forked from wolfSSL/wolfssl
Merge branch 'master' of github.com:cyassl/cyassl
This commit is contained in:
John Safranek
@ -1027,6 +1027,13 @@ static void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
|
|||||||
CYASSL_MSG("AesEncrypt encountered improper key, set it up");
|
CYASSL_MSG("AesEncrypt encountered improper key, set it up");
|
||||||
return; /* stop instead of segfaulting, set up your keys! */
|
return; /* stop instead of segfaulting, set up your keys! */
|
||||||
}
|
}
|
||||||
|
#ifdef CYASSL_AESNI
|
||||||
|
if (haveAESNI) {
|
||||||
|
CYASSL_MSG("AesEncrypt encountered aesni keysetup, don't use direct");
|
||||||
|
return; /* just stop now */
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* map byte array block to cipher state
|
* map byte array block to cipher state
|
||||||
* and add initial round key:
|
* and add initial round key:
|
||||||
@ -1165,6 +1172,13 @@ static void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
|
|||||||
CYASSL_MSG("AesDecrypt encountered improper key, set it up");
|
CYASSL_MSG("AesDecrypt encountered improper key, set it up");
|
||||||
return; /* stop instead of segfaulting, set up your keys! */
|
return; /* stop instead of segfaulting, set up your keys! */
|
||||||
}
|
}
|
||||||
|
#ifdef CYASSL_AESNI
|
||||||
|
if (haveAESNI) {
|
||||||
|
CYASSL_MSG("AesEncrypt encountered aesni keysetup, don't use direct");
|
||||||
|
return; /* just stop now */
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* map byte array block to cipher state
|
* map byte array block to cipher state
|
||||||
* and add initial round key:
|
* and add initial round key:
|
||||||
@ -1381,6 +1395,18 @@ void AesDecryptDirect(Aes* aes, byte* out, const byte* in)
|
|||||||
#endif /* CYASSL_AES_DIRECT */
|
#endif /* CYASSL_AES_DIRECT */
|
||||||
|
|
||||||
|
|
||||||
|
#if defined(CYASSL_AES_DIRECT) || defined(CYASSL_AES_COUNTER)
|
||||||
|
|
||||||
|
/* AES-CTR and AES-DIRECT need to use this for key setup, no aesni yet */
|
||||||
|
int AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
|
||||||
|
const byte* iv, int dir)
|
||||||
|
{
|
||||||
|
return AesSetKeyLocal(aes, userKey, keylen, iv, dir);
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* CYASSL_AES_DIRECT || CYASSL_AES_COUNTER */
|
||||||
|
|
||||||
|
|
||||||
#ifdef CYASSL_AES_COUNTER
|
#ifdef CYASSL_AES_COUNTER
|
||||||
|
|
||||||
/* Increment AES counter */
|
/* Increment AES counter */
|
||||||
|
|||||||
@ -87,7 +87,8 @@ CYASSL_API void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
|
|||||||
CYASSL_API void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
|
CYASSL_API void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
|
||||||
CYASSL_API void AesEncryptDirect(Aes* aes, byte* out, const byte* in);
|
CYASSL_API void AesEncryptDirect(Aes* aes, byte* out, const byte* in);
|
||||||
CYASSL_API void AesDecryptDirect(Aes* aes, byte* out, const byte* in);
|
CYASSL_API void AesDecryptDirect(Aes* aes, byte* out, const byte* in);
|
||||||
|
CYASSL_API int AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
|
||||||
|
const byte* iv, int dir);
|
||||||
#ifdef HAVE_AESGCM
|
#ifdef HAVE_AESGCM
|
||||||
CYASSL_API void AesGcmSetKey(Aes* aes, const byte* key, word32 len,
|
CYASSL_API void AesGcmSetKey(Aes* aes, const byte* key, word32 len,
|
||||||
const byte* implicitIV);
|
const byte* implicitIV);
|
||||||
|
|||||||
@ -1020,6 +1020,7 @@ typedef struct Ciphers {
|
|||||||
#ifdef BUILD_RABBIT
|
#ifdef BUILD_RABBIT
|
||||||
Rabbit* rabbit;
|
Rabbit* rabbit;
|
||||||
#endif
|
#endif
|
||||||
|
byte setup; /* have we set it up flag for detection */
|
||||||
} Ciphers;
|
} Ciphers;
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -51,6 +51,7 @@
|
|||||||
int timeout_count = CyaSSL_dtls_get_current_timeout(ssl) * 10;
|
int timeout_count = CyaSSL_dtls_get_current_timeout(ssl) * 10;
|
||||||
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
|
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
|
||||||
error == SSL_ERROR_WANT_WRITE)) {
