Merge branch 'master' of github.com:cyassl/cyassl

warning.

README

@@ -34,7 +34,17 @@ before calling SSL_new();  Though it's not recommended.
 
 *** end Notes ***
 
-CyaSSL Release 3.3.0 (12/05/2014)
+
+CyaSSL Release 3.3.2 (01/07/2015)
+
+Release 3.3.2 CyaSSL has bug fixes and new features including:
+
+- Improvements in the build configuration under AIX.
+- Various compile warnings.
+- Changed a memcpy to memmove in the sniffer.
+
+
+***********CyaSSL Release 3.3.0 (12/05/2014)
 
 - Countermeasuers for Handshake message duplicates, CHANGE CIPHER without
   FINISHED, and fast forward attempts.  Thanks to Karthikeyan Bhargavan from

README.md

@@ -36,6 +36,15 @@ before calling SSL_new();  Though it's not recommended.
 ```
 
 
+# CyaSSL Release 3.3.2 (01/07/2015)
+
+## Release 3.3.2 CyaSSL has bug fixes and new features including:
+
+- Improvements in the build configuration under AIX.
+- Various compile warnings.
+- Changed a memcpy to memmove in the sniffer.
+
+
 # CyaSSL Release 3.3.0 (12/05/2014)
 
 - Countermeasuers for Handshake message duplicates, CHANGE CIPHER without

configure.ac

@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([cyassl],[3.3.0],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com])
+AC_INIT([cyassl],[3.3.2],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 

ctaocrypt/src/random.c

@@ -232,7 +232,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
             return DRBG_FAILURE;
         }
 
-        checkBlock = *(word32*)drbg->digest;
+        XMEMCPY(&checkBlock, drbg->digest, sizeof(word32));
         if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) {
             if (drbg->matchCount == 1) {
                 return DRBG_CONT_FAILURE;

cyassl/ctaocrypt/misc.h

@@ -44,7 +44,7 @@ CYASSL_LOCAL
 void   ByteReverseWords(word32*, const word32*, word32);
 
 CYASSL_LOCAL
-void XorWords(word*, const word*, word32);
+void XorWords(cyassl_word*, const cyassl_word*, word32);
 CYASSL_LOCAL
 void xorbuf(void*, const void*, word32);
 

cyassl/version.h

@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBCYASSL_VERSION_STRING "3.3.0"
-#define LIBCYASSL_VERSION_HEX 0x03003000
+#define LIBCYASSL_VERSION_STRING "3.3.2"
+#define LIBCYASSL_VERSION_HEX 0x03003002
 
 #ifdef __cplusplus
 }

m4/ax_am_jobserver.m4

@@ -33,7 +33,7 @@
 #   and this notice are preserved. This file is offered as-is, without any
 #   warranty.
 
-#serial 7
+#serial 7.1
 
 AC_DEFUN([AX_AM_JOBSERVER], [
     AC_REQUIRE([AX_COUNT_CPUS])

m4/ax_harden_compiler_flags.m4

@@ -62,10 +62,9 @@
 # AX_APPEND_COMPILE_FLAGS([-floop-parallelize-all],,[$ax_append_compile_cflags_extra]) -- causes RSA verify problem on x64
 # AX_APPEND_COMPILE_FLAGS([-Wunreachable-code],,[$ax_append_compile_cflags_extra])  -- older clang and when gcc had it are buggy
 
-#serial 4
+#serial 4.1
 
   AC_DEFUN([AX_HARDEN_LINKER_FLAGS], [
-      AC_REQUIRE([AX_CHECK_LINK_FLAG])
       AC_REQUIRE([AX_VCS_CHECKOUT])
       AC_REQUIRE([AX_DEBUG])
 
@@ -94,7 +93,6 @@
       ])
 
   AC_DEFUN([AX_HARDEN_CC_COMPILER_FLAGS], [
-      AC_REQUIRE([AX_APPEND_COMPILE_FLAGS])
       AC_REQUIRE([AX_HARDEN_LINKER_FLAGS])
 
       AC_LANG_PUSH([C])
@@ -229,7 +227,6 @@
       ])
 
   AC_DEFUN([AX_CC_OTHER_FLAGS], [
-      AC_REQUIRE([AX_APPEND_COMPILE_FLAGS])
       AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS])
 
       AC_LANG_PUSH([C])

src/keys.c

@@ -2325,8 +2325,8 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
 int SetKeysSide(CYASSL* ssl, enum encrypt_side side)
 {
     int devId = NO_CAVIUM_DEVICE, ret, copy = 0;
-    Ciphers* encrypt = NULL;
-    Ciphers* decrypt = NULL;
+    Ciphers* enc = NULL;
+    Ciphers* dec = NULL;
     Keys*    keys    = &ssl->keys;
 
     (void)copy;
@@ -2344,16 +2344,16 @@ int SetKeysSide(CYASSL* ssl, enum encrypt_side side)
 
     switch (side) {
         case ENCRYPT_SIDE_ONLY:
-            encrypt = &ssl->encrypt;
+            enc = &ssl->encrypt;
             break;
 
         case DECRYPT_SIDE_ONLY:
-            decrypt = &ssl->decrypt;
+            dec = &ssl->decrypt;
             break;
 
         case ENCRYPT_AND_DECRYPT_SIDE:
-            encrypt = &ssl->encrypt;
-            decrypt = &ssl->decrypt;
+            enc = &ssl->encrypt;
+            dec = &ssl->decrypt;
             break;
 
