From f8b106601b7f147749418bee36eca1bd06049fcb Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 31 Aug 2012 13:28:07 -0700 Subject: [PATCH 01/12] fix sniffer cipher suite tests with user override --- examples/client/client.c | 3 ++- examples/server/server.c | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 84aab662e..69cd0647a 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -263,9 +263,10 @@ void client_test(void* args) #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) /* don't use EDH, can't sniff tmp keys */ - if (cipherList == NULL) + if (cipherList == NULL) { if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) err_sys("can't set cipher list"); + } #endif #ifdef USER_CA_CB diff --git a/examples/server/server.c b/examples/server/server.c index a33a4efb9..e16f74b50 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -262,8 +262,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) /* don't use EDH, can't sniff tmp keys */ - if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) - err_sys("can't set cipher list"); + if (cipherList == NULL) { + if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) + err_sys("can't set cipher list"); + } #endif ssl = SSL_new(ctx); From 2bee12606279a9bb2d5e50427af522469050c44f Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 4 Sep 2012 10:48:26 -0700 Subject: [PATCH 02/12] clang scan-build fixes --- ctaocrypt/src/asn.c | 5 +++-- ctaocrypt/src/integer.c | 3 +++ ctaocrypt/src/pwdbased.c | 30 ++++++++++++++++++++++++++++++ ctaocrypt/src/rabbit.c | 16 ++++++++-------- cyassl/ctaocrypt/types.h | 2 +- src/internal.c | 16 ++++++++++------ src/keys.c | 1 - src/ssl.c | 8 +++++--- 8 files changed, 60 insertions(+), 21 deletions(-) diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 43eafea04..a9f7518a8 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -760,8 +760,8 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) { word32 inOutIdx = 0, oid; - int first, second, length, iterations, saltSz, id; - int version; + int first, second, length, version, saltSz, id; + int iterations = 0; byte salt[MAX_SALT_SIZE]; byte cbcIv[MAX_IV_SIZE]; @@ -1375,6 +1375,7 @@ static int GetName(DecodedCert* cert, int nameType) cert->srcIdx += 2; id = cert->source[cert->srcIdx++]; b = cert->source[cert->srcIdx++]; /* strType */ + (void)b; /* may want to validate? */ if (GetLength(cert->source, &cert->srcIdx, &strLen, cert->maxIdx) < 0) diff --git a/ctaocrypt/src/integer.c b/ctaocrypt/src/integer.c index 72f443ffc..3bf4e7545 100644 --- a/ctaocrypt/src/integer.c +++ b/ctaocrypt/src/integer.c @@ -116,6 +116,9 @@ mp_clear (mp_int * a) { int i; + if (a == NULL) + return; + /* only do anything if a hasn't been freed previously */ if (a->dp != NULL) { /* first zero the digits */ diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index d493bfa31..3b5e2d134 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -236,6 +236,16 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, mp_int B1; if (hashType == MD5) { + Md5 md5; + + InitMd5(&md5); + Md5Update(&md5, buffer, totalLen); + Md5Final(&md5, Ai); + + for (i = 1; i < iterations; i++) { + Md5Update(&md5, Ai, u); + Md5Final(&md5, Ai); + } } else if (hashType == SHA) { Sha sha; @@ -251,10 +261,30 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, } #ifndef NO_SHA256 else if (hashType == SHA256) { + Sha256 sha256; + + InitSha256(&sha256); + Sha256Update(&sha256, buffer, totalLen); + Sha256Final(&sha256, Ai); + + for (i = 1; i < iterations; i++) { + Sha256Update(&sha256, Ai, u); + Sha256Final(&sha256, Ai); + } } #endif #ifdef CYASSL_SHA512 else if (hashType == SHA512) { + Sha512 sha512; + + InitSha512(&sha512); + Sha512Update(&sha512, buffer, totalLen); + Sha512Final(&sha512, Ai); + + for (i = 1; i < iterations; i++) { + Sha512Update(&sha512, Ai, u); + Sha512Final(&sha512, Ai); + } } #endif diff --git a/ctaocrypt/src/rabbit.c b/ctaocrypt/src/rabbit.c index 79f5b3e92..008dffe2e 100644 --- a/ctaocrypt/src/rabbit.c +++ b/ctaocrypt/src/rabbit.c @@ -210,7 +210,7 @@ void RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen) U32V(ctx->workCtx.x[1]<<16)); /* Increment pointers and decrement length */ - input += 16; + input += 16; output += 16; msglen -= 16; } @@ -219,25 +219,25 @@ void RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen) if (msglen) { word32 i; - word32 tmp[4]; - byte* buffer = (byte*)tmp; + byte buffer[16]; /* Iterate the system */ RABBIT_next_state(&(ctx->workCtx)); /* Generate 16 bytes of pseudo-random data */ - tmp[0] = LITTLE32(ctx->workCtx.x[0] ^ + *(word32*)(buffer+ 0) = LITTLE32(ctx->workCtx.x[0] ^ (ctx->workCtx.x[5]>>16) ^ U32V(ctx->workCtx.x[3]<<16)); - tmp[1] = LITTLE32(ctx->workCtx.x[2] ^ + *(word32*)(buffer+ 4) = LITTLE32(ctx->workCtx.x[2] ^ (ctx->workCtx.x[7]>>16) ^ U32V(ctx->workCtx.x[5]<<16)); - tmp[2] = LITTLE32(ctx->workCtx.x[4] ^ + *(word32*)(buffer+ 8) = LITTLE32(ctx->workCtx.x[4] ^ (ctx->workCtx.x[1]>>16) ^ U32V(ctx->workCtx.x[7]<<16)); - tmp[3] = LITTLE32(ctx->workCtx.x[6] ^ + *(word32*)(buffer+12) = LITTLE32(ctx->workCtx.x[6] ^ (ctx->workCtx.x[3]>>16) ^ U32V(ctx->workCtx.x[1]<<16)); /* Encrypt/decrypt the data */ for (i=0; i - #define XMALLOC(s, h, t) CyaSSL_Malloc((s)) + #define XMALLOC(s, h, t) ((void)h, (void)t, CyaSSL_Malloc((s))) #define XFREE(p, h, t) {void* xp = (p); if((xp)) CyaSSL_Free((xp));} #define XREALLOC(p, n, h, t) CyaSSL_Realloc((p), (n)) #endif diff --git a/src/internal.c b/src/internal.c index 7ed29d6af..0b7a51ef6 100644 --- a/src/internal.c +++ b/src/internal.c @@ -449,7 +449,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK, (void)havePSK; (void)haveNTRU; (void)haveStaticECC; - (void)haveRSAsig; if (suites->setSuites) return; /* trust user settings, don't override */ @@ -457,8 +456,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK, if (side == SERVER_END && haveStaticECC) haveRSA = 0; /* can't do RSA with ECDSA key */ - if (side == SERVER_END && haveECDSAsig) - haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */ + if (side == SERVER_END && haveECDSAsig) { + haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */ + (void)haveRSAsig; /* non ecc builds won't read */ + } #ifdef CYASSL_DTLS if (pv.major == DTLS_MAJOR && pv.minor == DTLS_MINOR) @@ -3349,7 +3350,8 @@ int SendCertificate(CYASSL* ssl) if (ssl->buffers.certChain.buffer) { XMEMCPY(output + i, ssl->buffers.certChain.buffer, ssl->buffers.certChain.length); - i += ssl->buffers.certChain.length; + /* if add more to output adjust i + i += ssl->buffers.certChain.length; */ } } HashOutput(ssl, output, sendSz, 0); @@ -3418,7 +3420,8 @@ int SendCertificateRequest(CYASSL* ssl) } c16toa(0, &output[i]); /* auth's */ - i += REQ_HEADER_SZ; + /* if add more to output, adjust i + i += REQ_HEADER_SZ; */ HashOutput(ssl, output, sendSz, 0); @@ -5259,7 +5262,8 @@ int SetCipherList(Suites* s, const char* list) idx += 2; } XMEMCPY(output + idx, encSecret, encSz); - idx += encSz; + /* if add more to output, adjust idx + idx += encSz; */ HashOutput(ssl, output, sendSz, 0); diff --git a/src/keys.c b/src/keys.c index 0e4bc0474..c752e2cda 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1103,7 +1103,6 @@ int DeriveKeys(CYASSL* ssl) XMEMCPY(shaInput + idx, ssl->arrays.serverRandom, RAN_LEN); idx += RAN_LEN; XMEMCPY(shaInput + idx, ssl->arrays.clientRandom, RAN_LEN); - idx += RAN_LEN; ShaUpdate(&sha, shaInput, sizeof(shaInput) - KEY_PREFIX + j); ShaFinal(&sha, shaOutput); diff --git a/src/ssl.c b/src/ssl.c index 28c5f0cc4..5e938374c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -722,7 +722,6 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) (void)heap; (void)dynamicType; - (void)pkcs8Enc; if (type == CERT_TYPE || type == CA_TYPE) { XSTRNCPY(header, "-----BEGIN CERTIFICATE-----", sizeof(header)); @@ -759,8 +758,10 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) sizeof(footer)); headerEnd = XSTRNSTR((char*)buff, header, sz); - if (headerEnd) + if (headerEnd) { pkcs8Enc = 1; + (void)pkcs8Enc; /* only opensslextra will read */ + } } } if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be ecc */ @@ -936,7 +937,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) CYASSL_MSG("Growing Tmp Chain Buffer"); bufferSz = sz - consumed; /* will shrink to actual size */ chainBuffer = (byte*)XMALLOC(bufferSz, ctx->heap, - DYNAMIC_FILE_TYPE); + DYNAMIC_TYPE_FILE); if (chainBuffer == NULL) { XFREE(der.buffer, ctx->heap, dynamicType); return MEMORY_E; @@ -1386,6 +1387,7 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff, CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer"); der.buffer = NULL; + der.length = 0; if (format == SSL_FILETYPE_PEM) { EncryptedInfo info; From 1ba8aff525bdcdd1a776ef536429d0ec657b859e Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 4 Sep 2012 11:37:47 -0700 Subject: [PATCH 03/12] don't allow corrupted change cipher (fix by antoxa), don't allow multiple decryptions of corrupted messages --- cyassl/internal.h | 1 + src/internal.c | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 9d1224706..1142528db 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -965,6 +965,7 @@ typedef struct Keys { word32 encryptSz; /* last size of encrypted data */ byte encryptionOn; /* true after change cipher spec */ + byte decryptedCur; /* only decrypt current record once */ } Keys; diff --git a/src/internal.c b/src/internal.c index 0b7a51ef6..65c196015 100644 --- a/src/internal.c +++ b/src/internal.c @@ -926,6 +926,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->arrays.cookieSz = 0; #endif ssl->keys.encryptionOn = 0; /* initially off */ + ssl->keys.decryptedCur = 0; /* initially off */ ssl->options.sessionCacheOff = ctx->sessionCacheOff; ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff; @@ -1578,6 +1579,9 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, return UNKNOWN_RECORD_TYPE; } + /* haven't decrypted this record yet */ + ssl->keys.decryptedCur = 0; + return 0; } @@ -2508,7 +2512,9 @@ static int DecryptMessage(CYASSL* ssl, byte* input, word32 sz, word32* idx) if (decryptResult == 0) { - ssl->keys.encryptSz = sz; + ssl->keys.encryptSz = sz; + ssl->keys.decryptedCur = 1; + if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) *idx += ssl->specs.block_size; /* go past TLSv1.1 IV */ if (ssl->specs.cipher_type == aead) @@ -2852,7 +2858,7 @@ int ProcessReply(CYASSL* ssl) /* the record layer is here */ case runProcessingOneMessage: - if (ssl->keys.encryptionOn) + if (ssl->keys.encryptionOn && ssl->keys.decryptedCur == 0) if (DecryptMessage(ssl, ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, ssl->curSize, @@ -2896,6 +2902,11 @@ int ProcessReply(CYASSL* ssl) AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo); } #endif + + if (ssl->curSize != 1) { + CYASSL_MSG("Malicious or corrupted ChangeCipher msg"); + return LENGTH_ERROR; + } ssl->buffers.inputBuffer.idx++; ssl->keys.encryptionOn = 1; From b1e603ae6b0d9b45389821808e4de68bb330c61a Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 4 Sep 2012 15:47:40 -0700 Subject: [PATCH 04/12] opensslextra clang static fixes --- src/crl.c | 2 -- src/internal.c | 4 +--- src/ssl.c | 2 +- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/src/crl.c b/src/crl.c index 40759a4f1..681d0ee9a 100644 --- a/src/crl.c +++ b/src/crl.c @@ -123,7 +123,6 @@ int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert) { CRL_Entry* crle; int foundEntry = 0; - int revoked = 0; int ret = 0; CYASSL_ENTER("CheckCertCRL"); @@ -157,7 +156,6 @@ int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert) while (rc) { if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) { CYASSL_MSG("Cert revoked"); - revoked = 1; ret = CRL_CERT_REVOKED; break; } diff --git a/src/internal.c b/src/internal.c index 65c196015..92041b559 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5970,9 +5970,7 @@ int SetCipherList(Suites* s, const char* list) ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz, &rsaKey, &ssl->rng); FreeRsaKey(&rsaKey); - if (ret > 0) - ret = 0; /* reset on success */ - else + if (ret <= 0) return ret; } } diff --git a/src/ssl.c b/src/ssl.c index 5e938374c..2936e9089 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -870,7 +870,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) int passwordSz; char password[80]; - if (!info->ctx || !info->ctx->passwd_cb) + if (!info || !info->ctx || !info->ctx->passwd_cb) return SSL_BAD_FILE; /* no callback error */ passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0, info->ctx->userdata); From 6943229f8720fc78ae9f94a9999662a55ba0fc34 Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 4 Sep 2012 15:56:52 -0700 Subject: [PATCH 05/12] reduce client key exchange stack use in non NTRU mode --- cyassl/internal.h | 8 ++++++++ src/internal.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 1142528db..6bc38919a 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -474,6 +474,14 @@ enum Misc { }; +/* don't use extra 3/4k stack space unless need to */ +#ifdef HAVE_NTRU + #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ +#else + #define MAX_ENCRYPT_SZ ENCRYPT_LEN +#endif + + /* states */ enum states { NULL_STATE = 0, diff --git a/src/internal.c b/src/internal.c index 92041b559..d60257960 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5088,7 +5088,7 @@ int SetCipherList(Suites* s, const char* list) int SendClientKeyExchange(CYASSL* ssl) { - byte encSecret[MAX_NTRU_ENCRYPT_SZ]; + byte encSecret[MAX_ENCRYPT_SZ]; word32 encSz = 0; word32 idx = 0; int ret = 0; From 0ee22d8f947ef1a273edf47fa16a5d9737601726 Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 4 Sep 2012 16:03:45 -0700 Subject: [PATCH 06/12] don't use SSL Master Secret stack space in TLS mode --- src/keys.