* no signer */ + CYASSL_MSG("No CA signer to verify with"); return ASN_SIG_CONFIRM_E; } } @@ -2073,7 +2094,7 @@ void CTaoCryptErrorString(int error, char* buffer) break; case BUFFER_E : - XSTRNCPY(buffer, "Buffer error, output too small or input too big", max); + XSTRNCPY(buffer, "Buffer error, output too small or input too big",max); break; case ALGO_ID_E : @@ -2566,7 +2587,7 @@ static void SetTime(struct tm* date, byte* output) output[i++] = itob(date->tm_sec / 10); output[i++] = itob(date->tm_sec % 10); - output[i] = 'Z'; /* Zulu profiel */ + output[i] = 'Z'; /* Zulu profile */ } diff --git a/ctaocrypt/src/coding.c b/ctaocrypt/src/coding.c index 61792bd64..c39b9c68f 100644 --- a/ctaocrypt/src/coding.c +++ b/ctaocrypt/src/coding.c @@ -22,6 +22,7 @@ #include "coding.h" #include "error.h" +#include "logging.h" enum { @@ -100,8 +101,10 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen) endLine = in[j++]; inLen--; } - if (endLine != '\n') + if (endLine != '\n') { + CYASSL_MSG("Bad end of line in Base64 Decode"); return ASN_INPUT_E; + } } } *outLen = i; diff --git a/ctaocrypt/src/random.c b/ctaocrypt/src/random.c index c21519dd8..02aa80ff0 100644 --- a/ctaocrypt/src/random.c +++ b/ctaocrypt/src/random.c @@ -150,6 +150,8 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz) /* may block */ int GenerateSeed(OS_Seed* os, byte* output, word32 sz) { + int ret = 0; + os->fd = open("/dev/urandom",O_RDONLY); if (os->fd == -1) { /* may still have /dev/random */ @@ -160,22 +162,26 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz) while (sz) { int len = read(os->fd, output, sz); - if (len == -1) - return READ_RAN_E; + if (len == -1) { + ret = READ_RAN_E; + break; + } sz -= len; output += len; - if (sz) + if (sz) { #ifdef BLOCKING sleep(0); /* context switch */ #else - return RAN_BLOCK_E; + ret = RAN_BLOCK_E; + break; #endif + } } close(os->fd); - return 0; + return ret; } #endif /* USE_WINDOWS_API */ diff --git a/ctaocrypt/src/rsa.c b/ctaocrypt/src/rsa.c index 092056cda..25333928b 100644 --- a/ctaocrypt/src/rsa.c +++ b/ctaocrypt/src/rsa.c @@ -24,6 +24,7 @@ #include "ctc_rsa.h" #include "random.h" #include "error.h" +#include "logging.h" #ifdef SHOW_GEN #include @@ -124,14 +125,18 @@ static word32 RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, /* skip past the padding until we find the separator */ while (i maxOutputLen) || invalid; - if (invalid) + if (invalid) { + CYASSL_MSG("RsaUnPad error, bad formatting"); return 0; + } *output = (byte *)(pkcsBlock + i); return outputLen; diff --git a/src/cyassl_int.c b/src/cyassl_int.c index df4fc4655..5913ac2b3 100644 --- a/src/cyassl_int.c +++ b/src/cyassl_int.c @@ -713,8 +713,10 @@ int InitSSL(SSL* ssl, SSL_CTX* ctx) /* make sure server has cert and key unless using PSK */ if (ssl->options.side == SERVER_END && !havePSK) - if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) + if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) { + CYASSL_MSG("Server missing certificate and/or private key"); return NO_PRIVATE_KEY; + } #ifndef NO_PSK ssl->arrays.client_identity[0] = 0; @@ -1027,7 +1029,7 @@ static void AddHeaders(byte* output, word32 length, byte type, SSL* ssl) } -/* return bytes received, -1 on error, 0 on timeout */ +/* return bytes received, -1 on error */ static int Receive(SSL* ssl, byte* buf, word32 sz, int flags) { int recvd; @@ -1056,7 +1058,8 @@ retry: timeout.it_value.tv_usec == 0) { XSTRNCPY(ssl->timeoutInfo.timeoutName, "recv() timeout", MAX_TIMEOUT_NAME_SZ); - return 0; + CYASSL_MSG("Got our timeout"); + return WANT_READ; } } #endif @@ -1134,6 +1137,7 @@ int SendBuffered(SSL* ssl) timeout.it_value.tv_usec == 0) { XSTRNCPY(ssl->timeoutInfo.timeoutName, "send() timeout", MAX_TIMEOUT_NAME_SZ); + CYASSL_MSG("Got our timeout"); return WANT_WRITE; } } @@ -1258,8 +1262,10 @@ static int GetRecordHeader(SSL* ssl, const byte* input, word32* inOutIdx, if (ssl->options.side == SERVER_END && ssl->options.downgrade == 1 && ssl->options.acceptState == ACCEPT_BEGIN) ; /* haven't negotiated yet */ - else + else { + CYASSL_MSG("SSL version error"); return VERSION_ERROR; /* only use requested version */ + } } /* record layer length check */ @@ -1274,6 +1280,7 @@ static int GetRecordHeader(SSL* ssl, const byte* input, word32* inOutIdx, case alert: break; default: + CYASSL_MSG("Unknown Record Type"); return UNKNOWN_RECORD_TYPE; } @@ -1558,7 +1565,7 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx) X509_STORE_CTX store; store.error = ret; - store.error_depth = 1; + store.error_depth = totalCerts; store.domain = domain; #ifdef OPENSSL_EXTRA store.current_cert = &ssl->peerCert; @@ -1566,8 +1573,10 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx) store.current_cert = NULL; #endif ok = ssl->ctx->verifyCallback(0, &store); - if (ok) + if (ok) { + CYASSL_MSG("Verify callback overriding error!"); ret = 0; + } } if (ret != 0) { SendAlert(ssl, alert_fatal, why); /* try to send */ @@ -1606,8 +1615,10 @@ int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx, int sniff) if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo); #endif if (sniff == NO_SNIFF) { - if (XMEMCMP(input + idx, &ssl->verifyHashes, finishedSz)) + if (XMEMCMP(input + idx, &ssl->verifyHashes, finishedSz)) { + CYASSL_MSG("Verify finished error on hashes"); return VERIFY_FINISHED_ERROR; + } } ssl->hmac(ssl, verifyMAC, input + idx - headerSz, macSz, @@ -1624,8 +1635,10 @@ int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx, int sniff) idx += padSz; /* verify mac */ - if (XMEMCMP(mac, verifyMAC, ssl->specs.hash_size)) + if (XMEMCMP(mac, verifyMAC, ssl->specs.hash_size)) { + CYASSL_MSG("Verify finished error on mac"); return VERIFY_MAC_ERROR; + } if (ssl->options.side == CLIENT_END) { ssl->options.serverState = SERVER_FINISHED_COMPLETE; @@ -1733,6 +1746,7 @@ static int DoHandShakeMsg(SSL* ssl, byte* input, word32* inOutIdx, #endif default: + CYASSL_MSG("Unknown handshake message type"); ret = UNKNOWN_HANDSHAKE_TYPE; } @@ -1868,8 +1882,10 @@ int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx) } dataSz = msgSz - ivExtra - digestSz - pad - padByte; - if (dataSz < 0) + if (dataSz < 0) { + CYASSL_MSG("App data buffer error, malicious input?"); return BUFFER_ERROR; + } /* read data */ if (dataSz) { @@ -1908,8 +1924,10 @@ int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx) /* verify */ if (dataSz) { - if (XMEMCMP(mac, verify, digestSz)) + if (XMEMCMP(mac, verify, digestSz)) { + CYASSL_MSG("App data verify mac error"); return VERIFY_MAC_ERROR; + } } else GetSEQIncrement(ssl, 1); /* even though no data, increment verify */ @@ -1935,8 +1953,12 @@ static int DoAlert(SSL* ssl, byte* input, word32* inOutIdx, int* type) level = input[(*inOutIdx)++]; *type = (int)input[(*inOutIdx)++]; - if (*type == close_notify) + CYASSL_MSG("Got alert"); + if (*type == close_notify) { + CYASSL_MSG(" close notify"); ssl->options.closeNotify = 1; + } + CYASSL_ERROR(*type); if (ssl->keys.encryptionOn) { int aSz = ALERT_SIZE; @@ -1951,8 +1973,10 @@ static int DoAlert(SSL* ssl, byte* input, word32* inOutIdx, int* type) *inOutIdx += (ssl->specs.hash_size + padSz); /* verify */ - if (XMEMCMP(mac, verify, ssl->specs.hash_size)) + if (XMEMCMP(mac, verify, ssl->specs.hash_size)) { + CYASSL_MSG(" alert verify mac error"); return VERIFY_MAC_ERROR; + } } return level; @@ -2238,6 +2262,7 @@ int ProcessReply(SSL* ssl) return 0; /* more messages per record */ else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) { + CYASSL_MSG("More messages in record"); #ifdef CYASSL_DTLS /* read-ahead but dtls doesn't bundle messages per record */ if (ssl->options.dtls) { @@ -2250,6 +2275,7 @@ int ProcessReply(SSL* ssl) } /* more records */ else { + CYASSL_MSG("More records in input"); ssl->options.processReply = doProcessInit; continue; } @@ -2702,12 +2728,14 @@ int SendData(SSL* ssl, const void* buffer, int sz) if (ssl->options.handShakeState != HANDSHAKE_DONE) { int err; + CYASSL_MSG("handshake not complete, trying to finish"); if ( (err = CyaSSL_negotiate(ssl)) != 0) return err; } /* last time system socket output buffer was full, try again to send */ if (ssl->buffers.outputBuffer.length > 0) { + CYASSL_MSG("output buffer was full, trying to send again"); if ( (ssl->error = SendBuffered(ssl)) < 0) { CYASSL_ERROR(ssl->error); if (ssl->error == SOCKET_ERROR_E && ssl->options.connReset) @@ -2776,8 +2804,10 @@ int SendData(SSL* ssl, const void* buffer, int sz) sent += len; /* only one message per attempt */ - if (ssl->options.partialWrite == 1) + if (ssl->options.partialWrite == 1) { + CYASSL_MSG("Paritial Write on, only sending one record"); break; + } } return sent; @@ -2795,6 +2825,7 @@ int ReceiveData(SSL* ssl, byte* output, int sz) if (ssl->options.handShakeState != HANDSHAKE_DONE) { int err; + CYASSL_MSG("Handshake not complete, trying to finish"); if ( (err = CyaSSL_negotiate(ssl)) != 0) return err; } @@ -2803,12 +2834,16 @@ int ReceiveData(SSL* ssl, byte* output, int sz) if ( (ssl->error = ProcessReply(ssl)) < 0) { CYASSL_ERROR(ssl->error); if (ssl->error == ZERO_RETURN) { + CYASSL_MSG("Zero return, no more data coming"); ssl->options.isClosed = 1; return 0; /* no more data coming */ } - if (ssl->error == SOCKET_ERROR_E) - if (ssl->options.connReset || ssl->options.isClosed) + if (ssl->error == SOCKET_ERROR_E) { + if (ssl->options.connReset || ssl->options.isClosed) { + CYASSL_MSG("Peer reset or closed, connection done"); return 0; /* peer reset or closed */ + } + } return ssl->error; } @@ -3707,8 +3742,10 @@ int SetCipherList(SSL_CTX* ctx, const char* list) ssl->options.cipherSuite = input[i++]; compression = input[i++]; - if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) + if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) { + CYASSL_MSG("Server refused compression, turning off"); ssl->options.usingCompression = 0; /* turn off if server refused */ + } ssl->options.serverState = SERVER_HELLO_COMPLETE; @@ -3731,8 +3768,10 @@ int