         default:
@@ -2368,16 +2368,16 @@ int SetKeysSide(CYASSL* ssl, enum encrypt_side side)
     }
 #endif
 
-    ret = SetKeys(encrypt, decrypt, keys, &ssl->specs, ssl->options.side,
+    ret = SetKeys(enc, dec, keys, &ssl->specs, ssl->options.side,
                   ssl->heap, devId);
 
 #ifdef HAVE_SECURE_RENEGOTIATION
     if (copy) {
         int clientCopy = 0;
 
-        if (ssl->options.side == CYASSL_CLIENT_END && encrypt)
+        if (ssl->options.side == CYASSL_CLIENT_END && enc)
             clientCopy = 1;
-        else if (ssl->options.side == CYASSL_SERVER_END && decrypt)
+        else if (ssl->options.side == CYASSL_SERVER_END && dec)
             clientCopy = 1;
 
         if (clientCopy) {
@@ -2395,7 +2395,7 @@ int SetKeysSide(CYASSL* ssl, enum encrypt_side side)
             XMEMCPY(ssl->keys.server_write_IV,
                     keys->server_write_IV, AES_IV_SIZE);
         }
-        if (encrypt) {
+        if (enc) {
             ssl->keys.sequence_number = keys->sequence_number;
             #ifdef HAVE_AEAD
                 if (ssl->specs.cipher_type == aead) {
@@ -2405,7 +2405,7 @@ int SetKeysSide(CYASSL* ssl, enum encrypt_side side)
                 }
             #endif
         }
-        if (decrypt)
+        if (dec)
             ssl->keys.peer_sequence_number = keys->peer_sequence_number;
         ssl->secure_renegotiation->cache_status++;
     }

src/sniffer.c

@@ -2673,7 +2673,7 @@ doMessage:
                     return -1;
                 }
             }
-            XMEMCPY(ssl->buffers.inputBuffer.buffer, sslFrame, sslBytes);
+            XMEMMOVE(ssl->buffers.inputBuffer.buffer, sslFrame, sslBytes);
             ssl->buffers.inputBuffer.length = sslBytes;
         }
         if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error))

sslSniffer/sslSnifferTest/snifftest.c

@@ -44,8 +44,8 @@ int main(void)
 /* do a full build */
 
 #ifdef _MSC_VER
-	/* builds on *nix too, for scanf device and port */
-	#define _CRT_SECURE_NO_WARNINGS
+    /* builds on *nix too, for scanf device and port */
+    #define _CRT_SECURE_NO_WARNINGS
 #endif
 
 #include <pcap/pcap.h>     /* pcap stuff */
@@ -53,6 +53,7 @@ int main(void)
 #include <stdlib.h>        /* EXIT_SUCCESS */
 #include <string.h>        /* strcmp */
 #include <signal.h>        /* signal */
+#include <sys/socket.h>    /* AF_INET */
 
 #include <cyassl/sniffer.h>
 
@@ -95,44 +96,44 @@ static void sig_handler(const int sig)
 
 static void err_sys(const char* msg)
 {
-	fprintf(stderr, "%s\n", msg);
+    fprintf(stderr, "%s\n", msg);
     if (msg)
-	    exit(EXIT_FAILURE);
+        exit(EXIT_FAILURE);
 }
 
 
 #ifdef _WIN32
-	#define SNPRINTF _snprintf
+    #define SNPRINTF _snprintf
 #else
-	#define SNPRINTF snprintf
+    #define SNPRINTF snprintf
 #endif
 
 
 static char* iptos(unsigned int addr)
 {
-	static char    output[32];
-	byte *p = (byte*)&addr;
+    static char    output[32];
+    byte *p = (byte*)&addr;
 
-	SNPRINTF(output, sizeof(output), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+    SNPRINTF(output, sizeof(output), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
 
-	return output;
+    return output;
 }
 
 
 int main(int argc, char** argv)
 {
     int          ret = 0;
-	int		     inum;
-	int		     port;
+    int             inum;
+    int             port;
     int          saveFile = 0;
-	int		     i = 0;
+    int             i = 0;
     int          frame = ETHER_IF_FRAME_LEN; 
     char         err[PCAP_ERRBUF_SIZE];
-	char         filter[32];
-	const char  *server = NULL;
-	struct       bpf_program fp;
-	pcap_if_t   *d;
-	pcap_addr_t *a;
+    char         filter[32];
+    const char  *server = NULL;
+    struct       bpf_program fp;
+    pcap_if_t   *d;
+    pcap_addr_t *a;
 
     signal(SIGINT, sig_handler);
 
@@ -144,52 +145,52 @@ int main(int argc, char** argv)
     if (argc == 1) {
         /* normal case, user chooses device and port */
 
-	    if (pcap_findalldevs(&alldevs, err) == -1)
-		    err_sys("Error in pcap_findalldevs");
+        if (pcap_findalldevs(&alldevs, err) == -1)
+            err_sys("Error in pcap_findalldevs");
 
-	    for (d = alldevs; d; d=d->next) {
-		    printf("%d. %s", ++i, d->name);
-		    if (d->description)
-			    printf(" (%s)\n", d->description);