|
error == SSL_ERROR_WANT_WRITE)) {
|
||||||
|
(void)timeout_count;
|
||||||
if (error == SSL_ERROR_WANT_READ)
|
if (error == SSL_ERROR_WANT_READ)
|
||||||
printf("... client would read block\n");
|
printf("... client would read block\n");
|
||||||
else
|
else
|
||||||
|
|||||||
@ -465,6 +465,8 @@ void InitCiphers(CYASSL* ssl)
|
|||||||
ssl->encrypt.rabbit = NULL;
|
ssl->encrypt.rabbit = NULL;
|
||||||
ssl->decrypt.rabbit = NULL;
|
ssl->decrypt.rabbit = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
ssl->encrypt.setup = 0;
|
||||||
|
ssl->decrypt.setup = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -2672,8 +2674,13 @@ static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
||||||
{
|
{
|
||||||
|
if (ssl->encrypt.setup == 0) {
|
||||||
|
CYASSL_MSG("Encrypt ciphers not setup");
|
||||||
|
return ENCRYPT_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
switch (ssl->specs.bulk_cipher_algorithm) {
|
switch (ssl->specs.bulk_cipher_algorithm) {
|
||||||
#ifdef BUILD_ARC4
|
#ifdef BUILD_ARC4
|
||||||
case rc4:
|
case rc4:
|
||||||
@ -2745,13 +2752,21 @@ static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
|||||||
|
|
||||||
default:
|
default:
|
||||||
CYASSL_MSG("CyaSSL Encrypt programming error");
|
CYASSL_MSG("CyaSSL Encrypt programming error");
|
||||||
|
return ENCRYPT_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
||||||
word32 sz)
|
word32 sz)
|
||||||
{
|
{
|
||||||
|
if (ssl->decrypt.setup == 0) {
|
||||||
|
CYASSL_MSG("Decrypt ciphers not setup");
|
||||||
|
return DECRYPT_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
switch (ssl->specs.bulk_cipher_algorithm) {
|
switch (ssl->specs.bulk_cipher_algorithm) {
|
||||||
#ifdef BUILD_ARC4
|
#ifdef BUILD_ARC4
|
||||||
case rc4:
|
case rc4:
|
||||||
@ -2815,6 +2830,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
|||||||
|
|
||||||
default:
|
default:
|
||||||
CYASSL_MSG("CyaSSL Decrypt programming error");
|
CYASSL_MSG("CyaSSL Decrypt programming error");
|
||||||
|
return DECRYPT_ERROR;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -3498,6 +3514,7 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
|
|||||||
word32 headerSz = RECORD_HEADER_SZ;
|
word32 headerSz = RECORD_HEADER_SZ;
|
||||||
word16 size;
|
word16 size;
|
||||||
byte iv[AES_BLOCK_SIZE]; /* max size */
|
byte iv[AES_BLOCK_SIZE]; /* max size */
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
#ifdef CYASSL_DTLS
|
#ifdef CYASSL_DTLS
|
||||||
if (ssl->options.dtls) {
|
if (ssl->options.dtls) {
|
||||||
@ -3541,7 +3558,6 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
|
|||||||
if (type == handshake) {
|
if (type == handshake) {
|
||||||
#ifdef CYASSL_DTLS
|
#ifdef CYASSL_DTLS
|
||||||
if (ssl->options.dtls) {
|
if (ssl->options.dtls) {
|
||||||
int ret;
|
|
||||||
if ((ret = DtlsPoolSave(ssl, output, headerSz+inSz)) != 0)
|
if ((ret = DtlsPoolSave(ssl, output, headerSz+inSz)) != 0)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -3557,7 +3573,8 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
|
|||||||
for (i = 0; i <= pad; i++)
|
for (i = 0; i <= pad; i++)
|
||||||
output[idx++] = (byte)pad; /* pad byte gets pad value too */
|
output[idx++] = (byte)pad; /* pad byte gets pad value too */
|
||||||
|
|
||||||
Encrypt(ssl, output + headerSz, output + headerSz, size);
|
if ( (ret = Encrypt(ssl, output + headerSz, output + headerSz, size)) != 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
return sz;
|
return sz;
|
||||||
}
|
}
|
||||||
|
|||||||
2
src/io.c
2
src/io.c
@ -167,7 +167,7 @@ int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx)
|
|||||||
CYASSL_MSG("Embed Receive error");
|
CYASSL_MSG("Embed Receive error");
|
||||||
|
|
||||||
if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
|
if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
|
||||||
if (CyaSSL_get_using_nonblock(ssl)) {
|
if (!CyaSSL_dtls(ssl) || CyaSSL_get_using_nonblock(ssl)) {
|
||||||
CYASSL_MSG(" Would block");
|
CYASSL_MSG(" Would block");
|