SetCipherList(SSL_CTX* ctx, const char* list) else return UNSUPPORTED_SUITE; } - else + else { + CYASSL_MSG("Server denied resumption attempt"); ssl->options.resuming = 0; /* server denied resumption try */ + } } return SetCipherSpecs(ssl); @@ -4865,6 +4904,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list) ProtocolVersion pv; Suites clSuites; + CYASSL_MSG("Got old format client hello"); #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo); @@ -5029,6 +5069,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list) XMEMCPY(ssl->arrays.sessionID, input + i, ID_LEN); i += b; ssl->options.resuming= 1; /* client wants to resume */ + CYASSL_MSG("Client wants to resume session"); } #ifdef CYASSL_DTLS @@ -5071,8 +5112,10 @@ int SetCipherList(SSL_CTX* ctx, const char* list) if (comp == ZLIB_COMPRESSION) match = 1; } - if (!match) + if (!match) { + CYASSL_MSG("Not matching compression, turning off"); ssl->options.usingCompression = 0; /* turn off */ + } } else i += b; /* ignore, since we're not on */ @@ -5089,6 +5132,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list) SSL_SESSION* session = GetSession(ssl, ssl->arrays.masterSecret); if (!session) { ssl->options.resuming = 0; + CYASSL_MSG("Session lookup for resume failed"); break; /* session lookup failed */ } if (MatchSuite(ssl, &clSuites) < 0) diff --git a/src/cyassl_io.c b/src/cyassl_io.c index df14c3ee7..c2efefe71 100644 --- a/src/cyassl_io.c +++ b/src/cyassl_io.c @@ -111,21 +111,29 @@ int EmbedReceive(char *buf, int sz, void *ctx) if (recvd == -1) { err = LastError(); - if (err == SOCKET_EWOULDBLOCK || - err == SOCKET_EAGAIN) + CYASSL_MSG("Embed Receive error"); + + if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { + CYASSL_MSG(" Would block"); return IO_ERR_WANT_READ; - - else if (err == SOCKET_ECONNRESET) + } + else if (err == SOCKET_ECONNRESET) { + CYASSL_MSG(" Connection reset"); return IO_ERR_CONN_RST; - - else if (err == SOCKET_EINTR) + } + else if (err == SOCKET_EINTR) { + CYASSL_MSG(" Socket interrupted"); return IO_ERR_ISR; - - else + } + else { + CYASSL_MSG(" General error"); return IO_ERR_GENERAL; + } } - else if (recvd == 0) + else if (recvd == 0) { + CYASSL_MSG("Embed receive connection closed"); return IO_ERR_CONN_CLOSE; + } return recvd; } @@ -138,25 +146,34 @@ int EmbedSend(char *buf, int sz, void *ctx) int socket = *(int*)ctx; int sent; int len = sz; + int err; sent = SEND_FUNCTION(socket, &buf[sz - len], len, 0); if (sent == -1) { - if (LastError() == SOCKET_EWOULDBLOCK || - LastError() == SOCKET_EAGAIN) + err = LastError(); + CYASSL_MSG("Embed Send error"); + + if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { + CYASSL_MSG(" Would Block"); return IO_ERR_WANT_WRITE; - - else if (LastError() == SOCKET_ECONNRESET) + } + else if (err == SOCKET_ECONNRESET) { + CYASSL_MSG(" Connection reset"); return IO_ERR_CONN_RST; - - else if (LastError() == SOCKET_EINTR) + } + else if (err == SOCKET_EINTR) { + CYASSL_MSG(" Socket interrupted"); return IO_ERR_ISR; - - else if (LastError() == SOCKET_EPIPE) + } + else if (err == SOCKET_EPIPE) { + CYASSL_MSG(" Socket EPIPE"); return IO_ERR_CONN_CLOSE; - - else + } + else { + CYASSL_MSG(" General error"); return IO_ERR_GENERAL; + } } return sent; diff --git a/src/keys.c b/src/keys.c index 929a65c1c..77b74af03 100644 --- a/src/keys.c +++ b/src/keys.c @@ -452,6 +452,7 @@ int SetCipherSpecs(SSL* ssl) #endif default: + CYASSL_MSG("Unsupported cipher suite"); return UNSUPPORTED_SUITE; } } /* ECC / Normal suites else */ @@ -510,6 +511,7 @@ static int SetPrefix(byte* sha_input, int index) XMEMCPY(sha_input, "GGGGGGG", 7); break; default: + CYASSL_MSG("Set Prefix error, bad input"); return 0; } return 1; diff --git a/src/ssl.c b/src/ssl.c index 447736485..9dfbf1b6e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -109,18 +109,22 @@ void SSL_free(SSL* ssl) int SSL_set_fd(SSL* ssl, int fd) { + CYASSL_ENTER("SSL_set_fd"); ssl->rfd = fd; /* not used directly to allow IO callbacks */ ssl->wfd = fd; ssl->IOCB_ReadCtx = &ssl->rfd; ssl->IOCB_WriteCtx = &ssl->wfd; + CYASSL_LEAVE("SSL_set_fd", SSL_SUCCESS); return SSL_SUCCESS; } int SSL_get_fd(const SSL* ssl) { + CYASSL_ENTER("SSL_get_fd"); + CYASSL_LEAVE("SSL_get_fd", ssl->rfd); return ssl->rfd; } @@ -129,7 +133,7 @@ int CyaSSL_negotiate(SSL* ssl) { int err = SSL_FATAL_ERROR; - CYASSL_ENTER("CyaSSL_negotiate()"); + CYASSL_ENTER("CyaSSL_negotiate"); #ifndef NO_CYASSL_SERVER if (ssl->options.side == SERVER_END) err = SSL_accept(ssl); @@ -140,7 +144,7 @@ int CyaSSL_negotiate(SSL* ssl) err = SSL_connect(ssl); #endif - CYASSL_LEAVE("CyaSSL_negotiate()", err); + CYASSL_LEAVE("CyaSSL_negotiate", err); if (err == SSL_SUCCESS) return 0; @@ -154,6 +158,7 @@ int CyaSSL_SetTmpDH(SSL* ssl, unsigned char* p,int pSz,unsigned char* g,int gSz) { byte havePSK = 0; + CYASSL_ENTER("CyaSSL_SetTmpDH"); if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG; if (ssl->options.side != SERVER_END) @@ -189,6 +194,7 @@ int