feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' into ocsp

Browse Source
This commit is contained in:
John Safranek
2012-12-14 14:23:53 -08:00
parent 831e643a24 f82324a081
commit c314dc3940
12 changed files with 186 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
README
View File

@ -12,7 +12,7 @@ harder. Now to run testsuite just do:
or or
make test (when using autoconf) make check (when using autoconf)
On *nix or Windows the examples and testsuite will check to see if the current On *nix or Windows the examples and testsuite will check to see if the current
directory is the source directory and if so, attempt to change to the CyaSSL directory is the source directory and if so, attempt to change to the CyaSSL
@ -32,15 +32,37 @@ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling SSL_new(); Though it's not recommended. before calling SSL_new(); Though it's not recommended.
*** end Notes ***
CyaSSL Release 2.4.4 (12/12/2012)
Release 2.4.4 CyaSSL has bug fixes and a few new features including:
- ECC into main version
- Lean PSK build (reduced code size, RAM usage, and stack usage)
- FreeBSD CRL monitor support
- CyaSSL_peek()
- CyaSSL_send() and CyaSSL_recv() for I/O flag setting
- CodeWarrior Support
- MQX Support
- Freescale Kinetis support including Hardware RNG
- autoconf builds use jobserver
- cyassl-config
- Sniffer memory reductions
Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config,
warning system, and general good ideas for improving CyaSSL!
Note 3)
The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the
K70 Sub-Family Reference Manual: K70 Sub-Family Reference Manual:
http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
*** end Note *** The CyaSSL manual is available at:
http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
and comments about the new features please check the manual.
CyaSSL Release 2.4.0 (10/10/2012)
*************** CyaSSL Release 2.4.0 (10/10/2012)
Release 2.4.0 CyaSSL has bug fixes and a few new features including: Release 2.4.0 CyaSSL has bug fixes and a few new features including:
- DTLS reliability - DTLS reliability

