From a453ccba575a9ada523db8c879eaba5d994f37d0 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 21 Jan 2013 10:53:42 -0800 Subject: [PATCH 01/52] Added TLS support for Camellia --- cyassl/internal.h | 41 +++++- examples/client/client.c | 6 +- examples/server/server.c | 6 +- src/internal.c | 164 ++++++++++++++++++++++- src/keys.c | 159 +++++++++++++++++++++++ src/ssl.c | 16 +++ tests/suites.c | 22 ++++ tests/test-camellia-openssl.conf | 216 +++++++++++++++++++++++++++++++ tests/test-camellia.conf | 216 +++++++++++++++++++++++++++++++ 9 files changed, 837 insertions(+), 9 deletions(-) create mode 100644 tests/test-camellia-openssl.conf create mode 100644 tests/test-camellia.conf diff --git a/cyassl/internal.h b/cyassl/internal.h index 45eba0a69..ac3a9c9bc 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -34,6 +34,7 @@ #include #include #include +#include #include #ifndef NO_RC4 #include @@ -168,6 +169,25 @@ void c32to24(word32 in, word24 out); #endif #endif +#if defined(HAVE_CAMELLIA) && !defined(NO_TLS) + #ifndef NO_RSA + #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + #ifndef NO_SHA256 + #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + #endif + #if !defined(NO_DH) && defined(OPENSSL_EXTRA) + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + #ifndef NO_SHA256 + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + #endif + #endif + #endif +#endif + #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA @@ -368,7 +388,17 @@ enum { * there will be second byte number conflicts * with non-ECC AES-GCM */ TLS_RSA_WITH_AES_128_CCM_8_SHA256 = 0xa0, - TLS_RSA_WITH_AES_256_CCM_8_SHA384 = 0xa1 + TLS_RSA_WITH_AES_256_CCM_8_SHA384 = 0xa1, + + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4 + }; @@ -487,6 +517,11 @@ enum Misc { AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */ AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ, + CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ + CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ + CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ + CAMELLIA_IV_SIZE = 16, /* always block size */ + HC_128_KEY_SIZE = 16, /* 128 bits */ HC_128_IV_SIZE = 16, /* also 128 bits */ @@ -981,6 +1016,7 @@ enum BulkCipherAlgorithm { aes, aes_gcm, aes_ccm, + camellia, hc128, /* CyaSSL extensions */ rabbit }; @@ -1100,6 +1136,9 @@ typedef struct Ciphers { #ifdef BUILD_AES Aes* aes; #endif +#ifdef HAVE_CAMELLIA + Camellia* cam; +#endif #ifdef HAVE_HC128 HC128* hc128; #endif diff --git a/examples/client/client.c b/examples/client/client.c index a6cb574c6..541dfdf06 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -272,7 +272,7 @@ void client_test(void* args) if (cipherList) if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) - err_sys("can't set cipher list"); + err_sys("client can't set cipher list 1"); #ifdef CYASSL_LEANPSK usePsk = 1; @@ -289,7 +289,7 @@ void client_test(void* args) defaultCipherList = "PSK-AES256-CBC-SHA"; #endif if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS) - err_sys("can't set cipher list"); + err_sys("client can't set cipher list 2"); } #endif } @@ -302,7 +302,7 @@ void client_test(void* args) if (cipherList == NULL) { /* don't use EDH, can't sniff tmp keys */ if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) { - err_sys("can't set cipher list"); + err_sys("client can't set cipher list 3"); } } #endif diff --git a/examples/server/server.c b/examples/server/server.c index a69a3175b..662e66f8c 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -240,7 +240,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) if (cipherList) if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) - err_sys("can't set cipher list"); + err_sys("server can't set cipher list 1"); #ifdef CYASSL_LEANPSK usePsk = 1; @@ -285,7 +285,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) defaultCipherList = "PSK-AES256-CBC-SHA"; #endif if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS) - err_sys("can't set cipher list"); + err_sys("server can't set cipher list 2"); } #endif } @@ -308,7 +308,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) /* don't use EDH, can't sniff tmp keys */ if (cipherList == NULL) { if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) - err_sys("can't set cipher list"); + err_sys("server can't set cipher list 3"); } #endif diff --git a/src/internal.c b/src/internal.c index ac0f387bf..310d76077 100644 --- a/src/internal.c +++ b/src/internal.c @@ -471,6 +471,10 @@ void InitCiphers(CYASSL* ssl) ssl->encrypt.aes = NULL; ssl->decrypt.aes = NULL; #endif +#ifdef HAVE_CAMELLIA + ssl->encrypt.cam = NULL; + ssl->decrypt.cam = NULL; +#endif #ifdef HAVE_HC128 ssl->encrypt.hc128 = NULL; ssl->decrypt.hc128 = NULL; @@ -500,6 +504,10 @@ void FreeCiphers(CYASSL* ssl) XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); #endif +#ifdef BUILD_CAMELLIA + XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); +#endif #ifdef HAVE_HC128 XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER); @@ -949,6 +957,62 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + if (tls && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA; + } +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA; + } +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + if (tls && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA; + } +#endif + +#ifdef BUILD_TLS_DHE_WITH_RSA_CAMELLIA_256_CBC_SHA + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA; + } +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + if (tls && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256; + } +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256; + } +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + if (tls && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256; + } +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256; + } +#endif + suites->suiteSz = idx; } @@ -3080,6 +3144,12 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) break; #endif + #ifdef HAVE_CAMELLIA + case camellia: + CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz); + break; + #endif + #ifdef HAVE_HC128 case hc128: #ifdef XSTREAM_ALIGNMENT @@ -3234,6 +3304,12 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, } #endif + #ifdef HAVE_CAMELLIA + case camellia: + CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz); + break; + #endif + #ifdef HAVE_HC128 case hc128: Hc128_Process(ssl->decrypt.hc128, plain, input, sz); @@ -5316,7 +5392,39 @@ const char* const cipher_names[] = #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - "ECDH-ECDSA-AES256-GCM-SHA384" + "ECDH-ECDSA-AES256-GCM-SHA384", +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + "RSA-CAMELLIA128-CBC-SHA", +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + "DHE-RSA-CAMELLIA128-CBC-SHA", +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + "RSA-CAMELLIA256-CBC-SHA", +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + "DHE-RSA-CAMELLIA256-CBC-SHA", +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + "RSA-CAMELLIA128-CBC-SHA256", +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + "DHE-RSA-CAMELLIA128-CBC-SHA256", +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + "RSA-CAMELLIA256-CBC-SHA256", +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + "DHE-RSA-CAMELLIA256-CBC-SHA256" #endif }; @@ -5544,7 +5652,39 @@ int cipher_name_idx[] = #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 #endif }; @@ -7567,6 +7707,26 @@ int SetCipherList(Suites* s, const char* list) return 1; break; + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; + default: CYASSL_MSG("Unsupported cipher suite, CipherRequires"); return 0; diff --git a/src/keys.c b/src/keys.c index 2ab48a93c..7d0d2d680 100644 --- a/src/keys.c +++ b/src/keys.c @@ -970,6 +970,138 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + default: CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs"); return UNSUPPORTED_SUITE; @@ -1227,6 +1359,33 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, } #endif +#ifdef HAVE_CAMELLIA + if (specs->bulk_cipher_algorithm == camellia) { + enc->cam = (Camellia*)XMALLOC(sizeof(Camellia), + heap, DYNAMIC_TYPE_CIPHER); + if (enc->cam == NULL) + return MEMORY_E; + dec->cam = (Camellia*)XMALLOC(sizeof(Camellia), + heap, DYNAMIC_TYPE_CIPHER); + if (dec->cam == NULL) + return MEMORY_E; + if (side == CLIENT_END) { + CamelliaSetKey(enc->cam, keys->client_write_key, + specs->key_size, keys->client_write_IV); + CamelliaSetKey(dec->cam, keys->server_write_key, + specs->key_size, keys->server_write_IV); + } + else { + CamelliaSetKey(enc->cam, keys->server_write_key, + specs->key_size, keys->server_write_IV); + CamelliaSetKey(dec->cam, keys->client_write_key, + specs->key_size, keys->client_write_IV); + } + enc->setup = 1; + dec->setup = 1; + } +#endif + #ifdef HAVE_NULL_CIPHER if (specs->bulk_cipher_algorithm == cipher_null) { enc->setup = 1; diff --git a/src/ssl.c b/src/ssl.c index 2017d3533..62d267928 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5501,6 +5501,22 @@ int CyaSSL_set_compression(CYASSL* ssl) return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"; case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"; + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : + return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"; + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : + return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"; + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"; + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"; + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : + return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"; + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : + return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"; + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"; + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"; default: return "NONE"; } /* switch */ diff --git a/tests/suites.c b/tests/suites.c index bc22cc865..87ac369e8 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -381,6 +381,28 @@ int SuiteTest(void) } #endif +#ifdef HAVE_CAMELLIA + /* add camellia suites */ + strcpy(argv0[1], "tests/test-camellia.conf"); + printf("starting camellia suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + #ifdef OPENSSL_EXTRA + /* add camellia openssl extra suites */ + strcpy(argv0[1], "tests/test-camellia-openssl.conf"); + printf("starting camellia openssl extra suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + + #endif +#endif + #ifdef CYASSL_DTLS /* add dtls extra suites */ strcpy(argv0[1], "tests/test-dtls.conf"); diff --git a/tests/test-camellia-openssl.conf b/tests/test-camellia-openssl.conf new file mode 100644 index 000000000..6406bf158 --- /dev/null +++ b/tests/test-camellia-openssl.conf @@ -0,0 +1,216 @@ +# server TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA +-v 1 +-l DHE-RSA-CAMELLIA128-CBC-SHA + +# client TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA +-v 1 +-l DHE-RSA-CAMELLIA128-CBC-SHA + +# server TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA +-v 1 +-l DHE-RSA-CAMELLIA256-CBC-SHA + +# client TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA +-v 1 +-l DHE-RSA-CAMELLIA256-CBC-SHA + +# server TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA256 +-v 1 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 + +# client TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA256 +-v 1 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 + +# server TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA256 +-v 1 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 + +# client TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA256 +-v 1 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 + +# server TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA +-v 2 +-l DHE-RSA-CAMELLIA128-CBC-SHA + +# client TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA +-v 2 +-l DHE-RSA-CAMELLIA128-CBC-SHA + +# server TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA +-v 2 +-l DHE-RSA-CAMELLIA256-CBC-SHA + +# client TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA +-v 2 +-l DHE-RSA-CAMELLIA256-CBC-SHA + +# server TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA256 +-v 2 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 + +# client TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA256 +-v 2 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 + +# server TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA256 +-v 2 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 + +# client TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA256 +-v 2 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 + +# server TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA +-v 3 +-l DHE-RSA-CAMELLIA128-CBC-SHA + +# client TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA +-v 3 +-l DHE-RSA-CAMELLIA128-CBC-SHA + +# server TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA +-v 3 +-l DHE-RSA-CAMELLIA256-CBC-SHA + +# client TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA +-v 3 +-l DHE-RSA-CAMELLIA256-CBC-SHA + +# server TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 + +# client TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 + +# server TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 + +# client TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 + +# server TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA128-CBC-SHA +-N + +# client TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA128-CBC-SHA +-N + +# server TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA256-CBC-SHA +-N + +# client TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA256-CBC-SHA +-N + +# server TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 +-N + +# client TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 +-N + +# server TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 +-N + +# client TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 +-N + +# server TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA128-CBC-SHA +-N + +# client TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA128-CBC-SHA +-N + +# server TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA256-CBC-SHA +-N + +# client TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA256-CBC-SHA +-N + +# server TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 +-N + +# client TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 +-N + +# server TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 +-N + +# client TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 +-N + +# server TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA128-CBC-SHA +-N + +# client TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA128-CBC-SHA +-N + +# server TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA256-CBC-SHA +-N + +# client TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA256-CBC-SHA +-N + +# server TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 +-N + +# client TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA128-CBC-SHA256 +-N + +# server TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 +-N + +# client TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA256-CBC-SHA256 +-N + diff --git a/tests/test-camellia.conf b/tests/test-camellia.conf new file mode 100644 index 000000000..f046e4891 --- /dev/null +++ b/tests/test-camellia.conf @@ -0,0 +1,216 @@ +# server TLSv1 RSA-CAMELLIA128-CBC-SHA +-v 1 +-l RSA-CAMELLIA128-CBC-SHA + +# client TLSv1 RSA-CAMELLIA128-CBC-SHA +-v 1 +-l RSA-CAMELLIA128-CBC-SHA + +# server TLSv1 RSA-CAMELLIA256-CBC-SHA +-v 1 +-l RSA-CAMELLIA256-CBC-SHA + +# client TLSv1 RSA-CAMELLIA256-CBC-SHA +-v 1 +-l RSA-CAMELLIA256-CBC-SHA + +# server TLSv1 RSA-CAMELLIA128-CBC-SHA256 +-v 1 +-l RSA-CAMELLIA128-CBC-SHA256 + +# client TLSv1 RSA-CAMELLIA128-CBC-SHA256 +-v 1 +-l RSA-CAMELLIA128-CBC-SHA256 + +# server TLSv1 RSA-CAMELLIA256-CBC-SHA256 +-v 1 +-l RSA-CAMELLIA256-CBC-SHA256 + +# client TLSv1 RSA-CAMELLIA256-CBC-SHA256 +-v 1 +-l RSA-CAMELLIA256-CBC-SHA256 + +# server TLSv1.1 RSA-CAMELLIA128-CBC-SHA +-v 2 +-l RSA-CAMELLIA128-CBC-SHA + +# client TLSv1.1 RSA-CAMELLIA128-CBC-SHA +-v 2 +-l RSA-CAMELLIA128-CBC-SHA + +# server TLSv1.1 RSA-CAMELLIA256-CBC-SHA +-v 2 +-l RSA-CAMELLIA256-CBC-SHA + +# client TLSv1.1 RSA-CAMELLIA256-CBC-SHA +-v 2 +-l RSA-CAMELLIA256-CBC-SHA + +# server TLSv1.1 RSA-CAMELLIA128-CBC-SHA256 +-v 2 +-l RSA-CAMELLIA128-CBC-SHA256 + +# client TLSv1.1 RSA-CAMELLIA128-CBC-SHA256 +-v 2 +-l RSA-CAMELLIA128-CBC-SHA256 + +# server TLSv1.1 RSA-CAMELLIA256-CBC-SHA256 +-v 2 +-l RSA-CAMELLIA256-CBC-SHA256 + +# client TLSv1.1 RSA-CAMELLIA256-CBC-SHA256 +-v 2 +-l RSA-CAMELLIA256-CBC-SHA256 + +# server TLSv1.2 RSA-CAMELLIA128-CBC-SHA +-v 3 +-l RSA-CAMELLIA128-CBC-SHA + +# client TLSv1.2 RSA-CAMELLIA128-CBC-SHA +-v 3 +-l RSA-CAMELLIA128-CBC-SHA + +# server TLSv1.2 RSA-CAMELLIA256-CBC-SHA +-v 3 +-l RSA-CAMELLIA256-CBC-SHA + +# client TLSv1.2 RSA-CAMELLIA256-CBC-SHA +-v 3 +-l RSA-CAMELLIA256-CBC-SHA + +# server TLSv1.2 RSA-CAMELLIA128-CBC-SHA256 +-v 3 +-l RSA-CAMELLIA128-CBC-SHA256 + +# client TLSv1.2 RSA-CAMELLIA128-CBC-SHA256 +-v 3 +-l RSA-CAMELLIA128-CBC-SHA256 + +# server TLSv1.2 RSA-CAMELLIA256-CBC-SHA256 +-v 3 +-l RSA-CAMELLIA256-CBC-SHA256 + +# client TLSv1.2 RSA-CAMELLIA256-CBC-SHA256 +-v 3 +-l RSA-CAMELLIA256-CBC-SHA256 + +# server TLSv1 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 1 +-l RSA-CAMELLIA128-CBC-SHA +-N + +# client TLSv1 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 1 +-l RSA-CAMELLIA128-CBC-SHA +-N + +# server TLSv1 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 1 +-l RSA-CAMELLIA256-CBC-SHA +-N + +# client TLSv1 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 1 +-l RSA-CAMELLIA256-CBC-SHA +-N + +# server TLSv1 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 1 +-l RSA-CAMELLIA128-CBC-SHA256 +-N + +# client TLSv1 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 1 +-l RSA-CAMELLIA128-CBC-SHA256 +-N + +# server TLSv1 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 1 +-l RSA-CAMELLIA256-CBC-SHA256 +-N + +# client TLSv1 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 1 +-l RSA-CAMELLIA256-CBC-SHA256 +-N + +# server TLSv1.1 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 2 +-l RSA-CAMELLIA128-CBC-SHA +-N + +# client TLSv1.1 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 2 +-l RSA-CAMELLIA128-CBC-SHA +-N + +# server TLSv1.1 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 2 +-l RSA-CAMELLIA256-CBC-SHA +-N + +# client TLSv1.1 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 2 +-l RSA-CAMELLIA256-CBC-SHA +-N + +# server TLSv1.1 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 2 +-l RSA-CAMELLIA128-CBC-SHA256 +-N + +# client TLSv1.1 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 2 +-l RSA-CAMELLIA128-CBC-SHA256 +-N + +# server TLSv1.1 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 2 +-l RSA-CAMELLIA256-CBC-SHA256 +-N + +# client TLSv1.1 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 2 +-l RSA-CAMELLIA256-CBC-SHA256 +-N + +# server TLSv1.2 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 3 +-l RSA-CAMELLIA128-CBC-SHA +-N + +# client TLSv1.2 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +-v 3 +-l RSA-CAMELLIA128-CBC-SHA +-N + +# server TLSv1.2 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 3 +-l RSA-CAMELLIA256-CBC-SHA +-N + +# client TLSv1.2 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +-v 3 +-l RSA-CAMELLIA256-CBC-SHA +-N + +# server TLSv1.2 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 3 +-l RSA-CAMELLIA128-CBC-SHA256 +-N + +# client TLSv1.2 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +-v 3 +-l RSA-CAMELLIA128-CBC-SHA256 +-N + +# server TLSv1.2 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 3 +-l RSA-CAMELLIA256-CBC-SHA256 +-N + +# client TLSv1.2 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +-v 3 +-l RSA-CAMELLIA256-CBC-SHA256 +-N + From 0e3a093cc502dc703fa14be760b42060d9406e36 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 21 Jan 2013 11:10:11 -0800 Subject: [PATCH 02/52] renamed the Camellia cipher suites, dropped CBC and RSA from the strings --- src/internal.c | 16 +-- tests/test-camellia-openssl.conf | 192 +++++++++++++++---------------- tests/test-camellia.conf | 192 +++++++++++++++---------------- 3 files changed, 200 insertions(+), 200 deletions(-) diff --git a/src/internal.c b/src/internal.c index 310d76077..6f2a9b047 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5396,35 +5396,35 @@ const char* const cipher_names[] = #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - "RSA-CAMELLIA128-CBC-SHA", + "CAMELLIA128-SHA", #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - "DHE-RSA-CAMELLIA128-CBC-SHA", + "DHE-RSA-CAMELLIA128-SHA", #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - "RSA-CAMELLIA256-CBC-SHA", + "CAMELLIA256-SHA", #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - "DHE-RSA-CAMELLIA256-CBC-SHA", + "DHE-RSA-CAMELLIA256-SHA", #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - "RSA-CAMELLIA128-CBC-SHA256", + "CAMELLIA128-SHA256", #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - "DHE-RSA-CAMELLIA128-CBC-SHA256", + "DHE-RSA-CAMELLIA128-SHA256", #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - "RSA-CAMELLIA256-CBC-SHA256", + "CAMELLIA256-SHA256", #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - "DHE-RSA-CAMELLIA256-CBC-SHA256" + "DHE-RSA-CAMELLIA256-SHA256" #endif }; diff --git a/tests/test-camellia-openssl.conf b/tests/test-camellia-openssl.conf index 6406bf158..2b9ff8919 100644 --- a/tests/test-camellia-openssl.conf +++ b/tests/test-camellia-openssl.conf @@ -1,216 +1,216 @@ -# server TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA +# server TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -# client TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA +# client TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -# server TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA +# server TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -# client TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA +# client TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -# server TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA256 +# server TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -# client TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA256 +# client TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -# server TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA256 +# server TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -# client TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA256 +# client TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -# server TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA +# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -# client TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA +# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -# server TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA +# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -# client TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA +# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -# server TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA256 +# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -# client TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA256 +# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -# server TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA256 +# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -# client TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA256 +# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -# server TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA +# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -# client TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA +# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -# server TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA +# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -# client TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA +# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -# server TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA256 +# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -# client TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA256 +# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -# server TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA256 +# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -# client TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA256 +# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -# server TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# server TLSv1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING -v 1 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -N -# client TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# client TLSv1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING -v 1 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -N -# server TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# server TLSv1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING -v 1 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -N -# client TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# client TLSv1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING -v 1 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -N -# server TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# server TLSv1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING -v 1 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -N -# client TLSv1 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# client TLSv1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING -v 1 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -N -# server TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# server TLSv1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING -v 1 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -N -# client TLSv1 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# client