From 220bd66a638585614ab2159def6968f74d734ac7 Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Mon, 13 Aug 2012 10:53:47 -0700
Subject: [PATCH 1/4] allow XFILE to work with non pointer types

---
 src/ssl.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 8456c5839..dc57744a3 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1201,7 +1201,7 @@ static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
 #ifndef NO_FILESYSTEM
 
 #ifndef MICRIUM
-    #define XFILE      FILE
+    #define XFILE      FILE*
     #define XFOPEN     fopen 
     #define XFSEEK     fseek
     #define XFTELL     ftell
@@ -1209,9 +1209,10 @@ static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
     #define XFREAD     fread
     #define XFCLOSE    fclose
     #define XSEEK_END  SEEK_END
+    #define XBADFILE   NULL
 #else
     #include <fs.h>
-    #define XFILE      FS_FILE
+    #define XFILE      FS_FILE*
     #define XFOPEN     fs_fopen 
     #define XFSEEK     fs_fseek
     #define XFTELL     fs_ftell
@@ -1219,6 +1220,7 @@ static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
     #define XFREAD     fs_fread
     #define XFCLOSE    fs_fclose
     #define XSEEK_END  FS_SEEK_END
+    #define XBADFILE   NULL
 #endif
 
 
@@ -1232,11 +1234,11 @@ int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
     int    dynamic = 0;
     int    ret;
     long   sz = 0;
-    XFILE* file = XFOPEN(fname, "rb"); 
+    XFILE  file = XFOPEN(fname, "rb"); 
 
     (void)crl;
 
-    if (!file) return SSL_BAD_FILE;
+    if (file == XBADFILE) return SSL_BAD_FILE;
     XFSEEK(file, 0, XSEEK_END);
     sz = XFTELL(file);
     XREWIND(file);
@@ -1394,11 +1396,11 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
     byte*  myBuffer = staticBuffer;
     int    dynamic = 0;
     long   sz = 0;
-    XFILE* file = XFOPEN(fname, "rb"); 
+    XFILE  file = XFOPEN(fname, "rb"); 
 
     CYASSL_ENTER("CyaSSL_CertManagerVerify");
 
-    if (!file) return SSL_BAD_FILE;
+    if (file == XBADFILE) return SSL_BAD_FILE;
     XFSEEK(file, 0, XSEEK_END);
     sz = XFTELL(file);
     XREWIND(file);
@@ -1702,14 +1704,14 @@ int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
     int    ret;
     int    ecc = 0;
     long   sz = 0;
-    XFILE* file = XFOPEN(fileName, "rb"); 
+    XFILE  file = XFOPEN(fileName, "rb"); 
     EncryptedInfo info;
     buffer        converted;
 
     CYASSL_ENTER("CyaSSL_PemCertToDer");
     converted.buffer = 0;
 
-    if (!file) return SSL_BAD_FILE;
+    if (file == XBADFILE) return SSL_BAD_FILE;
     XFSEEK(file, 0, XSEEK_END);
     sz = XFTELL(file);
     XREWIND(file);
@@ -1917,9 +1919,9 @@ static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
     int    dynamic = 0;
     int    ret;
     long   sz = 0;
-    XFILE* file = XFOPEN(fname, "rb"); 
+    XFILE  file = XFOPEN(fname, "rb"); 
 
-    if (!file) return SSL_BAD_FILE;
+    if (file == XBADFILE) return SSL_BAD_FILE;
     XFSEEK(file, 0, XSEEK_END);
     sz = XFTELL(file);
     XREWIND(file);
@@ -5935,7 +5937,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
         CYASSL_ENTER("CyaSSL_cmp_peer_cert_to_file");
         if (ssl != NULL && fname != NULL)
         {
-            XFILE*        file = NULL;
+            XFILE         file = NULL;
             int           sz = 0;
             byte          staticBuffer[FILE_BUFFER_SIZE];
             byte*         myBuffer = staticBuffer;
@@ -5951,7 +5953,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
             fileDer.buffer = 0;
 
             file = XFOPEN(fname, "rb"); 
-            if (!file) return SSL_BAD_FILE;
+            if (file == XBADFILE) return SSL_BAD_FILE;
             XFSEEK(file, 0, XSEEK_END);
             sz = XFTELL(file);
             XREWIND(file);