80
configure.ac
View File

@ -6,7 +6,7 @@
# #
# #
AC_INIT([cyassl],[2.4.2],[http://www.yassl.com]) AC_INIT([cyassl],[2.4.4],[http://www.yassl.com])
AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_MACRO_DIR([m4])
@ -38,7 +38,7 @@ CYASSL_LIBRARY_VERSION=3:3:0
# | +- increment if source code has changed # | +- increment if source code has changed
# | set to zero if current is incremented # | set to zero if current is incremented
# +- increment if interfaces have been added, removed or changed # +- increment if interfaces have been added, removed or changed
AC_SUBST(CYASSL_LIBRARY_VERSION) AC_SUBST([CYASSL_LIBRARY_VERSION])
# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even # capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
# if user doesn't override, no way to tell # if user doesn't override, no way to tell
@ -106,7 +106,7 @@ AS_IF([test "$ax_enable_debug" = "yes"],
# SMALL BUILD # SMALL BUILD
AC_ARG_ENABLE(small, AC_ARG_ENABLE([small],
[ --enable-small Enable smallest build (default: disabled)], [ --enable-small Enable smallest build (default: disabled)],
[ ENABLED_SMALL=$enableval ], [ ENABLED_SMALL=$enableval ],
[ ENABLED_SMALL=no ] [ ENABLED_SMALL=no ]
@ -122,7 +122,7 @@ fi
# SINGLE THREADED # SINGLE THREADED
AC_ARG_ENABLE(singleThreaded, AC_ARG_ENABLE([singleThreaded],
[ --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)], [ --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
[ ENABLED_SINGLETHREADED=$enableval ], [ ENABLED_SINGLETHREADED=$enableval ],
[ ENABLED_SINGLETHREADED=no ]) [ ENABLED_SINGLETHREADED=no ])
@ -140,7 +140,7 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADE
# DTLS # DTLS
AC_ARG_ENABLE(dtls, AC_ARG_ENABLE([dtls],
[ --enable-dtls Enable CyaSSL DTLS (default: disabled)], [ --enable-dtls Enable CyaSSL DTLS (default: disabled)],
[ ENABLED_DTLS=$enableval ], [ ENABLED_DTLS=$enableval ],
[ ENABLED_DTLS=no ] [ ENABLED_DTLS=no ]
@ -152,7 +152,7 @@ fi
# OPENSSL Extra Compatibility # OPENSSL Extra Compatibility
AC_ARG_ENABLE(opensslExtra, AC_ARG_ENABLE([opensslExtra],
[ --enable-opensslExtra Enable extra OpenSSL API, size+ (default: disabled)], [ --enable-opensslExtra Enable extra OpenSSL API, size+ (default: disabled)],
[ ENABLED_OPENSSLEXTRA=$enableval ], [ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ] [ ENABLED_OPENSSLEXTRA=no ]
@ -169,7 +169,7 @@ fi
# IPv6 Test Apps # IPv6 Test Apps
AC_ARG_ENABLE(ipv6, AC_ARG_ENABLE([ipv6],
[ --enable-ipv6 Enable testing of IPV6 (default: disabled)], [ --enable-ipv6 Enable testing of IPV6 (default: disabled)],
[ ENABLED_IPV6=$enableval ], [ ENABLED_IPV6=$enableval ],
[ ENABLED_IPV6=no ] [ ENABLED_IPV6=no ]
@ -182,7 +182,7 @@ fi
# Fortress build # Fortress build
AC_ARG_ENABLE(fortress, AC_ARG_ENABLE([fortress],
[ --enable-fortress Enable SSL fortress build (default: disabled)], [ --enable-fortress Enable SSL fortress build (default: disabled)],
[ ENABLED_FORTRESS=$enableval ], [ ENABLED_FORTRESS=$enableval ],
[ ENABLED_FORTRESS=no ] [ ENABLED_FORTRESS=no ]
@ -195,7 +195,7 @@ fi
# ssl bump build # ssl bump build
AC_ARG_ENABLE(bump, AC_ARG_ENABLE([bump],
[ --enable-bump Enable SSL Bump build (default: disabled)], [ --enable-bump Enable SSL Bump build (default: disabled)],
[ ENABLED_BUMP=$enableval ], [ ENABLED_BUMP=$enableval ],
[ ENABLED_BUMP=no ] [ ENABLED_BUMP=no ]
@ -209,7 +209,7 @@ fi
ENABLED_SLOWMATH="yes" ENABLED_SLOWMATH="yes"
# lean psk build # lean psk build
AC_ARG_ENABLE(leanpsk, AC_ARG_ENABLE([leanpsk],
[ --enable-leanpsk Enable Lean PSK build (default: disabled)], [ --enable-leanpsk Enable Lean PSK build (default: disabled)],
[ ENABLED_LEANPSK=$enableval ], [ ENABLED_LEANPSK=$enableval ],
[ ENABLED_LEANPSK=no ] [ ENABLED_LEANPSK=no ]
@ -226,7 +226,7 @@ AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