TLSv1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING -v 1 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -N -# server TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING -v 2 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -N -# client TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING -v 2 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -N -# server TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING -v 2 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -N -# client TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING -v 2 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -N -# server TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING -v 2 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -N -# client TLSv1.1 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING -v 2 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -N -# server TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING -v 2 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -N -# client TLSv1.1 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING -v 2 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -N -# server TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING -v 3 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -N -# client TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING -v 3 --l DHE-RSA-CAMELLIA128-CBC-SHA +-l DHE-RSA-CAMELLIA128-SHA -N -# server TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING -v 3 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -N -# client TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING -v 3 --l DHE-RSA-CAMELLIA256-CBC-SHA +-l DHE-RSA-CAMELLIA256-SHA -N -# server TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING -v 3 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -N -# client TLSv1.2 DHE-RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING -v 3 --l DHE-RSA-CAMELLIA128-CBC-SHA256 +-l DHE-RSA-CAMELLIA128-SHA256 -N -# server TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING -v 3 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -N -# client TLSv1.2 DHE-RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING -v 3 --l DHE-RSA-CAMELLIA256-CBC-SHA256 +-l DHE-RSA-CAMELLIA256-SHA256 -N diff --git a/tests/test-camellia.conf b/tests/test-camellia.conf index f046e4891..f0ed3cc4f 100644 --- a/tests/test-camellia.conf +++ b/tests/test-camellia.conf @@ -1,216 +1,216 @@ -# server TLSv1 RSA-CAMELLIA128-CBC-SHA +# server TLSv1 CAMELLIA128-SHA -v 1 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -# client TLSv1 RSA-CAMELLIA128-CBC-SHA +# client TLSv1 CAMELLIA128-SHA -v 1 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -# server TLSv1 RSA-CAMELLIA256-CBC-SHA +# server TLSv1 CAMELLIA256-SHA -v 1 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -# client TLSv1 RSA-CAMELLIA256-CBC-SHA +# client TLSv1 CAMELLIA256-SHA -v 1 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -# server TLSv1 RSA-CAMELLIA128-CBC-SHA256 +# server TLSv1 CAMELLIA128-SHA256 -v 1 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -# client TLSv1 RSA-CAMELLIA128-CBC-SHA256 +# client TLSv1 CAMELLIA128-SHA256 -v 1 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -# server TLSv1 RSA-CAMELLIA256-CBC-SHA256 +# server TLSv1 CAMELLIA256-SHA256 -v 1 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -# client TLSv1 RSA-CAMELLIA256-CBC-SHA256 +# client TLSv1 CAMELLIA256-SHA256 -v 1 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -# server TLSv1.1 RSA-CAMELLIA128-CBC-SHA +# server TLSv1.1 CAMELLIA128-SHA -v 2 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -# client TLSv1.1 RSA-CAMELLIA128-CBC-SHA +# client TLSv1.1 CAMELLIA128-SHA -v 2 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -# server TLSv1.1 RSA-CAMELLIA256-CBC-SHA +# server TLSv1.1 CAMELLIA256-SHA -v 2 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -# client TLSv1.1 RSA-CAMELLIA256-CBC-SHA +# client TLSv1.1 CAMELLIA256-SHA -v 2 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -# server TLSv1.1 RSA-CAMELLIA128-CBC-SHA256 +# server TLSv1.1 CAMELLIA128-SHA256 -v 2 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -# client TLSv1.1 RSA-CAMELLIA128-CBC-SHA256 +# client TLSv1.1 CAMELLIA128-SHA256 -v 2 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -# server TLSv1.1 RSA-CAMELLIA256-CBC-SHA256 +# server TLSv1.1 CAMELLIA256-SHA256 -v 2 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -# client TLSv1.1 RSA-CAMELLIA256-CBC-SHA256 +# client TLSv1.1 CAMELLIA256-SHA256 -v 2 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -# server TLSv1.2 RSA-CAMELLIA128-CBC-SHA +# server TLSv1.2 CAMELLIA128-SHA -v 3 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -# client TLSv1.2 RSA-CAMELLIA128-CBC-SHA +# client TLSv1.2 CAMELLIA128-SHA -v 3 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -# server TLSv1.2 RSA-CAMELLIA256-CBC-SHA +# server TLSv1.2 CAMELLIA256-SHA -v 3 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -# client TLSv1.2 RSA-CAMELLIA256-CBC-SHA +# client TLSv1.2 CAMELLIA256-SHA -v 3 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -# server TLSv1.2 RSA-CAMELLIA128-CBC-SHA256 +# server TLSv1.2 CAMELLIA128-SHA256 -v 3 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -# client TLSv1.2 RSA-CAMELLIA128-CBC-SHA256 +# client TLSv1.2 CAMELLIA128-SHA256 -v 3 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -# server TLSv1.2 RSA-CAMELLIA256-CBC-SHA256 +# server TLSv1.2 CAMELLIA256-SHA256 -v 3 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -# client TLSv1.2 RSA-CAMELLIA256-CBC-SHA256 +# client TLSv1.2 CAMELLIA256-SHA256 -v 3 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -# server TLSv1 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# server TLSv1 CAMELLIA128-SHA NON-BLOCKING -v 1 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -N -# client TLSv1 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# client TLSv1 CAMELLIA128-SHA NON-BLOCKING -v 1 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -N -# server TLSv1 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# server TLSv1 CAMELLIA256-SHA NON-BLOCKING -v 1 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -N -# client TLSv1 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# client TLSv1 CAMELLIA256-SHA NON-BLOCKING -v 1 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -N -# server TLSv1 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# server TLSv1 CAMELLIA128-SHA256 NON-BLOCKING -v 1 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -N -# client TLSv1 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# client TLSv1 CAMELLIA128-SHA256 NON-BLOCKING -v 1 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -N -# server TLSv1 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# server TLSv1 CAMELLIA256-SHA256 NON-BLOCKING -v 1 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -N -# client TLSv1 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# client TLSv1 CAMELLIA256-SHA256 NON-BLOCKING -v 1 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -N -# server TLSv1.1 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# server TLSv1.1 CAMELLIA128-SHA NON-BLOCKING -v 2 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -N -# client TLSv1.1 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# client TLSv1.1 CAMELLIA128-SHA NON-BLOCKING -v 2 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -N -# server TLSv1.1 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# server TLSv1.1 CAMELLIA256-SHA NON-BLOCKING -v 2 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -N -# client TLSv1.1 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# client TLSv1.1 CAMELLIA256-SHA NON-BLOCKING -v 2 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -N -# server TLSv1.1 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# server TLSv1.1 CAMELLIA128-SHA256 NON-BLOCKING -v 2 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -N -# client TLSv1.1 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# client TLSv1.1 CAMELLIA128-SHA256 NON-BLOCKING -v 2 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -N -# server TLSv1.1 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# server TLSv1.1 CAMELLIA256-SHA256 NON-BLOCKING -v 2 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -N -# client TLSv1.1 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# client TLSv1.1 CAMELLIA256-SHA256 NON-BLOCKING -v 2 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -N -# server TLSv1.2 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# server TLSv1.2 CAMELLIA128-SHA NON-BLOCKING -v 3 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -N -# client TLSv1.2 RSA-CAMELLIA128-CBC-SHA NON-BLOCKING +# client TLSv1.2 CAMELLIA128-SHA NON-BLOCKING -v 3 --l RSA-CAMELLIA128-CBC-SHA +-l CAMELLIA128-SHA -N -# server TLSv1.2 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# server TLSv1.2 CAMELLIA256-SHA NON-BLOCKING -v 3 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -N -# client TLSv1.2 RSA-CAMELLIA256-CBC-SHA NON-BLOCKING +# client TLSv1.2 CAMELLIA256-SHA NON-BLOCKING -v 3 --l RSA-CAMELLIA256-CBC-SHA +-l CAMELLIA256-SHA -N -# server TLSv1.2 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# server TLSv1.2 CAMELLIA128-SHA256 NON-BLOCKING -v 3 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -N -# client TLSv1.2 RSA-CAMELLIA128-CBC-SHA256 NON-BLOCKING +# client TLSv1.2 CAMELLIA128-SHA256 NON-BLOCKING -v 3 --l RSA-CAMELLIA128-CBC-SHA256 +-l CAMELLIA128-SHA256 -N -# server TLSv1.2 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# server TLSv1.2 CAMELLIA256-SHA256 NON-BLOCKING -v 3 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -N -# client TLSv1.2 RSA-CAMELLIA256-CBC-SHA256 NON-BLOCKING +# client TLSv1.2 CAMELLIA256-SHA256 NON-BLOCKING -v 3 --l RSA-CAMELLIA256-CBC-SHA256 +-l CAMELLIA256-SHA256 -N From 6616975f81eb545d0ba673d19e5798fb5c030b5b Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 21 Jan 2013 15:19:45 -0800 Subject: [PATCH 03/52] added AES-CCM-8 ECC cipher suites, and more test cases --- cyassl/internal.h | 10 ++++++-- src/internal.c | 36 ++++++++++++++++++++++++++++ src/keys.c | 32 +++++++++++++++++++++++++ src/ssl.c | 4 ++++ tests/suites.c | 12 +++++++++- tests/test-aesccm-ecc.conf | 48 ++++++++++++++++++++++++++++++++++++++ tests/test-aesccm.conf | 20 ++++++++++++++++ 7 files changed, 159 insertions(+), 3 deletions(-) create mode 100644 tests/test-aesccm-ecc.conf diff --git a/cyassl/internal.h b/cyassl/internal.h index ac3a9c9bc..a7d7bdad4 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -255,6 +255,10 @@ void c32to24(word32 in, word24 out); #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 #endif + #if defined (HAVE_AESCCM) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 + #endif #endif #if !defined(NO_RC4) #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA @@ -387,8 +391,10 @@ enum { * also, in some of the other AES-CCM suites * there will be second byte number conflicts * with non-ECC AES-GCM */ - TLS_RSA_WITH_AES_128_CCM_8_SHA256 = 0xa0, - TLS_RSA_WITH_AES_256_CCM_8_SHA384 = 0xa1, + TLS_RSA_WITH_AES_128_CCM_8_SHA256 = 0xa0, + TLS_RSA_WITH_AES_256_CCM_8_SHA384 = 0xa1, + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 = 0xac, /* Still TBD, made up */ + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 = 0xad, /* Still TBD, made up */ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, diff --git a/src/internal.c b/src/internal.c index 6f2a9b047..f4c34a648 100644 --- a/src/internal.c +++ b/src/internal.c @@ -775,6 +775,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 + if (tls1_2 && haveECDSAsig && haveDH) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256; + } +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 + if (tls1_2 && haveECDSAsig && haveDH) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384; + } +#endif + #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256 if (tls1_2 && haveRSA) { suites->suites[idx++] = ECC_BYTE; @@ -5267,6 +5281,14 @@ const char* const cipher_names[] = "AES256-CCM-8-SHA384", #endif +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 + "ECDHE-ECDSA-AES128-CCM-8-SHA256", +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 + "ECDHE-ECDSA-AES256-CCM-8-SHA384", +#endif + #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA", #endif @@ -5527,6 +5549,14 @@ int cipher_name_idx[] = TLS_RSA_WITH_AES_256_CCM_8_SHA384, #endif +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256, +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384, +#endif + #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, #endif @@ -7556,6 +7586,12 @@ int SetCipherList(Suites* s, const char* list) return 1; break; + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 : + case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + default: CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); return 0; diff --git a/src/keys.c b/src/keys.c index 7d0d2d680..fab88ed39 100644 --- a/src/keys.c +++ b/src/keys.c @@ -451,6 +451,38 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 : + ssl->specs.bulk_cipher_algorithm = aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + break; +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 + case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 : + ssl->specs.bulk_cipher_algorithm = aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + break; +#endif #endif /* HAVE_ECC */ #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256 diff --git a/src/ssl.c b/src/ssl.c index 62d267928..97ef9682f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5434,6 +5434,10 @@ int CyaSSL_set_compression(CYASSL* ssl) return "TLS_RSA_WITH_AES_128_CCM_8_SHA256"; case TLS_RSA_WITH_AES_256_CCM_8_SHA384 : return "TLS_RSA_WITH_AES_256_CCM_8_SHA384"; + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 : + return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256"; + case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 : + return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384"; default: return "NONE"; diff --git a/tests/suites.c b/tests/suites.c index 87ac369e8..aa2160304 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -373,12 +373,22 @@ int SuiteTest(void) #if defined(HAVE_AESCCM) /* add aesccm extra suites */ strcpy(argv0[1], "tests/test-aesccm.conf"); - printf("starting aesccm extra cipher suite tests\n"); + printf("starting aesccm cipher suite tests\n"); test_harness(&args); if (args.return_code != 0) { printf("error from script %d\n", args.return_code); exit(EXIT_FAILURE); } + #ifdef HAVE_ECC + /* add aesccm ecc extra suites */ + strcpy(argv0[1], "tests/test-aesccm-ecc.conf"); + printf("starting aesccm ecc cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + #endif #endif #ifdef HAVE_CAMELLIA diff --git a/tests/test-aesccm-ecc.conf b/tests/test-aesccm-ecc.conf new file mode 100644 index 000000000..8cfcb9846 --- /dev/null +++ b/tests/test-aesccm-ecc.conf @@ -0,0 +1,48 @@ +# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-A ./certs/server-ecc.pem + +# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-A ./certs/server-ecc.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem +-N + +# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-A ./certs/server-ecc.pem +-N + +# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem +-N + +# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-A ./certs/server-ecc.pem +-N + diff --git a/tests/test-aesccm.conf b/tests/test-aesccm.conf index eba2a9ea7..a86643120 100644 --- a/tests/test-aesccm.conf +++ b/tests/test-aesccm.conf @@ -14,3 +14,23 @@ -v 3 -l AES256-CCM-8-SHA384 +# server TLSv1.2 AES128-CCM-8-SHA256 NON-BLOCKING +-v 3 +-l AES128-CCM-8-SHA256 +-N + +# client TLSv1.2 AES128-CCM-8-SHA256 NON-BLOCKING +-v 3 +-l AES128-CCM-8-SHA256 +-N + +# server TLSv1.2 AES256-CCM-8-SHA384 NON-BLOCKING +-v 3 +-l AES256-CCM-8-SHA384 +-N + +# client TLSv1.2 AES256-CCM-8-SHA384 NON-BLOCKING +-v 3 +-l AES256-CCM-8-SHA384 +-N + From b17b81ef43d6e464d7aa6c6311025dd29c88905f Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 24 Jan 2013 14:44:08 -0800 Subject: [PATCH 04/52] added sanity check on return from recv callback --- cyassl/error.h | 1 + src/internal.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/cyassl/error.h b/cyassl/error.h index e46fed4e5..6d20030a8 100644 --- a/cyassl/error.h +++ b/cyassl/error.h @@ -108,6 +108,7 @@ enum CyaSSL_ErrorCodes { OUT_OF_ORDER_E = -273, /* out of order message */ BAD_KEA_TYPE_E = -274, /* bad KEA type found */ SANITY_CIPHER_E = -275, /* sanity check on cipher error */ + RECV_OVERFLOW_E = -276, /* RXCB returned more than rqed */ /* add strings to SetErrorString !!!!! */ /* begin negotiation parameter errors */ diff --git a/src/internal.c b/src/internal.c index f4c34a648..df4faca0b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3856,6 +3856,9 @@ static int GetInputData(CYASSL *ssl, word32 size) if (in == WANT_READ) return WANT_READ; + + if (in > inSz) + return RECV_OVERFLOW_E; ssl->buffers.inputBuffer.length += in; inSz -= in; @@ -5177,6 +5180,10 @@ void SetErrorString(int error, char* str) XSTRNCPY(str, "Sanity check on ciphertext failed", max); break; + case RECV_OVERFLOW_E: + XSTRNCPY(str, "Receive callback returned more than requested", max); + break; + default : XSTRNCPY(str, "unknown error number", max); } From ef644d4de001052d9fe19cf55b5a20038da7b422 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 25 Jan 2013 13:06:44 -0800 Subject: [PATCH 05/52] fix libz warning --- src/internal.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index df4faca0b..254486a2a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -274,7 +274,7 @@ static INLINE void ato32(const byte* c, word32* u32) static int Compress(CYASSL* ssl, byte* in, int inSz, byte* out, int outSz) { int err; - int currTotal = ssl->c_stream.total_out; + int currTotal = (int)ssl->c_stream.total_out; ssl->c_stream.next_in = in; ssl->c_stream.avail_in = inSz; @@ -284,7 +284,7 @@ static INLINE void ato32(const byte* c, word32* u32) err = deflate(&ssl->c_stream, Z_SYNC_FLUSH); if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR; - return ssl->c_stream.total_out - currTotal; + return (int)ssl->c_stream.total_out - currTotal; } @@ -292,7 +292,7 @@ static INLINE void ato32(const byte* c, word32* u32) static int DeCompress(CYASSL* ssl, byte* in, int inSz, byte* out, int outSz) { int err; - int currTotal = ssl->d_stream.total_out; + int currTotal = (int)ssl->d_stream.total_out; ssl->d_stream.next_in = in; ssl->d_stream.avail_in = inSz; @@ -302,7 +302,7 @@ static INLINE void ato32(const byte* c, word32* u32) err = inflate(&ssl->d_stream, Z_SYNC_FLUSH); if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR; - return ssl->d_stream.total_out - currTotal; + return (int)ssl->d_stream.total_out - currTotal; } #endif /* HAVE_LIBZ */ From 532f0aaee7a8d1f9dfe59ab63b72f3f4dd319dad Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 28 Jan 2013 17:15:28 -0700 Subject: [PATCH 06/52] add ability to use cert/key buffers in CTaoCrypt test app --- Makefile.am | 2 + certs/1024/client-cert.der | Bin 0 -> 752 bytes certs/1024/client-cert.pem | 59 ++++ certs/1024/client-key.der | Bin 0 -> 608 bytes certs/1024/client-key.pem | 15 + certs/1024/dh1024.der | Bin 0 -> 138 bytes certs/1024/dh1024.pem | 17 ++ certs/1024/dsa1024.der | Bin 0 -> 448 bytes certs/1024/dsa1024.pem | 12 + certs/1024/include.am | 18 ++ ctaocrypt/test/test.c | 53 +++- cyassl/certs_test.h | 599 +++++++++++++++++++++++++++++++++++++ cyassl/include.am | 1 + gencertbuf.pl | 108 +++++++ 14 files changed, 880 insertions(+), 4 deletions(-) create mode 100644 certs/1024/client-cert.der create mode 100644 certs/1024/client-cert.pem create mode 100644 certs/1024/client-key.der create mode 100644 certs/1024/client-key.pem create mode 100644 certs/1024/dh1024.der create mode 100644 certs/1024/dh1024.pem create mode 100644 certs/1024/dsa1024.der create mode 100644 certs/1024/dsa1024.pem create mode 100644 certs/1024/include.am create mode 100644 cyassl/certs_test.h create mode 100755 gencertbuf.pl diff --git a/Makefile.am b/Makefile.am index ec4f72093..f197d3a47 100644 --- a/Makefile.am +++ b/Makefile.am @@ -34,9 +34,11 @@ EXTRA_DIST+= cyassl-iphone.xcodeproj/project.pbxproj EXTRA_DIST+= cyassl-ntru.sln EXTRA_DIST+= cyassl.sln EXTRA_DIST+= valgrind-error.sh +EXTRA_DIST+= gencertbuf.pl include cyassl/include.am include certs/include.am +include certs/1024/include.am include certs/crl/include.am include doc/include.am include swig/include.am diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..6b796b6388254e6f5ff20f1f81425410acda814b GIT binary patch literal 752 zcmXqLVtQlH#1y)KnTe5!iIbt1cg??JGhEdSc-c6$+C196^D;8BvN9Mn_8D>;aI!In zvaks=g$5h)8}NcS96W6PMXBled4_@p{2&2#9*%(gqLQ4%yc9z|10IkN7Y}P?VsNmJ zp@@MHh|kT#9Z-~?UX+-do0*qxC}to65@qJ$EiW(Et4u5|&e2QG&oz`akcK;flTnN> zGcPUQ0WNJIC(dhVY+z_;VPt4xWMUa5&TD9DXkcgx=EhzIgT_v# z#zuxc#e6F~KbI_8`Cek_tqR{LRJ03GsF}pIp5^<<*K`T1()tgvRYwr#&Qu$+LrI%Kd-vw%fz=kt~b-;PWedjweb>5g6Ox{$$i3FKNk4H%o#ETWjMSA(%!~|-ivtY&3}o4uLuL6` z#8^ZcGx>kqzkA+9^J;o&Ve9cyfy~G^2J#?jWflnou?Fl4Krt>W%))BG%*gm3*~6?L z4>vLtrSWGiY@N#XtX=A@_N})q6FQd}`X+p;PUg8Y+r{TvlA}tAL4hB;0IN`($mYA} zBh)9KU*+GbW6JkGdPVlusYX}N6lX+BANkQ4XZwT6(x{egiP6i=?~@id$NK+1XUk!{ l-nL%obXU}&bi)7rsXl&6@tLURzhLy1Q3!>7FF36&7bK7qO&m`TqU$s$0HHe7oa% zGd=E1m4GYi*nK6L-`ZzD>+XUCG4E$iT?d z*dRRp)eDOX)kQHZ=Xf1z44)n;I6J$^I)by!IxYT=;e?O=S8t2ny?5Pu>SRL+L%z7h z*A__?<~4fAc%Q%BSJjqibmw>IL9tx*Nh+@0A9r|c^p;(7@7CQu{X-LfFI}1U!z%0J z-vEjC^Pe9+Rq-n9^5vrFX?OkD{HzY&+*hO)G_n&(Bw-ugz)uuHf4T%z+cQ9P5$ zk>S9>CSIP`$Mo+^`Z>2r%JAjO@7|x9+GXB}WnGk&Xe#)8V4ME8&);P~wke@D7!Itk38^EtB;upPtU%=HzXw zYqsZ}icVR6ZeQDd>)?Bdm*ieA{bv4l&FYGqKF>pcUl*KtkjX(}hJ@xbId#hd#f&vv z`U{H=Dz;6vI2JKsLHL|qkC$&0J#p`w^r1xMviBS2%DC(kcD76xKQZ^z@2{>Y-4;zc zpBkAQEIXghkqkB1wcVq~Lxk_k{JQe#&JVXpni?vX&ark`n<*6bjv+BcEbVeliMHsL XMgR75WJ|@`PY~M3+GePE`{pA6pB*a2 literal 0 HcmV?d00001 diff --git a/certs/1024/client-key.pem b/certs/1024/client-key.pem new file mode 100644 index 000000000..79e398cc6 --- /dev/null +++ b/certs/1024/client-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC8cw6oSfN0oqnvGKXaVZkh+cjss21I5TU1dXc37NFhkF8+2eTV +35TKwanXGdqGyehNxGE2gv6rrX53JbuNEaW8YjqoOMw5ogRmtPf386raTQIOu16N +aUjcd8koDiLpa6Qmukzowf1Kbysf74qu9pBi5WQe6ys8Z8jcJwD2kWhlqQIDAQAB +AoGAE5fq6Dh4JaJcBM4NQHwx5cRwzZuCO1gJhjtmX9wxkPFP1dsV3d7XO5WTMRgx +Dl6j1qIacW6BSBxLz9uOeoZhMtz7VcEWbSeSJEWL8bhIsUsdrN7a3Y4vwpH7palu ++Dpq8f1QGO+f58PKeOpW09NyW5bdTgZOOsPZvnK2ZQcHTAECQQD6R9R6fJI8Ve+B +8EEwLaPPjxzmhycFcA3fmDXW8Ys4LyS10IS2eU9xKZRa8GRqrOdyxu1NWZg+Zzrz +dCz5YRdpAkEAwMGCDQzrxi/ckvmdghox6en3S/KChxzuFmrRHRiCcPPAti/28/cd +8YYjyE7rj1aOj/W/8fcrtcw9xlc5DBtUQQJBAJ1+Bd7t9Ley+/wwS1Ud4y8BR5Zp +Bc0OLiy9g2O2q3y3bcpbZKfOvobfO1PeYdIe66X2N+2sq3jZTOdV+9cRmcECQBiY +GCnmHic5cCForAovoXLBIYaVOMZYkKBXnLrjp7EVyN72G8JhI3bvsJ0cRL4TQzln +F8idyvv1RWSLOIIs8oECQDmJ5ZwZVTC6t0iMSBQO9J9+d5dD4bQZNTEjdZw7RK1p +ElbuAGFkFmbTfHQrFbSi/r8IaxpdP5ASsQWGMSnb2eI= +-----END RSA PRIVATE KEY----- diff --git a/certs/1024/dh1024.der b/certs/1024/dh1024.der new file mode 100644 index 0000000000000000000000000000000000000000..f29e6dc0448fdc367f4adc816c98018f6a4cf3fd GIT binary patch literal 138 zcmXqLY-eh0WLR=(M_$F(n{Rb%?rsxni}GeIn{YQRac6GOa+&o>$1>fkEkFI9@@7xv zf0elRmAfN1{W-;c?aND(?=LK#UpID4J^+T#MRjxXFf_tOgVVkSl=0AjI5GXMYp literal 0 HcmV?d00001 diff --git a/certs/1024/dh1024.pem b/certs/1024/dh1024.pem new file mode 100644 index 000000000..372f50a12 --- /dev/null +++ b/certs/1024/dh1024.pem @@ -0,0 +1,17 @@ + PKCS#3 DH Parameters: (1024 bit) + prime: + 00:a4:d2:b8:6e:78:f5:d9:ed:2d:7c:dd:b6:16:86: + 5a:4b:05:76:90:dd:66:61:b9:6d:52:a7:1c:af:62: + c6:69:47:7b:39:f2:fb:94:ec:bc:79:ff:24:5e:ef: + 79:bb:59:b2:fc:ca:07:d6:f4:e9:34:f7:e8:38:e7: + d7:33:44:1d:a3:64:76:1a:84:97:54:74:40:84:1f: + 15:fe:7c:25:2a:2b:25:fd:9e:c1:89:33:8c:39:25: + 2b:40:e6:cd:f8:a8:a1:8a:53:c6:47:b2:a0:d7:8f: + eb:2e:60:0a:0d:4b:f8:b4:94:8c:63:0a:ad:c7:10: + ea:c7:a1:b9:9d:f2:a8:37:73 + generator: 2 (0x2) +-----BEGIN DH PARAMETERS----- +MIGHAoGBAKTSuG549dntLXzdthaGWksFdpDdZmG5bVKnHK9ixmlHezny+5TsvHn/ +JF7vebtZsvzKB9b06TT36Djn1zNEHaNkdhqEl1R0QIQfFf58JSorJf2ewYkzjDkl +K0DmzfiooYpTxkeyoNeP6y5gCg1L+LSUjGMKrccQ6sehuZ3yqDdzAgEC +-----END DH PARAMETERS----- diff --git a/certs/1024/dsa1024.der b/certs/1024/dsa1024.der new file mode 100644 index 0000000000000000000000000000000000000000..65db155bc76327433b1b4410eac27162b592bd15 GIT binary patch literal 448 zcmXqLV%)>T$iURt$nf3!=Wfv%ukYTI^DFFV{j`18Bd=R!4renx<~7#{eor;5_^PV= zefy6f`+YaI9sMUE8ol%Cq_#bq#A|MB*tekO)79dti2mNEUJNsvy$;M1<6J0Ua#eD7 z^5eVBCG`TQic8-adflD>fGKP4yG`E9v$b-Lx0SzO5xp~MOO>X)UvqM6D3d6|CDtd! zzYoqldM9H^?<95GM?vwO-5{r}Qe@(E&ilP6M5LALi$=}qGq=CWEs|KNc(0?wxJU1G z@8S=#C;GqD{Wvf5b<0A*e4Z;G*w!BTBjS2|is&9m?{)7dXZfEIx#8Yznbyv9MT2X{ zJ5KX23=3G6S1!L~^WDTbtnWh2p&P#Zoo_`B>df(xoIUSOFz5XHx*vGdL#)b0bnk)O z@It<3`+<+`U@XVq>Oo;IQg-D~pFAC;mEQNGXP>S&Hocws=n5P3`X| zRd+FPp04NdQu!+?ChBpPJIKYMdP1`H1f`=AtPR2Io8?0uZCJz|HA&@Rl7{{EQ#(7a zE!e(x9qYq`kq&RYq%)RR|30kH_}=?-=EM!>tTtFMiKtpwFO)33Kl^J@u)pO)nK!~M GO%edADAub0 literal 0 HcmV?d00001 diff --git a/certs/1024/dsa1024.pem b/certs/1024/dsa1024.pem new file mode 100644 index 000000000..c5bb06759 --- /dev/null +++ b/certs/1024/dsa1024.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQD3S/m7FZjr3d4eTnGIhfK3uuJK2nZAzWlInoN8EfdlMXj1JS33 +t/hSP77YtsX+GBVbudWShryyF3zYsL6gfPLVc3pYj43lSgCZg0rAnhYJoRA01Rm7 +Y+Pdg3R/EMpzde4xSt2f4AJqne6yS6drKmzHhnfoBBXckrR6KR9Og2OFVQIVANIF +5HP7wZnF3GikjZInPeJSX4mLAoGBAKohAglDbvuiVBSFCvQofMvM2/UeohipId6I +iDOMLuuNo/AdyI/2fvjPEvW0oRFvDNTwBq3E/BRFx5QVvBlLru+Tak/MFNhHizlm +hwLUKAq47gk39ACgBKd5p9I89zRDVo7QfMLYTQ+J7RTBLJxMGZue3FMJn98t8Awn +VDp3FC3eAoGBAOgffLfAVFGnKC1YfN7UXN3VdoQ8NiDAwyXXOjjhVMj9QGgaIVQm +ORS/9qOcXtkr98klugAJy38MSiT9FRYVSM0LUkRAe5BjK5AixRgFgFOvgx9U4rCi +C1qSJOFiKD+3yrmJ1qC3ra4F4cFZQO1KG2ine/vDIIHvS/NpkbDOOrA4AhQlODuh +GXXfm/VyU0854RzsE4SCGA== +-----END DSA PRIVATE KEY----- diff --git a/certs/1024/include.am b/certs/1024/include.am new file mode 100644 index 000000000..5711bcb6e --- /dev/null +++ b/certs/1024/include.am @@ -0,0 +1,18 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + certs/1024/client-cert.pem \ + certs/1024/client-key.pem \ + certs/1024/dh1024.pem \ + certs/1024/dsa1024.pem + +EXTRA_DIST += \ + certs/1024/client-cert.der \ + certs/1024/client-key.der \ + certs/1024/dh1024.der \ + certs/1024/dsa1024.der + +dist_doc_DATA+= certs/taoCert.txt + diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index c96baee46..0cae9792a 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -64,6 +64,11 @@ #include #endif +#if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) + /* include test cert and key buffers for use with NO_FILESYSTEM */ + #include +#endif + #ifdef HAVE_NTRU #include "crypto_ntru.h" #endif @@ -1947,7 +1952,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) static const char* caKeyFile = "a:\certs\\ca-key.der"; static const char* caCertFile = "a:\certs\\ca-cert.pem"; #endif - #else +#elif !