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/keys.c b/src/keys.c index c752e2cda..f9382b3d4 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1132,7 +1132,7 @@ static void CleanPreMaster(CYASSL* ssl) /* Create and store the master secret see page 32, 6.1 */ -int MakeMasterSecret(CYASSL* ssl) +static int MakeSslMasterSecret(CYASSL* ssl) { byte shaOutput[SHA_DIGEST_SIZE]; byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE]; @@ -1154,10 +1154,6 @@ int MakeMasterSecret(CYASSL* ssl) } #endif -#ifndef NO_TLS - if (ssl->options.tls) return MakeTlsMasterSecret(ssl); -#endif - InitMd5(&md5); InitSha(&sha); @@ -1205,3 +1201,14 @@ int MakeMasterSecret(CYASSL* ssl) return ret; } + +/* Master wrapper, doesn't use SSL stack space in TLS mode */ +int MakeMasterSecret(CYASSL* ssl) +{ +#ifndef NO_TLS + if (ssl->options.tls) return MakeTlsMasterSecret(ssl); +#endif + + return MakeSslMasterSecret(ssl); +} + From 982526ed13e46ca3dc0cf42c10e8f4de6a04efcc Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 4 Sep 2012 16:34:26 -0700 Subject: [PATCH 07/12] go straight to p_hash in TLS 1.2 to remove PRF stack use --- src/tls.c | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/src/tls.c b/src/tls.c index f5ef46007..18a2de9dc 100644 --- a/src/tls.c +++ b/src/tls.c @@ -120,9 +120,9 @@ static void p_hash(byte* result, word32 resLen, const byte* secret, /* compute TLSv1 PRF (pseudo random function using HMAC) */ -static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, +static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, const byte* label, word32 labLen, const byte* seed, word32 seedLen, - int useAtLeastSha256, int hash_type) + int hash_type) { word32 half = (secLen + 1) / 2; @@ -145,21 +145,39 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, XMEMCPY(labelSeed, label, labLen); XMEMCPY(labelSeed + labLen, seed, seedLen); + p_hash(md5_result, digLen, md5_half, half, labelSeed, labLen + seedLen, + md5_mac); + p_hash(sha_result, digLen, sha_half, half, labelSeed, labLen + seedLen, + sha_mac); + get_xor(digest, digLen, md5_result, sha_result); +} + + +/* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack + use */ +static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, + const byte* label, word32 labLen, const byte* seed, word32 seedLen, + int useAtLeastSha256, int hash_type) +{ if (useAtLeastSha256) { + byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ + + if (labLen + seedLen > MAX_PRF_LABSEED) + return; + + XMEMCPY(labelSeed, label, labLen); + XMEMCPY(labelSeed + labLen, seed, seedLen); + /* If a cipher suite wants an algorithm better than sha256, it * should use better. */ if (hash_type < sha256_mac) hash_type = sha256_mac; p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen, hash_type); - return; } - - p_hash(md5_result, digLen, md5_half, half, labelSeed, labLen + seedLen, - md5_mac); - p_hash(sha_result, digLen, sha_half, half, labelSeed, labLen + seedLen, - sha_mac); - get_xor(digest, digLen, md5_result, sha_result); + else + doPRF(digest, digLen, secret, secLen, label, labLen, seed, seedLen, + hash_type); } From 43a0a21fb661be6e7943ecbdd7a7c6cee1a17e27 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 5 Sep 2012 08:26:08 -0700 Subject: [PATCH 08/12] add GetOjbectSize for CYASSL* --- cyassl/ssl.h | 1 + src/ssl.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/cyassl/ssl.h b/cyassl/ssl.h index b86181380..e58c0c3a4 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -779,6 +779,7 @@ enum { CYASSL_CHAIN_CA = 2 /* added to cache from trusted chain */ }; +CYASSL_API int CyaSSL_GetObjectSize(void); /* object size based on build */ CYASSL_API int CyaSSL_SetVersion(CYASSL* ssl, int version); CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*, int, const char*); diff --git a/src/ssl.c b/src/ssl.c index 2936e9089..dba84f5f8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -209,6 +209,13 @@ int CyaSSL_negotiate(CYASSL* ssl) } +/* object size based on build */ +int CyaSSL_GetObjectSize(void) +{ + return sizeof(CYASSL); +} + + /* server Diffie-Hellman parameters */ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz, const unsigned char* g, int gSz) From 56960ef1cce0181531ab25007aedabcaffe8c6d1 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 5 Sep 2012 09:02:51 -0700 Subject: [PATCH 09/12] cyassl object size debug output --- src/ssl.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index dba84f5f8..9352d8192 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -212,6 +212,28 @@ int CyaSSL_negotiate(CYASSL* ssl) /* object size based on build */ int CyaSSL_GetObjectSize(void) { +#ifdef SHOW_SIZES + printf("sizeof suites = %d\n", sizeof(Suites)); + printf("sizeof ciphers(2) = %d\n", sizeof(Ciphers)); + printf("\tsizeof arc4 = %d\n", sizeof(Arc4)); + printf("\tsizeof aes = %d\n", sizeof(Aes)); + printf("\tsizeof des3 = %d\n", sizeof(Des3)); + printf("\tsizeof rabbit = %d\n", sizeof(Rabbitj)); + printf("sizeof cipher specs = %d\n", sizeof(CipherSpecs)); + printf("sizeof keys = %d\n", sizeof(Keys)); + printf("sizeof RNG = %d\n", sizeof(RNG)); + printf("sizeof MD5 = %d\n", sizeof(Md5)); + printf("sizeof SHA = %d\n", sizeof(Sha)); + printf("sizeof SHA256 = %d\n", sizeof(Sha256)); + printf("sizeof Hashes(2) = %d\n", sizeof(Hashes)); + printf("sizeof Buffers = %d\n", sizeof(Buffers)); + printf("sizeof Options = %d\n", sizeof(Options)); + printf("sizeof Arrays = %d\n", sizeof(Arrays)); + printf("sizeof Session = %d\n", sizeof(CYASSL_SESSION)); + printf("sizeof peerKey = %d\n", sizeof(RsaKey)); + printf("sizeof CYASSL_CIPHER = %d\n", sizeof(CYASSL_CIPHER)); +#endif + return sizeof(CYASSL); } From c47afaf84f7a459acab491635a4d1bec20af31f1 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 5 Sep 2012 10:17:48 -0700 Subject: [PATCH 10/12] make suites object dynamic, only use during handshake --- cyassl/ctaocrypt/types.h | 3 +- cyassl/error.h | 1 + cyassl/internal.h | 3 +- src/internal.c | 82 ++++++++++++++++++++++++++++++++-------- src/ssl.c | 20 +++++----- 5 files changed, 80 insertions(+), 29 deletions(-) diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index e8399f2f8..fe3c77400 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -215,7 +215,8 @@ enum { DYNAMIC_TYPE_CRL_MONITOR = 26, DYNAMIC_TYPE_OCSP_STATUS = 27, DYNAMIC_TYPE_OCSP_ENTRY = 28, - DYNAMIC_TYPE_ALTNAME = 29 + DYNAMIC_TYPE_ALTNAME = 29, + DYNAMIC_TYPE_SUITES = 30 }; /* stack protection */ diff --git a/cyassl/error.h b/cyassl/error.h index 82df03500..d9d35ff75 100644 --- a/cyassl/error.h +++ b/cyassl/error.h @@ -103,6 +103,7 @@ enum CyaSSL_ErrorCodes { MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */ COOKIE_ERROR = -269, /* dtls cookie error */ SEQUENCE_ERROR = -270, /* dtls sequence error */ + SUITES_ERROR = -271, /* suites pointer error */ /* add strings to SetErrorString !!!!! */ /* begin negotiation parameter errors */ diff --git a/cyassl/internal.h b/cyassl/internal.h index 6bc38919a..c7e9f2aab 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1211,7 +1211,7 @@ struct CYASSL { int error; ProtocolVersion version; /* negotiated version */ ProtocolVersion chVersion; /* client hello version */ - Suites suites; + Suites* suites; /* only need during handshake */ Ciphers encrypt; Ciphers decrypt; CipherSpecs specs; @@ -1444,6 +1444,7 @@ CYASSL_LOCAL int StoreKeys(CYASSL* ssl, const byte* keyData); CYASSL_LOCAL int IsTLS(const CYASSL* ssl); CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl); +CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl); CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree); CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl); CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash); diff --git a/src/internal.c b/src/internal.c index d60257960..35ff59f83 100644 --- a/src/internal.c +++ b/src/internal.c @@ -450,6 +450,11 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK, (void)haveNTRU; (void)haveStaticECC; + if (suites == NULL) { + CYASSL_MSG("InitSuites pointer error"); + return; + } + if (suites->setSuites) return; /* trust user settings, don't override */ @@ -815,7 +820,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->ctx = ctx; /* only for passing to calls, options could change */ ssl->version = ctx->method->version; - ssl->suites = ctx->suites; + ssl->suites = NULL; #ifdef HAVE_LIBZ ssl->didStreamInit = 0; @@ -1010,6 +1015,14 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) if ( (ret = InitRng(&ssl->rng)) != 0) return ret; + ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, + DYNAMIC_TYPE_SUITES); + if (ssl->suites == NULL) { + CYASSL_MSG("Suites Memory error"); + return MEMORY_E; + } + *ssl->suites = ctx->suites; + /* make sure server has cert and key unless using PSK */ if (ssl->options.side == SERVER_END && !havePSK) if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) { @@ -1019,11 +1032,11 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) /* make sure server has DH parms, and add PSK if there, add NTRU too */ if (ssl->options.side == SERVER_END) - InitSuites(&ssl->suites, ssl->version,ssl->options.haveDH, havePSK, + InitSuites(ssl->suites, ssl->version,ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveStaticECC, ssl->options.side); else - InitSuites(&ssl->suites, ssl->version, TRUE, havePSK, + InitSuites(ssl->suites, ssl->version, TRUE, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveStaticECC, ssl->options.side); @@ -1034,6 +1047,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) /* In case holding SSL object in array and don't want to free actual ssl */ void SSL_ResourceFree(CYASSL* ssl) { + XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH); XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH); /* parameters (p,g) may be owned by ctx */ @@ -1078,6 +1092,17 @@ void SSL_ResourceFree(CYASSL* ssl) } +/* Free any handshake resources no longer needed */ +void FreeHandshakeResources(CYASSL* ssl) +{ + if (ssl->buffers.inputBuffer.dynamicFlag) + ShrinkInputBuffer(ssl, NO_FORCED_FREE); + + XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); + ssl->suites = NULL; +} + + void FreeSSL(CYASSL* ssl) { FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */ @@ -3959,6 +3984,10 @@ void SetErrorString(int error, char* str) XSTRNCPY(str, "DTLS Sequence Error", max); break; + case SUITES_ERROR: + XSTRNCPY(str, "Suites Pointer Error", max); + break; + default : XSTRNCPY(str, "unknown error number", max); } @@ -4380,6 +4409,11 @@ int SetCipherList(Suites* s, const char* list) const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]); int idx = 0; + if (s == NULL) { + CYASSL_MSG("SetCipherList suite pointer error"); + return 0; + } + if (!list) return 0; @@ -4579,9 +4613,14 @@ int SetCipherList(Suites* s, const char* list) int idSz = ssl->options.resuming ? ID_LEN : 0; int ret; + if (ssl->suites == NULL) { + CYASSL_MSG("Bad suites pointer in SendClientHello"); + return SUITES_ERROR; + } + length = sizeof(ProtocolVersion) + RAN_LEN + idSz + ENUM_LEN - + ssl->suites.suiteSz + SUITE_LEN + + ssl->suites->suiteSz + SUITE_LEN + COMP_LEN + ENUM_LEN; if (IsAtLeastTLSv1_2(ssl)) @@ -4647,10 +4686,10 @@ int SetCipherList(Suites* s, const char* list) } #endif /* then cipher suites */ - c16toa(ssl->suites.suiteSz, output + idx); + c16toa(ssl->suites->suiteSz, output + idx); idx += 2; - XMEMCPY(output + idx, &ssl->suites.suites, ssl->suites.suiteSz); - idx += ssl->suites.suiteSz; + XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz); + idx += ssl->suites->suiteSz; /* last, compression */ output[idx++] = COMP_LEN; @@ -6301,11 +6340,19 @@ int SetCipherList(Suites* s, const char* list) { int haveRSA = !ssl->options.haveStaticECC; int havePSK = 0; - byte first = ssl->suites.suites[idx]; - byte second = ssl->suites.suites[idx+1]; + byte first; + byte second; CYASSL_ENTER("VerifySuite"); + if (ssl->suites == NULL) { + CYASSL_MSG("Suites pointer error"); + return 0; + } + + first = ssl->suites->suites[idx]; + second = ssl->suites->suites[idx+1]; + #ifndef NO_PSK havePSK = ssl->options.havePSK; #endif @@ -6385,16 +6432,19 @@ int SetCipherList(Suites* s, const char* list) if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1) return MATCH_SUITE_ERROR; + if (ssl->suites == NULL) + return SUITES_ERROR; + /* start with best, if a match we are good */ - for (i = 0; i < ssl->suites.suiteSz; i += 2) + for (i = 0; i < ssl->suites->suiteSz; i += 2) for (j = 0; j < peerSuites->suiteSz; j += 2) - if (ssl->suites.suites[i] == peerSuites->suites[j] && - ssl->suites.suites[i+1] == peerSuites->suites[j+1] ) { + if (ssl->suites->suites[i] == peerSuites->suites[j] && + ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) { if (VerifySuite(ssl, i)) { CYASSL_MSG("Verified suite validity"); - ssl->options.cipherSuite0 = ssl->suites.suites[i]; - ssl->options.cipherSuite = ssl->suites.suites[i+1]; + ssl->options.cipherSuite0 = ssl->suites->suites[i]; + ssl->options.cipherSuite = ssl->suites->suites[i+1]; return SetCipherSpecs(ssl); } else { @@ -6469,7 +6519,7 @@ int SetCipherList(Suites* s, const char* list) havePSK = ssl->options.havePSK; #endif - InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, + InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveStaticECC, ssl->options.side); } @@ -6600,7 +6650,7 @@ int SetCipherList(Suites* s, const char* list) #ifndef NO_PSK havePSK = ssl->options.havePSK; #endif - InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, + InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveStaticECC, ssl->options.side); } diff --git a/src/ssl.c b/src/ssl.c index 9352d8192..144d6215b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -278,7 +278,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz, #ifndef NO_PSK havePSK = ssl->options.havePSK; #endif - InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, + InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveStaticECC, ssl->options.side); @@ -564,7 +564,7 @@ int CyaSSL_SetVersion(CYASSL* ssl, int version) havePSK = ssl->options.havePSK; #endif - InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, + InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveStaticECC, ssl->options.side); @@ -2188,14 +2188,14 @@ int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list) int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) { CYASSL_ENTER("CyaSSL_set_cipher_list"); - if (SetCipherList(&ssl->suites, list)) { + if (SetCipherList(ssl->suites, list)) { byte havePSK = 0; #ifndef NO_PSK havePSK = ssl->options.havePSK; #endif - InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, + InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveStaticECC, ssl->options.side); @@ -2414,8 +2414,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) CYASSL_MSG("connect state: SECOND_REPLY_DONE"); case SECOND_REPLY_DONE: - if (ssl->buffers.inputBuffer.dynamicFlag) - ShrinkInputBuffer(ssl, NO_FORCED_FREE); + FreeHandshakeResources(ssl); CYASSL_LEAVE("SSL_connect()", SSL_SUCCESS); return SSL_SUCCESS; @@ -2651,8 +2650,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) CYASSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE"); case ACCEPT_THIRD_REPLY_DONE : - if (ssl->buffers.inputBuffer.dynamicFlag) - ShrinkInputBuffer(ssl, NO_FORCED_FREE); + FreeHandshakeResources(ssl); CYASSL_LEAVE("SSL_accept()", SSL_SUCCESS); return SSL_SUCCESS; @@ -3222,7 +3220,7 @@ int CyaSSL_set_compression(CYASSL* ssl) ssl->options.havePSK = 1; ssl->options.client_psk_cb = cb; - InitSuites(&ssl->suites, ssl->version,TRUE,TRUE, ssl->options.haveNTRU, + InitSuites(ssl->suites, ssl->version,TRUE,TRUE, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveStaticECC, ssl->options.side); } @@ -3243,7 +3241,7 @@ int CyaSSL_set_compression(CYASSL* ssl) ssl->options.havePSK = 1; ssl->options.server_psk_cb = cb; - InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, TRUE, + InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, TRUE, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveStaticECC, ssl->options.side); } @@ -3468,7 +3466,7 @@ int CyaSSL_set_compression(CYASSL* ssl) #ifndef NO_PSK havePSK = ssl->options.havePSK; #endif - InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, + InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveStaticECC, ssl->options.side); } From 9ddf43268d71f3d0fc70956998b82cf71fa555c0 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 5 Sep 2012 12:30:51 -0700 Subject: [PATCH 11/12] use dynamic memory for ssl ciphers, only use what needed --- cyassl/ctaocrypt/types.h | 3 +- cyassl/internal.h | 16 +++--- cyassl/sniffer_error.h | 1 + cyassl/sniffer_error.rc | 1 + src/internal.c | 88 +++++++++++++++++++++++++------- src/keys.c | 105 +++++++++++++++++++++++++-------------- src/sniffer.c | 26 ++++++---- src/tls.c | 6 +-- 8 files changed, 172 insertions(+), 74 deletions(-) diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index fe3c77400..9384d01b0 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -216,7 +216,8 @@ enum { DYNAMIC_TYPE_OCSP_STATUS = 27, DYNAMIC_TYPE_OCSP_ENTRY = 28, DYNAMIC_TYPE_ALTNAME = 29, - DYNAMIC_TYPE_SUITES = 30 + DYNAMIC_TYPE_SUITES = 30, + DYNAMIC_TYPE_CIPHER = 31 }; /* stack protection */ diff --git a/cyassl/internal.h b/cyassl/internal.h index c7e9f2aab..df771684c 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -978,25 +978,29 @@ typedef struct Keys { /* cipher for now */ -typedef union { +typedef struct Ciphers { #ifdef BUILD_ARC4 - Arc4 arc4; + Arc4* arc4; #endif #ifdef BUILD_DES3 - Des3 des3; + Des3* des3; #endif #ifdef BUILD_AES - Aes aes; + Aes* aes; #endif #ifdef HAVE_HC128 - HC128 hc128; + HC128* hc128; #endif #ifdef BUILD_RABBIT - Rabbit rabbit; + Rabbit* rabbit; #endif } Ciphers; +CYASSL_LOCAL void InitCiphers(CYASSL* ssl); +CYASSL_LOCAL void FreeCiphers(CYASSL* ssl); + + /* hashes type */ typedef struct Hashes { byte md5[MD5_DIGEST_SIZE]; diff --git a/cyassl/sniffer_error.h b/cyassl/sniffer_error.h index 4882c7dd8..e6883f2dd 100644 --- a/cyassl/sniffer_error.h +++ b/cyassl/sniffer_error.h @@ -99,6 +99,7 @@ #define BAD_DECRYPT_TYPE 65 #define BAD_FINISHED_MSG 66 #define BAD_COMPRESSION_STR 67 +#define BAD_DERIVE_STR 68 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ diff --git a/cyassl/sniffer_error.rc b/cyassl/sniffer_error.rc index f4af8ee5b..307efbf29 100644 --- a/cyassl/sniffer_error.rc +++ b/cyassl/sniffer_error.rc @@ -81,5 +81,6 @@ STRINGTABLE 66, "Bad Finished Message Processing" 67, "Bad Compression Type" + 68, "Bad DeriveKeys Error" } diff --git a/src/internal.c b/src/internal.c index 35ff59f83..25dea7056 100644 --- a/src/internal.c +++ b/src/internal.c @@ -434,7 +434,59 @@ void FreeSSL_Ctx(CYASSL_CTX* ctx) } } - + +/* Set cipher pointers to null */ +void InitCiphers(CYASSL* ssl) +{ +#ifdef BUILD_ARC4 + ssl->encrypt.arc4 = NULL; + ssl->decrypt.arc4 = NULL; +#endif +#ifdef BUILD_DES3 + ssl->encrypt.des3 = NULL; + ssl->decrypt.des3 = NULL; +#endif +#ifdef BUILD_AES + ssl->encrypt.aes = NULL; + ssl->decrypt.aes = NULL; +#endif +#ifdef HAVE_HC128 + ssl->encrypt.hc128 = NULL; + ssl->decrypt.hc128 = NULL; +#endif +#ifdef BUILD_RABBIT + ssl->encrypt.rabbit = NULL; + ssl->decrypt.rabbit = NULL; +#endif +} + + +/* Free ciphers */ +void FreeCiphers(CYASSL* ssl) +{ +#ifdef BUILD_ARC4 + XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); +#endif +#ifdef BUILD_DES3 + XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); +#endif +#ifdef BUILD_AES + XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); +#endif +#ifdef HAVE_HC128 + XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER); +#endif +#ifdef BUILD_RABBIT + XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER); +#endif +} + + void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK, byte haveNTRU, byte haveECDSAsig, byte haveStaticECC, int side) { @@ -1002,6 +1054,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->arrays.server_hint[0] = 0; #endif /* NO_PSK */ + InitCiphers(ssl); /* all done with init, now can return errors, call other stuff */ /* increment CTX reference count */ @@ -1047,6 +1100,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) /* In case holding SSL object in array and don't want to free actual ssl */ void SSL_ResourceFree(CYASSL* ssl) { + FreeCiphers(ssl); XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH); XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH); @@ -2387,13 +2441,13 @@ static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 case rc4: - Arc4Process(&ssl->encrypt.arc4, out, input, sz); + Arc4Process(ssl->encrypt.arc4, out, input, sz); break; #endif #ifdef BUILD_DES3 case triple_des: - Des3_CbcEncrypt(&ssl->encrypt.des3, out, input, sz); + Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz); break; #endif @@ -2403,12 +2457,12 @@ static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) if ((word)input % 16) { byte buffer[MAX_RECORD_SIZE + MAX_COMP_EXTRA+MAX_MSG_EXTRA]; XMEMCPY(buffer, input, sz); - AesCbcEncrypt(&ssl->encrypt.aes, buffer, buffer, sz); + AesCbcEncrypt(ssl->encrypt.aes, buffer, buffer, sz); XMEMCPY(out, buffer, sz); break; } #endif - AesCbcEncrypt(&ssl->encrypt.aes, out, input, sz); + AesCbcEncrypt(ssl->encrypt.aes, out, input, sz); break; #endif @@ -2431,25 +2485,25 @@ static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) * IV length minus the authentication tag size. */ c16toa(sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ, additional + AEAD_LEN_OFFSET); - AesGcmEncrypt(&ssl->encrypt.aes, + AesGcmEncrypt(ssl->encrypt.aes, out + AES_GCM_EXP_IV_SZ, input + AES_GCM_EXP_IV_SZ, sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ, out + sz - AEAD_AUTH_TAG_SZ, AEAD_AUTH_TAG_SZ, additional, AEAD_AUTH_DATA_SZ); - AesGcmIncExpIV(&ssl->encrypt.aes); + AesGcmIncExpIV(ssl->encrypt.aes); } break; #endif #ifdef HAVE_HC128 case hc128: - Hc128_Process(&ssl->encrypt.hc128, out, input, sz); + Hc128_Process(ssl->encrypt.hc128, out, input, sz); break; #endif #ifdef BUILD_RABBIT case rabbit: - RabbitProcess(&ssl->encrypt.rabbit, out, input, sz); + RabbitProcess(ssl->encrypt.rabbit, out, input, sz); break; #endif @@ -2465,19 +2519,19 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 case rc4: - Arc4Process(&ssl->decrypt.arc4, plain, input, sz); + Arc4Process(ssl->decrypt.arc4, plain, input, sz); break; #endif #ifdef BUILD_DES3 case triple_des: - Des3_CbcDecrypt(&ssl->decrypt.des3, plain, input, sz); + Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz); break; #endif #ifdef BUILD_AES case aes: - AesCbcDecrypt(&ssl->decrypt.aes, plain, input, sz); + AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz); break; #endif @@ -2486,7 +2540,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, { byte