# fastmath # fastmath
AC_ARG_ENABLE(fastmath, AC_ARG_ENABLE([fastmath],
[ --enable-fastmath Enable fast math for BigInts (default: disabled)], [ --enable-fastmath Enable fast math for BigInts (default: disabled)],
[ ENABLED_FASTMATH=$enableval ], [ ENABLED_FASTMATH=$enableval ],
[ ENABLED_FASTMATH=no ] [ ENABLED_FASTMATH=no ]
@ -240,7 +240,7 @@ fi
# fast HUGE math # fast HUGE math
AC_ARG_ENABLE(fasthugemath, AC_ARG_ENABLE([fasthugemath],
[ --enable-fasthugemath Enable fast math + huge code (default: disabled)], [ --enable-fasthugemath Enable fast math + huge code (default: disabled)],
[ ENABLED_FASTHUGEMATH=$enableval ], [ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ] [ ENABLED_FASTHUGEMATH=no ]
@ -262,7 +262,7 @@ AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"]) AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])
# big cache # big cache
AC_ARG_ENABLE(bigcache, AC_ARG_ENABLE([bigcache],
[ --enable-bigcache Enable big session cache (default: disabled)], [ --enable-bigcache Enable big session cache (default: disabled)],
[ ENABLED_BIGCACHE=$enableval ], [ ENABLED_BIGCACHE=$enableval ],
[ ENABLED_BIGCACHE=no ] [ ENABLED_BIGCACHE=no ]
@ -275,7 +275,7 @@ fi
# HUGE cache # HUGE cache
AC_ARG_ENABLE(hugecache, AC_ARG_ENABLE([hugecache],
[ --enable-hugecache Enable huge session cache (default: disabled)], [ --enable-hugecache Enable huge session cache (default: disabled)],
[ ENABLED_HUGECACHE=$enableval ], [ ENABLED_HUGECACHE=$enableval ],
[ ENABLED_HUGECACHE=no ] [ ENABLED_HUGECACHE=no ]
@ -288,7 +288,7 @@ fi
# SMALL cache # SMALL cache
AC_ARG_ENABLE(smallcache, AC_ARG_ENABLE([smallcache],
[ --enable-smallcache Enable small session cache (default: disabled)], [ --enable-smallcache Enable small session cache (default: disabled)],
[ ENABLED_SMALLCACHE=$enableval ], [ ENABLED_SMALLCACHE=$enableval ],
[ ENABLED_SMALLCACHE=no ] [ ENABLED_SMALLCACHE=no ]
@ -314,7 +314,7 @@ AC_ARG_ENABLE([sniffer],
AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ]) AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
# AES-GCM # AES-GCM
AC_ARG_ENABLE(aesgcm, AC_ARG_ENABLE([aesgcm],
[ --enable-aesgcm Enable CyaSSL AES-GCM support (default: disabled)], [ --enable-aesgcm Enable CyaSSL AES-GCM support (default: disabled)],
[ ENABLED_AESGCM=$enableval ], [ ENABLED_AESGCM=$enableval ],
[ ENABLED_AESGCM=no ] [ ENABLED_AESGCM=no ]
@ -346,7 +346,7 @@ fi
AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"]) AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])
# AES-NI # AES-NI
AC_ARG_ENABLE(aesni, AC_ARG_ENABLE([aesni],
[ --enable-aesni Enable CyaSSL AES-NI support (default: disabled)], [ --enable-aesni Enable CyaSSL AES-NI support (default: disabled)],
[ ENABLED_AESNI=$enableval ], [ ENABLED_AESNI=$enableval ],
[ ENABLED_AESNI=no ] [ ENABLED_AESNI=no ]
@ -366,7 +366,7 @@ AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
# MD2 # MD2
AC_ARG_ENABLE(md2, AC_ARG_ENABLE([md2],
[ --enable-md2 Enable CyaSSL MD2 support (default: disabled)], [ --enable-md2 Enable CyaSSL MD2 support (default: disabled)],
[ ENABLED_MD2=$enableval ], [ ENABLED_MD2=$enableval ],
[ ENABLED_MD2=no ] [ ENABLED_MD2=no ]
@ -386,7 +386,7 @@ AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
# RIPEMD # RIPEMD
AC_ARG_ENABLE(ripemd, AC_ARG_ENABLE([ripemd],
[ --enable-ripemd Enable CyaSSL RIPEMD-160 support (default: disabled)], [ --enable-ripemd Enable CyaSSL RIPEMD-160 support (default: disabled)],
[ ENABLED_RIPEMD=$enableval ], [ ENABLED_RIPEMD=$enableval ],
[ ENABLED_RIPEMD=no ] [ ENABLED_RIPEMD=no ]
@ -401,7 +401,7 @@ AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
# SHA512 # SHA512
AC_ARG_ENABLE(sha512, AC_ARG_ENABLE([sha512],
[ --enable-sha512 Enable CyaSSL SHA-512 support (default: disabled)], [ --enable-sha512 Enable CyaSSL SHA-512 support (default: disabled)],