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) static const char* clientKey = "./certs/client-key.der"; static const char* clientCert = "./certs/client-cert.der"; #ifdef CYASSL_CERT_GEN @@ -1970,7 +1975,9 @@ int rsa_test(void) word32 inLen = (word32)strlen((char*)in); byte out[256]; byte plain[256]; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) FILE* file, * file2; +#endif #ifdef CYASSL_TEST_CERT DecodedCert cert; #endif @@ -1979,6 +1986,13 @@ int rsa_test(void) if (tmp == NULL) return -40; +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, sizeof(client_key_der_1024)); + bytes = sizeof(client_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, sizeof(client_key_der_2048)); + bytes = sizeof(client_key_der_2048); +#else file = fopen(clientKey, "rb"); if (!file) @@ -1986,6 +2000,7 @@ int rsa_test(void) "Please run from CyaSSL home dir", -40); bytes = fread(tmp, 1, FOURK_BUF, file); +#endif /* USE_CERT_BUFFERS */ InitRsaKey(&key, 0); ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); @@ -2011,11 +2026,19 @@ int rsa_test(void) if (memcmp(plain, in, ret)) return -48; +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_cert_der_1024, sizeof(client_cert_der_1024)); + bytes = sizeof(client_cert_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_cert_der_2048, sizeof(client_cert_der_2048)); + bytes = sizeof(client_cert_der_2048); +#else file2 = fopen(clientCert, "rb"); if (!file2) return -49; bytes = fread(tmp, 1, FOURK_BUF, file2); +#endif #ifdef CYASSL_TEST_CERT InitDecodedCert(&cert, tmp, (word32)bytes, 0); @@ -2028,8 +2051,10 @@ int rsa_test(void) (void)bytes; #endif +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) fclose(file2); fclose(file); +#endif #ifdef CYASSL_KEY_GEN { @@ -2368,7 +2393,7 @@ int rsa_test(void) #ifdef FREESCALE_MQX static const char* dhKey = "a:\certs\\dh2048.der"; -#else +#elif !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) static const char* dhKey = "./certs/dh2048.der"; #endif @@ -2387,12 +2412,20 @@ int dh_test(void) DhKey key; DhKey key2; RNG rng; +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, dh_key_der_1024, sizeof(dh_key_der_1024)); + bytes = sizeof(dh_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dh_key_der_2048, sizeof(dh_key_der_2048)); + bytes = sizeof(dh_key_der_2048); +#else FILE* file = fopen(dhKey, "rb"); if (!file) return -50; bytes = (word32) fread(tmp, 1, sizeof(tmp), file); +#endif /* USE_CERT_BUFFERS */ InitDhKey(&key); InitDhKey(&key2); @@ -2424,7 +2457,9 @@ int dh_test(void) FreeDhKey(&key); FreeDhKey(&key2); +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) fclose(file); +#endif return 0; } @@ -2436,7 +2471,7 @@ int dh_test(void) #ifdef FREESCALE_MQX static const char* dsaKey = "a:\certs\\dsa2048.der"; -#else +#elif !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) static const char* dsaKey = "./certs/dsa2048.der"; #endif @@ -2448,15 +2483,23 @@ int dsa_test(void) byte tmp[1024]; DsaKey key; RNG rng; - FILE* file = fopen(dsaKey, "rb"); Sha sha; byte hash[SHA_DIGEST_SIZE]; byte signature[40]; +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, dsa_key_der_1024, sizeof(dsa_key_der_1024)); + bytes = sizeof(dsa_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dsa_key_der_2048, sizeof(dsa_key_der_2048)); + bytes = sizeof(dsa_key_der_2048); +#else + FILE* file = fopen(dsaKey, "rb"); if (!file) return -60; bytes = (word32) fread(tmp, 1, sizeof(tmp), file); +#endif /* USE_CERT_BUFFERS */ InitSha(&sha); ShaUpdate(&sha, tmp, bytes); @@ -2477,7 +2520,9 @@ int dsa_test(void) if (answer != 1) return -65; FreeDsaKey(&key); +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) fclose(file); +#endif return 0; } diff --git a/cyassl/certs_test.h b/cyassl/certs_test.h new file mode 100644 index 000000000..61828e61b --- /dev/null +++ b/cyassl/certs_test.h @@ -0,0 +1,599 @@ +/* certs_test.h */ + +#ifndef CYASSL_CERTS_TEST_H +#define CYASSL_CERTS_TEST_H + +#ifdef USE_CERT_BUFFERS_1024 + +/* ./certs/1024/client-key.der, 1024-bit */ +const unsigned char client_key_der_1024[] = +{ + 0x30, 0x82, 0x02, 0x5C, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, + 0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC, + 0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC, + 0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94, + 0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D, + 0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25, + 0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC, + 0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA, + 0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77, + 0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C, + 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, + 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, + 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, + 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x13, 0x97, 0xEA, + 0xE8, 0x38, 0x78, 0x25, 0xA2, 0x5C, 0x04, 0xCE, 0x0D, 0x40, + 0x7C, 0x31, 0xE5, 0xC4, 0x70, 0xCD, 0x9B, 0x82, 0x3B, 0x58, + 0x09, 0x86, 0x3B, 0x66, 0x5F, 0xDC, 0x31, 0x90, 0xF1, 0x4F, + 0xD5, 0xDB, 0x15, 0xDD, 0xDE, 0xD7, 0x3B, 0x95, 0x93, 0x31, + 0x18, 0x31, 0x0E, 0x5E, 0xA3, 0xD6, 0xA2, 0x1A, 0x71, 0x6E, + 0x81, 0x48, 0x1C, 0x4B, 0xCF, 0xDB, 0x8E, 0x7A, 0x86, 0x61, + 0x32, 0xDC, 0xFB, 0x55, 0xC1, 0x16, 0x6D, 0x27, 0x92, 0x24, + 0x45, 0x8B, 0xF1, 0xB8, 0x48, 0xB1, 0x4B, 0x1D, 0xAC, 0xDE, + 0xDA, 0xDD, 0x8E, 0x2F, 0xC2, 0x91, 0xFB, 0xA5, 0xA9, 0x6E, + 0xF8, 0x3A, 0x6A, 0xF1, 0xFD, 0x50, 0x18, 0xEF, 0x9F, 0xE7, + 0xC3, 0xCA, 0x78, 0xEA, 0x56, 0xD3, 0xD3, 0x72, 0x5B, 0x96, + 0xDD, 0x4E, 0x06, 0x4E, 0x3A, 0xC3, 0xD9, 0xBE, 0x72, 0xB6, + 0x65, 0x07, 0x07, 0x4C, 0x01, 0x02, 0x41, 0x00, 0xFA, 0x47, + 0xD4, 0x7A, 0x7C, 0x92, 0x3C, 0x55, 0xEF, 0x81, 0xF0, 0x41, + 0x30, 0x2D, 0xA3, 0xCF, 0x8F, 0x1C, 0xE6, 0x87, 0x27, 0x05, + 0x70, 0x0D, 0xDF, 0x98, 0x35, 0xD6, 0xF1, 0x8B, 0x38, 0x2F, + 0x24, 0xB5, 0xD0, 0x84, 0xB6, 0x79, 0x4F, 0x71, 0x29, 0x94, + 0x5A, 0xF0, 0x64, 0x6A, 0xAC, 0xE7, 0x72, 0xC6, 0xED, 0x4D, + 0x59, 0x98, 0x3E, 0x67, 0x3A, 0xF3, 0x74, 0x2C, 0xF9, 0x61, + 0x17, 0x69, 0x02, 0x41, 0x00, 0xC0, 0xC1, 0x82, 0x0D, 0x0C, + 0xEB, 0xC6, 0x2F, 0xDC, 0x92, 0xF9, 0x9D, 0x82, 0x1A, 0x31, + 0xE9, 0xE9, 0xF7, 0x4B, 0xF2, 0x82, 0x87, 0x1C, 0xEE, 0x16, + 0x6A, 0xD1, 0x1D, 0x18, 0x82, 0x70, 0xF3, 0xC0, 0xB6, 0x2F, + 0xF6, 0xF3, 0xF7, 0x1D, 0xF1, 0x86, 0x23, 0xC8, 0x4E, 0xEB, + 0x8F, 0x56, 0x8E, 0x8F, 0xF5, 0xBF, 0xF1, 0xF7, 0x2B, 0xB5, + 0xCC, 0x3D, 0xC6, 0x57, 0x39, 0x0C, 0x1B, 0x54, 0x41, 0x02, + 0x41, 0x00, 0x9D, 0x7E, 0x05, 0xDE, 0xED, 0xF4, 0xB7, 0xB2, + 0xFB, 0xFC, 0x30, 0x4B, 0x55, 0x1D, 0xE3, 0x2F, 0x01, 0x47, + 0x96, 0x69, 0x05, 0xCD, 0x0E, 0x2E, 0x2C, 0xBD, 0x83, 0x63, + 0xB6, 0xAB, 0x7C, 0xB7, 0x6D, 0xCA, 0x5B, 0x64, 0xA7, 0xCE, + 0xBE, 0x86, 0xDF, 0x3B, 0x53, 0xDE, 0x61, 0xD2, 0x1E, 0xEB, + 0xA5, 0xF6, 0x37, 0xED, 0xAC, 0xAB, 0x78, 0xD9, 0x4C, 0xE7, + 0x55, 0xFB, 0xD7, 0x11, 0x99, 0xC1, 0x02, 0x40, 0x18, 0x98, + 0x18, 0x29, 0xE6, 0x1E, 0x27, 0x39, 0x70, 0x21, 0x68, 0xAC, + 0x0A, 0x2F, 0xA1, 0x72, 0xC1, 0x21, 0x86, 0x95, 0x38, 0xC6, + 0x58, 0x90, 0xA0, 0x57, 0x9C, 0xBA, 0xE3, 0xA7, 0xB1, 0x15, + 0xC8, 0xDE, 0xF6, 0x1B, 0xC2, 0x61, 0x23, 0x76, 0xEF, 0xB0, + 0x9D, 0x1C, 0x44, 0xBE, 0x13, 0x43, 0x39, 0x67, 0x17, 0xC8, + 0x9D, 0xCA, 0xFB, 0xF5, 0x45, 0x64, 0x8B, 0x38, 0x82, 0x2C, + 0xF2, 0x81, 0x02, 0x40, 0x39, 0x89, 0xE5, 0x9C, 0x19, 0x55, + 0x30, 0xBA, 0xB7, 0x48, 0x8C, 0x48, 0x14, 0x0E, 0xF4, 0x9F, + 0x7E, 0x77, 0x97, 0x43, 0xE1, 0xB4, 0x19, 0x35, 0x31, 0x23, + 0x75, 0x9C, 0x3B, 0x44, 0xAD, 0x69, 0x12, 0x56, 0xEE, 0x00, + 0x61, 0x64, 0x16, 0x66, 0xD3, 0x7C, 0x74, 0x2B, 0x15, 0xB4, + 0xA2, 0xFE, 0xBF, 0x08, 0x6B, 0x1A, 0x5D, 0x3F, 0x90, 0x12, + 0xB1, 0x05, 0x86, 0x31, 0x29, 0xDB, 0xD9, 0xE2 +}; + +/* ./certs/1024/client-cert.der, 1024-bit */ +const unsigned char client_cert_der_1024[] = +{ + 0x30, 0x82, 0x02, 0xEC, 0x30, 0x82, 0x02, 0x55, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x8D, 0x0D, 0xAC, 0xFE, + 0xC6, 0x98, 0x45, 0x26, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, + 0x81, 0x8E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, + 0x6F, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x08, 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, + 0x64, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x05, 0x79, 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, + 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, + 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, + 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x33, + 0x30, 0x31, 0x31, 0x38, 0x32, 0x31, 0x34, 0x32, 0x34, 0x39, + 0x5A, 0x17, 0x0D, 0x31, 0x35, 0x31, 0x30, 0x31, 0x35, 0x32, + 0x31, 0x34, 0x32, 0x34, 0x39, 0x5A, 0x30, 0x81, 0x8E, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, + 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x08, + 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, 0x64, 0x31, 0x0E, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x05, 0x79, + 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, + 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, 0x77, 0x77, 0x77, + 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, + 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, 0xEF, + 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC, 0xB3, + 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC, 0xD1, + 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94, 0xCA, + 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D, 0xC4, + 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25, 0xBB, + 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC, 0x39, + 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA, 0x4D, + 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77, 0xC9, + 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C, 0xE8, + 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, 0xF6, + 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, 0xC8, + 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xA3, 0x50, 0x30, 0x4E, 0x30, 0x1D, 0x06, + 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x81, 0x69, + 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, + 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 0xEC, 0x30, 0x1F, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, + 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, + 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, + 0xEC, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, + 0x03, 0x81, 0x81, 0x00, 0x72, 0x66, 0x0F, 0x6A, 0xA1, 0x85, + 0x95, 0x06, 0xE6, 0x87, 0x1A, 0xED, 0x2B, 0xDA, 0xED, 0x84, + 0x90, 0x89, 0xA6, 0x31, 0x4D, 0x60, 0xF2, 0x7B, 0x63, 0x0C, + 0xDC, 0x9B, 0x44, 0x4C, 0xD6, 0x62, 0x41, 0x24, 0x74, 0x30, + 0x70, 0x4E, 0x07, 0x10, 0x05, 0x12, 0x5E, 0x14, 0xB3, 0xDD, + 0xCF, 0x58, 0x27, 0x93, 0xCF, 0xAA, 0x4F, 0x85, 0x2C, 0x35, + 0x0E, 0xFF, 0x5B, 0xA8, 0x6B, 0xB5, 0x95, 0x32, 0xD5, 0xCC, + 0x73, 0x68, 0x5B, 0x1B, 0xC4, 0xF8, 0x89, 0x5E, 0x3D, 0xF8, + 0x02, 0x39, 0x32, 0x7D, 0x06, 0xA4, 0x32, 0xE9, 0xB3, 0xEF, + 0x62, 0xA0, 0x43, 0x5D, 0x4F, 0xFB, 0xCE, 0x3D, 0x08, 0x33, + 0xAF, 0x3D, 0x7F, 0x12, 0xCB, 0x8A, 0x5A, 0xC2, 0x63, 0xDB, + 0x3E, 0xDD, 0xEA, 0x5B, 0x67, 0x10, 0x49, 0x9F, 0x5B, 0x96, + 0x1B, 0x4E, 0x5D, 0xBC, 0x4E, 0x9A, 0x7C, 0x1F, 0xAB, 0x56, + 0x47, 0x4A +}; + +/* ./certs/1024/dh1024.der, 1024-bit */ +const unsigned char dh_key_der_1024[] = +{ + 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0xA4, 0xD2, 0xB8, + 0x6E, 0x78, 0xF5, 0xD9, 0xED, 0x2D, 0x7C, 0xDD, 0xB6, 0x16, + 0x86, 0x5A, 0x4B, 0x05, 0x76, 0x90, 0xDD, 0x66, 0x61, 0xB9, + 0x6D, 0x52, 0xA7, 0x1C, 0xAF, 0x62, 0xC6, 0x69, 0x47, 0x7B, + 0x39, 0xF2, 0xFB, 0x94, 0xEC, 0xBC, 0x79, 0xFF, 0x24, 0x5E, + 0xEF, 0x79, 0xBB, 0x59, 0xB2, 0xFC, 0xCA, 0x07, 0xD6, 0xF4, + 0xE9, 0x34, 0xF7, 0xE8, 0x38, 0xE7, 0xD7, 0x33, 0x44, 0x1D, + 0xA3, 0x64, 0x76, 0x1A, 0x84, 0x97, 0x54, 0x74, 0x40, 0x84, + 0x1F, 0x15, 0xFE, 0x7C, 0x25, 0x2A, 0x2B, 0x25, 0xFD, 0x9E, + 0xC1, 0x89, 0x33, 0x8C, 0x39, 0x25, 0x2B, 0x40, 0xE6, 0xCD, + 0xF8, 0xA8, 0xA1, 0x8A, 0x53, 0xC6, 0x47, 0xB2, 0xA0, 0xD7, + 0x8F, 0xEB, 0x2E, 0x60, 0x0A, 0x0D, 0x4B, 0xF8, 0xB4, 0x94, + 0x8C, 0x63, 0x0A, 0xAD, 0xC7, 0x10, 0xEA, 0xC7, 0xA1, 0xB9, + 0x9D, 0xF2, 0xA8, 0x37, 0x73, 0x02, 0x01, 0x02 +}; + +/* ./certs/1024/dsa1024.der, 1024-bit */ +const unsigned char dsa_key_der_1024[] = +{ + 0x30, 0x82, 0x01, 0xBC, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xF7, 0x4B, 0xF9, 0xBB, 0x15, 0x98, 0xEB, 0xDD, 0xDE, + 0x1E, 0x4E, 0x71, 0x88, 0x85, 0xF2, 0xB7, 0xBA, 0xE2, 0x4A, + 0xDA, 0x76, 0x40, 0xCD, 0x69, 0x48, 0x9E, 0x83, 0x7C, 0x11, + 0xF7, 0x65, 0x31, 0x78, 0xF5, 0x25, 0x2D, 0xF7, 0xB7, 0xF8, + 0x52, 0x3F, 0xBE, 0xD8, 0xB6, 0xC5, 0xFE, 0x18, 0x15, 0x5B, + 0xB9, 0xD5, 0x92, 0x86, 0xBC, 0xB2, 0x17, 0x7C, 0xD8, 0xB0, + 0xBE, 0xA0, 0x7C, 0xF2, 0xD5, 0x73, 0x7A, 0x58, 0x8F, 0x8D, + 0xE5, 0x4A, 0x00, 0x99, 0x83, 0x4A, 0xC0, 0x9E, 0x16, 0x09, + 0xA1, 0x10, 0x34, 0xD5, 0x19, 0xBB, 0x63, 0xE3, 0xDD, 0x83, + 0x74, 0x7F, 0x10, 0xCA, 0x73, 0x75, 0xEE, 0x31, 0x4A, 0xDD, + 0x9F, 0xE0, 0x02, 0x6A, 0x9D, 0xEE, 0xB2, 0x4B, 0xA7, 0x6B, + 0x2A, 0x6C, 0xC7, 0x86, 0x77, 0xE8, 0x04, 0x15, 0xDC, 0x92, + 0xB4, 0x7A, 0x29, 0x1F, 0x4E, 0x83, 0x63, 0x85, 0x55, 0x02, + 0x15, 0x00, 0xD2, 0x05, 0xE4, 0x73, 0xFB, 0xC1, 0x99, 0xC5, + 0xDC, 0x68, 0xA4, 0x8D, 0x92, 0x27, 0x3D, 0xE2, 0x52, 0x5F, + 0x89, 0x8B, 0x02, 0x81, 0x81, 0x00, 0xAA, 0x21, 0x02, 0x09, + 0x43, 0x6E, 0xFB, 0xA2, 0x54, 0x14, 0x85, 0x0A, 0xF4, 0x28, + 0x7C, 0xCB, 0xCC, 0xDB, 0xF5, 0x1E, 0xA2, 0x18, 0xA9, 0x21, + 0xDE, 0x88, 0x88, 0x33, 0x8C, 0x2E, 0xEB, 0x8D, 0xA3, 0xF0, + 0x1D, 0xC8, 0x8F, 0xF6, 0x7E, 0xF8, 0xCF, 0x12, 0xF5, 0xB4, + 0xA1, 0x11, 0x6F, 0x0C, 0xD4, 0xF0, 0x06, 0xAD, 0xC4, 0xFC, + 0x14, 0x45, 0xC7, 0x94, 0x15, 0xBC, 0x19, 0x4B, 0xAE, 0xEF, + 0x93, 0x6A, 0x4F, 0xCC, 0x14, 0xD8, 0x47, 0x8B, 0x39, 0x66, + 0x87, 0x02, 0xD4, 0x28, 0x0A, 0xB8, 0xEE, 0x09, 0x37, 0xF4, + 0x00, 0xA0, 0x04, 0xA7, 0x79, 0xA7, 0xD2, 0x3C, 0xF7, 0x34, + 0x43, 0x56, 0x8E, 0xD0, 0x7C, 0xC2, 0xD8, 0x4D, 0x0F, 0x89, + 0xED, 0x14, 0xC1, 0x2C, 0x9C, 0x4C, 0x19, 0x9B, 0x9E, 0xDC, + 0x53, 0x09, 0x9F, 0xDF, 0x2D, 0xF0, 0x0C, 0x27, 0x54, 0x3A, + 0x77, 0x14, 0x2D, 0xDE, 0x02, 0x81, 0x81, 0x00, 0xE8, 0x1F, + 0x7C, 0xB7, 0xC0, 0x54, 0x51, 0xA7, 0x28, 0x2D, 0x58, 0x7C, + 0xDE, 0xD4, 0x5C, 0xDD, 0xD5, 0x76, 0x84, 0x3C, 0x36, 0x20, + 0xC0, 0xC3, 0x25, 0xD7, 0x3A, 0x38, 0xE1, 0x54, 0xC8, 0xFD, + 0x40, 0x68, 0x1A, 0x21, 0x54, 0x26, 0x39, 0x14, 0xBF, 0xF6, + 0xA3, 0x9C, 0x5E, 0xD9, 0x2B, 0xF7, 0xC9, 0x25, 0xBA, 0x00, + 0x09, 0xCB, 0x7F, 0x0C, 0x4A, 0x24, 0xFD, 0x15, 0x16, 0x15, + 0x48, 0xCD, 0x0B, 0x52, 0x44, 0x40, 0x7B, 0x90, 0x63, 0x2B, + 0x90, 0x22, 0xC5, 0x18, 0x05, 0x80, 0x53, 0xAF, 0x83, 0x1F, + 0x54, 0xE2, 0xB0, 0xA2, 0x0B, 0x5A, 0x92, 0x24, 0xE1, 0x62, + 0x28, 0x3F, 0xB7, 0xCA, 0xB9, 0x89, 0xD6, 0xA0, 0xB7, 0xAD, + 0xAE, 0x05, 0xE1, 0xC1, 0x59, 0x40, 0xED, 0x4A, 0x1B, 0x68, + 0xA7, 0x7B, 0xFB, 0xC3, 0x20, 0x81, 0xEF, 0x4B, 0xF3, 0x69, + 0x91, 0xB0, 0xCE, 0x3A, 0xB0, 0x38, 0x02, 0x14, 0x25, 0x38, + 0x3B, 0xA1, 0x19, 0x75, 0xDF, 0x9B, 0xF5, 0x72, 0x53, 0x4F, + 0x39, 0xE1, 0x1C, 0xEC, 0x13, 0x84, 0x82, 0x18 +}; + +#elif defined(USE_CERT_BUFFERS_2048) + +/* ./certs/client-key.der, 2048-bit */ +const unsigned char client_key_der_2048[] = +{ + 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, + 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, + 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, + 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, + 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, + 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, + 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E, + 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, + 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, + 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, + 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, + 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, + 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, + 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, + 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, + 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, + 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, + 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF, + 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03, + 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, + 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, + 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, + 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, + 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, + 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, + 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA2, 0xE6, + 0xD8, 0x5F, 0x10, 0x71, 0x64, 0x08, 0x9E, 0x2E, 0x6D, 0xD1, + 0x6D, 0x1E, 0x85, 0xD2, 0x0A, 0xB1, 0x8C, 0x47, 0xCE, 0x2C, + 0x51, 0x6A, 0xA0, 0x12, 0x9E, 0x53, 0xDE, 0x91, 0x4C, 0x1D, + 0x6D, 0xEA, 0x59, 0x7B, 0xF2, 0x77, 0xAA, 0xD9, 0xC6, 0xD9, + 0x8A, 0xAB, 0xD8, 0xE1, 0x16, 0xE4, 0x63, 0x26, 0xFF, 0xB5, + 0x6C, 0x13, 0x59, 0xB8, 0xE3, 0xA5, 0xC8, 0x72, 0x17, 0x2E, + 0x0C, 0x9F, 0x6F, 0xE5, 0x59, 0x3F, 0x76, 0x6F, 0x49, 0xB1, + 0x11, 0xC2, 0x5A, 0x2E, 0x16, 0x29, 0x0D, 0xDE, 0xB7, 0x8E, + 0xDC, 0x40, 0xD5, 0xA2, 0xEE, 0xE0, 0x1E, 0xA1, 0xF4, 0xBE, + 0x97, 0xDB, 0x86, 0x63, 0x96, 0x14, 0xCD, 0x98, 0x09, 0x60, + 0x2D, 0x30, 0x76, 0x9C, 0x3C, 0xCD, 0xE6, 0x88, 0xEE, 0x47, + 0x92, 0x79, 0x0B, 0x5A, 0x00, 0xE2, 0x5E, 0x5F, 0x11, 0x7C, + 0x7D, 0xF9, 0x08, 0xB7, 0x20, 0x06, 0x89, 0x2A, 0x5D, 0xFD, + 0x00, 0xAB, 0x22, 0xE1, 0xF0, 0xB3, 0xBC, 0x24, 0xA9, 0x5E, + 0x26, 0x0E, 0x1F, 0x00, 0x2D, 0xFE, 0x21, 0x9A, 0x53, 0x5B, + 0x6D, 0xD3, 0x2B, 0xAB, 0x94, 0x82, 0x68, 0x43, 0x36, 0xD8, + 0xF6, 0x2F, 0xC6, 0x22, 0xFC, 0xB5, 0x41, 0x5D, 0x0D, 0x33, + 0x60, 0xEA, 0xA4, 0x7D, 0x7E, 0xE8, 0x4B, 0x55, 0x91, 0x56, + 0xD3, 0x5C, 0x57, 0x8F, 0x1F, 0x94, 0x17, 0x2F, 0xAA, 0xDE, + 0xE9, 0x9E, 0xA8, 0xF4, 0xCF, 0x8A, 0x4C, 0x8E, 0xA0, 0xE4, + 0x56, 0x73, 0xB2, 0xCF, 0x4F, 0x86, 0xC5, 0x69, 0x3C, 0xF3, + 0x24, 0x20, 0x8B, 0x5C, 0x96, 0x0C, 0xFA, 0x6B, 0x12, 0x3B, + 0x9A, 0x67, 0xC1, 0xDF, 0xC6, 0x96, 0xB2, 0xA5, 0xD5, 0x92, + 0x0D, 0x9B, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, 0xD4, 0x50, + 0xE4, 0x17, 0x39, 0x48, 0xD0, 0x35, 0x8B, 0x94, 0x6D, 0x11, + 0xDE, 0x8F, 0xCA, 0x59, 0x02, 0x81, 0x81, 0x00, 0xEA, 0x24, + 0xA7, 0xF9, 0x69, 0x33, 0xE9, 0x71, 0xDC, 0x52, 0x7D, 0x88, + 0x21, 0x28, 0x2F, 0x49, 0xDE, 0xBA, 0x72, 0x16, 0xE9, 0xCC, + 0x47, 0x7A, 0x88, 0x0D, 0x94, 0x57, 0x84, 0x58, 0x16, 0x3A, + 0x81, 0xB0, 0x3F, 0xA2, 0xCF, 0xA6, 0x6C, 0x1E, 0xB0, 0x06, + 0x29, 0x00, 0x8F, 0xE7, 0x77, 0x76, 0xAC, 0xDB, 0xCA, 0xC7, + 0xD9, 0x5E, 0x9B, 0x3F, 0x26, 0x90, 0x52, 0xAE, 0xFC, 0x38, + 0x90, 0x00, 0x14, 0xBB, 0xB4, 0x0F, 0x58, 0x94, 0xE7, 0x2F, + 0x6A, 0x7E, 0x1C, 0x4F, 0x41, 0x21, 0xD4, 0x31, 0x59, 0x1F, + 0x4E, 0x8A, 0x1A, 0x8D, 0xA7, 0x57, 0x6C, 0x22, 0xD8, 0xE5, + 0xF4, 0x7E, 0x32, 0xA6, 0x10, 0xCB, 0x64, 0xA5, 0x55, 0x03, + 0x87, 0xA6, 0x27, 0x05, 0x8C, 0xC3, 0xD7, 0xB6, 0x27, 0xB2, + 0x4D, 0xBA, 0x30, 0xDA, 0x47, 0x8F, 0x54, 0xD3, 0x3D, 0x8B, + 0x84, 0x8D, 0x94, 0x98, 0x58, 0xA5, 0x02, 0x81, 0x81, 0x00, + 0xD5, 0x38, 0x1B, 0xC3, 0x8F, 0xC5, 0x93, 0x0C, 0x47, 0x0B, + 0x6F, 0x35, 0x92, 0xC5, 0xB0, 0x8D, 0x46, 0xC8, 0x92, 0x18, + 0x8F, 0xF5, 0x80, 0x0A, 0xF7, 0xEF, 0xA1, 0xFE, 0x80, 0xB9, + 0xB5, 0x2A, 0xBA, 0xCA, 0x18, 0xB0, 0x5D, 0xA5, 0x07, 0xD0, + 0x93, 0x8D, 0xD8, 0x9C, 0x04, 0x1C, 0xD4, 0x62, 0x8E, 0xA6, + 0x26, 0x81, 0x01, 0xFF, 0xCE, 0x8A, 0x2A, 0x63, 0x34, 0x35, + 0x40, 0xAA, 0x6D, 0x80, 0xDE, 0x89, 0x23, 0x6A, 0x57, 0x4D, + 0x9E, 0x6E, 0xAD, 0x93, 0x4E, 0x56, 0x90, 0x0B, 0x6D, 0x9D, + 0x73, 0x8B, 0x0C, 0xAE, 0x27, 0x3D, 0xDE, 0x4E, 0xF0, 0xAA, + 0xC5, 0x6C, 0x78, 0x67, 0x6C, 0x94, 0x52, 0x9C, 0x37, 0x67, + 0x6C, 0x2D, 0xEF, 0xBB, 0xAF, 0xDF, 0xA6, 0x90, 0x3C, 0xC4, + 0x47, 0xCF, 0x8D, 0x96, 0x9E, 0x98, 0xA9, 0xB4, 0x9F, 0xC5, + 0xA6, 0x50, 0xDC, 0xB3, 0xF0, 0xFB, 0x74, 0x17, 0x02, 0x81, + 0x80, 0x5E, 0x83, 0x09, 0x62, 0xBD, 0xBA, 0x7C, 0xA2, 0xBF, + 0x42, 0x74, 0xF5, 0x7C, 0x1C, 0xD2, 0x69, 0xC9, 0x04, 0x0D, + 0x85, 0x7E, 0x3E, 0x3D, 0x24, 0x12, 0xC3, 0x18, 0x7B, 0xF3, + 0x29, 0xF3, 0x5F, 0x0E, 0x76, 0x6C, 0x59, 0x75, 0xE4, 0x41, + 0x84, 0x69, 0x9D, 0x32, 0xF3, 0xCD, 0x22, 0xAB, 0xB0, 0x35, + 0xBA, 0x4A, 0xB2, 0x3C, 0xE5, 0xD9, 0x58, 0xB6, 0x62, 0x4F, + 0x5D, 0xDE, 0xE5, 0x9E, 0x0A, 0xCA, 0x53, 0xB2, 0x2C, 0xF7, + 0x9E, 0xB3, 0x6B, 0x0A, 0x5B, 0x79, 0x65, 0xEC, 0x6E, 0x91, + 0x4E, 0x92, 0x20, 0xF6, 0xFC, 0xFC, 0x16, 0xED, 0xD3, 0x76, + 0x0C, 0xE2, 0xEC, 0x7F, 0xB2, 0x69, 0x13, 0x6B, 0x78, 0x0E, + 0x5A, 0x46, 0x64, 0xB4, 0x5E, 0xB7, 0x25, 0xA0, 0x5A, 0x75, + 0x3A, 0x4B, 0xEF, 0xC7, 0x3C, 0x3E, 0xF7, 0xFD, 0x26, 0xB8, + 0x20, 0xC4, 0x99, 0x0A, 0x9A, 0x73, 0xBE, 0xC3, 0x19, 0x02, + 0x81, 0x81, 0x00, 0xBA, 0x44, 0x93, 0x14, 0xAC, 0x34, 0x19, + 0x3B, 0x5F, 0x91, 0x60, 0xAC, 0xF7, 0xB4, 0xD6, 0x81, 0x05, + 0x36, 0x51, 0x53, 0x3D, 0xE8, 0x65, 0xDC, 0xAF, 0x2E, 0xDC, + 0x61, 0x3E, 0xC9, 0x7D, 0xB8, 0x7F, 0x87, 0xF0, 0x3B, 0x9B, + 0x03, 0x82, 0x29, 0x37, 0xCE, 0x72, 0x4E, 0x11, 0xD5, 0xB1, + 0xC1, 0x0C, 0x07, 0xA0, 0x99, 0x91, 0x4A, 0x8D, 0x7F, 0xEC, + 0x79, 0xCF, 0xF1, 0x39, 0xB5, 0xE9, 0x85, 0xEC, 0x62, 0xF7, + 0xDA, 0x7D, 0xBC, 0x64, 0x4D, 0x22, 0x3C, 0x0E, 0xF2, 0xD6, + 0x51, 0xF5, 0x87, 0xD8, 0x99, 0xC0, 0x11, 0x20, 0x5D, 0x0F, + 0x29, 0xFD, 0x5B, 0xE2, 0xAE, 0xD9, 0x1C, 0xD9, 0x21, 0x56, + 0x6D, 0xFC, 0x84, 0xD0, 0x5F, 0xED, 0x10, 0x15, 0x1C, 0x18, + 0x21, 0xE7, 0xC4, 0x3D, 0x4B, 0xD7, 0xD0, 0x9E, 0x6A, 0x95, + 0xCF, 0x22, 0xC9, 0x03, 0x7B, 0x9E, 0xE3, 0x60, 0x01, 0xFC, + 0x2F, 0x02, 0x81, 0x80, 0x11, 0xD0, 0x4B, 0xCF, 0x1B, 0x67, + 0xB9, 0x9F, 0x10, 0x75, 0x47, 0x86, 0x65, 0xAE, 0x31, 0xC2, + 0xC6, 0x30, 0xAC, 0x59, 0x06, 0x50, 0xD9, 0x0F, 0xB5, 0x70, + 0x06, 0xF7, 0xF0, 0xD3, 0xC8, 0x62, 0x7C, 0xA8, 0xDA, 0x6E, + 0xF6, 0x21, 0x3F, 0xD3, 0x7F, 0x5F, 0xEA, 0x8A, 0xAB, 0x3F, + 0xD9, 0x2A, 0x5E, 0xF3, 0x51, 0xD2, 0xC2, 0x30, 0x37, 0xE3, + 0x2D, 0xA3, 0x75, 0x0D, 0x1E, 0x4D, 0x21, 0x34, 0xD5, 0x57, + 0x70, 0x5C, 0x89, 0xBF, 0x72, 0xEC, 0x4A, 0x6E, 0x68, 0xD5, + 0xCD, 0x18, 0x74, 0x33, 0x4E, 0x8C, 0x3A, 0x45, 0x8F, 0xE6, + 0x96, 0x40, 0xEB, 0x63, 0xF9, 0x19, 0x86, 0x3A, 0x51, 0xDD, + 0x89, 0x4B, 0xB0, 0xF3, 0xF9, 0x9F, 0x5D, 0x28, 0x95, 0x38, + 0xBE, 0x35, 0xAB, 0xCA, 0x5C, 0xE7, 0x93, 0x53, 0x34, 0xA1, + 0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, + 0xF5, 0xBF +}; + +/* ./certs/client-cert.der, 2048-bit */ +const unsigned char client_cert_der_2048[] = +{ + 0x30, 0x82, 0x04, 0x98, 0x30, 0x82, 0x03, 0x80, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x87, 0x4A, 0x75, 0xBE, + 0x91, 0x66, 0xD8, 0x3D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, + 0x81, 0x8E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x13, 0x06, 0x4F, 0x72, 0x65, 0x67, + 0x6F, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x13, 0x08, 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, + 0x64, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x13, 0x05, 0x79, 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0B, 0x50, 0x72, + 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, + 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0D, + 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x31, + 0x31, 0x30, 0x32, 0x34, 0x31, 0x38, 0x32, 0x31, 0x35, 0x35, + 0x5A, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x32, 0x30, 0x31, + 0x38, 0x32, 0x31, 0x35, 0x35, 0x5A, 0x30, 0x81, 0x8E, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x13, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, + 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, + 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, 0x64, 0x31, 0x0E, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x05, 0x79, + 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x13, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, + 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0D, 0x77, 0x77, 0x77, + 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, + 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, + 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, + 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, + 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, + 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, + 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, + 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, + 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, + 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, + 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, + 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, + 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, + 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, + 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, + 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, + 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, + 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, + 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, + 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, + 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, + 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, + 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, + 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, + 