CyaSSL_SetTmpDH(SSL* ssl, unsigned char* p,int pSz,unsigned char* g,int gSz) InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA, ssl->ctx->method->side); + CYASSL_LEAVE("CyaSSL_SetTmpDH", 0); return 0; } @@ -265,6 +271,8 @@ int SSL_shutdown(SSL* ssl) int SSL_get_error(SSL* ssl, int ret) { + CYASSL_ENTER("SSL_get_error"); + CYASSL_LEAVE("SSL_get_error", ssl->error); if (ret > 0) return SSL_ERROR_NONE; @@ -280,6 +288,7 @@ int SSL_get_error(SSL* ssl, int ret) int SSL_want_read(SSL* ssl) { + CYASSL_ENTER("SSL_want_read"); if (ssl->error == WANT_READ) return 1; @@ -289,6 +298,7 @@ int SSL_want_read(SSL* ssl) int SSL_want_write(SSL* ssl) { + CYASSL_ENTER("SSL_want_write"); if (ssl->error == WANT_WRITE) return 1; @@ -300,6 +310,7 @@ char* ERR_error_string(unsigned long errNumber, char* buffer) { static char* msg = "Please supply a buffer for error string"; + CYASSL_ENTER("ERR_error_string"); if (buffer) { SetErrorString(errNumber, buffer); return buffer; @@ -311,6 +322,7 @@ char* ERR_error_string(unsigned long errNumber, char* buffer) void ERR_error_string_n(unsigned long e, char* buf, unsigned long len) { + CYASSL_ENTER("ERR_error_string_n"); if (len) ERR_error_string(e, buf); } @@ -321,6 +333,7 @@ void ERR_print_errors_fp(FILE* fp, int err) { char buffer[MAX_ERROR_SZ + 1]; + CYASSL_ENTER("ERR_print_errors_fp"); SetErrorString(err, buffer); fprintf(fp, "%s", buffer); } @@ -330,6 +343,7 @@ void ERR_print_errors_fp(FILE* fp, int err) int SSL_pending(SSL* ssl) { + CYASSL_ENTER("SSL_pending"); return ssl->buffers.clearOutputBuffer.length; } @@ -972,6 +986,7 @@ static int ProcessFile(SSL_CTX* ctx, const char* fname, int format, int type, int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file, const char* path) { + CYASSL_ENTER("SSL_CTX_load_verify_locations"); if (ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL) == SSL_SUCCESS) return SSL_SUCCESS; @@ -984,6 +999,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file, /* Add format parameter to allow DER load of CA files */ int CyaSSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file, int format) { + CYASSL_ENTER("CyaSSL_CTX_load_verify_locations"); if (ProcessFile(ctx, file, format, CA_TYPE, NULL) == SSL_SUCCESS) return SSL_SUCCESS; @@ -1008,6 +1024,7 @@ int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) EncryptedInfo info; buffer converted; + CYASSL_ENTER("CyaSSL_PemCertToDer"); converted.buffer = 0; if (!file) return SSL_BAD_FILE; @@ -1051,6 +1068,7 @@ int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format) { + CYASSL_ENTER("SSL_CTX_use_certificate_file"); if (ProcessFile(ctx, file, format, CERT_TYPE, NULL) == SSL_SUCCESS) return SSL_SUCCESS; @@ -1060,6 +1078,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format) int SSL_CTX_use_PrivateKey_file(SSL_CTX* ctx, const char* file, int format) { + CYASSL_ENTER("SSL_CTX_use_PrivateKey_file"); if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL) == SSL_SUCCESS) return SSL_SUCCESS; @@ -1070,6 +1089,7 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX* ctx, const char* file, int format) int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file) { /* procces up to MAX_CHAIN_DEPTH plus subject cert */ + CYASSL_ENTER("SSL_CTX_use_certificate_chain_file"); if (ProcessFile(ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, NULL) == SSL_SUCCESS) return SSL_SUCCESS; @@ -1081,6 +1101,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file) int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX* ctx, const char* file) { + CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file"); if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL) == SSL_SUCCESS) { ctx->haveNTRU = 1; @@ -1098,6 +1119,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX* ctx, const char* file) int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX* ctx,const char* file,int format) { + CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file"); if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE,NULL) == SSL_SUCCESS) return SSL_SUCCESS; @@ -1111,6 +1133,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX* ctx, const char* file) void SSL_CTX_set_verify(SSL_CTX* ctx, int mode, VerifyCallback vc) { + CYASSL_ENTER("SSL_CTX_set_verify"); if (mode & SSL_VERIFY_PEER) { ctx->verifyPeer = 1; ctx->verifyNone = 0; /* in case perviously set */ @@ -1132,12 +1155,14 @@ void SSL_CTX_set_verify(SSL_CTX* ctx, int mode, VerifyCallback vc) SSL_SESSION* SSL_get_session(SSL* ssl) { + CYASSL_ENTER("SSL_get_session"); return GetSession(ssl, 0); } int SSL_set_session(SSL* ssl, SSL_SESSION* session) { + CYASSL_ENTER("SSL_set_session"); if (session) return SetSession(ssl, session); @@ -1153,6 +1178,7 @@ void SSL_load_error_strings(void) /* compatibility only */ int SSL_library_init(void) { + CYASSL_ENTER("SSL_library_init"); if (InitCyaSSL() == 0) return SSL_SUCCESS; else @@ -1165,6 +1191,7 @@ int SSL_library_init(void) /* on by default if built in but allow user to turn off */ long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode) { + CYASSL_ENTER("SSL_CTX_set_session_cache_mode"); if (mode == SSL_SESS_CACHE_OFF) ctx->sessionCacheOff = 1; @@ -1179,6 +1206,7 @@ long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode) int SSL_CTX_set_cipher_list(SSL_CTX* ctx, const char* list) { + CYASSL_ENTER("SSL_CTX_set_cipher_list"); if (SetCipherList(ctx, list)) return SSL_SUCCESS; else @@ -1193,6 +1221,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX* ctx, const char* list) { SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0, DYNAMIC_TYPE_METHOD); + CYASSL_ENTER("SSLv3_client_method"); if (method) InitSSL_Method(method, MakeSSLv3()); return method; @@ -1203,6 +1232,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX* ctx, const char* list) { SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0, DYNAMIC_TYPE_METHOD); + CYASSL_ENTER("DTLSv1_client_method"); if (method) InitSSL_Method(method, MakeDTLSv1()); return method; @@ -1405,6 +1435,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX* ctx, const char* list) { SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0, DYNAMIC_TYPE_METHOD); + CYASSL_ENTER("SSLv3_server_method"); if (method) { InitSSL_Method(method, MakeSSLv3()); method->side = SERVER_END; @@ -1418,6 +1449,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX* ctx, const char* list) { SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0, DYNAMIC_TYPE_METHOD); + CYASSL_ENTER("DTLSv1_server_method"); if (method) { InitSSL_Method(method, MakeDTLSv1()); method->side = SERVER_END; @@ -1633,6 +1665,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX* ctx, const char* list) int InitCyaSSL(void) { int ret = 0; + CYASSL_ENTER("InitCyaSSL"); #ifndef NO_SESSION_CACHE if (InitMutex(&session_mutex) != 0) ret = BAD_MUTEX_ERROR; @@ -1647,6 +1680,7 @@ int InitCyaSSL(void) int FreeCyaSSL(void) { int ret = 0; + CYASSL_ENTER("FreeCyaSSL"); #ifndef NO_SESSION_CACHE if (FreeMutex(&session_mutex) != 0) ret = BAD_MUTEX_ERROR; @@ -1838,6 +1872,7 @@ int AddSession(SSL* ssl) date check and signature check */ int CyaSSL_check_domain_name(SSL* ssl, const char* dn) { + CYASSL_ENTER("CyaSSL_check_domain_name"); if (ssl->buffers.domainName.buffer) XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); @@ -1862,6 +1897,7 @@ int CyaSSL_check_domain_name(SSL* ssl, const char* dn) */ int CyaSSL_set_compression(SSL* ssl) { + CYASSL_ENTER("CyaSSL_set_compression"); #ifdef HAVE_LIBZ ssl->options.usingCompression = 1; return 0; @@ -1886,6 +1922,8 @@ int CyaSSL_set_compression(SSL* ssl) int i; int ret; + CYASSL_ENTER("CyaSSL_writev"); + for (i = 0; i < iovcnt; i++) send += iov[i].iov_len; @@ -2071,6 +2109,7 @@ int CyaSSL_set_compression(SSL* ssl) int CyaSSL_connect_ex(SSL* ssl, HandShakeCallBack hsCb, TimeoutCallBack toCb, Timeval timeout) { + CYASSL_ENTER("CyaSSL_connect_ex"); return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout); } @@ -2082,6 +2121,7 @@ int CyaSSL_set_compression(SSL* ssl) int CyaSSL_accept_ex(SSL* ssl, HandShakeCallBack hsCb, TimeoutCallBack toCb,Timeval timeout) { + CYASSL_ENTER("CyaSSL_accept_ex"); return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout); } @@ -2094,6 +2134,7 @@ int CyaSSL_set_compression(SSL* ssl) void SSL_CTX_set_psk_client_callback(SSL_CTX* ctx, psk_client_callback cb) { + CYASSL_ENTER("SSL_CTX_set_psk_client_callback"); ctx->havePSK = 1; ctx->client_psk_cb = cb; } @@ -2101,6 +2142,7 @@ int CyaSSL_set_compression(SSL* ssl) void SSL_set_psk_client_callback(SSL* ssl, psk_client_callback cb) { + CYASSL_ENTER("SSL_set_psk_client_callback"); ssl->options.havePSK = 1; ssl->options.client_psk_cb = cb; @@ -2111,6 +2153,7 @@ int CyaSSL_set_compression(SSL* ssl) void SSL_CTX_set_psk_server_callback(SSL_CTX* ctx, psk_server_callback cb) { + CYASSL_ENTER("SSL_CTX_set_psk_server_callback"); ctx->havePSK = 1; ctx->server_psk_cb = cb; } @@ -2118,6 +2161,7 @@ int CyaSSL_set_compression(SSL* ssl) void SSL_set_psk_server_callback(SSL* ssl, psk_server_callback cb) { + CYASSL_ENTER("SSL_set_psk_server_callback"); ssl->options.havePSK = 1; ssl->options.server_psk_cb = cb; @@ -2129,18 +2173,21 @@ int CyaSSL_set_compression(SSL* ssl) const char* SSL_get_psk_identity_hint(const SSL* ssl) { + CYASSL_ENTER("SSL_get_psk_identity_hint"); return ssl->arrays.server_hint; } const char* SSL_get_psk_identity(const SSL* ssl) { + CYASSL_ENTER("SSL_get_psk_identity"); return ssl->arrays.client_identity; } int SSL_CTX_use_psk_identity_hint(SSL_CTX* ctx, const char* hint) { + CYASSL_ENTER("SSL_CTX_use_psk_identity_hint"); if (hint == 0) ctx->server_hint[0] = 0; else @@ -2151,6 +2198,7 @@ int CyaSSL_set_compression(SSL* ssl) int SSL_use_psk_identity_hint(SSL* ssl, const char* hint) { + CYASSL_ENTER("SSL_use_psk_identity_hint"); if (hint == 0) ssl->arrays.server_hint[0] = 0; else @@ -2167,6 +2215,7 @@ int CyaSSL_set_compression(SSL* ssl) int CyaSSL_CTX_load_verify_buffer(SSL_CTX* ctx, const unsigned char* buffer, long sz, int