[ ENABLED_SHA512=$enableval ], [ ENABLED_SHA512=$enableval ],
[ ENABLED_SHA512=no ] [ ENABLED_SHA512=no ]
@ -427,7 +427,7 @@ AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
# SESSION CERTS # SESSION CERTS
AC_ARG_ENABLE(sessioncerts, AC_ARG_ENABLE([sessioncerts],
[ --enable-sessioncerts Enable session cert storing (default: disabled)], [ --enable-sessioncerts Enable session cert storing (default: disabled)],
[ ENABLED_SESSIONCERTS=$enableval ], [ ENABLED_SESSIONCERTS=$enableval ],
[ ENABLED_SESSIONCERTS=no ] [ ENABLED_SESSIONCERTS=no ]
@ -440,7 +440,7 @@ fi
# KEY GENERATION # KEY GENERATION
AC_ARG_ENABLE(keygen, AC_ARG_ENABLE([keygen],
[ --enable-keygen Enable key generation (default: disabled)], [ --enable-keygen Enable key generation (default: disabled)],
[ ENABLED_KEYGEN=$enableval ], [ ENABLED_KEYGEN=$enableval ],
[ ENABLED_KEYGEN=no ] [ ENABLED_KEYGEN=no ]
@ -453,7 +453,7 @@ fi
# CERT GENERATION # CERT GENERATION
AC_ARG_ENABLE(certgen, AC_ARG_ENABLE([certgen],
[ --enable-certgen Enable cert generation (default: disabled)], [ --enable-certgen Enable cert generation (default: disabled)],
[ ENABLED_CERTGEN=$enableval ], [ ENABLED_CERTGEN=$enableval ],
[ ENABLED_CERTGEN=no ] [ ENABLED_CERTGEN=no ]
@ -466,7 +466,7 @@ fi
# HC128 # HC128
AC_ARG_ENABLE(hc128, AC_ARG_ENABLE([hc128],
[ --enable-hc128 Enable HC-128 (default: disabled)], [ --enable-hc128 Enable HC-128 (default: disabled)],
[ ENABLED_HC128=$enableval ], [ ENABLED_HC128=$enableval ],
[ ENABLED_HC128=no ] [ ENABLED_HC128=no ]
@ -483,7 +483,7 @@ AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
# RABBIT # RABBIT
AC_ARG_ENABLE(rabbit, AC_ARG_ENABLE([rabbit],
[ --enable-rabbit Enable RABBIT (default: disabled)], [ --enable-rabbit Enable RABBIT (default: disabled)],
[ ENABLED_RABBIT=$enableval ], [ ENABLED_RABBIT=$enableval ],
[ ENABLED_RABBIT=no ] [ ENABLED_RABBIT=no ]
@ -500,7 +500,7 @@ AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
# PSK # PSK
AC_ARG_ENABLE(psk, AC_ARG_ENABLE([psk],
[ --enable-psk Enable PSK (default: disabled)], [ --enable-psk Enable PSK (default: disabled)],
[ ENABLED_PSK=$enableval ], [ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ] [ ENABLED_PSK=no ]
@ -513,7 +513,7 @@ fi
# Web Server Build # Web Server Build
AC_ARG_ENABLE(webServer, AC_ARG_ENABLE([webServer],
[ --enable-webServer Enable Web Server (default: disabled)], [ --enable-webServer Enable Web Server (default: disabled)],
[ ENABLED_WEBSERVER=$enableval ], [ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ] [ ENABLED_WEBSERVER=no ]
@ -526,7 +526,7 @@ fi
# No Filesystem Build # No Filesystem Build
AC_ARG_ENABLE(noFilesystem, AC_ARG_ENABLE([noFilesystem],
[ --enable-noFilesystem Enable No Filesystem (default: disabled)], [ --enable-noFilesystem Enable No Filesystem (default: disabled)],
[ ENABLED_NOFILESYSTEM=$enableval ], [ ENABLED_NOFILESYSTEM=$enableval ],
[ ENABLED_NOFILESYSTEM=no ] [ ENABLED_NOFILESYSTEM=no ]
@ -539,7 +539,7 @@ fi
# No inline Build # No inline Build
AC_ARG_ENABLE(noInline, AC_ARG_ENABLE([noInline],
[ --enable-noInline Enable No inline (default: disabled)], [ --enable-noInline Enable No inline (default: disabled)],
[ ENABLED_NOINLINE=$enableval ], [ ENABLED_NOINLINE=$enableval ],
[ ENABLED_NOINLINE=no ] [ ENABLED_NOINLINE=no ]
@ -554,7 +554,7 @@ AM_CONDITIONAL([BUILD_NOINLINE], [test "x$ENABLED_NOINLINE" = "xyes"])
# ECC # ECC
AC_ARG_ENABLE(ecc, AC_ARG_ENABLE([ecc],
[ --enable-ecc Enable ECC (default: disabled)], [ --enable-ecc Enable ECC (default: disabled)],
[ ENABLED_ECC=$enableval ], [ ENABLED_ECC=$enableval ],
[ ENABLED_ECC=no ] [ ENABLED_ECC=no ]
@ -575,7 +575,7 @@ fi
# OCSP # OCSP
AC_ARG_ENABLE(ocsp, AC_ARG_ENABLE([ocsp],