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, + 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xF6, 0x30, 0x81, + 0xF3, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, + 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, + 0x65, 0xC0, 0x30, 0x81, 0xC3, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xBB, 0x30, 0x81, 0xB8, 0x80, 0x14, 0x33, 0xD8, + 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, + 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0xA1, 0x81, + 0x94, 0xA4, 0x81, 0x91, 0x30, 0x81, 0x8E, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, + 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x11, 0x30, + 0x0F, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x50, 0x6F, + 0x72, 0x74, 0x6C, 0x61, 0x6E, 0x64, 0x31, 0x0E, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x05, 0x79, 0x61, 0x53, + 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x13, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, + 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, + 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, + 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, + 0x09, 0x00, 0x87, 0x4A, 0x75, 0xBE, 0x91, 0x66, 0xD8, 0x3D, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x1C, 0x7C, 0x42, 0x81, 0x29, 0x9E, + 0x21, 0xCF, 0xD0, 0xD8, 0xC1, 0x54, 0x6F, 0xCC, 0xAE, 0x14, + 0x09, 0x38, 0xFF, 0x68, 0x98, 0x9A, 0x95, 0x53, 0x76, 0x18, + 0x7B, 0xE6, 0x30, 0x76, 0xEC, 0x28, 0x0D, 0x75, 0xA7, 0xDE, + 0xE0, 0xCD, 0x8E, 0xD5, 0x55, 0x23, 0x6A, 0x47, 0x2B, 0x4E, + 0x8D, 0xFC, 0x7D, 0x06, 0xA3, 0xD8, 0x0F, 0xAD, 0x5E, 0xD6, + 0x04, 0xC9, 0x00, 0x33, 0xFB, 0x77, 0x27, 0xD3, 0xB5, 0x03, + 0xB3, 0x7B, 0x21, 0x74, 0x31, 0x0B, 0x4A, 0xAF, 0x2D, 0x1A, + 0xB3, 0x93, 0x8E, 0xCC, 0xF3, 0x5F, 0x3D, 0x90, 0x3F, 0xCC, + 0xE3, 0x55, 0x19, 0x91, 0x7B, 0x78, 0x24, 0x2E, 0x4A, 0x09, + 0xBB, 0x18, 0x4E, 0x61, 0x2D, 0x9C, 0xC6, 0x0A, 0xA0, 0x34, + 0x91, 0x88, 0x70, 0x6B, 0x3B, 0x48, 0x47, 0xBC, 0x79, 0x94, + 0xA2, 0xA0, 0x4D, 0x32, 0x47, 0x54, 0xC2, 0xA3, 0xDC, 0x2E, + 0xD2, 0x51, 0x4C, 0x29, 0x39, 0x11, 0xFF, 0xE2, 0x15, 0x5E, + 0x58, 0x97, 0x36, 0xF6, 0xE9, 0x06, 0x06, 0x86, 0x0E, 0x8D, + 0x9D, 0x95, 0x03, 0x72, 0xB2, 0x8B, 0x19, 0x7C, 0xE9, 0x14, + 0x6E, 0xA1, 0x88, 0x73, 0x68, 0x58, 0x6D, 0x71, 0x5E, 0xC2, + 0xD5, 0xD3, 0x13, 0xD2, 0x5F, 0xDE, 0xEA, 0x03, 0xBE, 0xE2, + 0x00, 0x40, 0xE5, 0xCE, 0xFD, 0xE6, 0x92, 0x31, 0x57, 0xC3, + 0xEB, 0xBB, 0x66, 0xAC, 0xCB, 0x2F, 0x1A, 0xFA, 0xE0, 0x62, + 0xA2, 0x47, 0xF4, 0x93, 0x43, 0x2A, 0x4B, 0x6C, 0x5E, 0x0A, + 0x2F, 0xF9, 0xE7, 0xE6, 0x4A, 0x63, 0x86, 0xB0, 0xAC, 0x2A, + 0xA1, 0xEB, 0xB4, 0x5B, 0x67, 0xCD, 0x32, 0xE4, 0xB6, 0x11, + 0x4B, 0x9A, 0x72, 0x66, 0x0D, 0xA2, 0x4A, 0x76, 0x8F, 0xFE, + 0x22, 0xBC, 0x83, 0xFD, 0xDB, 0xB7, 0xD5, 0xA9, 0xEE, 0x05, + 0xC9, 0xB1, 0x71, 0x7E, 0x1B, 0x2B, 0xE1, 0xE3, 0xAF, 0xC0 + +}; + +/* ./certs/dh2048.der, 2048-bit */ +const unsigned char dh_key_der_2048[] = +{ + 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB0, + 0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C, + 0xBC, 0x30, 0xD5, 0xF5, 0x00, 0xC1, 0x4F, 0x44, 0xA7, 0xD6, + 0xEF, 0x4A, 0xC6, 0x25, 0x27, 0x1C, 0xE8, 0xD2, 0x96, 0x53, + 0x0A, 0x5C, 0x91, 0xDD, 0xA2, 0xC2, 0x94, 0x84, 0xBF, 0x7D, + 0xB2, 0x44, 0x9F, 0x9B, 0xD2, 0xC1, 0x8A, 0xC5, 0xBE, 0x72, + 0x5C, 0xA7, 0xE7, 0x91, 0xE6, 0xD4, 0x9F, 0x73, 0x07, 0x85, + 0x5B, 0x66, 0x48, 0xC7, 0x70, 0xFA, 0xB4, 0xEE, 0x02, 0xC9, + 0x3D, 0x9A, 0x4A, 0xDA, 0x3D, 0xC1, 0x46, 0x3E, 0x19, 0x69, + 0xD1, 0x17, 0x46, 0x07, 0xA3, 0x4D, 0x9F, 0x2B, 0x96, 0x17, + 0x39, 0x6D, 0x30, 0x8D, 0x2A, 0xF3, 0x94, 0xD3, 0x75, 0xCF, + 0xA0, 0x75, 0xE6, 0xF2, 0x92, 0x1F, 0x1A, 0x70, 0x05, 0xAA, + 0x04, 0x83, 0x57, 0x30, 0xFB, 0xDA, 0x76, 0x93, 0x38, 0x50, + 0xE8, 0x27, 0xFD, 0x63, 0xEE, 0x3C, 0xE5, 0xB7, 0xC8, 0x09, + 0xAE, 0x6F, 0x50, 0x35, 0x8E, 0x84, 0xCE, 0x4A, 0x00, 0xE9, + 0x12, 0x7E, 0x5A, 0x31, 0xD7, 0x33, 0xFC, 0x21, 0x13, 0x76, + 0xCC, 0x16, 0x30, 0xDB, 0x0C, 0xFC, 0xC5, 0x62, 0xA7, 0x35, + 0xB8, 0xEF, 0xB7, 0xB0, 0xAC, 0xC0, 0x36, 0xF6, 0xD9, 0xC9, + 0x46, 0x48, 0xF9, 0x40, 0x90, 0x00, 0x2B, 0x1B, 0xAA, 0x6C, + 0xE3, 0x1A, 0xC3, 0x0B, 0x03, 0x9E, 0x1B, 0xC2, 0x46, 0xE4, + 0x48, 0x4E, 0x22, 0x73, 0x6F, 0xC3, 0x5F, 0xD4, 0x9A, 0xD6, + 0x30, 0x07, 0x48, 0xD6, 0x8C, 0x90, 0xAB, 0xD4, 0xF6, 0xF1, + 0xE3, 0x48, 0xD3, 0x58, 0x4B, 0xA6, 0xB9, 0xCD, 0x29, 0xBF, + 0x68, 0x1F, 0x08, 0x4B, 0x63, 0x86, 0x2F, 0x5C, 0x6B, 0xD6, + 0xB6, 0x06, 0x65, 0xF7, 0xA6, 0xDC, 0x00, 0x67, 0x6B, 0xBB, + 0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E, + 0x7E, 0xAF, 0x00, 0x3F, 0x93, 0x02, 0x01, 0x02 +}; + +/* ./certs/dsa2048.der, 2048-bit */ +const unsigned char dsa_key_der_2048[] = +{ + 0x30, 0x82, 0x03, 0x3F, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xCC, 0x8E, 0xC9, 0xA0, 0xD5, 0x9A, 0x27, 0x1C, + 0xDA, 0x52, 0xDF, 0xC7, 0xC0, 0xE6, 0x06, 0xA4, 0x3E, 0x8A, + 0x66, 0x49, 0xD0, 0x59, 0x33, 0x51, 0x69, 0xC4, 0x9C, 0x5E, + 0x64, 0x85, 0xC7, 0xF1, 0xAB, 0xD5, 0xD9, 0x62, 0xAC, 0xFD, + 0xA1, 0xE0, 0x1B, 0x57, 0xFF, 0x96, 0xEF, 0x0C, 0x9F, 0xC8, + 0x44, 0x87, 0xEB, 0x5C, 0x91, 0xD0, 0x46, 0x42, 0x09, 0x50, + 0x6A, 0x23, 0xCB, 0x89, 0x6F, 0x55, 0xE9, 0x6A, 0x11, 0xA9, + 0xA8, 0x32, 0xAB, 0x33, 0x0D, 0x51, 0xB5, 0x79, 0x51, 0xB4, + 0xAB, 0xA2, 0x25, 0x11, 0x8D, 0xE5, 0x24, 0xBE, 0xD8, 0xF1, + 0x9D, 0x4E, 0x12, 0x6F, 0xAC, 0x44, 0x54, 0x80, 0xA9, 0xB4, + 0x81, 0x68, 0x4E, 0x44, 0x0E, 0xB8, 0x39, 0xF3, 0xBE, 0x83, + 0x08, 0x74, 0xA2, 0xC6, 0x7A, 0xD7, 0x6A, 0x7D, 0x0A, 0x88, + 0x57, 0x83, 0x48, 0xDC, 0xCF, 0x5E, 0x6F, 0xEE, 0x68, 0x0C, + 0xF7, 0xFF, 0x03, 0x04, 0x90, 0xAA, 0xF7, 0x07, 0x98, 0xF8, + 0x67, 0x5A, 0x83, 0x23, 0x66, 0x47, 0x60, 0xC3, 0x43, 0x6E, + 0x03, 0x91, 0xAC, 0x28, 0x66, 0xCB, 0xF0, 0xD3, 0x05, 0xC8, + 0x09, 0x97, 0xB5, 0xAE, 0x01, 0x5E, 0x80, 0x3B, 0x9D, 0x4F, + 0xDE, 0x3E, 0x94, 0xFE, 0xCB, 0x82, 0xB0, 0xB1, 0xFC, 0x91, + 0x8B, 0x1D, 0x8A, 0xEE, 0xC6, 0x06, 0x1F, 0x37, 0x91, 0x48, + 0xD2, 0xF8, 0x6C, 0x5D, 0x60, 0x13, 0x83, 0xA7, 0x81, 0xAC, + 0xCA, 0x8D, 0xD0, 0x6A, 0x04, 0x0A, 0xEA, 0x3E, 0x22, 0x4E, + 0x13, 0xF1, 0x0D, 0xBB, 0x60, 0x6B, 0xCD, 0xBC, 0x5C, 0x87, + 0xA3, 0x67, 0x2B, 0x42, 0xA1, 0x9F, 0xCD, 0x39, 0x58, 0xBE, + 0x55, 0xB1, 0x93, 0x84, 0xCE, 0xB2, 0x10, 0x4E, 0xE4, 0xC3, + 0x9F, 0xB2, 0x53, 0x61, 0x01, 0x29, 0xAA, 0x96, 0xCB, 0x20, + 0x60, 0x42, 0x1D, 0xBA, 0x75, 0x4B, 0x63, 0xC1, 0x02, 0x15, + 0x00, 0xE7, 0xA5, 0x39, 0xD4, 0x6A, 0x37, 0x5E, 0x95, 0x06, + 0x39, 0x07, 0x77, 0x0A, 0xEB, 0xA0, 0x03, 0xEB, 0x78, 0x82, + 0x9B, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD4, 0x4C, 0x71, + 0x2F, 0xEC, 0xFA, 0x32, 0xB2, 0x80, 0x7E, 0x61, 0x4A, 0x6B, + 0x5F, 0x18, 0x76, 0x43, 0xC3, 0x69, 0xBA, 0x41, 0xC7, 0xA7, + 0x1D, 0x79, 0x01, 0xEC, 0xAF, 0x34, 0x87, 0x67, 0x4F, 0x29, + 0x80, 0xA8, 0x3B, 0x87, 0xF6, 0xE8, 0xA1, 0xE8, 0xCD, 0x1B, + 0x1C, 0x86, 0x38, 0xF6, 0xD1, 0x0C, 0x46, 0x2E, 0xC8, 0xE0, + 0xC9, 0x30, 0x26, 0xD5, 0x2C, 0x7F, 0xC1, 0x08, 0xBF, 0xCC, + 0x5A, 0x82, 0x8E, 0xD4, 0xD4, 0x49, 0xAA, 0xA2, 0xFA, 0xE6, + 0xC1, 0x9D, 0xF0, 0xD9, 0x96, 0xB0, 0xFF, 0x0C, 0x5B, 0x33, + 0x8E, 0x06, 0xDD, 0x9D, 0x28, 0xA9, 0xE9, 0x80, 0x41, 0x3B, + 0xD8, 0x7A, 0x94, 0x21, 0x8F, 0x56, 0xF1, 0xA2, 0xB4, 0x2B, + 0x89, 0x1C, 0x74, 0xFF, 0x7E, 0x91, 0xDC, 0x1F, 0x91, 0x13, + 0x98, 0xAF, 0xC7, 0x06, 0xD2, 0x4C, 0x90, 0xA2, 0xBD, 0xDA, + 0x16, 0xBA, 0x65, 0xB0, 0x2D, 0x68, 0x87, 0x3C, 0x6E, 0x25, + 0x8D, 0x90, 0xC7, 0xBC, 0x0D, 0xA9, 0x43, 0x03, 0xC9, 0xBE, + 0xCF, 0x85, 0x6F, 0xDB, 0x07, 0x7B, 0x8C, 0xF8, 0xB1, 0xC2, + 0x49, 0x10, 0x69, 0x63, 0x56, 0x37, 0xC5, 0x30, 0xD2, 0xFB, + 0x71, 0x9A, 0xE8, 0x82, 0x07, 0x2E, 0x3E, 0x95, 0x50, 0xF3, + 0x73, 0xCF, 0x34, 0x5B, 0xD5, 0xAB, 0x02, 0x15, 0xF2, 0xCC, + 0xD7, 0x52, 0xC5, 0x28, 0xD8, 0x41, 0x19, 0x55, 0x6F, 0xB8, + 0x5F, 0xF1, 0x99, 0xB3, 0xC7, 0xD9, 0xB3, 0x71, 0xF4, 0x2D, + 0xDF, 0x22, 0x59, 0x35, 0x86, 0xDB, 0x39, 0xCA, 0x1B, 0x4D, + 0x35, 0x90, 0x19, 0x6B, 0x31, 0xE3, 0xC8, 0xC6, 0x09, 0xBF, + 0x7C, 0xED, 0x01, 0xB4, 0xB2, 0xF5, 0x6E, 0xDA, 0x63, 0x41, + 0x3C, 0xE6, 0x3A, 0x72, 0x2D, 0x65, 0x48, 0xF6, 0x07, 0xCD, + 0x92, 0x84, 0x8B, 0x1D, 0xA7, 0x31, 0x6B, 0xD6, 0xF0, 0xFB, + 0xD9, 0xF4, 0x02, 0x82, 0x01, 0x00, 0x66, 0x4B, 0xBB, 0xB7, + 0xC9, 0x48, 0x95, 0x0D, 0x5A, 0xA6, 0x2D, 0xA1, 0x7F, 0xDF, + 0x1F, 0x67, 0x6D, 0xED, 0x52, 0x4B, 0x16, 0x6C, 0x17, 0xC6, + 0xAE, 0xF8, 0x6A, 0xC4, 0x57, 0xED, 0x2F, 0xB3, 0xF0, 0x2A, + 0x55, 0xAB, 0xBA, 0xCA, 0xEA, 0x17, 0xE8, 0x35, 0x7C, 0xE5, + 0x31, 0x0D, 0x4A, 0x95, 0xFC, 0x43, 0x6F, 0x97, 0x3C, 0x5C, + 0x67, 0xAC, 0xBE, 0x67, 0x7F, 0xE9, 0x4E, 0xAA, 0x48, 0xB3, + 0x92, 0xA1, 0x76, 0x75, 0xEA, 0x04, 0x34, 0x7F, 0x87, 0x33, + 0x2D, 0x24, 0xB6, 0x29, 0x97, 0xE3, 0x04, 0x77, 0x93, 0x89, + 0x13, 0xDB, 0x1B, 0x93, 0xB8, 0x2C, 0x90, 0x1A, 0x09, 0x3B, + 0x26, 0xD9, 0x59, 0xF3, 0x2A, 0x09, 0x58, 0xDC, 0xAC, 0x25, + 0xB4, 0xA9, 0x45, 0x3B, 0xA2, 0x3A, 0x6C, 0x61, 0x84, 0xBF, + 0x68, 0xD4, 0xEA, 0x9B, 0xC5, 0x29, 0x48, 0x60, 0x15, 0x10, + 0x35, 0x2C, 0x44, 0x1D, 0xB5, 0x9A, 0xEE, 0xAC, 0xC1, 0x68, + 0xE8, 0x47, 0xB7, 0x41, 0x34, 0x39, 0x9A, 0xF8, 0xA5, 0x20, + 0xE9, 0x24, 0xC4, 0x2C, 0x58, 0x3F, 0x4C, 0x41, 0x30, 0x3A, + 0x14, 0x6E, 0x8D, 0xEA, 0xAD, 0xBA, 0x9B, 0x43, 0xD3, 0x98, + 0x2F, 0x83, 0xD8, 0x14, 0x67, 0xE8, 0xF8, 0xD5, 0x4F, 0xAC, + 0xE0, 0x3B, 0xBF, 0xA7, 0x54, 0x16, 0x5E, 0x49, 0x64, 0x26, + 0x54, 0xA4, 0x6B, 0x69, 0x7C, 0xBA, 0x8A, 0x83, 0xD9, 0x2E, + 0x65, 0x0A, 0xA2, 0x27, 0xEF, 0x99, 0x99, 0x08, 0xD7, 0xB5, + 0x9F, 0xA0, 0x01, 0xEF, 0x7E, 0x17, 0xBF, 0x83, 0x6B, 0x2E, + 0xDD, 0xC0, 0x39, 0x38, 0x23, 0x68, 0xB4, 0x76, 0x6B, 0xE5, + 0xCA, 0xF7, 0x7C, 0xEE, 0xC0, 0x52, 0xE2, 0xDD, 0xAD, 0x59, + 0x3A, 0x42, 0x06, 0x45, 0xB0, 0xC7, 0xC1, 0x77, 0x05, 0xB2, + 0x0C, 0x32, 0x40, 0x46, 0xAA, 0xDA, 0x79, 0x77, 0x04, 0x71, + 0xDF, 0x7A, 0x02, 0x15, 0x00, 0x98, 0xEE, 0xB9, 0x51, 0x37, + 0x3E, 0x75, 0x13, 0x13, 0x06, 0x8F, 0x94, 0xD3, 0xE6, 0xE9, + 0x00, 0xCB, 0x62, 0x6D, 0x9A +}; + +#endif /* USE_CERT_BUFFERS_1024 */ + +#endif /* CYASSL_CERTS_TEST_H */ + diff --git a/cyassl/include.am b/cyassl/include.am index f2b07a767..688479545 100644 --- a/cyassl/include.am +++ b/cyassl/include.am @@ -14,6 +14,7 @@ nobase_include_HEADERS+= \ cyassl/sniffer_error.h \ cyassl/sniffer.h \ cyassl/callbacks.h \ + cyassl/certs_test.h \ cyassl/test.h \ cyassl/version.h \ cyassl/ocsp.h \ diff --git a/gencertbuf.pl b/gencertbuf.pl new file mode 100755 index 000000000..9af8a2085 --- /dev/null +++ b/gencertbuf.pl @@ -0,0 +1,108 @@ +#!/usr/bin/perl + +# gencertbuf.pl +# version 1.0 +# Updated 01/28/2013 +# +# Copyright (C) 2006-2013 wolfSSL +# + +use strict; +use warnings; + +# ---- SCRIPT SETTINGS ------------------------------------------------------- + +# output C header file to write cert/key buffers to +my $outputFile = "./cyassl/certs_test.h"; + +# 1024-bit certs/keys to be converted +# Used with USE_CERT_BUFFERS_1024 define. + +my @fileList_1024 = ( + [ "./certs/1024/client-key.der", "client_key_der_1024" ], + [ "./certs/1024/client-cert.der", "client_cert_der_1024" ], + [ "./certs/1024/dh1024.der", "dh_key_der_1024" ], + [ "./certs/1024/dsa1024.der", "dsa_key_der_1024" ] + ); + +# 2048-bit certs/keys to be converted +# Used with USE_CERT_BUFFERS_2048 define. + +my @fileList_2048 = ( + [ "./certs/client-key.der", "client_key_der_2048" ], + [ "./certs/client-cert.der", "client_cert_der_2048" ], + [ "./certs/dh2048.der", "dh_key_der_2048" ], + [ "./certs/dsa2048.der", "dsa_key_der_2048" ] + ); + +# ---------------------------------------------------------------------------- + +my $num_1024 = @fileList_1024; +my $num_2048 = @fileList_2048; + +# open our output file, "+>" creates and/or truncates +open OUT_FILE, "+>", $outputFile or die $!; + +print OUT_FILE "/* certs_test.h */\n\n"; +print OUT_FILE "#ifndef CYASSL_CERTS_TEST_H\n"; +print OUT_FILE "#define CYASSL_CERTS_TEST_H\n\n"; + +# convert and print 1024-bit cert/keys +print OUT_FILE "#ifdef USE_CERT_BUFFERS_1024\n\n"; +for(my $i = 0; $i < $num_1024; $i++) { + print OUT_FILE "/* $fileList_1024[$i][0], 1024-bit */\n"; + print OUT_FILE "const unsigned char $fileList_1024[$i][1]\[] =\n"; + print OUT_FILE "{\n"; + file_to_hex($fileList_1024[$i][0]); + print OUT_FILE "};\n\n"; +} + +# convert and print 2048-bit certs/keys +print OUT_FILE "#elif defined(USE_CERT_BUFFERS_2048)\n\n"; +for(my $i = 0; $i < $num_2048; $i++) { + print OUT_FILE "/* $fileList_2048[$i][0], 2048-bit */\n"; + print OUT_FILE "const unsigned char $fileList_2048[$i][1]\[] =\n"; + print OUT_FILE "{\n"; + file_to_hex($fileList_2048[$i][0]); + print OUT_FILE "};\n\n"; +} + +print OUT_FILE "#endif /* USE_CERT_BUFFERS_1024 */\n\n"; +print OUT_FILE "#endif /* CYASSL_CERTS_TEST_H */\n\n"; + +# close certs_test.h file +close OUT_FILE or die $!; + +# print file as hex, comma-separated, as needed by C buffer +sub file_to_hex { + my $fileName = $_[0]; + + open my $fp, "<", $fileName or die $!; + binmode($fp); + + my $fileLen = -s $fileName; + my $byte; + + for (my $i = 0, my $j = 1; $i < $fileLen; $i++, $j++) + { + if ($j == 1) { + print OUT_FILE "\t"; + } + read($fp, $byte, 1) or die "Error reading $fileName"; + my $output = sprintf("0x%02X", ord($byte)); + print OUT_FILE $output; + + if ($i != ($fileLen - 1)) { + print OUT_FILE ", "; + } + + if ($j == 10) { + $j = 0; + print OUT_FILE "\n"; + } + } + + print OUT_FILE "\n"; + + close($fp); +} From a361f5c4bfe66858d34cdaa96877e73393133a86 Mon Sep 17 00:00:00 2001 From: Todd Ouska Date: Tue, 29 Jan 2013 16:22:49 -0800 Subject: [PATCH 07/52] initial cavium, crypto only, no rsa --- configure.ac | 33 +++++++- ctaocrypt/benchmark/benchmark.c | 60 ++++++++++++++ ctaocrypt/src/aes.c | 127 ++++++++++++++++++++++++++++++ ctaocrypt/src/arc4.c | 95 ++++++++++++++++++++++- ctaocrypt/src/des3.c | 129 ++++++++++++++++++++++++++++++- ctaocrypt/src/hmac.c | 133 ++++++++++++++++++++++++++++++++ ctaocrypt/src/random.c | 58 +++++++++++++- ctaocrypt/test/test.c | 122 ++++++++++++++++++++++++++++- cyassl/ctaocrypt/aes.h | 17 ++++ cyassl/ctaocrypt/arc4.h | 11 +++ cyassl/ctaocrypt/des3.h | 13 ++++ cyassl/ctaocrypt/hmac.h | 21 +++++ cyassl/ctaocrypt/random.h | 11 +++ cyassl/ctaocrypt/types.h | 4 +- src/ssl.c | 10 +-- 15 files changed, 829 insertions(+), 15 deletions(-) diff --git a/configure.ac b/configure.ac index e17404d9e..c07f843f4 100644 --- a/configure.ac +++ b/configure.ac @@ -424,7 +424,7 @@ AC_ARG_ENABLE([sha512], if test "$ENABLED_SHA512" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512" + AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512 -DCYASSL_SHA384" fi if test "$ENABLED_FORTRESS" = "yes" @@ -714,6 +714,7 @@ AS_IF([test "x$ENABLED_SINGLETHREADED" = "xyes"], [ENABLED_EXAMPLES="no"]) AS_IF([test "x$ENABLED_NOFILESYSTEM" = "xyes"], [ENABLED_EXAMPLES="no"]) AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"]) + # LIBZ trylibzdir="" AC_ARG_WITH([libz], @@ -751,6 +752,36 @@ AC_ARG_WITH([libz], ) +# cavium +trycaviumdir="" +AC_ARG_WITH([cavium], + [ --with-cavium=PATH PATH to cavium/software dir ], + [ + AC_MSG_CHECKING([for cavium]) + CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM" + + if test "x$withval" == "xyes" ; then + AC_MSG_ERROR([need a PATH for --with-cavium]) + fi + if test "x$withval" != "xno" ; then + trycaviumdir=$withval + fi + + LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o" + CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include" + + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ]) + + if test "x$cavium_linked" == "xno" ; then + AC_MSG_ERROR([cavium isn't found. + If it's already installed, specify its path using --with-cavium=/dir/]) + fi + AC_MSG_RESULT([yes]) + enable_shared=no + ] +) + + # OPTIMIZE FLAGS if test "$GCC" = "yes" then diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 306fe5336..241ca7329 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -44,6 +44,12 @@ #include #include +#ifdef HAVE_CAVIUM + #include "cavium_sysdep.h" + #include "cavium_common.h" + #include "cavium_ioctl.h" +#endif + #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ @@ -76,11 +82,42 @@ void bench_eccKeyAgree(void); double current_time(void); +#ifdef HAVE_CAVIUM + +static int OpenNitroxDevice(int dma_mode,int dev_id) +{ + Csp1CoreAssignment core_assign; + Uint32 device; + + if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID)) + return -1; + if (Csp1GetDevType(&device)) + return -1; + if (device != NPX_DEVICE) { + if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT, + (Uint32 *)&core_assign)!= 0) + return -1; + } + CspShutdown(CAVIUM_DEV_ID); + + return CspInitialize(dma_mode, dev_id); +} + +#endif + + int main(int argc, char** argv) { (void)argc; (void)argv; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) { + printf("Cavium OpenNitroxDevice failed\n"); + exit(-1); + } +#endif /* HAVE_CAVIUM */ #ifndef NO_AES bench_aes(0); bench_aes(1); @@ -175,6 +212,11 @@ void bench_aes(int show) double start, total, persec; int i; +#ifdef HAVE_CAVIUM + if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) + printf("aes init cavium failed\n"); +#endif + AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION); start = current_time(); @@ -188,6 +230,9 @@ void bench_aes(int show) if (show) printf("AES %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, persec); +#ifdef HAVE_CAVIUM + AesFreeCavium(&enc); +#endif } #endif @@ -271,6 +316,10 @@ void bench_des(void) double start, total, persec; int i; +#ifdef HAVE_CAVIUM + if (Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0) + printf("des3 init cavium failed\n"); +#endif Des3_SetKey(&enc, key, iv, DES_ENCRYPTION); start = current_time(); @@ -283,6 +332,9 @@ void bench_des(void) printf("3DES %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, persec); +#ifdef HAVE_CAVIUM + Des3_FreeCavium(&enc); +#endif } #endif @@ -294,6 +346,11 @@ void bench_arc4(void) double start, total, persec; int i; +#ifdef HAVE_CAVIUM + if (Arc4InitCavium(&enc, CAVIUM_DEV_ID) != 0) + printf("arc4 init cavium failed\n"); +#endif + Arc4SetKey(&enc, key, 16); start = current_time(); @@ -305,6 +362,9 @@ void bench_arc4(void) printf("ARC4 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, persec); +#ifdef HAVE_CAVIUM + Arc4FreeCavium(&enc); +#endif } #endif diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index 448ed130c..05e7dcbe5 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -41,6 +41,15 @@ #endif +#ifdef HAVE_CAVIUM + static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length, + const byte* iv); + static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, + word32 length); + static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, + word32 length); +#endif + #ifdef STM32F2_CRYPTO /* * STM32F2 hardware AES support through the STM32F2 standard peripheral @@ -1349,6 +1358,11 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) return BAD_FUNC_ARG; +#ifdef HAVE_CAVIUM + if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) + return AesCaviumSetKey(aes, userKey, keylen, iv); +#endif + #ifdef CYASSL_AESNI if (checkAESNI == 0) { haveAESNI = Check_CPU_support_AES(); @@ -1661,6 +1675,11 @@ void AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { word32 blocks = sz / AES_BLOCK_SIZE; +#ifdef HAVE_CAVIUM + if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) + return AesCaviumCbcEncrypt(aes, out, in, sz); +#endif + #ifdef CYASSL_AESNI if (haveAESNI) { #ifdef DEBUG_AESNI @@ -1695,6 +1714,11 @@ void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { word32 blocks = sz / AES_BLOCK_SIZE; +#ifdef HAVE_CAVIUM + if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) + return AesCaviumCbcDecrypt(aes, out, in, sz); +#endif + #ifdef CYASSL_AESNI if (haveAESNI) { #ifdef DEBUG_AESNI @@ -2738,5 +2762,108 @@ int AesSetIV(Aes* aes, const byte* iv) } +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze Aes for use with Nitrox device */ +int AesInitCavium(Aes* aes, int devId) +{ + if (aes == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &aes->contextHandle, devId) != 0) + return -1; + + aes->devId = devId; + aes->magic = CYASSL_AES_CAVIUM_MAGIC; + + return 0; +} + + +/* Free Aes from use with Nitrox device */ +void AesFreeCavium(Aes* aes) +{ + if (aes == NULL) + return; + + CspFreeContext(CONTEXT_SSL, aes->contextHandle, aes->devId); + aes->magic = 0; +} + + +static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length, + const byte* iv) +{ + if (aes == NULL) + return -1; + + XMEMCPY(aes->key, key, length); /* key still holds key, iv still in reg */ + if (length == 16) + aes->type = AES_128; + else if (length == 24) + aes->type = AES_192; + else if (length == 32) + aes->type = AES_256; + + return AesSetIV(aes, iv); +} + + +static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, + word32 length) +{ + word offset = 0; + word32 requestId; + + while (length > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspEncryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE, + aes->type, slen, (byte*)in + offset, out + offset, + (byte*)aes->reg, (byte*)aes->key, &requestId, + aes->devId) != 0) { + CYASSL_MSG("Bad Cavium Aes Encrypt"); + } + length -= CYASSL_MAX_16BIT; + } + if (length) { + word16 slen = (word16)length; + if (CspEncryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE, + aes->type, slen, (byte*)in + offset, out + offset, + (byte*)aes->reg, (byte*)aes->key, &requestId, + aes->devId) != 0) { + CYASSL_MSG("Bad Cavium Aes Encrypt"); + } + } +} + +static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, + word32 length) +{ + word32 requestId; + + while (length > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspDecryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE, + aes->type, slen, (byte*)in, out, (byte*)aes->reg, + (byte*)aes->key, &requestId, aes->devId) != 0) { + CYASSL_MSG("Bad Cavium Aes Decrypt"); + } + length -= CYASSL_MAX_16BIT; + } + if (length) { + word16 slen = (word16)length; + if (CspDecryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE, + aes->type, slen, (byte*)in, out, (byte*)aes->reg, + (byte*)aes->key, &requestId, aes->devId) != 0) { + CYASSL_MSG("Bad Cavium Aes Decrypt"); + } + } +} + +#endif /* HAVE_CAVIUM */ + #endif /* NO_AES */ diff --git a/ctaocrypt/src/arc4.c b/ctaocrypt/src/arc4.c index cbb132da8..6e37defa8 100644 --- a/ctaocrypt/src/arc4.c +++ b/ctaocrypt/src/arc4.c @@ -26,11 +26,23 @@ #include +#ifdef HAVE_CAVIUM + static void Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length); + static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in, + word32 length); +#endif + + void Arc4SetKey(Arc4* arc4, const byte* key, word32 length) { word32 i; word32 keyIndex = 0, stateIndex = 0; +#ifdef HAVE_CAVIUM + if (arc4->magic == CYASSL_ARC4_CAVIUM_MAGIC) + return Arc4CaviumSetKey(arc4, key, length); +#endif + arc4->x = 1; arc4->y = 0; @@ -66,8 +78,16 @@ static INLINE byte MakeByte(word32* x, word32* y, byte* s) void Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length) { - word32 x = arc4->x; - word32 y = arc4->y; + word32 x; + word32 y; + +#ifdef HAVE_CAVIUM + if (arc4->magic == CYASSL_ARC4_CAVIUM_MAGIC) + return Arc4CaviumProcess(arc4, out, in, length); +#endif + + x = arc4->x; + y = arc4->y; while(length--) *out++ = *in++ ^ MakeByte(&x, &y, arc4->state); @@ -76,3 +96,74 @@ void Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length) arc4->y = (byte)y; } + +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze Arc4 for use with Nitrox device */ +int Arc4InitCavium(Arc4* arc4, int devId) +{ + if (arc4 == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &arc4->contextHandle, devId) != 0) + return -1; + + arc4->devId = devId; + arc4->magic = CYASSL_ARC4_CAVIUM_MAGIC; + + return 0; +} + + +/* Free Arc4 from use with Nitrox device */ +void Arc4FreeCavium(Arc4* arc4) +{ + if (arc4 == NULL) + return; + + CspFreeContext(CONTEXT_SSL, arc4->contextHandle, arc4->devId); + arc4->magic = 0; +} + + +static void Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length) +{ + word32 requestId; + + if (CspInitializeRc4(CAVIUM_BLOCKING, arc4->contextHandle, length, + (byte*)key, &requestId, arc4->devId) != 0) { + CYASSL_MSG("Bad Cavium Arc4 Init"); + } +} + + +static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in, + word32 length) +{ + word offset = 0; + word32 requestId; + + while (length > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_NO_UPDATE, + slen, (byte*)in + offset, out + offset, &requestId, + arc4->devId) != 0) { + CYASSL_MSG("Bad Cavium Arc4 Encrypt"); + } + length -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + } + if (length) { + word16 slen = (word16)length; + if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_NO_UPDATE, + slen, (byte*)in + offset, out + offset, &requestId, + arc4->devId) != 0) { + CYASSL_MSG("Bad Cavium Arc4 Encrypt"); + } + } +} + +#endif /* HAVE_CAVIUM */ diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index 25a5a690f..3cab82700 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -34,6 +34,14 @@ #endif +#ifdef HAVE_CAVIUM + static void Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv); + static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, + word32 length); + static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, + word32 length); +#endif + #ifdef STM32F2_CRYPTO /* * STM32F2 hardware DES/3DES support through the STM32F2 standard @@ -554,6 +562,11 @@ void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) { +#ifdef HAVE_CAVIUM + if (des->magic == CYASSL_3DES_CAVIUM_MAGIC) + return Des3_CaviumSetKey(des, key, iv); +#endif + DesSetKey(key + (dir == DES_ENCRYPTION ? 0 : 16), dir, des->key[0]); DesSetKey(key + 8, Reverse(dir), des->key[1]); DesSetKey(key + (dir == DES_DECRYPTION ? 