-		    else
-			    printf(" (No description available)\n");
-	    }
+        for (d = alldevs; d; d=d->next) {
+            printf("%d. %s", ++i, d->name);
+            if (d->description)
+                printf(" (%s)\n", d->description);
+            else
+                printf(" (No description available)\n");
+        }
 
-	    if (i == 0)
-		    err_sys("No interfaces found! Make sure pcap or WinPcap is"
+        if (i == 0)
+            err_sys("No interfaces found! Make sure pcap or WinPcap is"
                     " installed correctly and you have sufficient permissions");
 
-	    printf("Enter the interface number (1-%d): ", i);
-	    ret = scanf("%d", &inum);
+        printf("Enter the interface number (1-%d): ", i);
+        ret = scanf("%d", &inum);
         if (ret != 1)
             printf("scanf port failed\n");
 
-	    if (inum < 1 || inum > i)
-		    err_sys("Interface number out of range");
+        if (inum < 1 || inum > i)
+            err_sys("Interface number out of range");
 
-	    /* Jump to the selected adapter */
-	    for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
+        /* Jump to the selected adapter */
+        for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
 
-	    pcap = pcap_create(d->name, err);
+        pcap = pcap_create(d->name, err);
 
         if (pcap == NULL) printf("pcap_create failed %s\n", err);
 
-	    /* get an IPv4 address */
-	    for (a = d->addresses; a; a = a->next) {
-		    switch(a->addr->sa_family)
-		    {
-			    case AF_INET:
-				    server = 
+        /* get an IPv4 address */
+        for (a = d->addresses; a; a = a->next) {
+            switch(a->addr->sa_family)
+            {
+                case AF_INET:
+                    server =
                         iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr);
-				    printf("server = %s\n", server);
-				    break;
+                    printf("server = %s\n", server);
+                    break;
 
                 default:
                     break;
-		    }
-	    }
-	    if (server == NULL)
-		    err_sys("Unable to get device IPv4 address");
+            }
+        }
+        if (server == NULL)
+            err_sys("Unable to get device IPv4 address");
 
         ret = pcap_set_snaplen(pcap, 65536);
         if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
@@ -199,7 +200,7 @@ int main(int argc, char** argv)
 
         ret = pcap_set_buffer_size(pcap, 1000000); 
         if (ret != 0)
-		    printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap));
+            printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap));
 
         ret = pcap_set_promisc(pcap, 1); 
         if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap));
@@ -208,14 +209,14 @@ int main(int argc, char** argv)
         ret = pcap_activate(pcap);
         if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap));
 
-	    printf("Enter the port to scan: ");
-	    ret = scanf("%d", &port);
+        printf("Enter the port to scan: ");
+        ret = scanf("%d", &port);
         if (ret != 1)
             printf("scanf port failed\n");
 
-	    SNPRINTF(filter, sizeof(filter), "tcp and port %d", port);
+        SNPRINTF(filter, sizeof(filter), "tcp and port %d", port);
 
-	    ret = pcap_compile(pcap, &fp, filter, 0, 0);
+        ret = pcap_compile(pcap, &fp, filter, 0, 0);
         if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap));
 
         ret = pcap_setfilter(pcap, &fp);
@@ -295,8 +296,8 @@ int main(int argc, char** argv)
             byte data[65535+16384];  /* may have a partial 16k record cached */
 
             if (header.caplen > 40)  { /* min ip(20) + min tcp(20) */
-				packet        += frame;
-				header.caplen -= frame;					
+                packet        += frame;
+                header.caplen -= frame;
             }
             else
                 continue;
@@ -306,7 +307,7 @@ int main(int argc, char** argv)
                 printf("ssl_Decode ret = %d, %s\n", ret, err);
             if (ret > 0) {
                 data[ret] = 0;
-				printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data);
+                printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data);
             }
         }
         else if (saveFile)