[ --enable-ocsp Enable OCSP (default: disabled)], [ --enable-ocsp Enable OCSP (default: disabled)],
[ ENABLED_OCSP=$enableval ], [ ENABLED_OCSP=$enableval ],
[ ENABLED_OCSP=no ], [ ENABLED_OCSP=no ],
@ -590,7 +590,7 @@ AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
# CRL # CRL
AC_ARG_ENABLE(crl, AC_ARG_ENABLE([crl],
[ --enable-crl Enable CRL (default: disabled)], [ --enable-crl Enable CRL (default: disabled)],
[ ENABLED_CRL=$enableval ], [ ENABLED_CRL=$enableval ],
[ ENABLED_CRL=no ], [ ENABLED_CRL=no ],
@ -605,7 +605,7 @@ AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
# CRL Monitor # CRL Monitor
AC_ARG_ENABLE(crl-monitor, AC_ARG_ENABLE([crl-monitor],
[ --enable-crl-monitor Enable CRL Monitor (default: disabled)], [ --enable-crl-monitor Enable CRL Monitor (default: disabled)],
[ ENABLED_CRL_MONITOR=$enableval ], [ ENABLED_CRL_MONITOR=$enableval ],
[ ENABLED_CRL_MONITOR=no ], [ ENABLED_CRL_MONITOR=no ],
@ -628,7 +628,7 @@ AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
ntruHome=`pwd`/NTRU_algorithm ntruHome=`pwd`/NTRU_algorithm
ntruInclude=$ntruHome/cryptolib ntruInclude=$ntruHome/cryptolib
ntruLib=$ntruHome ntruLib=$ntruHome
AC_ARG_ENABLE(ntru, AC_ARG_ENABLE([ntru],
[ --enable-ntru Enable NTRU (default: disabled)], [ --enable-ntru Enable NTRU (default: disabled)],
[ ENABLED_NTRU=$enableval ], [ ENABLED_NTRU=$enableval ],
[ ENABLED_NTRU=no ] [ ENABLED_NTRU=no ]
@ -650,7 +650,7 @@ fi
#valgrind #valgrind
AC_ARG_ENABLE(valgrind, AC_ARG_ENABLE([valgrind],
[ --enable-valgrind Enable valgrind for unit tests (default: disabled)], [ --enable-valgrind Enable valgrind for unit tests (default: disabled)],
[ ENABLED_VALGRIND=$enableval ], [ ENABLED_VALGRIND=$enableval ],
[ ENABLED_VALGRIND=no ] [ ENABLED_VALGRIND=no ]
@ -658,7 +658,7 @@ AC_ARG_ENABLE(valgrind,
if test "$ENABLED_VALGRIND" = "yes" if test "$ENABLED_VALGRIND" = "yes"
then then
AC_CHECK_PROG(HAVE_VALGRIND,valgrind,yes,no) AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
if [["$HAVE_VALGRIND" = "no" ]]; then if [["$HAVE_VALGRIND" = "no" ]]; then
AC_MSG_ERROR([Valgrind not found.]) AC_MSG_ERROR([Valgrind not found.])
@ -670,7 +670,7 @@ AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"])
# Test certs, use internal cert functions for extra testing # Test certs, use internal cert functions for extra testing
AC_ARG_ENABLE(testcert, AC_ARG_ENABLE([testcert],
[ --enable-testcert Enable Test Cert (default: disabled)], [ --enable-testcert Enable Test Cert (default: disabled)],
[ ENABLED_TESTCERT=$enableval ], [ ENABLED_TESTCERT=$enableval ],
[ ENABLED_TESTCERT=no ] [ ENABLED_TESTCERT=no ]
@ -683,7 +683,7 @@ fi
# Enable Examples, used to disable examples # Enable Examples, used to disable examples
AC_ARG_ENABLE(examples, AC_ARG_ENABLE([examples],
[ --enable-examples Enable Examples (default: enabled)], [ --enable-examples Enable Examples (default: enabled)],
[ ENABLED_EXAMPLES=$enableval ], [ ENABLED_EXAMPLES=$enableval ],
[ ENABLED_EXAMPLES=yes ] [ ENABLED_EXAMPLES=yes ]
@ -694,7 +694,7 @@ AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])
# LIBZ # LIBZ
trylibzdir="" trylibzdir=""
AC_ARG_WITH(libz, AC_ARG_WITH([libz],
[ --with-libz=PATH PATH to libz install (default /usr/) ], [ --with-libz=PATH PATH to libz install (default /usr/) ],
[ [
AC_MSG_CHECKING([for libz]) AC_MSG_CHECKING([for libz])
@ -750,7 +750,7 @@ fi
LIB_SOCKET_NSL LIB_SOCKET_NSL
AC_ARG_ENABLE(gcc-hardening, AC_ARG_ENABLE([gcc-hardening],
AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default: disabled)), AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default: disabled)),
[if test x$enableval = xyes; then [if test x$enableval = xyes; then
AM_CFLAGS="$AM_CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" AM_CFLAGS="$AM_CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"