0 : 16), dir, des->key[2]); @@ -682,8 +695,14 @@ void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) { - word32 blocks = sz / DES_BLOCK_SIZE; + word32 blocks; +#ifdef HAVE_CAVIUM + if (des->magic == CYASSL_3DES_CAVIUM_MAGIC) + return Des3_CaviumCbcEncrypt(des, out, in, sz); +#endif + + blocks = sz / DES_BLOCK_SIZE; while (blocks--) { xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE); Des3ProcessBlock(des, (byte*)des->reg, (byte*)des->reg); @@ -697,8 +716,14 @@ void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) { - word32 blocks = sz / DES_BLOCK_SIZE; + word32 blocks; +#ifdef HAVE_CAVIUM + if (des->magic == CYASSL_3DES_CAVIUM_MAGIC) + return Des3_CaviumCbcDecrypt(des, out, in, sz); +#endif + + blocks = sz / DES_BLOCK_SIZE; while (blocks--) { XMEMCPY(des->tmp, in, DES_BLOCK_SIZE); Des3ProcessBlock(des, (byte*)des->tmp, out); @@ -743,4 +768,104 @@ void Des3_SetIV(Des3* des, const byte* iv) } +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze Des3 for use with Nitrox device */ +int Des3_InitCavium(Des3* des3, int devId) +{ + if (des3 == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &des3->contextHandle, devId) != 0) + return -1; + + des3->devId = devId; + des3->magic = CYASSL_3DES_CAVIUM_MAGIC; + + return 0; +} + + +/* Free Des3 from use with Nitrox device */ +void Des3_FreeCavium(Des3* des3) +{ + if (des3 == NULL) + return; + + CspFreeContext(CONTEXT_SSL, des3->contextHandle, des3->devId); + des3->magic = 0; +} + + +static void Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv) +{ + if (des3 == NULL) + return; + + /* key[0] holds key, iv in reg */ + XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3); + + Des3_SetIV(des3, iv); +} + + +static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, + word32 length) +{ + word offset = 0; + word32 requestId; + + while (length > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in + offset, + out + offset, (byte*)des3->reg, (byte*)des3->key[0], + &requestId, des3->devId) != 0) { + CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt"); + } + length -= CYASSL_MAX_16BIT; + } + if (length) { + word16 slen = (word16)length; + + if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in + offset, + out + offset, (byte*)des3->reg, (byte*)des3->key[0], + &requestId, des3->devId) != 0) { + CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt"); + } + } +} + +static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, + word32 length) +{ + word32 requestId; + + while (length > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in, out, + (byte*)des3->reg, (byte*)des3->key[0], &requestId, + des3->devId) != 0) { + CYASSL_MSG("Bad Cavium 3Des Decrypt"); + } + length -= CYASSL_MAX_16BIT; + } + if (length) { + word16 slen = (word16)length; + if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in, out, + (byte*)des3->reg, (byte*)des3->key[0], &requestId, + des3->devId) != 0) { + CYASSL_MSG("Bad Cavium 3Des Decrypt"); + } + } +} + +#endif /* HAVE_CAVIUM */ + #endif /* NO_DES3 */ diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index af69368bf..db7019e33 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -29,6 +29,14 @@ #include +#ifdef HAVE_CAVIUM + static void HmacCaviumFinal(Hmac* hmac, byte* hash); + static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length); + static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key, + word32 length); +#endif + + static int InitHmac(Hmac* hmac, int type) { hmac->innerHashKeyed = 0; @@ -74,6 +82,11 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) byte* op = (byte*) hmac->opad; word32 i, hmac_block_size = SHA_BLOCK_SIZE; +#ifdef HAVE_CAVIUM + if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) + return HmacCaviumSetKey(hmac, type, key, length); +#endif + InitHmac(hmac, type); switch (hmac->macType) { @@ -187,6 +200,11 @@ static void HmacKeyInnerHash(Hmac* hmac) void HmacUpdate(Hmac* hmac, const byte* msg, word32 length) { +#ifdef HAVE_CAVIUM + if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) + return HmacCaviumUpdate(hmac, msg, length); +#endif + if (!hmac->innerHashKeyed) HmacKeyInnerHash(hmac); @@ -222,6 +240,11 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length) void HmacFinal(Hmac* hmac, byte* hash) { +#ifdef HAVE_CAVIUM + if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) + return HmacCaviumFinal(hmac, hash); +#endif + if (!hmac->innerHashKeyed) HmacKeyInnerHash(hmac); @@ -290,5 +313,115 @@ void HmacFinal(Hmac* hmac, byte* hash) } +#ifdef HAVE_CAVIUM + +/* Initiliaze Hmac for use with Nitrox device */ +int HmacInitCavium(Hmac* hmac, int devId) +{ + if (hmac == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &hmac->contextHandle, devId) != 0) + return -1; + + hmac->keyLen = 0; + hmac->dataLen = 0; + hmac->type = 0; + hmac->devId = devId; + hmac->magic = CYASSL_HMAC_CAVIUM_MAGIC; + hmac->data = NULL; /* buffered input data */ + + hmac->innerHashKeyed = 0; + + return 0; +} + + +/* Free Hmac from use with Nitrox device */ +void HmacFreeCavium(Hmac* hmac) +{ + if (hmac == NULL) + return; + + CspFreeContext(CONTEXT_SSL, hmac->contextHandle, hmac->devId); + hmac->magic = 0; + XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP); + hmac->data = NULL; +} + + +static void HmacCaviumFinal(Hmac* hmac, byte* hash) +{ + word32 requestId; + + if (CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen, + (byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId, + hmac->devId) != 0) { + CYASSL_MSG("Cavium Hmac failed"); + } + hmac->innerHashKeyed = 0; /* tell update to start over if used again */ +} + + +static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length) +{ + word16 add = (word16)length; + word32 total; + byte* tmp; + + if (length > CYASSL_MAX_16BIT) { + CYASSL_MSG("Too big msg for cavium hmac"); + return; + } + + if (hmac->innerHashKeyed == 0) { /* starting new */ + hmac->dataLen = 0; + hmac->innerHashKeyed = 1; + } + + total = add + hmac->dataLen; + if (total > CYASSL_MAX_16BIT) { + CYASSL_MSG("Too big msg for cavium hmac"); + return; + } + + tmp = XMALLOC(hmac->dataLen + add, NULL,DYNAMIC_TYPE_CAVIUM_TMP); + if (tmp == NULL) { + CYASSL_MSG("Out of memory for cavium update"); + return; + } + if (hmac->dataLen) + XMEMCPY(tmp, hmac->data, hmac->dataLen); + XMEMCPY(tmp + hmac->dataLen, msg, add); + + hmac->dataLen += add; + XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP); + hmac->data = tmp; +} + + +static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key, + word32 length) +{ + hmac->macType = (byte)type; + if (type == MD5) + hmac->type = MD5_TYPE; + else if (type == SHA) + hmac->type = SHA1_TYPE; + else if (type == SHA256) + hmac->type = SHA256_TYPE; + else { + CYASSL_MSG("unsupported cavium hmac type"); + } + + hmac->innerHashKeyed = 0; /* should we key Startup flag */ + + hmac->keyLen = (word16)length; + /* store key in ipad */ + XMEMCPY(hmac->ipad, key, length); +} + +#endif /* HAVE_CAVIUM */ + #endif /* NO_HMAC */ diff --git a/ctaocrypt/src/random.c b/ctaocrypt/src/random.c index 3b0b90d14..e1247d16a 100644 --- a/ctaocrypt/src/random.c +++ b/ctaocrypt/src/random.c @@ -307,8 +307,13 @@ int InitRng(RNG* rng) { byte key[32]; byte junk[256]; + int ret; - int ret = GenerateSeed(&rng->seed, key, sizeof(key)); +#ifdef HAVE_CAVIUM + if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC) + return 0; +#endif + ret = GenerateSeed(&rng->seed, key, sizeof(key)); if (ret == 0) { Arc4SetKey(&rng->cipher, key, sizeof(key)); @@ -318,10 +323,17 @@ int InitRng(RNG* rng) return ret; } +#ifdef HAVE_CAVIUM + static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz); +#endif /* place a generated block in output */ void RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) { +#ifdef HAVE_CAVIUM + if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC) + return CaviumRNG_GenerateBlock(rng, output, sz); +#endif XMEMSET(output, 0, sz); Arc4Process(&rng->cipher, output, output, sz); } @@ -335,6 +347,50 @@ byte RNG_GenerateByte(RNG* rng) return b; } + +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze RNG for use with Nitrox device */ +int InitRngCavium(RNG* rng, int devId) +{ + if (rng == NULL) + return -1; + + rng->devId = devId; + rng->magic = CYASSL_RNG_CAVIUM_MAGIC; + + return 0; +} + + +static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +{ + word offset = 0; + word32 requestId; + + while (sz > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, + rng->devId) != 0) { + CYASSL_MSG("Cavium RNG failed"); + } + sz -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + } + if (sz) { + word16 slen = (word16)sz; + if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, + rng->devId) != 0) { + CYASSL_MSG("Cavium RNG failed"); + } + } +} + +#endif /* HAVE_CAVIUM */ + #endif /* NO_RC4 */ diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index c96baee46..41fd47280 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -67,6 +67,11 @@ #ifdef HAVE_NTRU #include "crypto_ntru.h" #endif +#ifdef HAVE_CAVIUM + #include "cavium_sysdep.h" + #include "cavium_common.h" + #include "cavium_ioctl.h" +#endif #include #ifdef FREESCALE_MQX @@ -149,6 +154,30 @@ typedef struct func_args { } func_args; + +#ifdef HAVE_CAVIUM + +static int OpenNitroxDevice(int dma_mode,int dev_id) +{ + Csp1CoreAssignment core_assign; + Uint32 device; + + if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID)) + return -1; + if (Csp1GetDevType(&device)) + return -1; + if (device != NPX_DEVICE) { + if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT, + (Uint32 *)&core_assign)!= 0) + return -1; + } + CspShutdown(CAVIUM_DEV_ID); + + return CspInitialize(dma_mode, dev_id); +} + +#endif + void ctaocrypt_test(void* args) { int ret = 0; @@ -165,6 +194,12 @@ void ctaocrypt_test(void* args) #endif /* USE_FAST_MATH */ #endif /* !CYASSL_LEANPSK */ +#ifdef HAVE_CAVIUM + ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed", -1236); +#endif /* HAVE_CAVIUM */ + #ifndef NO_MD5 if ( (ret = md5_test()) ) err_sys("MD5 test failed!\n", ret); @@ -358,6 +393,10 @@ void ctaocrypt_test(void* args) printf( "ECC test passed!\n"); #endif +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif + ((func_args*)args)->return_code = ret; } @@ -885,6 +924,12 @@ int hmac_md5_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { +#ifdef HAVE_CAVIUM + if (i == 1) + continue; /* driver can't handle keys <= bytes */ + if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) + return -20009; +#endif HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); @@ -892,6 +937,9 @@ int hmac_md5_test(void) if (memcmp(hash, test_hmac[i].output, MD5_DIGEST_SIZE) != 0) return -20 - i; +#ifdef HAVE_CAVIUM + HmacFreeCavium(&hmac); +#endif } return 0; @@ -944,6 +992,12 @@ int hmac_sha_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { +#ifdef HAVE_CAVIUM + if (i == 1) + continue; /* driver can't handle keys <= bytes */ + if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) + return -20010; +#endif HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); @@ -951,6 +1005,9 @@ int hmac_sha_test(void) if (memcmp(hash, test_hmac[i].output, SHA_DIGEST_SIZE) != 0) return -20 - i; +#ifdef HAVE_CAVIUM + HmacFreeCavium(&hmac); +#endif } return 0; @@ -1007,6 +1064,12 @@ int hmac_sha256_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { +#ifdef HAVE_CAVIUM + if (i == 1) + continue; /* driver can't handle keys <= bytes */ + if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) + return -20011; +#endif HmacSetKey(&hmac, SHA256, (byte*)keys[i], (word32)strlen(keys[i])); HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); @@ -1014,6 +1077,9 @@ int hmac_sha256_test(void) if (memcmp(hash, test_hmac[i].output, SHA256_DIGEST_SIZE) != 0) return -20 - i; +#ifdef HAVE_CAVIUM + HmacFreeCavium(&hmac); +#endif } return 0; @@ -1073,6 +1139,12 @@ int hmac_sha384_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { +#ifdef HAVE_CAVIUM + if (i == 1) + continue; /* driver can't handle keys <= bytes */ + if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) + return -20012; +#endif HmacSetKey(&hmac, SHA384, (byte*)keys[i], (word32)strlen(keys[i])); HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); @@ -1080,6 +1152,9 @@ int hmac_sha384_test(void) if (memcmp(hash, test_hmac[i].output, SHA384_DIGEST_SIZE) != 0) return -20 - i; +#ifdef HAVE_CAVIUM + HmacFreeCavium(&hmac); +#endif } return 0; @@ -1134,9 +1209,19 @@ int arc4_test(void) for (i = 0; i < times; ++i) { Arc4 enc; Arc4 dec; + int keylen = 8; /* strlen with key 0x00 not good */ + if (i == 3) + keylen = 4; - Arc4SetKey(&enc, (byte*)keys[i], (word32)strlen(keys[i])); - Arc4SetKey(&dec, (byte*)keys[i], (word32)strlen(keys[i])); +#ifdef HAVE_CAVIUM + if (Arc4InitCavium(&enc, CAVIUM_DEV_ID) != 0) + return -20001; + if (Arc4InitCavium(&dec, CAVIUM_DEV_ID) != 0) + return -20002; +#endif + + Arc4SetKey(&enc, (byte*)keys[i], keylen); + Arc4SetKey(&dec, (byte*)keys[i], keylen); Arc4Process(&enc, cipher, (byte*)test_arc4[i].input, (word32)test_arc4[i].outLen); @@ -1147,6 +1232,11 @@ int arc4_test(void) if (memcmp(cipher, test_arc4[i].output, test_arc4[i].outLen)) return -20 - 5 - i; + +#ifdef HAVE_CAVIUM + Arc4FreeCavium(&enc); + Arc4FreeCavium(&dec); +#endif } return 0; @@ -1397,6 +1487,12 @@ int des3_test(void) }; +#ifdef HAVE_CAVIUM + if (Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0) + return -20005; + if (Des3_InitCavium(&dec, CAVIUM_DEV_ID) != 0) + return -20006; +#endif Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); @@ -1408,6 +1504,10 @@ int des3_test(void) if (memcmp(cipher, verify3, sizeof(cipher))) return -34; +#ifdef HAVE_CAVIUM + Des3_FreeCavium(&enc); + Des3_FreeCavium(&dec); +#endif return 0; } #endif /* NO_DES */ @@ -1437,6 +1537,12 @@ int aes_test(void) byte cipher[AES_BLOCK_SIZE * 4]; byte plain [AES_BLOCK_SIZE * 4]; +#ifdef HAVE_CAVIUM + if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) + return -20003; + if (AesInitCavium(&dec, CAVIUM_DEV_ID) != 0) + return -20004; +#endif AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); @@ -1449,6 +1555,10 @@ int aes_test(void) if (memcmp(cipher, verify, AES_BLOCK_SIZE)) return -61; +#ifdef HAVE_CAVIUM + AesFreeCavium(&enc); + AesFreeCavium(&dec); +#endif #ifdef CYASSL_AES_COUNTER { const byte ctrKey[] = @@ -1895,7 +2005,13 @@ int random_test(void) { RNG rng; byte block[32]; - int ret = InitRng(&rng); + int ret; + +#ifdef HAVE_CAVIUM + ret = InitRngCavium(&rng, CAVIUM_DEV_ID); + if (ret != 0) return -2007; +#endif + ret = InitRng(&rng); if (ret != 0) return -39; RNG_GenerateBlock(&rng, block, sizeof(block)); diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index 4272973da..53e37c5dc 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -28,6 +28,11 @@ #include +#ifdef HAVE_CAVIUM + #include + #include "cavium_common.h" +#endif + #ifdef CYASSL_AESNI #include @@ -53,6 +58,8 @@ #endif +#define CYASSL_AES_CAVIUM_MAGIC 0xBEEF0002 + enum { AES_ENC_TYPE = 1, /* cipher unique type */ AES_ENCRYPTION = 0, @@ -79,6 +86,12 @@ typedef struct Aes { #ifdef CYASSL_AESNI byte use_aesni; #endif /* CYASSL_AESNI */ +#ifdef HAVE_CAVIUM + AesType type; /* aes key type */ + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ + word64 contextHandle; /* nitrox context memory handle */ +#endif } Aes; @@ -115,6 +128,10 @@ CYASSL_API int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* authIn, word32 authInSz); #endif /* HAVE_AESCCM */ +#ifdef HAVE_CAVIUM + CYASSL_API int AesInitCavium(Aes*, int); + CYASSL_API void AesFreeCavium(Aes*); +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/cyassl/ctaocrypt/arc4.h b/cyassl/ctaocrypt/arc4.h index b49146675..a74f14e37 100644 --- a/cyassl/ctaocrypt/arc4.h +++ b/cyassl/ctaocrypt/arc4.h @@ -32,6 +32,8 @@ #endif +#define CYASSL_ARC4_CAVIUM_MAGIC 0xBEEF0001 + enum { ARC4_ENC_TYPE = 4, /* cipher unique type */ ARC4_STATE_SIZE = 256 @@ -42,11 +44,20 @@ typedef struct Arc4 { byte x; byte y; byte state[ARC4_STATE_SIZE]; +#ifdef HAVE_CAVIUM + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ + word64 contextHandle; /* nitrox context memory handle */ +#endif } Arc4; CYASSL_API void Arc4Process(Arc4*, byte*, const byte*, word32); CYASSL_API void Arc4SetKey(Arc4*, const byte*, word32); +#ifdef HAVE_CAVIUM + CYASSL_API int Arc4InitCavium(Arc4*, int); + CYASSL_API void Arc4FreeCavium(Arc4*); +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index 8fbe195d8..1f8a47e9f 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -33,6 +33,8 @@ extern "C" { #endif +#define CYASSL_3DES_CAVIUM_MAGIC 0xBEEF0003 + enum { DES_ENC_TYPE = 2, /* cipher unique type */ DES3_ENC_TYPE = 3, /* cipher unique type */ @@ -64,6 +66,11 @@ typedef struct Des3 { word32 key[3][DES_KS_SIZE]; word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */ +#ifdef HAVE_CAVIUM + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ + word64 contextHandle; /* nitrox context memory handle */ +#endif } Des3; @@ -79,6 +86,12 @@ CYASSL_API void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz); CYASSL_API void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz); +#ifdef HAVE_CAVIUM + CYASSL_API int Des3_InitCavium(Des3*, int); + CYASSL_API void Des3_FreeCavium(Des3*); +#endif + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/cyassl/ctaocrypt/hmac.h b/cyassl/ctaocrypt/hmac.h index 0be5b9ccf..ea2697f61 100644 --- a/cyassl/ctaocrypt/hmac.h +++ b/cyassl/ctaocrypt/hmac.h @@ -39,11 +39,18 @@ #include #endif +#ifdef HAVE_CAVIUM + #include + #include "cavium_common.h" +#endif + #ifdef __cplusplus extern "C" { #endif +#define CYASSL_HMAC_CAVIUM_MAGIC 0xBEEF0005 + enum { IPAD = 0x36, OPAD = 0x5C, @@ -88,6 +95,15 @@ typedef struct Hmac { word32 innerHash[INNER_HASH_SIZE / sizeof(word32)]; /* max size */ byte macType; /* md5 sha or sha256 */ byte innerHashKeyed; /* keyed flag */ +#ifdef HAVE_CAVIUM + word16 keyLen; /* hmac key length */ + word16 dataLen; + HashType type; /* hmac key type */ + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ + word64 contextHandle; /* nitrox context memory handle */ + byte* data; /* buffered input data for one call */ +#endif } Hmac; @@ -96,6 +112,11 @@ CYASSL_API void HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); CYASSL_API void HmacUpdate(Hmac*, const byte*, word32); CYASSL_API void HmacFinal(Hmac*, byte*); +#ifdef HAVE_CAVIUM + CYASSL_API int HmacInitCavium(Hmac*, int); + CYASSL_API void HmacFreeCavium(Hmac*); +#endif + #ifdef __cplusplus } /* extern "C" */ diff --git a/cyassl/ctaocrypt/random.h b/cyassl/ctaocrypt/random.h index 2bc790dc5..a4452582b 100644 --- a/cyassl/ctaocrypt/random.h +++ b/cyassl/ctaocrypt/random.h @@ -61,12 +61,23 @@ int GenerateSeed(OS_Seed* os, byte* seed, word32 sz); #ifndef NO_RC4 +#define CYASSL_RNG_CAVIUM_MAGIC 0xBEEF0004 + /* secure Random Nnumber Generator */ typedef struct RNG { OS_Seed seed; Arc4 cipher; +#ifdef HAVE_CAVIUM + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ +#endif } RNG; + +#ifdef HAVE_CAVIUM + CYASSL_API int InitRngCavium(RNG*, int); +#endif + #else /* NO_RC4 */ #define DBRG_SEED_LEN (440/8) diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 82bbaec5b..b33c37e9a 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -98,6 +98,7 @@ enum { WORD_BITS = WORD_SIZE * BIT_SIZE }; +#define CYASSL_MAX_16BIT 0xffffU /* use inlining if compiler allows */ #ifndef INLINE @@ -228,7 +229,8 @@ enum { DYNAMIC_TYPE_SOCKADDR = 35, DYNAMIC_TYPE_LIBZ = 36, DYNAMIC_TYPE_ECC = 37, - DYNAMIC_TYPE_TMP_BUFFER = 38 + DYNAMIC_TYPE_TMP_BUFFER = 38, + DYNAMIC_TYPE_CAVIUM_TMP = 40 }; /* stack protection */ diff --git a/src/ssl.c b/src/ssl.c index 97ef9682f..75aba4e8a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3269,7 +3269,7 @@ int CyaSSL_set_compression(CYASSL* ssl) { byte tmp[FILE_BUFFER_SIZE]; byte* myBuffer = tmp; - int send = 0; + int sending = 0; int newBuffer = 0; int idx = 0; int i; @@ -3278,10 +3278,10 @@ int CyaSSL_set_compression(CYASSL* ssl) CYASSL_ENTER("CyaSSL_writev"); for (i = 0; i < iovcnt; i++) - send += (int)iov[i].iov_len; + sending += (int)iov[i].iov_len; - if (send > (int)sizeof(tmp)) { - byte* tmp2 = (byte*) XMALLOC(send, ssl->heap, + if (sending > (int)sizeof(tmp)) { + byte* tmp2 = (byte*) XMALLOC(sending, ssl->heap, DYNAMIC_TYPE_WRITEV); if (!tmp2) return MEMORY_ERROR; @@ -3294,7 +3294,7 @@ int CyaSSL_set_compression(CYASSL* ssl) idx += (int)iov[i].iov_len; } - ret = CyaSSL_write(ssl, myBuffer, send); + ret = CyaSSL_write(ssl, myBuffer, sending); if (newBuffer) XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV); From 91b800ea4683039bc1e73a4c2528827b415ef1c6 Mon Sep 17 00:00:00 2001 From: Todd Ouska Date: Tue, 29 Jan 2013 16:25:09 -0800 Subject: [PATCH 08/52] no sha384 for cavium now --- ctaocrypt/test/test.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 41fd47280..db6c6a4d4 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1139,12 +1139,6 @@ int hmac_sha384_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { -#ifdef HAVE_CAVIUM - if (i == 1) - continue; /* driver can't handle keys <= bytes */ - if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) - return -20012; -#endif HmacSetKey(&hmac, SHA384, (byte*)keys[i], (word32)strlen(keys[i])); HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); @@ -1152,9 +1146,6 @@ int hmac_sha384_test(void) if (memcmp(hash, test_hmac[i].output, SHA384_DIGEST_SIZE) != 0) return -20 - i; -#ifdef HAVE_CAVIUM - HmacFreeCavium(&hmac); -#endif } return 0; From 3ff842168e13c878a8cf1eb5393b492f2190ff81 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 30 Jan 2013 10:13:56 -0700 Subject: [PATCH 09/52] add cert/key buffer flags in CTaoCrypt benchmark for RSA, DH --- certs/1024/include.am | 3 +- certs/1024/rsa1024.der | Bin 0 -> 609 bytes ctaocrypt/benchmark/benchmark.c | 40 ++++++- cyassl/certs_test.h | 191 ++++++++++++++++++++++++++++++++ gencertbuf.pl | 6 +- 5 files changed, 232 insertions(+), 8 deletions(-) create mode 100644 certs/1024/rsa1024.der diff --git a/certs/1024/include.am b/certs/1024/include.am index 5711bcb6e..376544ac5 100644 --- a/certs/1024/include.am +++ b/certs/1024/include.am @@ -12,7 +12,8 @@ EXTRA_DIST += \ certs/1024/client-cert.der \ certs/1024/client-key.der \ certs/1024/dh1024.der \ - certs/1024/dsa1024.der + certs/1024/dsa1024.der \ + certs/1024/rsa1024.der dist_doc_DATA+= certs/taoCert.txt diff --git a/certs/1024/rsa1024.der b/certs/1024/rsa1024.der new file mode 100644 index 0000000000000000000000000000000000000000..173d32bce3b9bc4fdf64d3771cc412d8cb22579e GIT binary patch literal 609 zcmXqLVv1#AWMFD+WY||wu!BY7sm8yw8xuMneB6Hc!X>+B-cw38{NM0BdFkr9_1m%IKnX*bstb=`0$-VM4Bc1frvOcI>*nTeT^fsv`P zf$yE{3H>S_U6(1#C*Ji8&0;wx;JZks?5wzT$fSbVO$9|pD(v<)Iq`dZmbIx*S?hGS z{my}Gm(I`jQg(taEqa+gyS)mfcFzj3$-cK|Q%&G||9-1G0W5yo4AWNhu~`SMJlJ*m zNaHEp%r_l>j5{t~(R6P&|Cyzfx%1?|*F8rS9SfNp8UBjTa0-!8{&79_y{G^Bo2L03 z$BsM1)J3!%+9YPFa+Ga@?Rut5?d6xsc0G{&g95& zV8O)Pe;N-OqePdVTruMq*J_5N4ks0NZ!(TremZXlN0?Wc#*5s&U)8GjA9Zu(eN+3c z>DsAy+q^SViqD>F%bPlt$-&~UhTQ(>T_^AK+;v^QIOU*XU*t{swXlW;t zBSZiDwOcoAsB2?