additional[AES_BLOCK_SIZE]; - AesGcmSetExpIV(&ssl->decrypt.aes, input); + AesGcmSetExpIV(ssl->decrypt.aes, input); XMEMSET(additional, 0, AES_BLOCK_SIZE); /* sequence number field is 64-bits, we only use 32-bits */ @@ -2498,7 +2552,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, c16toa(sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ, additional + AEAD_LEN_OFFSET); - if (AesGcmDecrypt(&ssl->decrypt.aes, + if (AesGcmDecrypt(ssl->decrypt.aes, plain + AES_GCM_EXP_IV_SZ, input + AES_GCM_EXP_IV_SZ, sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ, @@ -2513,13 +2567,13 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, #ifdef HAVE_HC128 case hc128: - Hc128_Process(&ssl->decrypt.hc128, plain, input, sz); + Hc128_Process(ssl->decrypt.hc128, plain, input, sz); break; #endif #ifdef BUILD_RABBIT case rabbit: - RabbitProcess(&ssl->decrypt.rabbit, plain, input, sz); + RabbitProcess(ssl->decrypt.rabbit, plain, input, sz); break; #endif @@ -3227,7 +3281,7 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, if (ssl->specs.cipher_type == aead) { ivSz = AES_GCM_EXP_IV_SZ; sz += (ivSz + 16 - digestSz); - AesGcmGetExpIV(&ssl->encrypt.aes, iv); + AesGcmGetExpIV(ssl->encrypt.aes, iv); } #endif size = (word16)(sz - headerSz); /* include mac and digest */ diff --git a/src/keys.c b/src/keys.c index f9382b3d4..a896bd8f3 100644 --- a/src/keys.c +++ b/src/keys.c @@ -918,34 +918,46 @@ static int SetPrefix(byte* sha_input, int idx) static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, - byte side) + byte side, void* heap, RNG* rng) { #ifdef BUILD_ARC4 word32 sz = specs->key_size; if (specs->bulk_cipher_algorithm == rc4) { + enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); + if (enc->arc4 == NULL) + return MEMORY_E; + dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); + if (dec->arc4 == NULL) + return MEMORY_E; if (side == CLIENT_END) { - Arc4SetKey(&enc->arc4, keys->client_write_key, sz); - Arc4SetKey(&dec->arc4, keys->server_write_key, sz); + Arc4SetKey(enc->arc4, keys->client_write_key, sz); + Arc4SetKey(dec->arc4, keys->server_write_key, sz); } else { - Arc4SetKey(&enc->arc4, keys->server_write_key, sz); - Arc4SetKey(&dec->arc4, keys->client_write_key, sz); + Arc4SetKey(enc->arc4, keys->server_write_key, sz); + Arc4SetKey(dec->arc4, keys->client_write_key, sz); } } #endif #ifdef HAVE_HC128 if (specs->bulk_cipher_algorithm == hc128) { + enc->hc128 = (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER); + if (enc->hc128 == NULL) + return MEMORY_E; + dec->hc128 = (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER); + if (dec->hc128 == NULL) + return MEMORY_E; if (side == CLIENT_END) { - Hc128_SetKey(&enc->hc128, keys->client_write_key, + Hc128_SetKey(enc->hc128, keys->client_write_key, keys->client_write_IV); - Hc128_SetKey(&dec->hc128, keys->server_write_key, + Hc128_SetKey(dec->hc128, keys->server_write_key, keys->server_write_IV); } else { - Hc128_SetKey(&enc->hc128, keys->server_write_key, + Hc128_SetKey(enc->hc128, keys->server_write_key, keys->server_write_IV); - Hc128_SetKey(&dec->hc128, keys->client_write_key, + Hc128_SetKey(dec->hc128, keys->client_write_key, keys->client_write_IV); } } @@ -953,16 +965,22 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #ifdef BUILD_RABBIT if (specs->bulk_cipher_algorithm == rabbit) { + enc->rabbit = (Rabbit*)XMALLOC(sizeof(Rabbit),heap,DYNAMIC_TYPE_CIPHER); + if (enc->rabbit == NULL) + return MEMORY_E; + dec->rabbit = (Rabbit*)XMALLOC(sizeof(Rabbit),heap,DYNAMIC_TYPE_CIPHER); + if (dec->rabbit == NULL) + return MEMORY_E; if (side == CLIENT_END) { - RabbitSetKey(&enc->rabbit, keys->client_write_key, + RabbitSetKey(enc->rabbit, keys->client_write_key, keys->client_write_IV); - RabbitSetKey(&dec->rabbit, keys->server_write_key, + RabbitSetKey(dec->rabbit, keys->server_write_key, keys->server_write_IV); } else { - RabbitSetKey(&enc->rabbit, keys->server_write_key, + RabbitSetKey(enc->rabbit, keys->server_write_key, keys->server_write_IV); - RabbitSetKey(&dec->rabbit, keys->client_write_key, + RabbitSetKey(dec->rabbit, keys->client_write_key, keys->client_write_IV); } } @@ -970,16 +988,22 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #ifdef BUILD_DES3 if (specs->bulk_cipher_algorithm == triple_des) { + enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); + if (enc->des3 == NULL) + return MEMORY_E; + dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); + if (dec->des3 == NULL) + return MEMORY_E; if (side == CLIENT_END) { - Des3_SetKey(&enc->des3, keys->client_write_key, + Des3_SetKey(enc->des3, keys->client_write_key, keys->client_write_IV, DES_ENCRYPTION); - Des3_SetKey(&dec->des3, keys->server_write_key, + Des3_SetKey(dec->des3, keys->server_write_key, keys->server_write_IV, DES_DECRYPTION); } else { - Des3_SetKey(&enc->des3, keys->server_write_key, + Des3_SetKey(enc->des3, keys->server_write_key, keys->server_write_IV, DES_ENCRYPTION); - Des3_SetKey(&dec->des3, keys->client_write_key, + Des3_SetKey(dec->des3, keys->client_write_key, keys->client_write_IV, DES_DECRYPTION); } } @@ -987,19 +1011,25 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #ifdef BUILD_AES if (specs->bulk_cipher_algorithm == aes) { + enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); + if (enc->aes == NULL) + return MEMORY_E; + dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); + if (dec->aes == NULL) + return MEMORY_E; if (side == CLIENT_END) { - AesSetKey(&enc->aes, keys->client_write_key, + AesSetKey(enc->aes, keys->client_write_key, specs->key_size, keys->client_write_IV, AES_ENCRYPTION); - AesSetKey(&dec->aes, keys->server_write_key, + AesSetKey(dec->aes, keys->server_write_key, specs->key_size, keys->server_write_IV, AES_DECRYPTION); } else { - AesSetKey(&enc->aes, keys->server_write_key, + AesSetKey(enc->aes, keys->server_write_key, specs->key_size, keys->server_write_IV, AES_ENCRYPTION); - AesSetKey(&dec->aes, keys->client_write_key, + AesSetKey(dec->aes, keys->client_write_key, specs->key_size, keys->client_write_IV, AES_DECRYPTION); } @@ -1008,16 +1038,28 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #ifdef BUILD_AESGCM if (specs->bulk_cipher_algorithm == aes_gcm) { + byte iv[AES_GCM_EXP_IV_SZ]; + enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); + if (enc->aes == NULL) + return MEMORY_E; + dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); + if (dec->aes == NULL) + return MEMORY_E; + + /* Initialize the AES-GCM explicit IV to a random number. */ + RNG_GenerateBlock(rng, iv, sizeof(iv)); + AesGcmSetExpIV(enc->aes, iv); + if (side == CLIENT_END) { - AesGcmSetKey(&enc->aes, keys->client_write_key, specs->key_size, + AesGcmSetKey(enc->aes, keys->client_write_key, specs->key_size, keys->client_write_IV); - AesGcmSetKey(&dec->aes, keys->server_write_key, specs->key_size, + AesGcmSetKey(dec->aes, keys->server_write_key, specs->key_size, keys->server_write_IV); } else { - AesGcmSetKey(&enc->aes, keys->server_write_key, specs->key_size, + AesGcmSetKey(enc->aes, keys->server_write_key, specs->key_size, keys->server_write_IV); - AesGcmSetKey(&dec->aes, keys->client_write_key, specs->key_size, + AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size, keys->client_write_IV); } } @@ -1026,6 +1068,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, keys->sequence_number = 0; keys->peer_sequence_number = 0; keys->encryptionOn = 0; + (void)rng; return 0; } @@ -1043,16 +1086,6 @@ int StoreKeys(CYASSL* ssl, const byte* keyData) XMEMCPY(ssl->keys.server_write_MAC_secret,&keyData[i], sz); i += sz; } -#ifdef BUILD_AESGCM - else if (ssl->specs.bulk_cipher_algorithm == aes_gcm) { - byte iv[AES_GCM_EXP_IV_SZ]; - - /* Initialize the AES-GCM explicit IV to a random number. */ - RNG_GenerateBlock(&ssl->rng, iv, sizeof(iv)); - AesGcmSetExpIV(&ssl->encrypt.aes, iv); - } -#endif - sz = ssl->specs.key_size; XMEMCPY(ssl->keys.client_write_key, &keyData[i], sz); i += sz; @@ -1065,7 +1098,7 @@ int StoreKeys(CYASSL* ssl, const byte* keyData) XMEMCPY(ssl->keys.server_write_IV, &keyData[i], sz); return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs, - ssl->options.side); + ssl->options.side, ssl->heap, &ssl->rng); } diff --git a/src/sniffer.c b/src/sniffer.c index 037d52896..abeeb4dc4 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -217,7 +217,8 @@ static const char* const msgTable[] = /* 66 */ "Bad Finished Message Processing", - "Bad Compression Type" + "Bad Compression Type", + "Bad DeriveKeys Error" }; @@ -1205,6 +1206,7 @@ static int ProcessServerHello(const byte* input, int* sslBytes, } if (doResume ) { + int ret = 0; SSL_SESSION* resume = GetSession(session->sslServer, session->sslServer->arrays.masterSecret); if (resume == NULL) { @@ -1228,12 +1230,16 @@ static int ProcessServerHello(const byte* input, int* sslBytes, } if (session->sslServer->options.tls) { - DeriveTlsKeys(session->sslServer); - DeriveTlsKeys(session->sslClient); + ret = DeriveTlsKeys(session->sslServer); + ret += DeriveTlsKeys(session->sslClient); } else { - DeriveKeys(session->sslServer); - DeriveKeys(session->sslClient); + ret = DeriveKeys(session->sslServer); + ret += DeriveKeys(session->sslClient); + } + if (ret != 0) { + SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE); + return -1; } } #ifdef SHOW_SECRETS @@ -1517,31 +1523,31 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 case rc4: - Arc4Process(&ssl->decrypt.arc4, output, input, sz); + Arc4Process(ssl->decrypt.arc4, output, input, sz); break; #endif #ifdef BUILD_DES3 case triple_des: - Des3_CbcDecrypt(&ssl->decrypt.des3, output, input, sz); + Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz); break; #endif #ifdef BUILD_AES case aes: - AesCbcDecrypt(&ssl->decrypt.aes, output, input, sz); + AesCbcDecrypt(ssl->decrypt.aes, output, input, sz); break; #endif #ifdef HAVE_HC128 case hc128: - Hc128_Process(&ssl->decrypt.hc128, output, input, sz); + Hc128_Process(ssl->decrypt.hc128, output, input, sz); break; #endif #ifdef BUILD_RABBIT case rabbit: - RabbitProcess(&ssl->decrypt.rabbit, output, input, sz); + RabbitProcess(ssl->decrypt.rabbit, output, input, sz); break; #endif diff --git a/src/tls.c b/src/tls.c index 18a2de9dc..4904a9157 100644 --- a/src/tls.c +++ b/src/tls.c @@ -121,8 +121,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret, /* compute TLSv1 PRF (pseudo random function using HMAC) */ static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, - const byte* label, word32 labLen, const byte* seed, word32 seedLen, - int hash_type) + const byte* label, word32 labLen, const byte* seed, word32 seedLen) { word32 half = (secLen + 1) / 2; @@ -176,8 +175,7 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, hash_type); } else - doPRF(digest, digLen, secret, secLen, label, labLen, seed, seedLen, - hash_type); + doPRF(digest, digLen, secret, secLen, label, labLen, seed, seedLen); } From 8c32a5a2eda197e4818cda1eab9d27cf94b2c242 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 5 Sep 2012 16:18:29 -0700 Subject: [PATCH 12/12] make RNG in ssl dynamic, release after hs if stream or < tls1.1 --- cyassl/ctaocrypt/types.h | 3 ++- cyassl/internal.h | 2 +- src/internal.c | 52 ++++++++++++++++++++++++++-------------- src/keys.c | 4 ++-- src/ssl.c | 39 +++++++++++++++--------------- 5 files changed, 58 insertions(+), 42 deletions(-) diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 9384d01b0..4a5f66694 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -217,7 +217,8 @@ enum { DYNAMIC_TYPE_OCSP_ENTRY = 28, DYNAMIC_TYPE_ALTNAME = 29, DYNAMIC_TYPE_SUITES = 30, - DYNAMIC_TYPE_CIPHER = 31 + DYNAMIC_TYPE_CIPHER = 31, + DYNAMIC_TYPE_RNG = 32 }; /* stack protection */ diff --git a/cyassl/internal.h b/cyassl/internal.h index df771684c..6b8284e0c 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1226,7 +1226,7 @@ struct CYASSL { CYASSL_BIO* biowr; /* socket bio write to free/close */ void* IOCB_ReadCtx; void* IOCB_WriteCtx; - RNG rng; + RNG* rng; Md5 hashMd5; /* md5 hash of handshake msgs */ Sha hashSha; /* sha hash of handshake msgs */ #ifndef NO_SHA256 diff --git a/src/internal.c b/src/internal.c index 25dea7056..0f47f0be8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1054,6 +1054,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->arrays.server_hint[0] = 0; #endif /* NO_PSK */ + ssl->rng = NULL; InitCiphers(ssl); /* all done with init, now can return errors, call other stuff */ @@ -1065,7 +1066,13 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ctx->refCount++; UnLockMutex(&ctx->countMutex); - if ( (ret = InitRng(&ssl->rng)) != 0) + ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG); + if (ssl->rng == NULL) { + CYASSL_MSG("RNG Memory error"); + return MEMORY_E; + } + + if ( (ret = InitRng(ssl->rng)) != 0) return ret; ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, @@ -1101,6 +1108,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) void SSL_ResourceFree(CYASSL* ssl) { FreeCiphers(ssl); + XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH); XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH); @@ -1149,11 +1157,19 @@ void SSL_ResourceFree(CYASSL* ssl) /* Free any handshake resources no longer needed */ void FreeHandshakeResources(CYASSL* ssl) { + /* input buffer */ if (ssl->buffers.inputBuffer.dynamicFlag) ShrinkInputBuffer(ssl, NO_FORCED_FREE); + /* suites */ XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); ssl->suites = NULL; + + /* RNG */ + if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) { + XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); + ssl->rng = NULL; + } } @@ -3269,7 +3285,7 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, if (ssl->options.tls1_1) { ivSz = blockSz; sz += ivSz; - RNG_GenerateBlock(&ssl->rng, iv, ivSz); + RNG_GenerateBlock(ssl->rng, iv, ivSz); } sz += 1; /* pad byte */ pad = (sz - headerSz) % blockSz; @@ -4708,7 +4724,7 @@ int SetCipherList(Suites* s, const char* list) /* then random */ if (ssl->options.connectState == CONNECT_BEGIN) { - RNG_GenerateBlock(&ssl->rng, output + idx, RAN_LEN); + RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN); /* store random */ XMEMCPY(ssl->arrays.clientRandom, output + idx, RAN_LEN); @@ -5187,7 +5203,7 @@ int SetCipherList(Suites* s, const char* list) int ret = 0; if (ssl->specs.kea == rsa_kea) { - RNG_GenerateBlock(&ssl->rng, ssl->arrays.preMasterSecret, + RNG_GenerateBlock(ssl->rng, ssl->arrays.preMasterSecret, SECRET_LEN); ssl->arrays.preMasterSecret[0] = ssl->chVersion.major; ssl->arrays.preMasterSecret[1] = ssl->chVersion.minor; @@ -5198,7 +5214,7 @@ int