4
ctaocrypt/benchmark/benchmark.c
View File

@ -511,6 +511,10 @@ void bench_dh(void)
bytes = fread(tmp, 1, sizeof(tmp), file); bytes = fread(tmp, 1, sizeof(tmp), file);
InitDhKey(&dhKey); InitDhKey(&dhKey);
bytes = DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes); bytes = DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes);
if (bytes != 0) {
printf("dhekydecode failed, can't benchmark\n");
return;
}
start = current_time(); start = current_time();

3
ctaocrypt/src/asn.c
View File

@ -2079,6 +2079,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
typeH = SHA256h; typeH = SHA256h;
digestSz = SHA256_DIGEST_SIZE; digestSz = SHA256_DIGEST_SIZE;
} }
break;
#endif #endif
#ifdef CYASSL_SHA512 #ifdef CYASSL_SHA512
case CTC_SHA512wRSA: case CTC_SHA512wRSA:
@ -2091,6 +2092,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
typeH = SHA512h; typeH = SHA512h;
digestSz = SHA512_DIGEST_SIZE; digestSz = SHA512_DIGEST_SIZE;
} }
break;
#endif #endif
#ifdef CYASSL_SHA384 #ifdef CYASSL_SHA384
case CTC_SHA384wRSA: case CTC_SHA384wRSA:
@ -2103,6 +2105,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
typeH = SHA384h; typeH = SHA384h;
digestSz = SHA384_DIGEST_SIZE; digestSz = SHA384_DIGEST_SIZE;
} }
break;
#endif #endif
default: default:
CYASSL_MSG("Verify Signautre has unsupported type"); CYASSL_MSG("Verify Signautre has unsupported type");

16
ctaocrypt/test/test.c
View File

@ -1708,6 +1708,8 @@ int rsa_test(void)
if (ret != 0) return -491; if (ret != 0) return -491;
FreeDecodedCert(&cert); FreeDecodedCert(&cert);
#else
(void)bytes;
#endif #endif
fclose(file2); fclose(file2);
@ -2092,12 +2094,12 @@ int dh_test(void)
return -53; return -53;
ret = DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz); ret = DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
ret = DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2); ret += DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2);
if (ret != 0) if (ret != 0)
return -54; return -54;
ret = DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2); ret = DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
ret = DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); ret += DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
if (ret != 0) if (ret != 0)
return -55; return -55;
@ -2420,14 +2422,20 @@ int pkcs12_test(void)
int ret = PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations, int ret = PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations,
kLen, SHA, id); kLen, SHA, id);
if ( (ret = memcmp(derived, verify, kLen)) != 0) if (ret < 0)
return -103; return -103;
if ( (ret = memcmp(derived, verify, kLen)) != 0)
return -104;
iterations = 1000; iterations = 1000;
ret = PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations, ret = PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations,
kLen, SHA, id); kLen, SHA, id);
if (ret < 0)
return -105;
if ( (ret = memcmp(derived, verify2, 24)) != 0) if ( (ret = memcmp(derived, verify2, 24)) != 0)
return -104; return -106;
return 0; return 0;
} }