(o}72rMt62r=>L4X0 +#endif #ifdef _MSC_VER @@ -553,6 +557,16 @@ void bench_rsa(void) double start, total, each, milliEach; RsaKey rsaKey; + int rsaKeySz = 2048; /* used in printf */ + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, rsa_key_der_1024, sizeof(rsa_key_der_1024)); + bytes = sizeof(rsa_key_der_1024); + rsaKeySz = 1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, rsa_key_der_2048, sizeof(rsa_key_der_2048)); + bytes = sizeof(rsa_key_der_2048); +#else FILE* file = fopen("./certs/rsa2048.der", "rb"); if (!file) { @@ -560,9 +574,11 @@ void bench_rsa(void) "Please run from CyaSSL home dir\n"); return; } + + bytes = fread(tmp, 1, sizeof(tmp), file); +#endif /* USE_CERT_BUFFERS */ InitRng(&rng); - bytes = fread(tmp, 1, sizeof(tmp), file); InitRsaKey(&rsaKey, 0); bytes = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes); @@ -575,8 +591,8 @@ void bench_rsa(void) each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ - printf("RSA 2048 encryption took %6.2f milliseconds, avg over %d" - " iterations\n", milliEach, times); + printf("RSA %d encryption took %6.2f milliseconds, avg over %d" + " iterations\n", rsaKeySz, milliEach, times); start = current_time(); @@ -589,10 +605,12 @@ void bench_rsa(void) each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ - printf("RSA 2048 decryption took %6.2f milliseconds, avg over %d" - " iterations\n", milliEach, times); + printf("RSA %d decryption took %6.2f milliseconds, avg over %d" + " iterations\n", rsaKeySz, milliEach, times); +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) fclose(file); +#endif FreeRsaKey(&rsaKey); } #endif @@ -614,6 +632,14 @@ void bench_dh(void) double start, total, each, milliEach; DhKey dhKey; + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, dh_key_der_1024, sizeof(dh_key_der_1024)); + bytes = sizeof(dh_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dh_key_der_2048, sizeof(dh_key_der_2048)); + bytes = sizeof(dh_key_der_2048); +#else FILE* file = fopen("./certs/dh2048.der", "rb"); if (!file) { @@ -623,6 +649,8 @@ void bench_dh(void) } bytes = fread(tmp, 1, sizeof(tmp), file); +#endif /* USE_CERT_BUFFERS */ + InitDhKey(&dhKey); bytes = DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes); if (bytes != 0) { @@ -655,7 +683,9 @@ void bench_dh(void) printf("DH 2048 key agreement %6.2f milliseconds, avg over %d" " iterations\n", milliEach, times); +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) fclose(file); +#endif FreeDhKey(&dhKey); } #endif diff --git a/cyassl/certs_test.h b/cyassl/certs_test.h index 61828e61b..c3b644a38 100644 --- a/cyassl/certs_test.h +++ b/cyassl/certs_test.h @@ -221,6 +221,72 @@ const unsigned char dsa_key_der_1024[] = 0x39, 0xE1, 0x1C, 0xEC, 0x13, 0x84, 0x82, 0x18 }; +/* ./certs/1024/rsa1024.der, 1024-bit */ +const unsigned char rsa_key_der_1024[] = +{ + 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xBE, 0x70, 0x70, 0xB8, 0x04, 0x18, 0xE5, 0x28, 0xFE, + 0x66, 0xD8, 0x90, 0x88, 0xE0, 0xF1, 0xB7, 0xC3, 0xD0, 0xD2, + 0x3E, 0xE6, 0x4B, 0x94, 0x74, 0xB0, 0xFF, 0xB0, 0xF7, 0x63, + 0xA5, 0xAB, 0x7E, 0xAF, 0xB6, 0x2B, 0xB7, 0x38, 0x16, 0x1A, + 0x50, 0xBF, 0xF1, 0xCA, 0x87, 0x3A, 0xD5, 0xB0, 0xDA, 0xF8, + 0x43, 0x7A, 0x15, 0xB9, 0x7E, 0xEA, 0x2A, 0x80, 0xD2, 0x51, + 0xB0, 0x35, 0xAF, 0x07, 0xF3, 0xF2, 0x5D, 0x24, 0x3A, 0x4B, + 0x87, 0x56, 0x48, 0x1B, 0x3C, 0x24, 0x9A, 0xDA, 0x70, 0x80, + 0xBD, 0x3C, 0x8B, 0x03, 0x4A, 0x0C, 0x83, 0x71, 0xDE, 0xE3, + 0x03, 0x70, 0xA2, 0xB7, 0x60, 0x09, 0x1B, 0x5E, 0xC7, 0x3D, + 0xA0, 0x64, 0x60, 0xE3, 0xA9, 0x06, 0x8D, 0xD3, 0xFF, 0x42, + 0xBB, 0x0A, 0x94, 0x27, 0x2D, 0x57, 0x42, 0x0D, 0xB0, 0x2D, + 0xE0, 0xBA, 0x18, 0x25, 0x60, 0x92, 0x11, 0x92, 0xF3, 0x02, + 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x0E, 0xEE, 0x1D, + 0xC8, 0x2F, 0x7A, 0x0C, 0x2D, 0x44, 0x94, 0xA7, 0x91, 0xDD, + 0x49, 0x55, 0x6A, 0x04, 0xCE, 0x10, 0x4D, 0xA2, 0x1C, 0x76, + 0xCD, 0x17, 0x3B, 0x54, 0x92, 0x70, 0x9B, 0x82, 0x70, 0x72, + 0x32, 0x24, 0x07, 0x3F, 0x3C, 0x6C, 0x5F, 0xBC, 0x4C, 0xA6, + 0x86, 0x27, 0x94, 0xAD, 0x42, 0xDD, 0x87, 0xDC, 0xC0, 0x6B, + 0x44, 0x89, 0xF3, 0x3F, 0x1A, 0x3E, 0x11, 0x44, 0x84, 0x2E, + 0x69, 0x4C, 0xBB, 0x4A, 0x71, 0x1A, 0xBB, 0x9A, 0x52, 0x3C, + 0x6B, 0xDE, 0xBC, 0xB2, 0x7C, 0x51, 0xEF, 0x4F, 0x8F, 0x3A, + 0xDC, 0x50, 0x04, 0x4E, 0xB6, 0x31, 0x66, 0xA8, 0x8E, 0x06, + 0x3B, 0x51, 0xA9, 0xC1, 0x8A, 0xCB, 0xC4, 0x81, 0xCA, 0x2D, + 0x69, 0xEC, 0x88, 0xFC, 0x33, 0x88, 0xD1, 0xD4, 0x29, 0x47, + 0x87, 0x37, 0xF9, 0x6A, 0x22, 0x69, 0xB9, 0xC9, 0xFE, 0xEB, + 0x8C, 0xC5, 0x21, 0x41, 0x71, 0x02, 0x41, 0x00, 0xFD, 0x17, + 0x98, 0x42, 0x54, 0x1C, 0x23, 0xF8, 0xD7, 0x5D, 0xEF, 0x49, + 0x4F, 0xAF, 0xD9, 0x35, 0x6F, 0x08, 0xC6, 0xC7, 0x40, 0x5C, + 0x7E, 0x58, 0x86, 0xC2, 0xB2, 0x16, 0x39, 0x24, 0xC5, 0x06, + 0xB0, 0x3D, 0xAF, 0x02, 0xD2, 0x87, 0x77, 0xD2, 0x76, 0xBA, + 0xE3, 0x59, 0x60, 0x42, 0xF1, 0x16, 0xEF, 0x33, 0x0B, 0xF2, + 0x0B, 0xBA, 0x99, 0xCC, 0xB6, 0x4C, 0x46, 0x3F, 0x33, 0xE4, + 0xD4, 0x67, 0x02, 0x41, 0x00, 0xC0, 0xA0, 0x91, 0x6D, 0xFE, + 0x28, 0xE0, 0x81, 0x5A, 0x15, 0xA7, 0xC9, 0xA8, 0x98, 0xC6, + 0x0A, 0xAB, 0x00, 0xC5, 0x40, 0xC9, 0x21, 0xBB, 0xB2, 0x33, + 0x5A, 0xA7, 0xCB, 0x6E, 0xB8, 0x08, 0x56, 0x4A, 0x76, 0x28, + 0xE8, 0x6D, 0xBD, 0xF5, 0x26, 0x7B, 0xBF, 0xC5, 0x46, 0x45, + 0x0D, 0xEC, 0x7D, 0xEE, 0x82, 0xD6, 0xCA, 0x5F, 0x3D, 0x6E, + 0xCC, 0x94, 0x73, 0xCD, 0xCE, 0x86, 0x6E, 0x95, 0x95, 0x02, + 0x40, 0x38, 0xFD, 0x28, 0x1E, 0xBF, 0x5B, 0xBA, 0xC9, 0xDC, + 0x8C, 0xDD, 0x45, 0xAF, 0xB8, 0xD3, 0xFB, 0x11, 0x2E, 0x73, + 0xBC, 0x08, 0x05, 0x0B, 0xBA, 0x19, 0x56, 0x1B, 0xCD, 0x9F, + 0x3E, 0x65, 0x53, 0x15, 0x3A, 0x3E, 0x7F, 0x2F, 0x32, 0xAB, + 0xCB, 0x6B, 0x4A, 0xB7, 0xC8, 0xB7, 0x41, 0x3B, 0x92, 0x43, + 0x78, 0x46, 0x17, 0x51, 0x86, 0xC9, 0xFC, 0xEB, 0x8B, 0x8F, + 0x41, 0xCA, 0x08, 0x9B, 0xBF, 0x02, 0x41, 0x00, 0xAD, 0x9B, + 0x89, 0xB6, 0xF2, 0x8C, 0x70, 0xDA, 0xE4, 0x10, 0x04, 0x6B, + 0x11, 0x92, 0xAF, 0x5A, 0xCA, 0x08, 0x25, 0xBF, 0x60, 0x07, + 0x11, 0x1D, 0x68, 0x7F, 0x5A, 0x1F, 0x55, 0x28, 0x74, 0x0B, + 0x21, 0x8D, 0x21, 0x0D, 0x6A, 0x6A, 0xFB, 0xD9, 0xB5, 0x4A, + 0x7F, 0x47, 0xF7, 0xD0, 0xB6, 0xC6, 0x41, 0x02, 0x97, 0x07, + 0x49, 0x93, 0x1A, 0x9B, 0x33, 0x68, 0xB3, 0xA2, 0x61, 0x32, + 0xA5, 0x89, 0x02, 0x41, 0x00, 0x8F, 0xEF, 0xAD, 0xB5, 0xB0, + 0xB0, 0x7E, 0x86, 0x03, 0x43, 0x93, 0x6E, 0xDD, 0x3C, 0x2D, + 0x9B, 0x6A, 0x55, 0xFF, 0x6F, 0x3E, 0x70, 0x2A, 0xD4, 0xBF, + 0x1F, 0x8C, 0x93, 0x60, 0x9E, 0x6D, 0x2F, 0x18, 0x6C, 0x11, + 0x36, 0x98, 0x3F, 0x10, 0x78, 0xE8, 0x3E, 0x8F, 0xFE, 0x55, + 0xB9, 0x9E, 0xD5, 0x5B, 0x2E, 0x87, 0x1C, 0x58, 0xD0, 0x37, + 0x89, 0x96, 0xEC, 0x48, 0x54, 0xF5, 0x9F, 0x0F, 0xB3 +}; + #elif defined(USE_CERT_BUFFERS_2048) /* ./certs/client-key.der, 2048-bit */ @@ -593,6 +659,131 @@ const unsigned char dsa_key_der_2048[] = 0x00, 0xCB, 0x62, 0x6D, 0x9A }; +/* ./certs/rsa2048.der, 2048-bit */ +const unsigned char rsa_key_der_2048[] = +{ + 0x30, 0x82, 0x04, 0xA3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xE9, 0x8A, 0x5D, 0x15, 0xA4, 0xD4, 0x34, 0xB9, + 0x59, 0xA2, 0xDA, 0xAF, 0x74, 0xC8, 0xC9, 0x03, 0x26, 0x38, + 0xFA, 0x48, 0xFC, 0x4D, 0x30, 0x6E, 0xEA, 0x76, 0x89, 0xCE, + 0x4F, 0xF6, 0x87, 0xDE, 0x32, 0x3A, 0x46, 0x6E, 0x38, 0x12, + 0x58, 0x37, 0x22, 0x0D, 0x80, 0xAC, 0x2D, 0xAF, 0x2F, 0x12, + 0x3E, 0x62, 0x73, 0x60, 0x66, 0x68, 0x90, 0xB2, 0x6F, 0x47, + 0x17, 0x04, 0x2B, 0xCA, 0xB7, 0x26, 0xB7, 0x10, 0xC2, 0x13, + 0xF9, 0x7A, 0x62, 0x0A, 0x93, 0x32, 0x90, 0x42, 0x0D, 0x16, + 0x2E, 0xFA, 0xD7, 0x29, 0xD7, 0x9F, 0x54, 0xE4, 0xFC, 0x65, + 0x74, 0xF8, 0xF6, 0x43, 0x6B, 0x4E, 0x9E, 0x34, 0x7F, 0xCB, + 0x6B, 0x1C, 0x1A, 0xDE, 0x82, 0x81, 0xBF, 0x08, 0x5D, 0x3F, + 0xC0, 0xB6, 0xB1, 0xA8, 0xA5, 0x9C, 0x81, 0x70, 0xA7, 0x4E, + 0x32, 0x87, 0x15, 0x1C, 0x78, 0x0E, 0xF0, 0x18, 0xFE, 0xEB, + 0x4B, 0x37, 0x2B, 0xE9, 0xE1, 0xF7, 0xFA, 0x51, 0xC6, 0x58, + 0xB9, 0xD8, 0x06, 0x03, 0xED, 0xC0, 0x03, 0x18, 0x55, 0x8B, + 0x98, 0xFE, 0xB1, 0xF6, 0xD0, 0x3D, 0xFA, 0x63, 0xC0, 0x38, + 0x19, 0xC7, 0x00, 0xEF, 0x4D, 0x99, 0x60, 0xB4, 0xBA, 0xCE, + 0xE3, 0xCE, 0xD9, 0x6B, 0x2D, 0x76, 0x94, 0xFF, 0xFB, 0x77, + 0x18, 0x4A, 0xFE, 0x65, 0xF0, 0x0A, 0x91, 0x5C, 0x3B, 0x22, + 0x94, 0x85, 0xD0, 0x20, 0x18, 0x59, 0x2E, 0xA5, 0x33, 0x03, + 0xAC, 0x1B, 0x5F, 0x78, 0x32, 0x11, 0x25, 0xEE, 0x7F, 0x96, + 0x21, 0xA9, 0xD6, 0x76, 0x97, 0x8D, 0x66, 0x7E, 0xB2, 0x91, + 0xD0, 0x36, 0x2E, 0xA3, 0x1D, 0xBF, 0xF1, 0x85, 0xED, 0xC0, + 0x3E, 0x60, 0xB8, 0x5A, 0x9F, 0xAB, 0x80, 0xE0, 0xEA, 0x5D, + 0x5F, 0x75, 0x56, 0xC7, 0x4D, 0x51, 0x8E, 0xD4, 0x1F, 0x34, + 0xA6, 0x36, 0xF1, 0x30, 0x1F, 0x51, 0x99, 0x2F, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x52, 0x11, 0x33, + 0x40, 0xC5, 0xD9, 0x64, 0x65, 0xB5, 0xE0, 0x0A, 0xA5, 0x19, + 0x8E, 0xED, 0x44, 0x54, 0x0C, 0x35, 0xB7, 0xAC, 0x21, 0x9B, + 0xE1, 0x7E, 0x37, 0x05, 0x9A, 0x20, 0x73, 0x6B, 0xAF, 0x63, + 0x4B, 0x23, 0x30, 0xDC, 0x37, 0x66, 0x14, 0x89, 0xBC, 0xE0, + 0xF8, 0xA0, 0x5D, 0x2D, 0x57, 0x65, 0xE0, 0xC6, 0xD6, 0x9B, + 0x66, 0x27, 0x62, 0xEC, 0xC3, 0xB8, 0x8C, 0xD8, 0xAE, 0xB5, + 0xC9, 0xBF, 0x0E, 0xFE, 0x84, 0x72, 0x68, 0xD5, 0x47, 0x0E, + 0x0E, 0xF8, 0xAE, 0x9D, 0x56, 0xAC, 0x4F, 0xAD, 0x88, 0xA0, + 0xA2, 0xF6, 0xFC, 0x38, 0xCD, 0x96, 0x5B, 0x5E, 0x7E, 0xB6, + 0x98, 0xBB, 0xF3, 0x8A, 0xEC, 0xFA, 0xC8, 0xB7, 0x90, 0x75, + 0xA0, 0x0E, 0x77, 0x6B, 0xFD, 0x59, 0x45, 0x5A, 0x0C, 0xFF, + 0x95, 0x8D, 0xCE, 0xFE, 0x9B, 0xF6, 0x19, 0x8E, 0x0B, 0xA1, + 0x0C, 0xEE, 0xC6, 0x79, 0xDD, 0x9D, 0x61, 0x85, 0x5C, 0x19, + 0x6C, 0x47, 0xCC, 0x08, 0xFF, 0xA5, 0x62, 0xDB, 0xE4, 0x2D, + 0x2D, 0xDD, 0x14, 0x67, 0xD6, 0x4A, 0x64, 0x2A, 0x66, 0x49, + 0x54, 0x9C, 0xE3, 0x85, 0x18, 0xE7, 0x31, 0x42, 0xE2, 0xD0, + 0x2C, 0x20, 0xA0, 0x74, 0x0F, 0x1F, 0x20, 0x89, 0xBA, 0xAB, + 0x80, 0xD8, 0x38, 0xD9, 0x46, 0x69, 0xBB, 0xEF, 0xCC, 0x8B, + 0xA1, 0x73, 0xA7, 0xF2, 0xE4, 0x38, 0x5D, 0xD6, 0x75, 0x9F, + 0x88, 0x0E, 0x56, 0xCD, 0xD8, 0x84, 0x59, 0x29, 0x73, 0xF5, + 0xA1, 0x79, 0xDA, 0x7A, 0x1F, 0xBF, 0x73, 0x83, 0xC0, 0x6D, + 0x9F, 0x8B, 0x34, 0x15, 0xC0, 0x6D, 0x69, 0x6A, 0x20, 0xE6, + 0x51, 0xCF, 0x45, 0x6E, 0xCC, 0x05, 0xC4, 0x3A, 0xC0, 0x9E, + 0xAA, 0xC1, 0x06, 0x2F, 0xAB, 0x99, 0x30, 0xE1, 0x6E, 0x9D, + 0x45, 0x7A, 0xFF, 0xA9, 0xCE, 0x70, 0xB8, 0x16, 0x1A, 0x0E, + 0x20, 0xFA, 0xC1, 0x02, 0x81, 0x81, 0x00, 0xFF, 0x30, 0x11, + 0xC2, 0x3C, 0x6B, 0xB4, 0xD6, 0x9E, 0x6B, 0xC1, 0x93, 0xD1, + 0x48, 0xCE, 0x80, 0x2D, 0xBE, 0xAF, 0xF7, 0xBA, 0xB2, 0xD7, + 0xC3, 0xC4, 0x53, 0x6E, 0x15, 0x02, 0xAA, 0x61, 0xB9, 0xEA, + 0x05, 0x9B, 0x79, 0x67, 0x0B, 0xCE, 0xD9, 0xFB, 0x98, 0x8C, + 0x1D, 0x6B, 0xF4, 0x5A, 0xA7, 0xA0, 0x5E, 0x54, 0x18, 0xE9, + 0x31, 0x44, 0x7C, 0xC7, 0x52, 0xD8, 0x6D, 0xA0, 0x3E, 0xD6, + 0x14, 0x2D, 0x7B, 0x15, 0x9D, 0x1E, 0x39, 0x87, 0x96, 0xDD, + 0xA8, 0x33, 0x55, 0x2A, 0x8E, 0x32, 0xC0, 0xC4, 0xE5, 0xB8, + 0xCB, 0xCD, 0x32, 0x8D, 0xAD, 0x7B, 0xE5, 0xC6, 0x7E, 0x4D, + 0x6F, 0xF3, 0xA4, 0xC5, 0xA6, 0x40, 0xBE, 0x90, 0x3A, 0x33, + 0x6A, 0x24, 0xB2, 0x80, 0x81, 0x12, 0xAC, 0xE3, 0x7B, 0x26, + 0x63, 0xCF, 0x88, 0xB9, 0xFF, 0x74, 0x23, 0x37, 0x52, 0xF0, + 0xC4, 0x27, 0x5D, 0x45, 0x1F, 0x02, 0x81, 0x81, 0x00, 0xEA, + 0x48, 0xA7, 0xDD, 0x73, 0x41, 0x56, 0x21, 0x15, 0xF7, 0x42, + 0x45, 0x4D, 0xA9, 0xE1, 0x66, 0x5B, 0xBD, 0x25, 0x7D, 0xF7, + 0xA8, 0x65, 0x13, 0xAE, 0x2D, 0x38, 0x11, 0xCD, 0x93, 0xFC, + 0x30, 0xA3, 0x2C, 0x44, 0xBB, 0xCF, 0xD0, 0x21, 0x8F, 0xFB, + 0xC1, 0xF9, 0xAD, 0x1D, 0xEE, 0x96, 0xCF, 0x97, 0x49, 0x60, + 0x53, 0x80, 0xA5, 0xA2, 0xF8, 0xEE, 0xB9, 0xD5, 0x77, 0x44, + 0xDD, 0xFD, 0x19, 0x2A, 0xF1, 0x81, 0xF4, 0xD9, 0x3C, 0xEC, + 0x73, 0xD0, 0x2A, 0xD8, 0x3C, 0x27, 0x87, 0x79, 0x12, 0x86, + 0xE7, 0x57, 0x0C, 0x59, 0xD1, 0x44, 0x55, 0xAE, 0xC3, 0x4D, + 0x42, 0xAD, 0xA9, 0xB3, 0x28, 0x61, 0xB4, 0x9C, 0xA6, 0x63, + 0xD3, 0x96, 0xB1, 0x75, 0x9F, 0x2A, 0x78, 0x99, 0xE3, 0x1E, + 0x71, 0x47, 0x39, 0xF4, 0x52, 0xE3, 0x66, 0xF1, 0xEB, 0x7F, + 0xEF, 0xC6, 0x81, 0x93, 0x4C, 0x99, 0xF1, 0x02, 0x81, 0x81, + 0x00, 0xC5, 0xB6, 0x20, 0x8C, 0x34, 0xF3, 0xDD, 0xF0, 0x4A, + 0x5D, 0x82, 0x65, 0x5C, 0x48, 0xE4, 0x75, 0x3A, 0xFB, 0xFA, + 0xAA, 0x1C, 0xE4, 0x63, 0x77, 0x31, 0xAC, 0xD2, 0x25, 0x45, + 0x23, 0x6D, 0x03, 0xF5, 0xE4, 0xD2, 0x48, 0x85, 0x26, 0x08, + 0xE5, 0xAA, 0xA0, 0xCE, 0x2E, 0x1D, 0x6D, 0xFC, 0xAE, 0xD2, + 0xF9, 0x42, 0x7E, 0xEA, 0x6D, 0x59, 0x7A, 0xB3, 0x93, 0xE4, + 0x4B, 0x4B, 0x54, 0x63, 0xD8, 0xCE, 0x44, 0x06, 0xC2, 0xEC, + 0x9F, 0xF6, 0x05, 0x55, 0x46, 0xF4, 0x3E, 0x8F, 0xF2, 0x0C, + 0x30, 0x7E, 0x5C, 0xDD, 0x88, 0x49, 0x3B, 0x59, 0xB9, 0x87, + 0xBC, 0xC6, 0xC5, 0x24, 0x8A, 0x10, 0x63, 0x21, 0x1F, 0x66, + 0x1A, 0x3E, 0xF4, 0x58, 0xD1, 0x6C, 0x0D, 0x40, 0xB2, 0xC0, + 0x1D, 0x63, 0x42, 0x0E, 0xC4, 0x56, 0x0E, 0xC0, 0xCC, 0xC2, + 0xD6, 0x66, 0x0E, 0xC4, 0xAB, 0xB5, 0x33, 0xF6, 0x51, 0x02, + 0x81, 0x80, 0x19, 0x7E, 0xE6, 0xA5, 0xB6, 0xD1, 0x39, 0x6A, + 0x48, 0x55, 0xAC, 0x24, 0x96, 0x9B, 0x12, 0x28, 0x6D, 0x7B, + 0x5C, 0x05, 0x25, 0x5A, 0x72, 0x05, 0x7E, 0x42, 0xF5, 0x83, + 0x1A, 0x78, 0x2C, 0x4D, 0xAE, 0xB4, 0x36, 0x96, 0xA9, 0xBA, + 0xE0, 0xAC, 0x26, 0x9D, 0xA9, 0x6A, 0x29, 0x83, 0xB9, 0x6D, + 0xC5, 0xEC, 0xFA, 0x4A, 0x9C, 0x09, 0x6A, 0x7E, 0xE4, 0x9B, + 0xDC, 0x9B, 0x2A, 0x27, 0x6E, 0x4F, 0xBA, 0xD8, 0xA5, 0x67, + 0xDB, 0xEC, 0x41, 0x5F, 0x29, 0x1C, 0x40, 0x83, 0xEB, 0x59, + 0x56, 0xD7, 0xA9, 0x4E, 0xAB, 0xAE, 0x70, 0x67, 0xD1, 0xA3, + 0xF1, 0x6C, 0xD7, 0x8F, 0x96, 0x0E, 0x8D, 0xAC, 0xAB, 0x55, + 0x58, 0x66, 0xD3, 0x1E, 0x47, 0x9B, 0xF0, 0x4C, 0xED, 0xF6, + 0x49, 0xE8, 0xE9, 0x7B, 0x32, 0x61, 0x20, 0x31, 0x95, 0x05, + 0xB2, 0xF6, 0x09, 0xEA, 0x32, 0x14, 0x0F, 0xCF, 0x9A, 0x41, + 0x02, 0x81, 0x80, 0x77, 0x3F, 0xB6, 0x14, 0x8D, 0xC5, 0x13, + 0x08, 0x7E, 0xC9, 0xC4, 0xEA, 0xD4, 0xBA, 0x0D, 0xA4, 0x9E, + 0xB3, 0x6E, 0xDE, 0x1A, 0x7A, 0xF8, 0x89, 0x88, 0xEF, 0x36, + 0x3C, 0x11, 0xBC, 0x83, 0xE8, 0x30, 0x6C, 0x81, 0x7C, 0x47, + 0xF3, 0x4D, 0xCA, 0xEA, 0x56, 0x01, 0x62, 0x55, 0x2E, 0x4B, + 0x89, 0xA9, 0xBD, 0x6F, 0x01, 0xF6, 0x74, 0x02, 0xAA, 0xE3, + 0x84, 0x66, 0x06, 0x95, 0x34, 0xA1, 0xE2, 0xCA, 0x65, 0xFE, + 0xA3, 0x2D, 0x43, 0x97, 0x95, 0x6C, 0x6F, 0xD5, 0xB4, 0x38, + 0xF6, 0xF9, 0x95, 0x30, 0xFA, 0xF8, 0x9C, 0x25, 0x2B, 0xB6, + 0x14, 0x51, 0xCC, 0x2E, 0xB3, 0x5B, 0xD6, 0xDC, 0x1A, 0xEC, + 0x2D, 0x09, 0x5B, 0x3F, 0x3A, 0xD0, 0xB8, 0x4E, 0x27, 0x1F, + 0xDC, 0x2A, 0xEE, 0xAC, 0xA9, 0x59, 0x5D, 0x07, 0x63, 0x11, + 0x83, 0x0B, 0xD4, 0x74, 0x80, 0xB6, 0x7D, 0x62, 0x45, 0xBF, + 0x56 +}; + #endif /* USE_CERT_BUFFERS_1024 */ #endif /* CYASSL_CERTS_TEST_H */ diff --git a/gencertbuf.pl b/gencertbuf.pl index 9af8a2085..6fb1929a1 100755 --- a/gencertbuf.pl +++ b/gencertbuf.pl @@ -22,7 +22,8 @@ my @fileList_1024 = ( [ "./certs/1024/client-key.der", "client_key_der_1024" ], [ "./certs/1024/client-cert.der", "client_cert_der_1024" ], [ "./certs/1024/dh1024.der", "dh_key_der_1024" ], - [ "./certs/1024/dsa1024.der", "dsa_key_der_1024" ] + [ "./certs/1024/dsa1024.der", "dsa_key_der_1024" ], + [ "./certs/1024/rsa1024.der", "rsa_key_der_1024" ] ); # 2048-bit certs/keys to be converted @@ -32,7 +33,8 @@ my @fileList_2048 = ( [ "./certs/client-key.der", "client_key_der_2048" ], [ "./certs/client-cert.der", "client_cert_der_2048" ], [ "./certs/dh2048.der", "dh_key_der_2048" ], - [ "./certs/dsa2048.der", "dsa_key_der_2048" ] + [ "./certs/dsa2048.der", "dsa_key_der_2048" ], + [ "./certs/rsa2048.der", "rsa_key_der_2048" ] ); # ---------------------------------------------------------------------------- From b91f3c7c6da409221fad3c887784b6755a22bb0d Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 30 Jan 2013 10:20:39 -0700 Subject: [PATCH 10/52] add NO_MAIN_DRIVER to CTaoCrypt benchmark --- ctaocrypt/benchmark/benchmark.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 325a0c010..b35c31c74 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -110,6 +110,8 @@ static int OpenNitroxDevice(int dma_mode,int dev_id) #endif +/* so embedded projects can pull in tests on their own */ +#ifndef NO_MAIN_DRIVER int main(int argc, char** argv) { @@ -186,6 +188,8 @@ int main(int argc, char** argv) return 0; } +#endif /* NO_MAIN_DRIVER */ + const int megs = 5; /* how many megs to test (en/de)cryption */ const int times = 100; /* public key iterations */ From 95e7226447de263fbe2abe60fb0f68f561196186 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 30 Jan 2013 16:19:19 -0700 Subject: [PATCH 11/52] add BENCH_EMBEDDED flag to CTaoCrypt benchmark app --- certs/1024/include.am | 2 - ctaocrypt/benchmark/benchmark.c | 176 ++++++++++++++++++++++---------- 2 files changed, 122 insertions(+), 56 deletions(-) diff --git a/certs/1024/include.am b/certs/1024/include.am index 376544ac5..c96849783 100644 --- a/certs/1024/include.am +++ b/certs/1024/include.am @@ -15,5 +15,3 @@ EXTRA_DIST += \ certs/1024/dsa1024.der \ certs/1024/rsa1024.der -dist_doc_DATA+= certs/taoCert.txt - diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index b35c31c74..56858f9dd 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -190,8 +190,15 @@ int main(int argc, char** argv) #endif /* NO_MAIN_DRIVER */ -const int megs = 5; /* how many megs to test (en/de)cryption */ -const int times = 100; /* public key iterations */ +#ifdef BENCH_EMBEDDED +const int numBlocks = 25; /* how many kB/megs to test (en/de)cryption */ +const char blockType[] = "kB"; /* used in printf output */ +const int times = 1; /* public key iterations */ +#else +const int numBlocks = 5; +const char blockType[] = "megs"; +const int times = 100; +#endif const byte key[] = { @@ -209,8 +216,14 @@ const byte iv[] = }; +/* use kB instead of mB for embedded benchmarking */ +#ifdef BENCH_EMBEDDED +byte plain [1024]; +byte cipher[1024]; +#else byte plain [1024*1024]; byte cipher[1024*1024]; +#endif #ifndef NO_AES @@ -228,16 +241,20 @@ void bench_aes(int show) AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) AesCbcEncrypt(&enc, plain, cipher, sizeof(plain)); total = current_time() - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif if (show) - printf("AES %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("AES %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); #ifdef HAVE_CAVIUM AesFreeCavium(&enc); #endif @@ -259,15 +276,20 @@ void bench_aesgcm(void) AesGcmSetKey(&enc, key, 16); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) AesGcmEncrypt(&enc, cipher, plain, sizeof(plain), iv, 12, tag, 16, additional, 13); total = current_time() - start; - persec = 1 / total * megs; - printf("AES-GCM %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + + printf("AES-GCM %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif @@ -282,15 +304,20 @@ void bench_aesccm(void) AesCcmSetKey(&enc, key, 16); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) AesCcmEncrypt(&enc, cipher, plain, sizeof(plain), iv, 12, tag, 16, additional, 13); total = current_time() - start; - persec = 1 / total * megs; - printf("AES-CCM %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + + printf("AES-CCM %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif @@ -305,14 +332,19 @@ void bench_camellia(void) CamelliaSetKey(&cam, key, 16, iv); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) CamelliaCbcEncrypt(&cam, plain, cipher, sizeof(plain)); total = current_time() - start; - persec = 1 / total * megs; - printf("Camellia %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + + printf("Camellia %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif @@ -331,15 +363,19 @@ void bench_des(void) Des3_SetKey(&enc, key, iv, DES_ENCRYPTION); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) Des3_CbcEncrypt(&enc, plain, cipher, sizeof(plain)); total = current_time() - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("3DES %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("3DES %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); #ifdef HAVE_CAVIUM Des3_FreeCavium(&enc); #endif @@ -362,14 +398,18 @@ void bench_arc4(void) Arc4SetKey(&enc, key, 16); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) Arc4Process(&enc, cipher, plain, sizeof(plain)); total = current_time() - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("ARC4 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("ARC4 %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); #ifdef HAVE_CAVIUM Arc4FreeCavium(&enc); #endif @@ -387,14 +427,18 @@ void bench_hc128(void) Hc128_SetKey(&enc, key, iv); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) Hc128_Process(&enc, cipher, plain, sizeof(plain)); total = current_time() - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("HC128 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("HC128 %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif /* HAVE_HC128 */ @@ -409,14 +453,18 @@ void bench_rabbit(void) RabbitSetKey(&enc, key, iv); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) RabbitProcess(&enc, cipher, plain, sizeof(plain)); total = current_time() - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("RABBIT %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("RABBIT %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif /* NO_RABBIT */ @@ -432,16 +480,20 @@ void bench_md5(void) InitMd5(&hash); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) Md5Update(&hash, plain, sizeof(plain)); Md5Final(&hash, digest); total = current_time() - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("MD5 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("MD5 %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif /* NO_MD5 */ @@ -456,16 +508,20 @@ void bench_sha(void) InitSha(&hash); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) ShaUpdate(&hash, plain, sizeof(plain)); ShaFinal(&hash, digest); total = current_time() - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("SHA %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("SHA %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } @@ -480,16 +536,20 @@ void bench_sha256(void) InitSha256(&hash); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) Sha256Update(&hash, plain, sizeof(plain)); Sha256Final(&hash, digest); total = current_time() - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("SHA-256 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("SHA-256 %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif @@ -504,16 +564,20 @@ void bench_sha512(void) InitSha512(&hash); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) Sha512Update(&hash, plain, sizeof(plain)); Sha512Final(&hash, digest); total = current_time() - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("SHA-512 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("SHA-512 %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif @@ -528,16 +592,20 @@ void bench_ripemd(void) InitRipeMd(&hash); start = current_time(); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) RipeMdUpdate(&hash, plain, sizeof(plain)); RipeMdFinal(&hash, digest); total = current_time() - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("RIPEMD %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("RIPEMD %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif From 2fc54ad7518ff41c74dc9d2360e58865c018763a Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 30 Jan 2013 16:29:15 -0700 Subject: [PATCH 12/52] add PIC32 current_time() to benchmark --- ctaocrypt/benchmark/benchmark.c | 122 ++++++++++++++++++++------------ 1 file changed, 75 insertions(+), 47 deletions(-) diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 56858f9dd..52a0803cc 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -83,7 +83,7 @@ void bench_eccKeyGen(void); void bench_eccKeyAgree(void); #endif -double current_time(void); +double current_time(int); #ifdef HAVE_CAVIUM @@ -239,12 +239,12 @@ void bench_aes(int show) #endif AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) AesCbcEncrypt(&enc, plain, cipher, sizeof(plain)); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED @@ -274,13 +274,13 @@ void bench_aesgcm(void) int i; AesGcmSetKey(&enc, key, 16); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) AesGcmEncrypt(&enc, cipher, plain, sizeof(plain), iv, 12, tag, 16, additional, 13); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED @@ -302,13 +302,13 @@ void bench_aesccm(void) int i; AesCcmSetKey(&enc, key, 16); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) AesCcmEncrypt(&enc, cipher, plain, sizeof(plain), iv, 12, tag, 16, additional, 13); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED @@ -330,12 +330,12 @@ void bench_camellia(void) int i; CamelliaSetKey(&cam, key, 16, iv); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) CamelliaCbcEncrypt(&cam, plain, cipher, sizeof(plain)); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED @@ -361,12 +361,12 @@ void bench_des(void) printf("des3 init cavium failed\n"); #endif Des3_SetKey(&enc, key, iv, DES_ENCRYPTION); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) Des3_CbcEncrypt(&enc, plain, cipher, sizeof(plain)); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED @@ -396,12 +396,12 @@ void bench_arc4(void) #endif Arc4SetKey(&enc, key, 16); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) Arc4Process(&enc, cipher, plain, sizeof(plain)); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED /* since using kB, convert to MB/s */ @@ -425,12 +425,12 @@ void bench_hc128(void) int i; Hc128_SetKey(&enc, key, iv); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) Hc128_Process(&enc, cipher, plain, sizeof(plain)); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED /* since using kB, convert to MB/s */ @@ -451,12 +451,12 @@ void bench_rabbit(void) int i; RabbitSetKey(&enc, key, iv); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) RabbitProcess(&enc, cipher, plain, sizeof(plain)); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED /* since using kB, convert to MB/s */ @@ -478,14 +478,14 @@ void bench_md5(void) int i; InitMd5(&hash); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) Md5Update(&hash, plain, sizeof(plain)); Md5Final(&hash, digest); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED /* since using kB, convert to MB/s */ @@ -506,14 +506,14 @@ void bench_sha(void) int i; InitSha(&hash); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) ShaUpdate(&hash, plain, sizeof(plain)); ShaFinal(&hash, digest); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED /* since using kB, convert to MB/s */ @@ -534,14 +534,14 @@ void bench_sha256(void) int i; InitSha256(&hash); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) Sha256Update(&hash, plain, sizeof(plain)); Sha256Final(&hash, digest); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED /* since using kB, convert to MB/s */ @@ -562,14 +562,14 @@ void bench_sha512(void) int i; InitSha512(&hash); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) Sha512Update(&hash, plain, sizeof(plain)); Sha512Final(&hash, digest); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED /* since using kB, convert to MB/s */ @@ -590,14 +590,14 @@ void bench_ripemd(void) int i; InitRipeMd(&hash); - start = current_time(); + start = current_time(1); for(i = 0; i < numBlocks; i++) RipeMdUpdate(&hash, plain, sizeof(plain)); RipeMdFinal(&hash, digest); - total = current_time() - start; + total = current_time(0) - start; persec = 1 / total * numBlocks; #ifdef BENCH_EMBEDDED /* since using kB, convert to MB/s */ @@ -654,26 +654,26 @@ void bench_rsa(void) InitRsaKey(&rsaKey, 0); bytes = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes); - start = current_time(); + start = current_time(1); for (i = 0; i < times; i++) bytes = RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng); - total = current_time() - start; + total = current_time(0) - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ printf("RSA %d encryption took %6.2f milliseconds, avg over %d" " iterations\n", rsaKeySz, milliEach, times); - start = current_time(); + start = current_time(1); for (i = 0; i < times; i++) { byte out[512]; /* for up to 4096 bit */ RsaPrivateDecrypt(enc, (word32)bytes, out, sizeof(out), &rsaKey); } - total = current_time() - start; + total = current_time(0) - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ @@ -730,12 +730,12 @@ void bench_dh(void) return; } - start = current_time(); + start = current_time(1); for (i = 0; i < times; i++) DhGenerateKeyPair(&dhKey, &rng, priv, &privSz, pub, &pubSz); - total = current_time() - start; + total = current_time(0) - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ @@ -743,12 +743,12 @@ void bench_dh(void) " iterations\n", milliEach, times); DhGenerateKeyPair(&dhKey, &rng, priv2, &privSz2, pub2, &pubSz2); - start = current_time(); + start = current_time(1); for (i = 0; i < times; i++) DhAgree(&dhKey, agree, &agreeSz, priv, privSz, pub2, pubSz2); - total = current_time() - start; + total = current_time(0) - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ @@ -771,7 +771,7 @@ void bench_rsaKeyGen(void) const int genTimes = 5; /* 1024 bit */ - start = current_time(); + start = current_time(1); for(i = 0; i < genTimes; i++) { InitRsaKey(&genKey, 0); @@ -779,7 +779,7 @@ void bench_rsaKeyGen(void) FreeRsaKey(&genKey); } - total = current_time() - start; + total = current_time(0) - start; each = total / genTimes; /* per second */ milliEach = each * 1000; /* millisconds */ printf("\n"); @@ -787,7 +787,7 @@ void bench_rsaKeyGen(void) " iterations\n", milliEach, genTimes); /* 2048 bit */ - start = current_time(); + start = current_time(1); for(i = 0; i < genTimes; i++) { InitRsaKey(&genKey, 0); @@ -795,7 +795,7 @@ void bench_rsaKeyGen(void) FreeRsaKey(&genKey); } - total = current_time() - start; + total = current_time(0) - start; each = total / genTimes; /* per second */ milliEach = each * 1000; /* millisconds */ printf("RSA 2048 key generation %6.2f milliseconds, avg over %d" @@ -812,14 +812,14 @@ void bench_eccKeyGen(void) const int genTimes = 5; /* 256 bit */ - start = current_time(); + start = current_time(1); for(i = 0; i < genTimes; i++) { ecc_make_key(&rng, 32, &genKey); ecc_free(&genKey); } - total = current_time() - start; + total = current_time(0) - start; each = total / genTimes; /* per second */ milliEach = each * 1000; /* millisconds */ printf("\n"); @@ -843,14 +843,14 @@ void bench_eccKeyAgree(void) ecc_make_key(&rng, 32, &genKey2); /* 256 bit */ - start = current_time(); + start = current_time(1); for(i = 0; i < agreeTimes; i++) { x = sizeof(shared); ecc_shared_secret(&genKey, &genKey2, shared, &x); } - total = current_time() - start; + total = current_time(0) - start; each = total / agreeTimes; /* per second */ milliEach = each * 1000; /* millisconds */ printf("EC-DHE key agreement %6.2f milliseconds, avg over %d" @@ -861,14 +861,14 @@ void bench_eccKeyAgree(void) digest[i] = i; - start = current_time(); + start = current_time(1); for(i = 0; i < agreeTimes; i++) { x = sizeof(sig); ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &genKey); } - total = current_time() - start; + total = current_time(0) - start; each = total / agreeTimes; /* per second */ milliEach = each * 1000; /* millisconds */ printf("EC-DSA sign time %6.2f milliseconds, avg over %d" @@ -885,8 +885,10 @@ void bench_eccKeyAgree(void) #define WIN32_LEAN_AND_MEAN #include - double current_time() + double current_time(int reset) { + (void)reset; + static int init = 0; static LARGE_INTEGER freq; @@ -902,12 +904,38 @@ void bench_eccKeyAgree(void) return (double)count.QuadPart / freq.QuadPart; } +#elif defined MICROCHIP_PIC32 + + #include + + double current_time(int reset) + { + /* NOTE: core timer tick rate = 40 Mhz, 1 tick = 25 ns */ + + unsigned int ns; + + /* should we reset our timer back to zero? Helps prevent timer + rollover */ + + if (reset) { + WriteCoreTimer(0); + } + + /* get timer in ns */ + ns = ReadCoreTimer() * 25; + + /* return seconds as a double */ + return ( ns / 1000000000.0 ); + } + #else #include - double current_time(void) + double current_time(int reset) { + (void) reset; + struct timeval tv; gettimeofday(&tv, 0); From b3ffcbd5b498e1c10808ad8da62861917e9bf642 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 30 Jan 2013 16:54:43 -0700 Subject: [PATCH 13/52] fix DH key size output in benchmark --- ctaocrypt/benchmark/benchmark.