format) { + CYASSL_ENTER("CyaSSL_CTX_load_verify_buffer"); if (format == SSL_FILETYPE_PEM) return ProcessChainBuffer(ctx, buffer, sz, format, CA_TYPE, NULL); else @@ -2177,6 +2226,7 @@ int CyaSSL_set_compression(SSL* ssl) int CyaSSL_CTX_use_certificate_buffer(SSL_CTX* ctx, const unsigned char* buffer,long sz,int format) { + CYASSL_ENTER("CyaSSL_CTX_use_certificate_buffer"); return ProcessBuffer(ctx, buffer, sz, format, CERT_TYPE, NULL, NULL); } @@ -2184,6 +2234,7 @@ int CyaSSL_set_compression(SSL* ssl) int CyaSSL_CTX_use_PrivateKey_buffer(SSL_CTX* ctx, const unsigned char* buffer,long sz,int format) { + CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_buffer"); return ProcessBuffer(ctx, buffer, sz, format,PRIVATEKEY_TYPE,NULL,NULL); } @@ -2191,7 +2242,7 @@ int CyaSSL_set_compression(SSL* ssl) int CyaSSL_CTX_use_certificate_chain_buffer(SSL_CTX* ctx, const unsigned char* buffer, long sz) { - /* add first to ctx, all tested implementations support this */ + CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_buffer"); return ProcessBuffer(ctx, buffer, sz, SSL_FILETYPE_PEM, CA_TYPE, NULL, NULL); } @@ -2199,6 +2250,7 @@ int CyaSSL_set_compression(SSL* ssl) int CyaSSL_use_certificate_buffer(SSL* ssl, const unsigned char* buffer,long sz,int format) { + CYASSL_ENTER("CyaSSL_use_certificate_buffer"); return ProcessBuffer(ssl->ctx, buffer, sz, format, CERT_TYPE, ssl,NULL); } @@ -2206,6 +2258,7 @@ int CyaSSL_set_compression(SSL* ssl) int CyaSSL_use_PrivateKey_buffer(SSL* ssl, const unsigned char* buffer,long sz,int format) { + CYASSL_ENTER("CyaSSL_use_PrivateKey_buffer"); return ProcessBuffer(ssl->ctx, buffer, sz, format, PRIVATEKEY_TYPE, ssl, NULL); } @@ -2214,7 +2267,7 @@ int CyaSSL_set_compression(SSL* ssl) int CyaSSL_use_certificate_chain_buffer(SSL* ssl, const unsigned char* buffer, long sz) { - /* add first to ctx, all tested implementations support this */ + CYASSL_ENTER("CyaSSL_use_certificate_chain_buffer"); return ProcessBuffer(ssl->ctx, buffer, sz, SSL_FILETYPE_PEM, CA_TYPE, ssl, NULL); } @@ -2227,6 +2280,7 @@ int CyaSSL_set_compression(SSL* ssl) int SSLeay_add_ssl_algorithms(void) { + CYASSL_ENTER("SSLeay_add_ssl_algorithms"); OpenSSL_add_all_algorithms(); return SSL_SUCCESS; } @@ -2241,6 +2295,7 @@ int CyaSSL_set_compression(SSL* ssl) void SSL_CTX_set_quiet_shutdown(SSL_CTX* ctx, int mode) { + CYASSL_ENTER("SSL_CTX_set_quiet_shutdown"); if (mode) ctx->quietShutdown = 1; } @@ -2249,12 +2304,14 @@ int CyaSSL_set_compression(SSL* ssl) int SSL_CTX_check_private_key(SSL_CTX* ctx) { /* TODO: check private against public for RSA match */ + CYASSL_ENTER("SSL_CTX_check_private_key"); return SSL_SUCCESS; } void SSL_set_bio(SSL* ssl, BIO* rd, BIO* wr) { + CYASSL_ENTER("SSL_set_bio"); SSL_set_rfd(ssl, rd->fd); SSL_set_wfd(ssl, wr->fd); @@ -2286,6 +2343,7 @@ int CyaSSL_set_compression(SSL* ssl) { byte havePSK = 0; + CYASSL_ENTER("SSL_set_accept_state"); ssl->options.side = SERVER_END; /* reset suites in case user switched */ #ifndef NO_PSK @@ -2299,12 +2357,14 @@ int CyaSSL_set_compression(SSL* ssl) void OpenSSL_add_all_algorithms(void) { + CYASSL_ENTER("OpenSSL_add_all_algorithms"); InitCyaSSL(); } int SSLeay_add_all_algorithms(void) { + CYASSL_ENTER("SSLeay_add_all_algorithms"); OpenSSL_add_all_algorithms(); return SSL_SUCCESS; } @@ -2325,12 +2385,14 @@ int CyaSSL_set_compression(SSL* ssl) long SSL_CTX_set_options(SSL_CTX* ctx, long opt) { /* goahead calls with 0, do nothing */ + CYASSL_ENTER("SSL_CTX_set_options"); return opt; } int SSL_set_rfd(SSL* ssl, int rfd) { + CYASSL_ENTER("SSL_set_rfd"); ssl->rfd = rfd; /* not used directly to allow IO callbacks */ ssl->IOCB_ReadCtx = &ssl->rfd; @@ -2341,6 +2403,7 @@ int CyaSSL_set_compression(SSL* ssl) int SSL_set_wfd(SSL* ssl, int wfd) { + CYASSL_ENTER("SSL_set_wfd"); ssl->wfd = wfd; /* not used directly to allow IO callbacks */ ssl->IOCB_WriteCtx = &ssl->wfd; @@ -2353,18 +2416,21 @@ int CyaSSL_set_compression(SSL* ssl) int, void*), void* data) { /* no tmp key needed, actual generation not supported */ + CYASSL_ENTER("RSA_generate_key"); return 0; } X509_NAME* X509_get_issuer_name(X509* cert) { + CYASSL_ENTER("X509_get_issuer_name"); return &cert->issuer; } X509_NAME* X509_get_subject_name(X509* cert) { + CYASSL_ENTER("X509_get_subject_name"); return &cert->subject; } @@ -2374,6 +2440,8 @@ int CyaSSL_set_compression(SSL* ssl) char* X509_NAME_oneline(X509_NAME* name, char* buffer, int sz) { int copySz = min(sz, name->sz); + + CYASSL_ENTER("X509_NAME_oneline"); if (!name->sz) return buffer; if (!buffer) { @@ -2413,6 +2481,8 @@ int CyaSSL_set_compression(SSL* ssl) BIO_METHOD* BIO_f_buffer(void) { static BIO_METHOD meth; + + CYASSL_ENTER("BIO_f_buffer"); meth.type = BIO_BUFFER; return &meth; @@ -2422,6 +2492,7 @@ int CyaSSL_set_compression(SSL* ssl) long BIO_set_write_buffer_size(BIO* bio, long size) { /* CyaSSL has internal buffer, compatibility only */ + CYASSL_ENTER("BIO_set_write_buffer_size"); return size; } @@ -2429,6 +2500,8 @@ int CyaSSL_set_compression(SSL* ssl) BIO_METHOD* BIO_f_ssl(void) { static BIO_METHOD meth; + + CYASSL_ENTER("BIO_f_ssl"); meth.type = BIO_SSL; return &meth; @@ -2438,6 +2511,8 @@ int CyaSSL_set_compression(SSL* ssl) BIO* BIO_new_socket(int sfd, int close) { BIO* bio = (BIO*) XMALLOC(sizeof(BIO), 0, DYNAMIC_TYPE_OPENSSL); + + CYASSL_ENTER("BIO_new_socket"); if (bio) { bio->type = BIO_SOCKET; bio->close = close; @@ -2453,6 +2528,7 @@ int CyaSSL_set_compression(SSL* ssl) int BIO_eof(BIO* b) { + CYASSL_ENTER("BIO_eof"); if (b->eof) return 1; @@ -2462,6 +2538,7 @@ int CyaSSL_set_compression(SSL* ssl) long BIO_set_ssl(BIO* b, SSL* ssl, int close) { + CYASSL_ENTER("BIO_set_ssl"); b->ssl = ssl; b->close = close; /* add to ssl for bio free if SSL_free called before/instead of free_all? */ @@ -2473,6 +2550,7 @@ int CyaSSL_set_compression(SSL* ssl) BIO* BIO_new(BIO_METHOD* method) { BIO* bio = (BIO*) XMALLOC(sizeof(BIO), 0, DYNAMIC_TYPE_OPENSSL); + CYASSL_ENTER("BIO_new"); if (bio) { bio->type = method->type; bio->close = 0; @@ -2495,6 +2573,7 @@ int CyaSSL_set_compression(SSL* ssl) int BIO_free(BIO* bio) { /* unchain?, doesn't matter in goahead since from free all */ + CYASSL_ENTER("BIO_free"); if (bio) { if (bio->close) { if (bio->ssl) @@ -2512,6 +2591,7 @@ int CyaSSL_set_compression(SSL* ssl) { BIO* next = bio; + CYASSL_ENTER("BIO_free_all"); while ( (bio = next) ) { next = bio->next; BIO_free(bio); @@ -2526,6 +2606,7 @@ int CyaSSL_set_compression(SSL* ssl) SSL* ssl = 0; BIO* front = bio; + CYASSL_ENTER("BIO_read"); /* already got eof, again is error */ if (front->eof) return SSL_FATAL_ERROR; @@ -2553,6 +2634,7 @@ int CyaSSL_set_compression(SSL* ssl) SSL* ssl = 0; BIO* front = bio; + CYASSL_ENTER("BIO_write"); /* already got eof, again is error */ if (front->eof) return SSL_FATAL_ERROR; @@ -2577,6 +2659,7 @@ int CyaSSL_set_compression(SSL* ssl) BIO* BIO_push(BIO* top, BIO* append) { + CYASSL_ENTER("BIO_push"); top->next = append; append->prev = top; @@ -2587,6 +2670,7 @@ int CyaSSL_set_compression(SSL* ssl) int BIO_flush(BIO* bio) { /* for CyaSSL no flushing needed */ + CYASSL_ENTER("BIO_flush"); return 1; } @@ -2598,12 +2682,14 @@ int CyaSSL_set_compression(SSL* ssl) void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX* ctx, void* userdata) { + CYASSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata"); ctx->userdata = userdata; } void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb) { + CYASSL_ENTER("SSL_CTX_set_default_passwd_cb"); ctx->passwd_cb = cb; } @@ -2643,6 +2729,7 @@ int CyaSSL_set_compression(SSL* ssl) int ivLeft; int keyOutput = 0; + CYASSL_ENTER("EVP_BytesToKey"); InitMd5(&myMD); /* only support MD5 for now */ @@ -2737,18 +2824,21 @@ int CyaSSL_set_compression(SSL* ssl) typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1]; (void)sizeof(md5_test); + CYASSL_ENTER("MD5_Init"); InitMd5((Md5*)md5); } void MD5_Update(MD5_CTX* md5, const void* input, unsigned long sz) { + CYASSL_ENTER("MD5_Update"); Md5Update((Md5*)md5, (const byte*)input, sz); } void MD5_Final(byte* input, MD5_CTX* md5) { + CYASSL_ENTER("MD5_Final"); Md5Final((Md5*)md5, input); } @@ -2758,36 +2848,42 @@ int CyaSSL_set_compression(SSL* ssl) typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1]; (void)sizeof(sha_test); + CYASSL_ENTER("SHA_Init"); InitSha((Sha*)sha); } void SHA_Update(SHA_CTX* sha, const void* input, unsigned long sz) { + CYASSL_ENTER("SHA_Update"); ShaUpdate((Sha*)sha, (const byte*)input, sz); } void SHA_Final(byte* input, SHA_CTX* sha) { + CYASSL_ENTER("SHA_Final"); ShaFinal((Sha*)sha, input); } void SHA1_Init(SHA_CTX* sha) { + CYASSL_ENTER("SHA1_Init"); SHA_Init(sha); } void SHA1_Update(SHA_CTX* sha, const void* input, unsigned long sz) { + CYASSL_ENTER("SHA1_Update"); SHA_Update(sha, input, sz); } void SHA1_Final(byte* input, SHA_CTX* sha) { + CYASSL_ENTER("SHA1_Final"); SHA_Final(input, sha); } @@ -2795,6 +2891,7 @@ int CyaSSL_set_compression(SSL* ssl) const EVP_MD* EVP_md5(void) { static const char* type = "MD5"; + CYASSL_ENTER("EVP_md5"); return type; } @@ -2802,6 +2899,7 @@ int CyaSSL_set_compression(SSL* ssl) const EVP_MD* EVP_sha1(void) { static const char* type = "SHA"; + CYASSL_ENTER("EVP_sha1"); return type; } @@ -2814,12 +2912,14 @@ int CyaSSL_set_compression(SSL* ssl) int EVP_MD_CTX_cleanup(EVP_MD_CTX* ctx) { + CYASSL_ENTER("EVP_MD_CTX_cleanup"); return 0; } int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type) { + CYASSL_ENTER("EVP_DigestInit"); if (XSTRNCMP(type, "MD5", 3) == 0) { ctx->macType = MD5; MD5_Init((MD5_CTX*)&ctx->hash); @@ -2837,6 +2937,7 @@ int CyaSSL_set_compression(SSL* ssl) int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* data, unsigned long sz) { + CYASSL_ENTER("EVP_DigestUpdate"); if (ctx->macType == MD5) MD5_Update((MD5_CTX*)&ctx->hash, data, (unsigned long)sz); else if (ctx->macType == SHA) @@ -2850,6 +2951,7 @@ int CyaSSL_set_compression(SSL* ssl) int