20
cyassl/test.h
View File

@ -822,9 +822,17 @@ static INLINE void ChangeDirBack(int x)
static INLINE int CurrentDir(const char* str) static INLINE int CurrentDir(const char* str)
{ {
char path[MAX_PATH]; char path[MAX_PATH];
char* baseName;
GetCurrentDirectoryA(sizeof(path), path); GetCurrentDirectoryA(sizeof(path), path);
if (strstr(path, str))
baseName = strrchr(path, '\\');
if (baseName)
baseName++;
else
baseName = path;
if (strstr(baseName, str))
return 1; return 1;
return 0; return 0;
@ -860,12 +868,20 @@ static INLINE void ChangeDirBack(int x)
static INLINE int CurrentDir(const char* str) static INLINE int CurrentDir(const char* str)
{ {
char path[MAX_PATH]; char path[MAX_PATH];
char* baseName;
if (getcwd(path, sizeof(path)) == NULL) { if (getcwd(path, sizeof(path)) == NULL) {
printf("no current dir?\n"); printf("no current dir?\n");
return 0; return 0;
} }
if (strstr(path, str))
baseName = strrchr(path, '/');
if (baseName)
baseName++;
else
baseName = path;
if (strstr(baseName, str))
return 1; return 1;
return 0; return 0;

4
cyassl/version.h
View File

@ -26,8 +26,8 @@
extern "C" { extern "C" {
#endif #endif
#define LIBCYASSL_VERSION_STRING "2.4.2" #define LIBCYASSL_VERSION_STRING "2.4.4"
#define LIBCYASSL_VERSION_HEX 0x02004002 #define LIBCYASSL_VERSION_HEX 0x02004004
#ifdef __cplusplus #ifdef __cplusplus
} }

2
examples/client/client.c
View File

@ -232,8 +232,6 @@ void client_test(void* args)
} }
} }
argc -= myoptind;
argv += myoptind;
myoptind = 0; /* reset for test cases */ myoptind = 0; /* reset for test cases */
switch (version) { switch (version) {

2
examples/server/server.c
View File

@ -200,8 +200,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
} }
} }
argc -= myoptind;
argv += myoptind;
myoptind = 0; /* reset for test cases */ myoptind = 0; /* reset for test cases */
switch (version) { switch (version) {

15
src/internal.c
View File

@ -7257,13 +7257,13 @@ int SetCipherList(Suites* s, const char* list)
ssl->options.haveSessionId = 1; ssl->options.haveSessionId = 1;
/* DoClientHello uses same resume code */ /* DoClientHello uses same resume code */
while (ssl->options.resuming) { /* let's try */ if (ssl->options.resuming) { /* let's try */
int ret; int ret;
CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret); CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
if (!session) { if (!session) {
CYASSL_MSG("Session lookup for resume failed");
ssl->options.resuming = 0; ssl->options.resuming = 0;
break; /* session lookup failed */ } else {
}
if (MatchSuite(ssl, &clSuites) < 0) { if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, OldClientHello"); CYASSL_MSG("Unsupported cipher suite, OldClientHello");
return UNSUPPORTED_SUITE; return UNSUPPORTED_SUITE;
@ -7282,6 +7282,7 @@ int SetCipherList(Suites* s, const char* list)
return ret; return ret;
} }
}
return MatchSuite(ssl, &clSuites); return MatchSuite(ssl, &clSuites);
} }
@ -7429,14 +7430,13 @@ int SetCipherList(Suites* s, const char* list)
ssl->options.haveSessionId = 1; ssl->options.haveSessionId = 1;
/* ProcessOld uses same resume code */ /* ProcessOld uses same resume code */
while (ssl->options.resuming) { /* let's try */ if (ssl->options.resuming) { /* let's try */
int ret; int ret;
CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret); CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
if (!session) { if (!session) {
ssl->options.resuming = 0;
CYASSL_MSG("Session lookup for resume failed"); CYASSL_MSG("Session lookup for resume failed");
break; /* session lookup failed */ ssl->options.resuming = 0;
} } else {
if (MatchSuite(ssl, &clSuites) < 0) { if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, ClientHello"); CYASSL_MSG("Unsupported cipher suite, ClientHello");
return UNSUPPORTED_SUITE; return UNSUPPORTED_SUITE;
@ -7455,6 +7455,7 @@ int SetCipherList(Suites* s, const char* list)
return ret; return ret;
} }
}
return MatchSuite(ssl, &clSuites); return MatchSuite(ssl, &clSuites);
} }

2
src/sniffer.c
View File

@ -2275,7 +2275,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
const byte* sslBegin = sslFrame; const byte* sslBegin = sslFrame;
const byte* tmp; const byte* tmp;
RecordLayerHeader rh; RecordLayerHeader rh;
int rhSize; int rhSize = 0;
int ret; int ret;
int decoded = 0; /* bytes stored for user in data */ int decoded = 0; /* bytes stored for user in data */
int notEnough; /* notEnough bytes yet flag */ int notEnough; /* notEnough bytes yet flag */