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 52a0803cc..06decc84d 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -704,10 +704,12 @@ void bench_dh(void) double start, total, each, milliEach; DhKey dhKey; + int dhKeySz = 2048; /* used in printf */ #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, dh_key_der_1024, sizeof(dh_key_der_1024)); bytes = sizeof(dh_key_der_1024); + dhKeySz = 1024; #elif defined(USE_CERT_BUFFERS_2048) XMEMCPY(tmp, dh_key_der_2048, sizeof(dh_key_der_2048)); bytes = sizeof(dh_key_der_2048); @@ -739,8 +741,8 @@ void bench_dh(void) each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ - printf("DH 2048 key generation %6.2f milliseconds, avg over %d" - " iterations\n", milliEach, times); + printf("DH %d key generation %6.2f milliseconds, avg over %d" + " iterations\n", dhKeySz, milliEach, times); DhGenerateKeyPair(&dhKey, &rng, priv2, &privSz2, pub2, &pubSz2); start = current_time(1); @@ -752,8 +754,8 @@ void bench_dh(void) each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ - printf("DH 2048 key agreement %6.2f milliseconds, avg over %d" - " iterations\n", milliEach, times); + printf("DH %d key agreement %6.2f milliseconds, avg over %d" + " iterations\n", dhKeySz, milliEach, times); #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) fclose(file); From 5d29bf1e49037875f73cd6835216b54aec74b154 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 30 Jan 2013 18:02:18 -0700 Subject: [PATCH 14/52] add MPLAB X projects, PIC32 GenerateSeed() --- Makefile.am | 3 + ctaocrypt/src/random.c | 19 +++ cyassl/ctaocrypt/settings.h | 9 +- mplabx/README | 37 ++++++ mplabx/ctaocrypt_benchmark.X/main.c | 116 ++++++++++++++++++ .../nbproject/include.am | 12 ++ .../nbproject/project.xml | 18 +++ mplabx/ctaocrypt_test.X/main.c | 57 +++++++++ mplabx/ctaocrypt_test.X/nbproject/include.am | 12 ++ mplabx/ctaocrypt_test.X/nbproject/project.xml | 18 +++ mplabx/cyassl.X/nbproject/include.am | 12 ++ mplabx/cyassl.X/nbproject/project.xml | 16 +++ 12 files changed, 327 insertions(+), 2 deletions(-) create mode 100644 mplabx/README create mode 100644 mplabx/ctaocrypt_benchmark.X/main.c create mode 100644 mplabx/ctaocrypt_benchmark.X/nbproject/include.am create mode 100644 mplabx/ctaocrypt_benchmark.X/nbproject/project.xml create mode 100644 mplabx/ctaocrypt_test.X/main.c create mode 100644 mplabx/ctaocrypt_test.X/nbproject/include.am create mode 100644 mplabx/ctaocrypt_test.X/nbproject/project.xml create mode 100644 mplabx/cyassl.X/nbproject/include.am create mode 100644 mplabx/cyassl.X/nbproject/project.xml diff --git a/Makefile.am b/Makefile.am index f197d3a47..69d390cf0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -55,6 +55,9 @@ include testsuite/include.am include tests/include.am include sslSniffer/sslSnifferTest/include.am include rpm/include.am +include mplabx/ctaocrypt_benchmark.X/nbproject/include.am +include mplabx/ctaocrypt_test.X/nbproject/include.am +include mplabx/cyassl.X/nbproject/include.am if USE_VALGRIND TESTS_ENVIRONMENT=./valgrind-error.sh diff --git a/ctaocrypt/src/random.c b/ctaocrypt/src/random.c index e1247d16a..e8217034b 100644 --- a/ctaocrypt/src/random.c +++ b/ctaocrypt/src/random.c @@ -455,6 +455,25 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } +#elif defined(MICROCHIP_PIC32) + +#include + +/* uses the core timer, in nanoseconds to seed srand */ +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int i; + srand(ReadCoreTimer() * 25); + + for (i = 0; i < sz; i++ ) { + output[i] = rand() % 256; + if ( (i % 8) == 7) + srand(ReadCoreTimer() * 25); + } + + return 0; +} + #elif defined(CYASSL_SAFERTOS) || defined(CYASSL_LEANPSK) #warning "write a real random seed!!!!, just for testing now" diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index 2890ebd18..63888df6a 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -88,9 +88,14 @@ #endif #ifdef MICROCHIP_PIC32 - /* use MBED plus no filesystem */ - #define MBED + #define SIZEOF_LONG_LONG 8 + #define SINGLE_THREADED + #define CYASSL_USER_IO + #define NO_WRITEV + #define NO_DEV_RANDOM #define NO_FILESYSTEM + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT #endif #ifdef MBED diff --git a/mplabx/README b/mplabx/README new file mode 100644 index 000000000..c0d10f3d0 --- /dev/null +++ b/mplabx/README @@ -0,0 +1,37 @@ +CyaSSL MPLAB X Project Files + +This directory contains project files for the Microchip MPLAB X IDE. These +projects have been set up to use the Microchip PIC32 Ethernet Starter Kit +and the Microchip XC32 compiler. + +In order to generate the necessary auto-generated MPLAB X files, make sure +to import the cyassl.X project into your MPLAB X workspace before trying to +build either the CTaoCrypt test or benchmark applications. + +Included Project Files +----------------------- + +1. CyaSSL library (cyassl.X) + + This project build a static CyaSSL library. Prior to building this + project, uncomment the MICROCHIP_PIC32 define located in: + + /cyassl/ctaocrypt/settings.h + + After this project has been built, the compiled library will be located + at: + + /mplabx/cyassl.X/dist/default/production/cyassl.X.a + +2. CTaoCrypt Test App (ctaocrypt_test.X) + +3. CTaoCrypt Benchmark App (ctaocrypt_benchmark.X) + + +MIPS16 and MIPS32 Support +------------------------- + +These projects support both MIPS16 and MIPS32 instruction sets. Switching +between these two instruction sets can be done in each project's properties +settings by checking the "Generate 16-bit code" checkbox. + diff --git a/mplabx/ctaocrypt_benchmark.X/main.c b/mplabx/ctaocrypt_benchmark.X/main.c new file mode 100644 index 000000000..b2bcf39dc --- /dev/null +++ b/mplabx/ctaocrypt_benchmark.X/main.c @@ -0,0 +1,116 @@ +/* main.c + * + * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#define PIC32_STARTER_KIT + +#include +#include +#include + +void bench_des(void); +void bench_arc4(void); +void bench_hc128(void); +void bench_rabbit(void); +void bench_aes(int); +void bench_aesgcm(void); + +void bench_md5(void); +void bench_sha(void); +void bench_sha256(void); +void bench_sha512(void); +void bench_ripemd(void); + +void bench_rsa(void); +void bench_rsaKeyGen(void); +void bench_dh(void); +#ifdef HAVE_ECC +void bench_eccKeyGen(void); +void bench_eccKeyAgree(void); +#endif + +/* + * Main driver for CTaoCrypt benchmarks. + */ +int main(int argc, char** argv) { + + SYSTEMConfigPerformance(80000000); + + DBINIT(); + printf("CTaoCrypt Benchmark:\n"); + +#ifndef NO_AES + bench_aes(0); + bench_aes(1); +#endif +#ifdef HAVE_AESGCM + bench_aesgcm(); +#endif +#ifndef NO_RC4 + bench_arc4(); +#endif +#ifdef HAVE_HC128 + bench_hc128(); +#endif +#ifndef NO_RABBIT + bench_rabbit(); +#endif +#ifndef NO_DES3 + bench_des(); +#endif + + printf("\n"); + +#ifndef NO_MD5 + bench_md5(); +#endif + bench_sha(); +#ifndef NO_SHA256 + bench_sha256(); +#endif +#ifdef CYASSL_SHA512 + bench_sha512(); +#endif +#ifdef CYASSL_RIPEMD + bench_ripemd(); +#endif + + printf("\n"); + +#ifndef NO_RSA + bench_rsa(); +#endif + +#ifndef NO_DH + bench_dh(); +#endif + +#if defined(CYASSL_KEY_GEN) && !defined(NO_RSA) + bench_rsaKeyGen(); +#endif + +#ifdef HAVE_ECC + bench_eccKeyGen(); + bench_eccKeyAgree(); +#endif + + return 0; +} + diff --git a/mplabx/ctaocrypt_benchmark.X/nbproject/include.am b/mplabx/ctaocrypt_benchmark.X/nbproject/include.am new file mode 100644 index 000000000..567fbba38 --- /dev/null +++ b/mplabx/ctaocrypt_benchmark.X/nbproject/include.am @@ -0,0 +1,12 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mplabx/ctaocrypt_benchmark.X/Makefile \ + mplabx/ctaocrypt_benchmark.X/main.c + +EXTRA_DIST += \ + mplabx/ctaocrypt_benchmark.X/nbproject/configurations.xml \ + mplabx/ctaocrypt_benchmark.X/nbproject/project.xml + diff --git a/mplabx/ctaocrypt_benchmark.X/nbproject/project.xml b/mplabx/ctaocrypt_benchmark.X/nbproject/project.xml new file mode 100644 index 000000000..9ec9516cc --- /dev/null +++ b/mplabx/ctaocrypt_benchmark.X/nbproject/project.xml @@ -0,0 +1,18 @@ + + + com.microchip.mplab.nbide.embedded.makeproject + + + ctaocrypt_benchmark + 22e4138b-5f20-4957-ac0a-c181b94d3342 + 0 + c + + + ISO-8859-1 + + ../cyassl.X + + + + diff --git a/mplabx/ctaocrypt_test.X/main.c b/mplabx/ctaocrypt_test.X/main.c new file mode 100644 index 000000000..79a91bc0f --- /dev/null +++ b/mplabx/ctaocrypt_test.X/main.c @@ -0,0 +1,57 @@ +/* main.c + * + * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#define PIC32_STARTER_KIT + +#include +#include +#include +#include + +/* func_args from test.h, so don't have to pull in other junk */ +typedef struct func_args { + int argc; + char** argv; + int return_code; +} func_args; + +/* + * Main driver for CTaoCrypt tests. + */ +int main(int argc, char** argv) { + + DBINIT(); + printf("CTaoCrypt Test:\n"); + + func_args args; + + args.argc = argc; + args.argv = argv; + + ctaocrypt_test(&args); + + if (args.return_code == 0) { + printf("All tests passed!\n"); + } + + return 0; +} + diff --git a/mplabx/ctaocrypt_test.X/nbproject/include.am b/mplabx/ctaocrypt_test.X/nbproject/include.am new file mode 100644 index 000000000..e7d868de8 --- /dev/null +++ b/mplabx/ctaocrypt_test.X/nbproject/include.am @@ -0,0 +1,12 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mplabx/ctaocrypt_test.X/Makefile \ + mplabx/ctaocrypt_test.X/main.c + +EXTRA_DIST += \ + mplabx/ctaocrypt_test.X/nbproject/configurations.xml \ + mplabx/ctaocrypt_test.X/nbproject/project.xml + diff --git a/mplabx/ctaocrypt_test.X/nbproject/project.xml b/mplabx/ctaocrypt_test.X/nbproject/project.xml new file mode 100644 index 000000000..3567a51b8 --- /dev/null +++ b/mplabx/ctaocrypt_test.X/nbproject/project.xml @@ -0,0 +1,18 @@ + + + com.microchip.mplab.nbide.embedded.makeproject + + + ctaocrypt_test + b34c4937-7042-4352-88b1-7717bcdf8aeb + 0 + c + + h + ISO-8859-1 + + ../cyassl.X + + + + diff --git a/mplabx/cyassl.X/nbproject/include.am b/mplabx/cyassl.X/nbproject/include.am new file mode 100644 index 000000000..4db3841b2 --- /dev/null +++ b/mplabx/cyassl.X/nbproject/include.am @@ -0,0 +1,12 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mplabx/README \ + mplabx/cyassl.X/Makefile + +EXTRA_DIST += \ + mplabx/cyassl.X/nbproject/configurations.xml \ + mplabx/cyassl.X/nbproject/project.xml + diff --git a/mplabx/cyassl.X/nbproject/project.xml b/mplabx/cyassl.X/nbproject/project.xml new file mode 100644 index 000000000..831eae925 --- /dev/null +++ b/mplabx/cyassl.X/nbproject/project.xml @@ -0,0 +1,16 @@ + + + com.microchip.mplab.nbide.embedded.makeproject + + + cyassl + 93bbfc3a-a0fa-4d48-bbc8-6cd47a2bd05b + 0 + c + + + ISO-8859-1 + + + + From 7f4b0d1d3a5349771f7f517f66ee23208897643c Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 30 Jan 2013 22:13:42 -0700 Subject: [PATCH 15/52] add missing MPLAB X project files --- mplabx/ctaocrypt_benchmark.X/Makefile | 108 +++++++++++ .../nbproject/configurations.xml | 167 ++++++++++++++++ mplabx/ctaocrypt_test.X/Makefile | 108 +++++++++++ .../nbproject/configurations.xml | 168 ++++++++++++++++ mplabx/cyassl.X/Makefile | 108 +++++++++++ mplabx/cyassl.X/nbproject/configurations.xml | 182 ++++++++++++++++++ 6 files changed, 841 insertions(+) create mode 100644 mplabx/ctaocrypt_benchmark.X/Makefile create mode 100644 mplabx/ctaocrypt_benchmark.X/nbproject/configurations.xml create mode 100644 mplabx/ctaocrypt_test.X/Makefile create mode 100644 mplabx/ctaocrypt_test.X/nbproject/configurations.xml create mode 100644 mplabx/cyassl.X/Makefile create mode 100644 mplabx/cyassl.X/nbproject/configurations.xml diff --git a/mplabx/ctaocrypt_benchmark.X/Makefile b/mplabx/ctaocrypt_benchmark.X/Makefile new file mode 100644 index 000000000..05a3fb1b6 --- /dev/null +++ b/mplabx/ctaocrypt_benchmark.X/Makefile @@ -0,0 +1,108 @@ +# +# There exist several targets which are by default empty and which can be +# used for execution of your targets. These targets are usually executed +# before and after some main targets. They are: +# +# .build-pre: called before 'build' target +# .build-post: called after 'build' target +# .clean-pre: called before 'clean' target +# .clean-post: called after 'clean' target +# .clobber-pre: called before 'clobber' target +# .clobber-post: called after 'clobber' target +# .all-pre: called before 'all' target +# .all-post: called after 'all' target +# .help-pre: called before 'help' target +# .help-post: called after 'help' target +# +# Targets beginning with '.' are not intended to be called on their own. +# +# Main targets can be executed directly, and they are: +# +# build build a specific configuration +# clean remove built files from a configuration +# clobber remove all built files +# all build all configurations +# help print help mesage +# +# Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and +# .help-impl are implemented in nbproject/makefile-impl.mk. +# +# Available make variables: +# +# CND_BASEDIR base directory for relative paths +# CND_DISTDIR default top distribution directory (build artifacts) +# CND_BUILDDIR default top build directory (object files, ...) +# CONF name of current configuration +# CND_ARTIFACT_DIR_${CONF} directory of build artifact (current configuration) +# CND_ARTIFACT_NAME_${CONF} name of build artifact (current configuration) +# CND_ARTIFACT_PATH_${CONF} path to build artifact (current configuration) +# CND_PACKAGE_DIR_${CONF} directory of package (current configuration) +# CND_PACKAGE_NAME_${CONF} name of package (current configuration) +# CND_PACKAGE_PATH_${CONF} path to package (current configuration) +# +# NOCDDL + + +# Environment +MKDIR=mkdir +CP=cp +CCADMIN=CCadmin +RANLIB=ranlib + + +# build +build: .build-post + +.build-pre: +# Add your pre 'build' code here... + +.build-post: .build-impl +# Add your post 'build' code here... + + +# clean +clean: .clean-post + +.clean-pre: +# Add your pre 'clean' code here... + +.clean-post: .clean-impl +# Add your post 'clean' code here... + + +# clobber +clobber: .clobber-post + +.clobber-pre: +# Add your pre 'clobber' code here... + +.clobber-post: .clobber-impl +# Add your post 'clobber' code here... + + +# all +all: .all-post + +.all-pre: +# Add your pre 'all' code here... + +.all-post: .all-impl +# Add your post 'all' code here... + + +# help +help: .help-post + +.help-pre: +# Add your pre 'help' code here... + +.help-post: .help-impl +# Add your post 'help' code here... + + + +# include project implementation makefile +include nbproject/Makefile-impl.mk + +# include project make variables +include nbproject/Makefile-variables.mk diff --git a/mplabx/ctaocrypt_benchmark.X/nbproject/configurations.xml b/mplabx/ctaocrypt_benchmark.X/nbproject/configurations.xml new file mode 100644 index 000000000..8617c2123 --- /dev/null +++ b/mplabx/ctaocrypt_benchmark.X/nbproject/configurations.xml @@ -0,0 +1,167 @@ + + + + + + + + + main.c + ../../ctaocrypt/benchmark/benchmark.c + + + Makefile + + + Makefile + + + + localhost + PIC32MX795F512L + + + SKDEPIC32PlatformTool + XC32 + 1.10 + 4 + + + + + + + + + + + + false + + + + + false + + false + + false + false + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mplabx/ctaocrypt_test.X/Makefile b/mplabx/ctaocrypt_test.X/Makefile new file mode 100644 index 000000000..05a3fb1b6 --- /dev/null +++ b/mplabx/ctaocrypt_test.X/Makefile @@ -0,0 +1,108 @@ +# +# There exist several targets which are by default empty and which can be +# used for execution of your targets. These targets are usually executed +# before and after some main targets. They are: +# +# .build-pre: called before 'build' target +# .build-post: called after 'build' target +# .clean-pre: called before 'clean' target +# .clean-post: called after 'clean' target +# .clobber-pre: called before 'clobber' target +# .clobber-post: called after 'clobber' target +# .all-pre: called before 'all' target +# .all-post: called after 'all' target +# .help-pre: called before 'help' target +# .help-post: called after 'help' target +# +# Targets beginning with '.' are not intended to be called on their own. +# +# Main targets can be executed directly, and they are: +# +# build build a specific configuration +# clean remove built files from a configuration +# clobber remove all built files +# all build all configurations +# help print help mesage +# +# Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and +# .help-impl are implemented in nbproject/makefile-impl.mk. +# +# Available make variables: +# +# CND_BASEDIR base directory for relative paths +# CND_DISTDIR default top distribution directory (build artifacts) +# CND_BUILDDIR default top build directory (object files, ...) +# CONF name of current configuration +# CND_ARTIFACT_DIR_${CONF} directory of build artifact (current configuration) +# CND_ARTIFACT_NAME_${CONF} name of build artifact (current configuration) +# CND_ARTIFACT_PATH_${CONF} path to build artifact (current configuration) +# CND_PACKAGE_DIR_${CONF} directory of package (current configuration) +# CND_PACKAGE_NAME_${CONF} name of package (current configuration) +# CND_PACKAGE_PATH_${CONF} path to package (current configuration) +# +# NOCDDL + + +# Environment +MKDIR=mkdir +CP=cp +CCADMIN=CCadmin +RANLIB=ranlib + + +# build +build: .build-post + +.build-pre: +# Add your pre 'build' code here... + +.build-post: .build-impl +# Add your post 'build' code here... + + +# clean +clean: .clean-post + +.clean-pre: +# Add your pre 'clean' code here... + +.clean-post: .clean-impl +# Add your post 'clean' code here... + + +# clobber +clobber: .clobber-post + +.clobber-pre: +# Add your pre 'clobber' code here... + +.clobber-post: .clobber-impl +# Add your post 'clobber' code here... + + +# all +all: .all-post + +.all-pre: +# Add your pre 'all' code here... + +.all-post: .all-impl +# Add your post 'all' code here... + + +# help +help: .help-post + +.help-pre: +# Add your pre 'help' code here... + +.help-post: .help-impl +# Add your post 'help' code here... + + + +# include project implementation makefile +include nbproject/Makefile-impl.mk + +# include project make variables +include nbproject/Makefile-variables.mk diff --git a/mplabx/ctaocrypt_test.X/nbproject/configurations.xml b/mplabx/ctaocrypt_test.X/nbproject/configurations.xml new file mode 100644 index 000000000..bd3e33e66 --- /dev/null +++ b/mplabx/ctaocrypt_test.X/nbproject/configurations.xml @@ -0,0 +1,168 @@ + + + + + ../../ctaocrypt/test/test.h + + + + + main.c + ../../ctaocrypt/test/test.c + + + Makefile + + + Makefile + + + + localhost + PIC32MX795F512L + + + SKDEPIC32PlatformTool + XC32 + 1.10 + 4 + + + + + + + + + + + + false + + + + + false + + false + + false + false + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mplabx/cyassl.X/Makefile b/mplabx/cyassl.X/Makefile new file mode 100644 index 000000000..05a3fb1b6 --- /dev/null +++ b/mplabx/cyassl.X/Makefile @@ -0,0 +1,108 @@ +# +# There exist several targets which are by default empty and which can be +# used for execution of your targets. These targets are usually executed +# before and after some main targets. They are: +# +# .build-pre: called before 'build' target +# .build-post: called after 'build' target +# .clean-pre: called before 'clean' target +# .clean-post: called after 'clean' target +# .clobber-pre: called before 'clobber' target +# .clobber-post: called after 'clobber' target +# .all-pre: called before 'all' target +# .all-post: called after 'all' target +# .help-pre: called before 'help' target +# .help-post: called after 'help' target +# +# Targets beginning with '.' are not intended to be called on their own. +# +# Main targets can be executed directly, and they are: +# +# build build a specific configuration +# clean remove built files from a configuration +# clobber remove all built files +# all build all configurations +# help print help mesage +# +# Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and +# .help-impl are implemented in nbproject/makefile-impl.mk. +# +# Available make variables: +# +# CND_BASEDIR base directory for relative paths +# CND_DISTDIR default top distribution directory (build artifacts) +# CND_BUILDDIR default top build directory (object files, ...) +# CONF name of current configuration +# CND_ARTIFACT_DIR_${CONF} directory of build artifact (current configuration) +# CND_ARTIFACT_NAME_${CONF} name of build artifact (current configuration) +# CND_ARTIFACT_PATH_${CONF} path to build artifact (current configuration) +# CND_PACKAGE_DIR_${CONF} directory of package (current configuration) +# CND_PACKAGE_NAME_${CONF} name of package (current configuration) +# CND_PACKAGE_PATH_${CONF} path to package (current configuration) +# +# NOCDDL + + +# Environment +MKDIR=mkdir +CP=cp +CCADMIN=CCadmin +RANLIB=ranlib + + +# build +build: .build-post + +.build-pre: +# Add your pre 'build' code here... + +.build-post: .build-impl +# Add your post 'build' code here... + + +# clean +clean: .clean-post + +.clean-pre: +# Add your pre 'clean' code here... + +.clean-post: .clean-impl +# Add your post 'clean' code here... + + +# clobber +clobber: .clobber-post + +.clobber-pre: +# Add your pre 'clobber' code here... + +.clobber-post: .clobber-impl +# Add your post 'clobber' code here... + + +# all +all: .all-post + +.all-pre: +# Add your pre 'all' code here... + +.all-post: .all-impl +# Add your post 'all' code here... + + +# help +help: .help-post + +.help-pre: +# Add your pre 'help' code here... + +.help-post: .help-impl +# Add your post 'help' code here... + + + +# include project implementation makefile +include nbproject/Makefile-impl.mk + +# include project make variables +include nbproject/Makefile-variables.mk diff --git a/mplabx/cyassl.X/nbproject/configurations.xml b/mplabx/cyassl.X/nbproject/configurations.xml new file mode 100644 index 000000000..cf2aebe06 --- /dev/null +++ b/mplabx/cyassl.X/nbproject/configurations.xml @@ -0,0 +1,182 @@ + + + + + + + + + ../../src/crl.c + ../../src/internal.c + ../../src/io.c + ../../src/keys.c + ../../src/ocsp.c + ../../src/sniffer.c + ../../src/ssl.c + ../../src/tls.c + ../../ctaocrypt/src/aes.c + ../../ctaocrypt/src/arc4.c + ../../ctaocrypt/src/asm.c + ../../ctaocrypt/src/asn.c + ../../ctaocrypt/src/coding.c + ../../ctaocrypt/src/des3.c + ../../ctaocrypt/src/dh.c + ../../ctaocrypt/src/dsa.c + ../../ctaocrypt/src/ecc.c + ../../ctaocrypt/src/ecc_fp.c + ../../ctaocrypt/src/error.c + ../../ctaocrypt/src/hc128.c + ../../ctaocrypt/src/hmac.c + ../../ctaocrypt/src/integer.c + ../../ctaocrypt/src/logging.c + ../../ctaocrypt/src/md2.c + ../../ctaocrypt/src/md4.c + ../../ctaocrypt/src/md5.c + ../../ctaocrypt/src/memory.c + ../../ctaocrypt/src/misc.c + ../../ctaocrypt/src/pwdbased.c + ../../ctaocrypt/src/rabbit.c + ../../ctaocrypt/src/random.c + ../../ctaocrypt/src/ripemd.c + ../../ctaocrypt/src/rsa.c + ../../ctaocrypt/src/sha.c + ../../ctaocrypt/src/sha256.c + ../../ctaocrypt/src/sha512.c + ../../ctaocrypt/src/tfm.c + + + Makefile + + + + .. + + Makefile + + + + localhost + PIC32MX795F512L + + + SKDEPIC32PlatformTool + XC32 + 1.10 + 4 + + + + + + + false + + false + + false + false + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From a3caa03381c7976f05ca29acb65e4321ae17b58b Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Thu, 31 Jan 2013 10:20:29 -0700 Subject: [PATCH 16/52] tie MQX directory into automake, update docs --- Makefile.am | 4 ++ mplabx/README | 2 +- mqx/README | 37 +++++++++++++++++++ mqx/ctaocrypt_test/Sources/include.am | 15 ++++++++ ...ash_SramData_Debug_PnE_U-MultiLink.launch} | 0 ...h_SramData_Release_PnE_U-MultiLink.launch} | 0 mqx/cyassl/include.am | 8 ++++ mqx/cyassl_client/Sources/include.am | 15 ++++++++ ...ash_SramData_Debug_PnE_U-MultiLink.launch} | 0 ...h_SramData_Release_PnE_U-MultiLink.launch} | 0 mqx/util_lib/Sources/include.am | 12 ++++++ 11 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 mqx/README create mode 100644 mqx/ctaocrypt_test/Sources/include.am rename mqx/ctaocrypt_test/{ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.launch => ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch} (100%) rename mqx/ctaocrypt_test/{ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.launch => ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch} (100%) create mode 100644 mqx/cyassl/include.am create mode 100644 mqx/cyassl_client/Sources/include.am rename