From a39f540c5a22b22633abd42f56eb13353fb44593 Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Mon, 13 Aug 2012 10:57:07 -0700
Subject: [PATCH 2/4] increment dev version

---
 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 88a368dec..87da15f0a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([cyassl],[2.3.0],[http://www.yassl.com])
+AC_INIT([cyassl],[2.3.1],[http://www.yassl.com])
 
 AC_CONFIG_AUX_DIR(config)
 
@@ -25,7 +25,7 @@ AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
 
 
 #shared library versioning
-CYASSL_LIBRARY_VERSION=3:1:0
+CYASSL_LIBRARY_VERSION=3:2:0
 #                      | | |
 #               +------+ | +---+
 #               |        |     |

From 4c66c4c3b5ef477d0571d21f5fc199905c6452a9 Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Mon, 13 Aug 2012 10:59:34 -0700
Subject: [PATCH 3/4] use XBADFILE for init in bad state

---
 src/ssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index dc57744a3..6101f8eb5 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5937,7 +5937,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
         CYASSL_ENTER("CyaSSL_cmp_peer_cert_to_file");
         if (ssl != NULL && fname != NULL)
         {
-            XFILE         file = NULL;
+            XFILE         file = XBADFILE;
             int           sz = 0;
             byte          staticBuffer[FILE_BUFFER_SIZE];
             byte*         myBuffer = staticBuffer;

From bfd510b919a9aef8b25da0ea31a0e236ac5da2ff Mon Sep 17 00:00:00 2001
From: John Safranek <jasaf@mac.com>
Date: Mon, 13 Aug 2012 15:05:28 -0700
Subject: [PATCH 4/4] cleaned up the cookie generator for Windows and IPv4 only

---
 src/io.c | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/src/io.c b/src/io.c
index 9316defb5..660f1320a 100644
--- a/src/io.c
+++ b/src/io.c
@@ -204,6 +204,13 @@ int EmbedSend(char *buf, int sz, void *ctx)
 
 #include <cyassl/ctaocrypt/sha.h>
 
+#ifdef USE_WINDOWS_API
+   #define XSOCKLENT int
+#else
+   #define XSOCKLENT socklen_t
+#endif
+
+
 /* The DTLS Generate Cookie callback
  *  return : number of bytes copied into buf, or error
  */
@@ -211,15 +218,15 @@ int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
 {
     CYASSL* ssl = (CYASSL*)ctx;
     int sd = ssl->wfd;
-    struct sockaddr_storage peer;
-    socklen_t peerSz = sizeof(peer);
-    byte cookieSrc[sizeof(struct in6_addr) + sizeof(int)];
+    struct sockaddr_in peer;
+    XSOCKLENT peerSz = sizeof(peer);
+    byte cookieSrc[sizeof(struct in_addr) + sizeof(int)];
     int cookieSrcSz = 0;
     Sha sha;
 
     getpeername(sd, (struct sockaddr*)&peer, &peerSz);
     
-    if (peer.ss_family == AF_INET) {
+    if (peer.sin_family == AF_INET) {
         struct sockaddr_in *s = (struct sockaddr_in*)&peer;
 
         cookieSrcSz = sizeof(struct in_addr) + sizeof(s->sin_port);
@@ -227,17 +234,17 @@ int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
         XMEMCPY(cookieSrc + sizeof(s->sin_port),
                                      &s->sin_addr, sizeof(struct in_addr));
     }
-    else if (peer.ss_family == AF_INET6) {
-        struct sockaddr_in6 *s = (struct sockaddr_in6*)&peer;
-
-        cookieSrcSz = sizeof(struct in6_addr) + sizeof(s->sin6_port);
-        XMEMCPY(cookieSrc, &s->sin6_port, sizeof(s->sin6_port));
-        XMEMCPY(cookieSrc + sizeof(s->sin6_port),
-                                    &s->sin6_addr, sizeof(struct in6_addr));
-    }
 
     InitSha(&sha);
     ShaUpdate(&sha, cookieSrc, cookieSrcSz);
+
+    if (sz < SHA_DIGEST_SIZE) {
+        byte digest[SHA_DIGEST_SIZE];
+        ShaFinal(&sha, digest);
+        XMEMCPY(buf, digest, sz);
+        return sz;
+    }
+
     ShaFinal(&sha, buf);
 
     return SHA_DIGEST_SIZE;