66
src/ssl.c
View File

@ -1128,8 +1128,10 @@ int CyaSSL_Init(void)
{ {
EncryptedInfo info; EncryptedInfo info;
buffer der; /* holds DER or RAW (for NTRU) */ buffer der; /* holds DER or RAW (for NTRU) */
int ret;
int dynamicType = 0; int dynamicType = 0;
int eccKey = 0; int eccKey = 0;
void* heap = ctx ? ctx->heap : NULL;
info.set = 0; info.set = 0;
info.ctx = ctx; info.ctx = ctx;
@ -1153,9 +1155,9 @@ int CyaSSL_Init(void)
dynamicType = DYNAMIC_TYPE_KEY; dynamicType = DYNAMIC_TYPE_KEY;
if (format == SSL_FILETYPE_PEM) { if (format == SSL_FILETYPE_PEM) {
int ret = PemToDer(buff, sz, type, &der, ctx->heap, &info, &eccKey); ret = PemToDer(buff, sz, type, &der, heap, &info, &eccKey);
if (ret < 0) { if (ret < 0) {
XFREE(der.buffer, ctx->heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return ret; return ret;
} }
if (used) if (used)
@ -1174,10 +1176,10 @@ int CyaSSL_Init(void)
CYASSL_MSG("Growing Tmp Chain Buffer"); CYASSL_MSG("Growing Tmp Chain Buffer");
bufferSz = (word32)(sz - consumed); bufferSz = (word32)(sz - consumed);
/* will shrink to actual size */ /* will shrink to actual size */
chainBuffer = (byte*)XMALLOC(bufferSz, ctx->heap, chainBuffer = (byte*)XMALLOC(bufferSz, heap,
DYNAMIC_TYPE_FILE); DYNAMIC_TYPE_FILE);
if (chainBuffer == NULL) { if (chainBuffer == NULL) {
XFREE(der.buffer, ctx->heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return MEMORY_E; return MEMORY_E;
} }
dynamicBuffer = 1; dynamicBuffer = 1;
@ -1190,7 +1192,7 @@ int CyaSSL_Init(void)
part.buffer = 0; part.buffer = 0;
ret = PemToDer(buff + consumed, sz - consumed, type, &part, ret = PemToDer(buff + consumed, sz - consumed, type, &part,
ctx->heap, &info, &eccKey); heap, &info, &eccKey);
if (ret == 0) { if (ret == 0) {
gotOne = 1; gotOne = 1;
if ( (idx + part.length) > bufferSz) { if ( (idx + part.length) > bufferSz) {
@ -1208,38 +1210,42 @@ int CyaSSL_Init(void)
} }
} }
XFREE(part.buffer, ctx->heap, dynamicType); XFREE(part.buffer, heap, dynamicType);
if (ret == SSL_NO_PEM_HEADER && gotOne) { if (ret == SSL_NO_PEM_HEADER && gotOne) {
CYASSL_MSG("We got one good PEM so stuff at end ok"); CYASSL_MSG("We got one good PEM so stuff at end ok");
ret = 0;
break; break;
} }
if (ret < 0) { if (ret < 0) {
CYASSL_MSG(" Error in Cert in Chain"); CYASSL_MSG(" Error in Cert in Chain");
XFREE(der.buffer, ctx->heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return ret; return ret;
} }
CYASSL_MSG(" Consumed another Cert in Chain"); CYASSL_MSG(" Consumed another Cert in Chain");
} }
CYASSL_MSG("Finished Processing Cert Chain"); CYASSL_MSG("Finished Processing Cert Chain");
ctx->certChain.buffer = (byte*)XMALLOC(idx, ctx->heap,
if (ctx == NULL) {
CYASSL_MSG("certChain needs context");
return BAD_FUNC_ARG;
}
ctx->certChain.buffer = (byte*)XMALLOC(idx, heap,
dynamicType); dynamicType);
if (ctx->certChain.buffer) { if (ctx->certChain.buffer) {
ctx->certChain.length = idx; ctx->certChain.length = idx;
XMEMCPY(ctx->certChain.buffer, chainBuffer, idx); XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
} }
if (dynamicBuffer) if (dynamicBuffer)
XFREE(chainBuffer, ctx->heap, DYNAMIC_TYPE_FILE); XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
if (ctx->certChain.buffer == NULL) { if (ctx->certChain.buffer == NULL) {
XFREE(der.buffer, ctx->heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return MEMORY_E; return MEMORY_E;
} }
} }
} }
else { /* ASN1 (DER) or RAW (NTRU) */ else { /* ASN1 (DER) or RAW (NTRU) */
der.buffer = (byte*) XMALLOC(sz, ctx->heap, dynamicType); der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
if (!der.buffer) return MEMORY_ERROR; if (!der.buffer) return MEMORY_ERROR;
XMEMCPY(der.buffer, buff, sz); XMEMCPY(der.buffer, buff, sz);
der.length = (word32)sz; der.length = (word32)sz;
@ -1250,19 +1256,18 @@ int CyaSSL_Init(void)
/* decrypt */ /* decrypt */
char password[80]; char password[80];
int passwordSz; int passwordSz;
int ret;
byte key[AES_256_KEY_SIZE]; byte key[AES_256_KEY_SIZE];
byte iv[AES_IV_SIZE]; byte iv[AES_IV_SIZE];
if (!ctx->passwd_cb) { if (!ctx || !ctx->passwd_cb) {
XFREE(der.buffer, ctx->heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return NO_PASSWORD; return NO_PASSWORD;
} }
/* use file's salt for key derivation, hex decode first */ /* use file's salt for key derivation, hex decode first */
if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) { if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) {
XFREE(der.buffer, ctx->heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return ASN_INPUT_E; return ASN_INPUT_E;
} }
@ -1270,7 +1275,7 @@ int CyaSSL_Init(void)
ctx->userdata); ctx->userdata);
if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv, if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv,
(byte*)password, passwordSz, 1, key, iv)) <= 0) { (byte*)password, passwordSz, 1, key, iv)) <= 0) {
XFREE(der.buffer, ctx->heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return ret; return ret;
} }
@ -1300,44 +1305,50 @@ int CyaSSL_Init(void)
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length);
} }
else { else {
XFREE(der.buffer, ctx->heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return SSL_BAD_FILE; return SSL_BAD_FILE;
} }
} }
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
if (type == CA_TYPE) if (type == CA_TYPE) {
if (ctx == NULL) {
CYASSL_MSG("Need context for CA load");
XFREE(der.buffer, heap, dynamicType);
return BAD_FUNC_ARG;
}
return AddCA(ctx->cm, der, CYASSL_USER_CA, ctx->verifyPeer); return AddCA(ctx->cm, der, CYASSL_USER_CA, ctx->verifyPeer);
/* takes der over */ /* takes der over */
}
else if (type == CERT_TYPE) { else if (type == CERT_TYPE) {
if (ssl) { if (ssl) {
if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer) if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
XFREE(ssl->buffers.certificate.buffer, ctx->heap, XFREE(ssl->buffers.certificate.buffer, heap,
dynamicType); dynamicType);
ssl->buffers.certificate = der; ssl->buffers.certificate = der;
ssl->buffers.weOwnCert = 1; ssl->buffers.weOwnCert = 1;
} }
else { else if (ctx) {
if (ctx->certificate.buffer) if (ctx->certificate.buffer)
XFREE(ctx->certificate.buffer, ctx->heap, dynamicType); XFREE(ctx->certificate.buffer, heap, dynamicType);
ctx->certificate = der; /* takes der over */ ctx->certificate = der; /* takes der over */
} }
} }
else if (type == PRIVATEKEY_TYPE) { else if (type == PRIVATEKEY_TYPE) {
if (ssl) { if (ssl) {
if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer) if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
XFREE(ssl->buffers.key.buffer, ctx->heap, dynamicType); XFREE(ssl->buffers.key.buffer, heap, dynamicType);
ssl->buffers.key = der; ssl->buffers.key = der;
ssl->buffers.weOwnKey = 1; ssl->buffers.weOwnKey = 1;
} }
else { else if (ctx) {
if (ctx->privateKey.buffer) if (ctx->privateKey.buffer)
XFREE(ctx->privateKey.buffer, ctx->heap, dynamicType); XFREE(ctx->privateKey.buffer, heap, dynamicType);
ctx->privateKey = der; /* takes der over */ ctx->privateKey = der; /* takes der over */
} }
} }
else { else {
XFREE(der.buffer, ctx->heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return SSL_BAD_CERTTYPE; return SSL_BAD_CERTTYPE;
} }
@ -1384,7 +1395,7 @@ int CyaSSL_Init(void)
DecodedCert cert; DecodedCert cert;
CYASSL_MSG("Checking cert signature type"); CYASSL_MSG("Checking cert signature type");
InitDecodedCert(&cert, der.buffer, der.length, ctx->heap); InitDecodedCert(&cert, der.buffer, der.length, heap);
if (DecodeToKey(&cert, 0) < 0) { if (DecodeToKey(&cert, 0) < 0) {
CYASSL_MSG("Decode to key failed"); CYASSL_MSG("Decode to key failed");
@ -1396,6 +1407,7 @@ int CyaSSL_Init(void)
case CTC_SHA384wECDSA: case CTC_SHA384wECDSA:
case CTC_SHA512wECDSA: case CTC_SHA512wECDSA:
CYASSL_MSG("ECDSA cert signature"); CYASSL_MSG("ECDSA cert signature");
if (ctx)
ctx->haveECDSAsig = 1; ctx->haveECDSAsig = 1;
if (ssl) if (ssl)
ssl->options.haveECDSAsig = 1; ssl->options.haveECDSAsig = 1;