SetCipherList(Suites* s, const char* list) ret = RsaPublicEncrypt(ssl->arrays.preMasterSecret, SECRET_LEN, encSecret, sizeof(encSecret), &ssl->peerRsaKey, - &ssl->rng); + ssl->rng); if (ret > 0) { encSz = ret; ret = 0; /* set success to 0 */ @@ -5221,7 +5237,7 @@ int SetCipherList(Suites* s, const char* list) serverG.buffer, serverG.length); if (ret == 0) /* for DH, encSecret is Yc, agree is pre-master */ - ret = DhGenerateKeyPair(&key, &ssl->rng, priv, &privSz, + ret = DhGenerateKeyPair(&key, ssl->rng, priv, &privSz, encSecret, &encSz); if (ret == 0) ret = DhAgree(&key, ssl->arrays.preMasterSecret, @@ -5263,7 +5279,7 @@ int SetCipherList(Suites* s, const char* list) 'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U' }; - RNG_GenerateBlock(&ssl->rng, ssl->arrays.preMasterSecret, + RNG_GenerateBlock(ssl->rng, ssl->arrays.preMasterSecret, SECRET_LEN); ssl->arrays.preMasterSz = SECRET_LEN; @@ -5305,7 +5321,7 @@ int SetCipherList(Suites* s, const char* list) } ecc_init(&myKey); - ret = ecc_make_key(&ssl->rng, peerKey->dp->size, &myKey); + ret = ecc_make_key(ssl->rng, peerKey->dp->size, &myKey); if (ret != 0) return ECC_MAKEKEY_ERROR; @@ -5472,7 +5488,7 @@ int SetCipherList(Suites* s, const char* list) word32 localSz = sigOutSz; ret = ecc_sign_hash(signBuffer + MD5_DIGEST_SIZE, SHA_DIGEST_SIZE, verify + extraSz + VERIFY_HEADER, - &localSz, &ssl->rng, &eccKey); + &localSz, ssl->rng, &eccKey); #endif } else { @@ -5491,7 +5507,7 @@ int SetCipherList(Suites* s, const char* list) } ret = RsaSSL_Sign(signBuffer, signSz, verify + extraSz + - VERIFY_HEADER, ENCRYPT_LEN, &key, &ssl->rng); + VERIFY_HEADER, ENCRYPT_LEN, &key, ssl->rng); if (ret > 0) ret = 0; /* RSA reset */ @@ -5577,7 +5593,7 @@ int SetCipherList(Suites* s, const char* list) /* then random */ if (!ssl->options.resuming) - RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN); + RNG_GenerateBlock(ssl->rng, ssl->arrays.serverRandom, RAN_LEN); XMEMCPY(output + idx, ssl->arrays.serverRandom, RAN_LEN); idx += RAN_LEN; @@ -5593,7 +5609,7 @@ int SetCipherList(Suites* s, const char* list) /* then session id */ output[idx++] = ID_LEN; if (!ssl->options.resuming) - RNG_GenerateBlock(&ssl->rng, ssl->arrays.sessionID, ID_LEN); + RNG_GenerateBlock(ssl->rng, ssl->arrays.sessionID, ID_LEN); XMEMCPY(output + idx, ssl->arrays.sessionID, ID_LEN); idx += ID_LEN; @@ -5859,7 +5875,7 @@ int SetCipherList(Suites* s, const char* list) signBuffer = encodedSig; } ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz, - &rsaKey, &ssl->rng); + &rsaKey, ssl->rng); FreeRsaKey(&rsaKey); ecc_free(&dsaKey); if (ret > 0) @@ -5871,7 +5887,7 @@ int SetCipherList(Suites* s, const char* list) word32 sz = sigSz; ret = ecc_sign_hash(&hash[MD5_DIGEST_SIZE], SHA_DIGEST_SIZE, - output + idx, &sz, &ssl->rng, &dsaKey); + output + idx, &sz, ssl->rng, &dsaKey); FreeRsaKey(&rsaKey); ecc_free(&dsaKey); if (ret < 0) return ret; @@ -5933,7 +5949,7 @@ int SetCipherList(Suites* s, const char* list) ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.length); if (ret == 0) - ret = DhGenerateKeyPair(&dhKey, &ssl->rng, + ret = DhGenerateKeyPair(&dhKey, ssl->rng, ssl->buffers.serverDH_Priv.buffer, &ssl->buffers.serverDH_Priv.length, ssl->buffers.serverDH_Pub.buffer, @@ -6061,7 +6077,7 @@ int SetCipherList(Suites* s, const char* list) signBuffer = encodedSig; } ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz, - &rsaKey, &ssl->rng); + &rsaKey, ssl->rng); FreeRsaKey(&rsaKey); if (ret <= 0) return ret; @@ -6644,7 +6660,7 @@ int SetCipherList(Suites* s, const char* list) return UNSUPPORTED_SUITE; } - RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN); + RNG_GenerateBlock(ssl->rng, ssl->arrays.serverRandom, RAN_LEN); if (ssl->options.tls) ret = DeriveTlsKeys(ssl); else @@ -6806,7 +6822,7 @@ int SetCipherList(Suites* s, const char* list) return UNSUPPORTED_SUITE; } - RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN); + RNG_GenerateBlock(ssl->rng, ssl->arrays.serverRandom, RAN_LEN); if (ssl->options.tls) ret = DeriveTlsKeys(ssl); else diff --git a/src/keys.c b/src/keys.c index a896bd8f3..cfab8c685 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1098,7 +1098,7 @@ int StoreKeys(CYASSL* ssl, const byte* keyData) XMEMCPY(ssl->keys.server_write_IV, &keyData[i], sz); return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs, - ssl->options.side, ssl->heap, &ssl->rng); + ssl->options.side, ssl->heap, ssl->rng); } @@ -1156,7 +1156,7 @@ static void CleanPreMaster(CYASSL* ssl) for (i = 0; i < sz; i++) ssl->arrays.preMasterSecret[i] = 0; - RNG_GenerateBlock(&ssl->rng, ssl->arrays.preMasterSecret, sz); + RNG_GenerateBlock(ssl->rng, ssl->arrays.preMasterSecret, sz); for (i = 0; i < sz; i++) ssl->arrays.preMasterSecret[i] = 0; diff --git a/src/ssl.c b/src/ssl.c index 144d6215b..a283b8ec8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -213,25 +213,24 @@ int CyaSSL_negotiate(CYASSL* ssl) int CyaSSL_GetObjectSize(void) { #ifdef SHOW_SIZES - printf("sizeof suites = %d\n", sizeof(Suites)); - printf("sizeof ciphers(2) = %d\n", sizeof(Ciphers)); - printf("\tsizeof arc4 = %d\n", sizeof(Arc4)); - printf("\tsizeof aes = %d\n", sizeof(Aes)); - printf("\tsizeof des3 = %d\n", sizeof(Des3)); - printf("\tsizeof rabbit = %d\n", sizeof(Rabbitj)); - printf("sizeof cipher specs = %d\n", sizeof(CipherSpecs)); - printf("sizeof keys = %d\n", sizeof(Keys)); - printf("sizeof RNG = %d\n", sizeof(RNG)); - printf("sizeof MD5 = %d\n", sizeof(Md5)); - printf("sizeof SHA = %d\n", sizeof(Sha)); - printf("sizeof SHA256 = %d\n", sizeof(Sha256)); - printf("sizeof Hashes(2) = %d\n", sizeof(Hashes)); - printf("sizeof Buffers = %d\n", sizeof(Buffers)); - printf("sizeof Options = %d\n", sizeof(Options)); - printf("sizeof Arrays = %d\n", sizeof(Arrays)); - printf("sizeof Session = %d\n", sizeof(CYASSL_SESSION)); - printf("sizeof peerKey = %d\n", sizeof(RsaKey)); - printf("sizeof CYASSL_CIPHER = %d\n", sizeof(CYASSL_CIPHER)); + printf("sizeof suites = %lu\n", sizeof(Suites)); + printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers)); + printf("\tsizeof arc4 = %lu\n", sizeof(Arc4)); + printf("\tsizeof aes = %lu\n", sizeof(Aes)); + printf("\tsizeof des3 = %lu\n", sizeof(Des3)); + printf("\tsizeof rabbit = %lu\n", sizeof(Rabbit)); + printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs)); + printf("sizeof keys = %lu\n", sizeof(Keys)); + printf("sizeof MD5 = %lu\n", sizeof(Md5)); + printf("sizeof SHA = %lu\n", sizeof(Sha)); + printf("sizeof SHA256 = %lu\n", sizeof(Sha256)); + printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes)); + printf("sizeof Buffers = %lu\n", sizeof(Buffers)); + printf("sizeof Options = %lu\n", sizeof(Options)); + printf("sizeof Arrays = %lu\n", sizeof(Arrays)); + printf("sizeof Session = %lu\n", sizeof(CYASSL_SESSION)); + printf("sizeof peerKey = %lu\n", sizeof(RsaKey)); + printf("sizeof CYASSL_CIPHER = %lu\n", sizeof(CYASSL_CIPHER)); #endif return sizeof(CYASSL); @@ -2490,7 +2489,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) #ifdef HAVE_ECC /* in case used set_accept_state after init */ if (ssl->eccTempKeyPresent == 0) { - if (ecc_make_key(&ssl->rng, ssl->eccTempKeySz, + if (ecc_make_key(ssl->rng, ssl->eccTempKeySz, &ssl->eccTempKey) != 0) { ssl->error = ECC_MAKEKEY_ERROR; CYASSL_ERROR(ssl->error);