||||||
return IO_ERR_WANT_READ;
|
return IO_ERR_WANT_READ;
|
||||||
}
|
}
|
||||||
|
|||||||
12
src/keys.c
12
src/keys.c
@ -937,6 +937,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
Arc4SetKey(enc->arc4, keys->server_write_key, sz);
|
Arc4SetKey(enc->arc4, keys->server_write_key, sz);
|
||||||
Arc4SetKey(dec->arc4, keys->client_write_key, sz);
|
Arc4SetKey(dec->arc4, keys->client_write_key, sz);
|
||||||
}
|
}
|
||||||
|
enc->setup = 1;
|
||||||
|
dec->setup = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -960,6 +962,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
Hc128_SetKey(dec->hc128, keys->client_write_key,
|
Hc128_SetKey(dec->hc128, keys->client_write_key,
|
||||||
keys->client_write_IV);
|
keys->client_write_IV);
|
||||||
}
|
}
|
||||||
|
enc->setup = 1;
|
||||||
|
dec->setup = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -983,6 +987,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
RabbitSetKey(dec->rabbit, keys->client_write_key,
|
RabbitSetKey(dec->rabbit, keys->client_write_key,
|
||||||
keys->client_write_IV);
|
keys->client_write_IV);
|
||||||
}
|
}
|
||||||
|
enc->setup = 1;
|
||||||
|
dec->setup = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1006,6 +1012,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
Des3_SetKey(dec->des3, keys->client_write_key,
|
Des3_SetKey(dec->des3, keys->client_write_key,
|
||||||
keys->client_write_IV, DES_DECRYPTION);
|
keys->client_write_IV, DES_DECRYPTION);
|
||||||
}
|
}
|
||||||
|
enc->setup = 1;
|
||||||
|
dec->setup = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1033,6 +1041,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
specs->key_size, keys->client_write_IV,
|
specs->key_size, keys->client_write_IV,
|
||||||
AES_DECRYPTION);
|
AES_DECRYPTION);
|
||||||
}
|
}
|
||||||
|
enc->setup = 1;
|
||||||
|
dec->setup = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1062,6 +1072,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size,
|
AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size,
|
||||||
keys->client_write_IV);
|
keys->client_write_IV);
|
||||||
}
|
}
|
||||||
|
enc->setup = 1;
|
||||||
|
dec->setup = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -845,7 +845,7 @@ static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
|
|||||||
SnifferSession* session;
|
SnifferSession* session;
|
||||||
|
|
||||||
word32 row = SessionHash(ipInfo, tcpInfo);
|
word32 row = SessionHash(ipInfo, tcpInfo);
|
||||||
assert(row >= 0 && row <= HASH_SIZE);
|
assert(row <= HASH_SIZE);
|
||||||
|
|
||||||
LockMutex(&SessionMutex);
|
LockMutex(&SessionMutex);
|
||||||
|
|
||||||
@ -1585,7 +1585,7 @@ static void RemoveSession(SnifferSession* session, IpInfo* ipInfo,
|
|||||||
else
|
else
|
||||||
haveLock = 1;
|
haveLock = 1;
|
||||||
|
|
||||||
assert(row >= 0 && row <= HASH_SIZE);
|
assert(row <= HASH_SIZE);
|
||||||
Trace(REMOVE_SESSION_STR);
|
Trace(REMOVE_SESSION_STR);
|
||||||
|
|
||||||
if (!haveLock)
|
if (!haveLock)
|
||||||
@ -1663,12 +1663,16 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
|
|||||||
}
|
}
|
||||||
|
|
||||||
session->sslServer = SSL_new(session->context->ctx);
|
session->sslServer = SSL_new(session->context->ctx);
|
||||||
|
if (session->sslServer == NULL) {
|
||||||
|
SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
|
||||||
|
free(session);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
session->sslClient = SSL_new(session->context->ctx);
|
session->sslClient = SSL_new(session->context->ctx);
|
||||||
if (session->sslClient == NULL) {
|
if (session->sslClient == NULL) {
|
||||||
if (session->sslServer) {
|
SSL_free(session->sslServer);
|
||||||
SSL_free(session->sslClient);
|
session->sslServer = 0;
|
||||||
session->sslClient = 0;
|
|
||||||
}
|
|
||||||
SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
|
SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
|
||||||
free(session);
|
free(session);
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
Reference in New Issue
Block a user