EVP_DigestFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s) { + CYASSL_ENTER("EVP_DigestFinal"); if (ctx->macType == MD5) { MD5_Final(md, (MD5_CTX*)&ctx->hash); if (s) *s = MD5_DIGEST_SIZE; @@ -2867,6 +2969,7 @@ int CyaSSL_set_compression(SSL* ssl) int EVP_DigestFinal_ex(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s) { + CYASSL_ENTER("EVP_DigestFinal_ex"); return EVP_DigestFinal(ctx, md, s); } @@ -2876,6 +2979,7 @@ int CyaSSL_set_compression(SSL* ssl) { Hmac hmac; + CYASSL_ENTER("HMAC"); if (!md) return 0; /* no static buffer support */ if (XSTRNCMP(evp_md, "MD5", 3) == 0) { @@ -2911,6 +3015,7 @@ int CyaSSL_set_compression(SSL* ssl) { RNG rng; + CYASSL_ENTER("RAND_bytes"); if (InitRng(&rng)) return 0; @@ -2922,6 +3027,7 @@ int CyaSSL_set_compression(SSL* ssl) int DES_key_sched(const_DES_cblock* key, DES_key_schedule* schedule) { + CYASSL_ENTER("DES_key_sched"); XMEMCPY(schedule, key, sizeof(const_DES_cblock)); return 0; } @@ -2932,6 +3038,7 @@ int CyaSSL_set_compression(SSL* ssl) int enc) { Des des; + CYASSL_ENTER("DES_cbc_encrypt"); Des_SetKey(&des, (const byte*)schedule, (const byte*)ivec, !enc); if (enc) @@ -2947,6 +3054,7 @@ int CyaSSL_set_compression(SSL* ssl) int enc) { Des des; + CYASSL_ENTER("DES_ncbc_encrypt"); Des_SetKey(&des, (const byte*)schedule, (const byte*)ivec, !enc); if (enc) @@ -2986,6 +3094,7 @@ int CyaSSL_set_compression(SSL* ssl) { /* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is CyaSSL default mode */ + CYASSL_ENTER("SSL_CTX_set_mode"); if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE) ctx->partialWrite = 1; @@ -3031,6 +3140,7 @@ int CyaSSL_set_compression(SSL* ssl) X509* SSL_get_peer_certificate(SSL* ssl) { + CYASSL_ENTER("SSL_get_peer_certificate"); if (ssl->peerCert.issuer.sz) return &ssl->peerCert; else @@ -3078,6 +3188,7 @@ int CyaSSL_set_compression(SSL* ssl) const char* SSL_get_version(SSL* ssl) { + CYASSL_ENTER("SSL_get_version"); if (ssl->version.major == SSLv3_MAJOR) { switch (ssl->version.minor) { case SSLv3_MINOR : @@ -3098,12 +3209,14 @@ int CyaSSL_set_compression(SSL* ssl) SSL_CIPHER* SSL_get_current_cipher(SSL* ssl) { + CYASSL_ENTER("SSL_get_current_cipher"); return &ssl->cipher; } const char* SSL_CIPHER_get_name(const SSL_CIPHER* cipher) { + CYASSL_ENTER("SSL_CIPHER_get_name"); if (cipher) { if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) { /* ECC suites */ @@ -3223,18 +3336,21 @@ int CyaSSL_set_compression(SSL* ssl) typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1]; (void) sizeof(ok); + CYASSL_ENTER("MD4_Init"); InitMd4((Md4*)md4); } void MD4_Update(MD4_CTX* md4, const void* data, unsigned long len) { + CYASSL_ENTER("MD4_Update"); Md4Update((Md4*)md4, (const byte*)data, (word32)len); } void MD4_Final(unsigned char* digest, MD4_CTX* md4) { + CYASSL_ENTER("MD4_Final"); Md4Final((Md4*)md4, digest); } @@ -3743,18 +3859,22 @@ int CyaSSL_set_compression(SSL* ssl) SSL_SESSION* d2i_SSL_SESSION(SSL_SESSION** sess, const unsigned char** p, long i) { - return *sess; + if (sess) + return *sess; + return NULL; } long SSL_SESSION_get_timeout(const SSL_SESSION* sess) { + CYASSL_ENTER("SSL_SESSION_get_timeout"); return sess->timeout; } long SSL_SESSION_get_time(const SSL_SESSION* sess) { + CYASSL_ENTER("SSL_SESSION_get_time"); return sess->bornOn; } @@ -3769,6 +3889,7 @@ int CyaSSL_set_compression(SSL* ssl) return 0 on success */ int CyaSSL_X509_get_serial_number(X509* x509, byte* buffer, int* inOutSz) { + CYASSL_ENTER("CyaSSL_X509_get_serial_number"); if (x509 == NULL || buffer == NULL || *inOutSz < x509->serialSz) return BAD_FUNC_ARG; @@ -3787,6 +3908,7 @@ int CyaSSL_set_compression(SSL* ssl) /* Get peer's certificate chain */ X509_CHAIN* CyaSSL_get_peer_chain(SSL* ssl) { + CYASSL_ENTER("CyaSSL_get_peer_chain"); if (ssl) return &ssl->session.chain; @@ -3797,6 +3919,7 @@ X509_CHAIN* CyaSSL_get_peer_chain(SSL* ssl) /* Get peer's certificate chain total count */ int CyaSSL_get_chain_count(X509_CHAIN* chain) { + CYASSL_ENTER("CyaSSL_get_chain_count"); if (chain) return chain->count; @@ -3807,6 +3930,7 @@ int CyaSSL_get_chain_count(X509_CHAIN* chain) /* Get peer's ASN.1 DER ceritifcate at index (idx) length in bytes */ int CyaSSL_get_chain_length(X509_CHAIN* chain, int idx) { + CYASSL_ENTER("CyaSSL_get_chain_length"); if (chain) return chain->certs[idx].length; @@ -3817,6 +3941,7 @@ int CyaSSL_get_chain_length(X509_CHAIN* chain, int idx) /* Get peer's ASN.1 DER ceritifcate at index (idx) */ byte* CyaSSL_get_chain_cert(X509_CHAIN* chain, int idx) { + CYASSL_ENTER("CyaSSL_get_chain_cert"); if (chain) return chain->certs[idx].buffer; @@ -3837,6 +3962,7 @@ int CyaSSL_get_chain_cert_pem(X509_CHAIN* chain, int idx, int i; int err; + CYASSL_ENTER("CyaSSL_get_chain_cert_pem"); if (!chain || !outLen || !buffer) return BAD_FUNC_ARG; @@ -3868,6 +3994,7 @@ int CyaSSL_get_chain_cert_pem(X509_CHAIN* chain, int idx, /* get session ID */ const byte* CyaSSL_get_sessionID(const SSL_SESSION* session) { + CYASSL_ENTER("CyaSSL_get_sessionID"); return session->sessionID; }