mqx/cyassl_client/{cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.launch => cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch} (100%) rename mqx/cyassl_client/{cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.launch => cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch} (100%) create mode 100644 mqx/util_lib/Sources/include.am diff --git a/Makefile.am b/Makefile.am index 69d390cf0..62a1de399 100644 --- a/Makefile.am +++ b/Makefile.am @@ -55,6 +55,10 @@ include testsuite/include.am include tests/include.am include sslSniffer/sslSnifferTest/include.am include rpm/include.am +include mqx/ctaocrypt_test/Sources/include.am +include mqx/cyassl/include.am +include mqx/cyassl_client/Sources/include.am +include mqx/util_lib/Sources/include.am include mplabx/ctaocrypt_benchmark.X/nbproject/include.am include mplabx/ctaocrypt_test.X/nbproject/include.am include mplabx/cyassl.X/nbproject/include.am diff --git a/mplabx/README b/mplabx/README index c0d10f3d0..3879a79c7 100644 --- a/mplabx/README +++ b/mplabx/README @@ -13,7 +13,7 @@ Included Project Files 1. CyaSSL library (cyassl.X) - This project build a static CyaSSL library. Prior to building this + This project builds a static CyaSSL library. Prior to building this project, uncomment the MICROCHIP_PIC32 define located in: /cyassl/ctaocrypt/settings.h diff --git a/mqx/README b/mqx/README new file mode 100644 index 000000000..3765ba57b --- /dev/null +++ b/mqx/README @@ -0,0 +1,37 @@ +CyaSSL Freescale CodeWarrior Project Files + +This directory contains project files for Freescale CodeWarrior 10.2. These +project have been created to use MQX, RTCS, and MFS on the Freescale +Kinetis K70 Tower System. + +Included Project Files +----------------------- + +1. CyaSSL library (/cyassl) + + Prior to building this project, uncomment the FREESCALE_MQX define + located in: + + /cyassl/ctaocrypt/settings.h + +2. CTaoCrypt Test App (/ctaocrypt_test) + +3. Example CyaSSL Client (/cyassl_client) + + +Importing into CodeWarrior Workspace +------------------------------------ + +These projects can be imported into a CodeWarrior workspace using the standard +"Import Project" feature. To import a project from CodeWarrior, follow +these steps: + +1. File -> Import +2. General -> Existing Projects into Workspace +3. Select Root Directory (browse to this "/mqx" directory) +4. Select desired projects -> Finish + +Keep in mind that the projects above reference CyaSSL source files and header +files with relative paths to the projects' current location in the +/mqx directory. + diff --git a/mqx/ctaocrypt_test/Sources/include.am b/mqx/ctaocrypt_test/Sources/include.am new file mode 100644 index 000000000..b167955e2 --- /dev/null +++ b/mqx/ctaocrypt_test/Sources/include.am @@ -0,0 +1,15 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mqx/ctaocrypt_test/.cproject \ + mqx/ctaocrypt_test/.project \ + mqx/ctaocrypt_test/ReferencedRSESystems.xml \ + mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch \ + mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch + +EXTRA_DIST += \ + mqx/ctaocrypt_test/Sources/main.c \ + mqx/ctaocrypt_test/Sources/main.h + diff --git a/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.launch b/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch similarity index 100% rename from mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.launch rename to mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch diff --git a/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.launch b/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch similarity index 100% rename from mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.launch rename to mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch diff --git a/mqx/cyassl/include.am b/mqx/cyassl/include.am new file mode 100644 index 000000000..5523620eb --- /dev/null +++ b/mqx/cyassl/include.am @@ -0,0 +1,8 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mqx/cyassl/.cproject \ + mqx/cyassl/.project + diff --git a/mqx/cyassl_client/Sources/include.am b/mqx/cyassl_client/Sources/include.am new file mode 100644 index 000000000..dd4b2ffd9 --- /dev/null +++ b/mqx/cyassl_client/Sources/include.am @@ -0,0 +1,15 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mqx/cyassl_client/.cproject \ + mqx/cyassl_client/.project \ + mqx/cyassl_client/ReferencedRSESystems.xml \ + mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch \ + mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch + +EXTRA_DIST += \ + mqx/cyassl_client/Sources/main.c \ + mqx/cyassl_client/Sources/main.h + diff --git a/mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.launch b/mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch similarity index 100% rename from mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.launch rename to mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch diff --git a/mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.launch b/mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch similarity index 100% rename from mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.launch rename to mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch diff --git a/mqx/util_lib/Sources/include.am b/mqx/util_lib/Sources/include.am new file mode 100644 index 000000000..4b54a5a60 --- /dev/null +++ b/mqx/util_lib/Sources/include.am @@ -0,0 +1,12 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mqx/util_lib/.cproject \ + mqx/util_lib/.project + +EXTRA_DIST += \ + mqx/util_lib/Sources/util.c \ + mqx/util_lib/Sources/util.h + From d799898a369e9708333a7753817235b296b4af17 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Thu, 31 Jan 2013 11:14:17 -0700 Subject: [PATCH 17/52] update README --- README | 29 ++++++++++++++++++++++++++--- mqx/cyassl/include.am | 3 +++ 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/README b/README index 5ae5971f6..ca99603aa 100644 --- a/README +++ b/README @@ -32,18 +32,41 @@ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling SSL_new(); Though it's not recommended. +*** end Notes *** + + +CyaSSL Release 2.5.0 (02/04/2013) + +Release 2.5.0 CyaSSL has bug fixes and new features including: +- Microchip PIC32 (MIPS16, MIPS32) support +- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit +- Updated CTaoCrypt benchmark app for embedded systems +- 1024-bit test certs/keys and cert/key buffers +- Initial Cavium Nitrox support +- AES-CCM-8 crypto and cipher suites +- Camellia crypto and cipher suites +- Bumped minimum autoconf version to 2.65, automake version to 1.12 +- Addition of OCSP callbacks +- STM32F2 support with hardware crypto and RNG + +CTaoCrypt now has support for the Microchip PIC32 and has been tested with +the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and +MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README +located under the /mplabx directory for more details. -Note 3) CyaSSL is able to use the STM32F2 hardware-based cryptography and random number generator through the STM32F2 Standard Peripheral Library. For necessary defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the STM32F2 Standard Peripheral Library can be found in the following document: http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf -*** end Notes *** +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. -CyaSSL Release 2.4.6 (12/20/2012) + +*************** CyaSSL Release 2.4.6 (12/20/2012) Release 2.4.6 CyaSSL has bug fixes and a few new features including: - ECC into main version diff --git a/mqx/cyassl/include.am b/mqx/cyassl/include.am index 5523620eb..509e078a5 100644 --- a/mqx/cyassl/include.am +++ b/mqx/cyassl/include.am @@ -2,6 +2,9 @@ # All paths should be given relative to the root # +EXTRA_DIST += \ + mqx/README + EXTRA_DIST += \ mqx/cyassl/.cproject \ mqx/cyassl/.project From ba26b4b4e288f87e4ae2c5a900cd908f1319ac4f Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Thu, 31 Jan 2013 13:44:38 -0700 Subject: [PATCH 18/52] fix to prevent --disable-debug from enabling it --- m4/ax_debug.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m4/ax_debug.m4 b/m4/ax_debug.m4 index 769d48d5e..5c63daa11 100644 --- a/m4/ax_debug.m4 +++ b/m4/ax_debug.m4 @@ -49,7 +49,7 @@ AC_DEFUN([AX_DEBUG],[ AC_ARG_ENABLE([debug], [AS_HELP_STRING([--enable-debug], [Add debug code/turns off optimizations (yes|no) @<:@default=no@:>@])],[ - ax_enable_debug=yes + ax_enable_debug=$enableval AC_DEFINE(DEBUG, [ 1 ], [Define to 1 to enable debugging code.]) ],[ ax_enable_debug=no From 01703281cccc48e13033353dc7585123f810014e Mon Sep 17 00:00:00 2001 From: Todd Ouska Date: Thu, 31 Jan 2013 15:55:29 -0800 Subject: [PATCH 19/52] add cavium RSA to ctaocrypt --- ctaocrypt/benchmark/benchmark.c | 7 + ctaocrypt/src/asn.c | 67 +++++++++ ctaocrypt/src/rsa.c | 247 +++++++++++++++++++++++++++++++- ctaocrypt/test/test.c | 8 +- cyassl/ctaocrypt/rsa.h | 19 +++ cyassl/ctaocrypt/types.h | 3 +- 6 files changed, 347 insertions(+), 4 deletions(-) diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 06decc84d..268815896 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -650,6 +650,10 @@ void bench_rsa(void) bytes = fread(tmp, 1, sizeof(tmp), file); #endif /* USE_CERT_BUFFERS */ +#ifdef HAVE_CAVIUM + if (RsaInitCavium(&rsaKey, CAVIUM_DEV_ID) != 0) + printf("RSA init cavium failed\n"); +#endif InitRng(&rng); InitRsaKey(&rsaKey, 0); bytes = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes); @@ -684,6 +688,9 @@ void bench_rsa(void) fclose(file); #endif FreeRsaKey(&rsaKey); +#ifdef HAVE_CAVIUM + RsaFreeCavium(&rsaKey); +#endif } #endif diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 96cba9cd4..931c22dd3 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -531,11 +531,78 @@ static int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, #ifndef NO_RSA + +#ifdef HAVE_CAVIUM + +static int GetCaviumInt(byte** buff, word16* buffSz, const byte* input, + word32* inOutIdx, word32 maxIdx, void* heap) +{ + word32 i = *inOutIdx; + byte b = input[i++]; + int length; + + if (b != ASN_INTEGER) + return ASN_PARSE_E; + + if (GetLength(input, &i, &length, maxIdx) < 0) + return ASN_PARSE_E; + + if ( (b = input[i++]) == 0x00) + length--; + else + i--; + + *buffSz = (word16)length; + *buff = XMALLOC(*buffSz, heap, DYNAMIC_TYPE_CAVIUM_RSA); + if (*buff == NULL) + return MEMORY_E; + + XMEMCPY(*buff, input + i, *buffSz); + + *inOutIdx = i + length; + return 0; +} + +static int CaviumRsaPrivateKeyDecode(const byte* input, word32* inOutIdx, + RsaKey* key, word32 inSz) +{ + int version, length; + void* h = key->heap; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetMyVersion(input, inOutIdx, &version) < 0) + return ASN_PARSE_E; + + key->type = RSA_PRIVATE; + + if (GetCaviumInt(&key->c_n, &key->c_nSz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_e, &key->c_eSz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_d, &key->c_dSz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_p, &key->c_pSz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_q, &key->c_qSz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_dP, &key->c_dP_Sz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_dQ, &key->c_dQ_Sz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_u, &key->c_uSz, input, inOutIdx, inSz, h) < 0 ) + return ASN_RSA_KEY_E; + + return 0; +} + + +#endif /* HAVE_CAVIUM */ + int RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, word32 inSz) { int version, length; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return CaviumRsaPrivateKeyDecode(input, inOutIdx, key, inSz); +#endif + if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; diff --git a/ctaocrypt/src/rsa.c b/ctaocrypt/src/rsa.c index 06ad74351..bcbf0b80b 100644 --- a/ctaocrypt/src/rsa.c +++ b/ctaocrypt/src/rsa.c @@ -39,6 +39,18 @@ #endif #endif +#ifdef HAVE_CAVIUM + static void InitCaviumRsaKey(RsaKey* key, void* heap); + static void FreeCaviumRsaKey(RsaKey* key); + static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); + static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); + static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); + static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); +#endif enum { RSA_PUBLIC_ENCRYPT = 0, @@ -58,6 +70,11 @@ enum { void InitRsaKey(RsaKey* key, void* heap) { +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return InitCaviumRsaKey(key, heap); +#endif + key->type = -1; /* haven't decided yet */ key->heap = heap; @@ -75,6 +92,12 @@ void InitRsaKey(RsaKey* key, void* heap) void FreeRsaKey(RsaKey* key) { (void)key; + +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return FreeCaviumRsaKey(key); +#endif + /* TomsFastMath doesn't use memory allocation */ #ifndef USE_FAST_MATH if (key->type == RSA_PRIVATE) { @@ -249,8 +272,14 @@ done: int RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, RNG* rng) { - int sz = mp_unsigned_bin_size(&key->n), ret; + int sz, ret; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return CaviumRsaPublicEncrypt(in, inLen, out, outLen, key); +#endif + + sz = mp_unsigned_bin_size(&key->n); if (sz > (int)outLen) return RSA_BUFFER_E; @@ -270,6 +299,15 @@ int RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) { int plainLen, ret; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) { + ret = CaviumRsaPrivateDecrypt(in, inLen, in, inLen, key); + if (ret > 0) + *out = in; + return ret; + } +#endif + if ((ret = RsaFunction(in, inLen, in, &inLen, RSA_PRIVATE_DECRYPT, key)) < 0) { return ret; @@ -288,6 +326,11 @@ int RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, byte* tmp; byte* pad = 0; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return CaviumRsaPrivateDecrypt(in, inLen, out, outLen, key); +#endif + tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); if (tmp == NULL) { return MEMORY_E; @@ -316,6 +359,15 @@ int RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) { int plainLen, ret; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) { + ret = CaviumRsaSSL_Verify(in, inLen, in, inLen, key); + if (ret > 0) + *out = in; + return ret; + } +#endif + if ((ret = RsaFunction(in, inLen, in, &inLen, RSA_PUBLIC_DECRYPT, key)) < 0) { return ret; @@ -334,6 +386,11 @@ int RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, byte* tmp; byte* pad = 0; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return CaviumRsaSSL_Verify(in, inLen, out, outLen, key); +#endif + tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); if (tmp == NULL) { return MEMORY_E; @@ -362,8 +419,14 @@ int RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, int RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, RNG* rng) { - int sz = mp_unsigned_bin_size(&key->n), ret; + int sz, ret; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return CaviumRsaSSL_Sign(in, inLen, out, outLen, key); +#endif + + sz = mp_unsigned_bin_size(&key->n); if (sz > (int)outLen) return RSA_BUFFER_E; @@ -381,6 +444,10 @@ int RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, int RsaEncryptSize(RsaKey* key) { +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return key->c_nSz; +#endif return mp_unsigned_bin_size(&key->n); } @@ -561,4 +628,180 @@ int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) #endif /* CYASSL_KEY_GEN */ + +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze RSA for use with Nitrox device */ +int RsaInitCavium(RsaKey* rsa, int devId) +{ + if (rsa == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &rsa->contextHandle, devId) != 0) + return -1; + + rsa->devId = devId; + rsa->magic = CYASSL_RSA_CAVIUM_MAGIC; + + return 0; +} + + +/* Free RSA from use with Nitrox device */ +void RsaFreeCavium(RsaKey* rsa) +{ + if (rsa == NULL) + return; + + CspFreeContext(CONTEXT_SSL, rsa->contextHandle, rsa->devId); + rsa->magic = 0; +} + + +/* Initialize cavium RSA key */ +static void InitCaviumRsaKey(RsaKey* key, void* heap) +{ + if (key == NULL) + return; + + key->heap = heap; + key->type = -1; /* don't know yet */ + + key->c_n = NULL; + key->c_e = NULL; + key->c_d = NULL; + key->c_p = NULL; + key->c_q = NULL; + key->c_dP = NULL; + key->c_dQ = NULL; + key->c_u = NULL; + + key->c_nSz = 0; + key->c_eSz = 0; + key->c_dSz = 0; + key->c_pSz = 0; + key->c_qSz = 0; + key->c_dP_Sz = 0; + key->c_dQ_Sz = 0; + key->c_uSz = 0; +} + + +/* Free cavium RSA key */ +static void FreeCaviumRsaKey(RsaKey* key) +{ + if (key == NULL) + return; + + XFREE(key->c_n, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_e, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_d, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_p, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_q, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_dP, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_dQ, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_u, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + + InitCaviumRsaKey(key, key->heap); /* reset pointers */ +} + + +static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + + if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15Enc(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_eSz, + (word16)inLen, key->c_n, key->c_e, (byte*)in, out, + &requestId, key->devId); + if (ret != 0) { + CYASSL_MSG("Cavium Enc BT2 failed"); + return -1; + } + return key->c_nSz; +} + + +static INLINE void ato16(const byte* c, word16* u16) +{ + *u16 = (c[0] << 8) | (c[1]); +} + + +static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + word16 outSz = (word16)outLen; + + if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15CrtDec(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_q, + key->c_dQ, key->c_p, key->c_dP, key->c_u, + (byte*)in, &outSz, out, &requestId, key->devId); + if (ret != 0) { + CYASSL_MSG("Cavium CRT Dec BT2 failed"); + return -1; + } + ato16((const byte*)&outSz, &outSz); + + return outSz; +} + + +static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + + if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen < + (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15CrtEnc(CAVIUM_BLOCKING, BT1, key->c_nSz, (word16)inLen, + key->c_q, key->c_dQ, key->c_p, key->c_dP, key->c_u, + (byte*)in, out, &requestId, key->devId); + if (ret != 0) { + CYASSL_MSG("Cavium CRT Enc BT1 failed"); + return -1; + } + return key->c_nSz; +} + + +static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + word16 outSz = (word16)outLen; + + if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15Dec(CAVIUM_BLOCKING, BT1, key->c_nSz, key->c_eSz, + key->c_n, key->c_e, (byte*)in, &outSz, out, + &requestId, key->devId); + if (ret != 0) { + CYASSL_MSG("Cavium Dec BT1 failed"); + return -1; + } + outSz = ntohs(outSz); + + return outSz; +} + + +#endif /* HAVE_CAVIUM */ + #endif /* NO_RSA */ diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index feb9c1a99..05ddf08f5 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -2108,7 +2108,10 @@ int rsa_test(void) bytes = fread(tmp, 1, FOURK_BUF, file); #endif /* USE_CERT_BUFFERS */ - + +#ifdef HAVE_CAVIUM + RsaInitCavium(&key, CAVIUM_DEV_ID); +#endif InitRsaKey(&key, 0); ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) return -41; @@ -2488,6 +2491,9 @@ int rsa_test(void) #endif /* CYASSL_CERT_GEN */ FreeRsaKey(&key); +#ifdef HAVE_CAVIUM + RsaFreeCavium(&key); +#endif free(tmp); return 0; diff --git a/cyassl/ctaocrypt/rsa.h b/cyassl/ctaocrypt/rsa.h index c029e4b09..41486f3e8 100644 --- a/cyassl/ctaocrypt/rsa.h +++ b/cyassl/ctaocrypt/rsa.h @@ -32,6 +32,7 @@ extern "C" { #endif +#define CYASSL_RSA_CAVIUM_MAGIC 0xBEEF0006 enum { RSA_PUBLIC = 0, @@ -43,6 +44,20 @@ typedef struct RsaKey { mp_int n, e, d, p, q, dP, dQ, u; int type; /* public or private */ void* heap; /* for user memory overrides */ +#ifdef HAVE_CAVIUM + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ + word64 contextHandle; /* nitrox context memory handle */ + byte* c_n; /* cavium byte buffers for key parts */ + byte* c_e; + byte* c_d; + byte* c_p; + byte* c_q; + byte* c_dP; + byte* c_dQ; + byte* c_u; /* sizes in bytes */ + word16 c_nSz, c_eSz, c_dSz, c_pSz, c_qSz, c_dP_Sz, c_dQ_Sz, c_uSz; +#endif } RsaKey; @@ -72,6 +87,10 @@ CYASSL_API int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, CYASSL_API int RsaKeyToDer(RsaKey*, byte* output, word32 inLen); #endif +#ifdef HAVE_CAVIUM + CYASSL_API int RsaInitCavium(RsaKey*, int); + CYASSL_API void RsaFreeCavium(RsaKey*); +#endif #ifdef __cplusplus diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index b33c37e9a..bf1db9f2e 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -230,7 +230,8 @@ enum { DYNAMIC_TYPE_LIBZ = 36, DYNAMIC_TYPE_ECC = 37, DYNAMIC_TYPE_TMP_BUFFER = 38, - DYNAMIC_TYPE_CAVIUM_TMP = 40 + DYNAMIC_TYPE_CAVIUM_TMP = 40, + DYNAMIC_TYPE_CAVIUM_RSA = 41 }; /* stack protection */ From 44b6593fe59bff8313afa14128419b914ac68da8 Mon Sep 17 00:00:00 2001 From: Todd Ouska Date: Fri, 1 Feb 2013 12:21:38 -0800 Subject: [PATCH 20/52] add cavium ciphers to SSL, and example client --- ctaocrypt/src/aes.c | 19 +++++++-- ctaocrypt/src/arc4.c | 4 +- ctaocrypt/src/des3.c | 15 +++++-- ctaocrypt/src/error.c | 4 ++ ctaocrypt/test/test.c | 69 +++++++++++++++++--------------- cyassl/ctaocrypt/error.h | 2 + cyassl/internal.h | 8 ++++ cyassl/ssl.h | 5 +++ cyassl/test.h | 30 ++++++++++++++ examples/client/client.c | 13 ++++++ examples/echoclient/echoclient.c | 9 +++++ examples/echoserver/echoserver.c | 9 +++++ examples/server/server.c | 9 +++++ src/internal.c | 7 ++++ src/keys.c | 46 ++++++++++++++++++++- src/ssl.c | 28 +++++++++++++ tests/unit.c | 10 +++++ testsuite/testsuite.c | 9 +++++ 18 files changed, 252 insertions(+), 44 deletions(-) diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index 05e7dcbe5..d7a7a3aa4 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -2827,6 +2827,8 @@ static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, CYASSL_MSG("Bad Cavium Aes Encrypt"); } length -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + XMEMCPY(aes->reg, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE); } if (length) { word16 slen = (word16)length; @@ -2836,6 +2838,7 @@ static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, aes->devId) != 0) { CYASSL_MSG("Bad Cavium Aes Encrypt"); } + XMEMCPY(aes->reg, out + offset+length - AES_BLOCK_SIZE, AES_BLOCK_SIZE); } } @@ -2843,23 +2846,31 @@ static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 length) { word32 requestId; + word offset = 0; while (length > CYASSL_MAX_16BIT) { word16 slen = (word16)CYASSL_MAX_16BIT; + XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE); if (CspDecryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE, - aes->type, slen, (byte*)in, out, (byte*)aes->reg, - (byte*)aes->key, &requestId, aes->devId) != 0) { + aes->type, slen, (byte*)in + offset, out + offset, + (byte*)aes->reg, (byte*)aes->key, &requestId, + aes->devId) != 0) { CYASSL_MSG("Bad Cavium Aes Decrypt"); } length -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); } if (length) { word16 slen = (word16)length; + XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE); if (CspDecryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE, - aes->type, slen, (byte*)in, out, (byte*)aes->reg, - (byte*)aes->key, &requestId, aes->devId) != 0) { + aes->type, slen, (byte*)in + offset, out + offset, + (byte*)aes->reg, (byte*)aes->key, &requestId, + aes->devId) != 0) { CYASSL_MSG("Bad Cavium Aes Decrypt"); } + XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); } } diff --git a/ctaocrypt/src/arc4.c b/ctaocrypt/src/arc4.c index 6e37defa8..f49d4e7aa 100644 --- a/ctaocrypt/src/arc4.c +++ b/ctaocrypt/src/arc4.c @@ -148,7 +148,7 @@ static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in, while (length > CYASSL_MAX_16BIT) { word16 slen = (word16)CYASSL_MAX_16BIT; - if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_NO_UPDATE, + if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE, slen, (byte*)in + offset, out + offset, &requestId, arc4->devId) != 0) { CYASSL_MSG("Bad Cavium Arc4 Encrypt"); @@ -158,7 +158,7 @@ static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in, } if (length) { word16 slen = (word16)length; - if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_NO_UPDATE, + if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE, slen, (byte*)in + offset, out + offset, &requestId, arc4->devId) != 0) { CYASSL_MSG("Bad Cavium Arc4 Encrypt"); diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index 3cab82700..0b46e2cdd 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -817,7 +817,7 @@ static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, { word offset = 0; word32 requestId; - + while (length > CYASSL_MAX_16BIT) { word16 slen = (word16)CYASSL_MAX_16BIT; if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, @@ -827,6 +827,8 @@ static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt"); } length -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + XMEMCPY(des3->reg, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); } if (length) { word16 slen = (word16)length; @@ -837,6 +839,7 @@ static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, &requestId, des3->devId) != 0) { CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt"); } + XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE); } } @@ -844,25 +847,31 @@ static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, word32 length) { word32 requestId; + word offset = 0; while (length > CYASSL_MAX_16BIT) { word16 slen = (word16)CYASSL_MAX_16BIT; + XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE, DES_BLOCK_SIZE); if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, - CAVIUM_NO_UPDATE, slen, (byte*)in, out, + CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset, (byte*)des3->reg, (byte*)des3->key[0], &requestId, des3->devId) != 0) { CYASSL_MSG("Bad Cavium 3Des Decrypt"); } length -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE); } if (length) { word16 slen = (word16)length; + XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE,DES_BLOCK_SIZE); if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, - CAVIUM_NO_UPDATE, slen, (byte*)in, out, + CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset, (byte*)des3->reg, (byte*)des3->key[0], &requestId, des3->devId) != 0) { CYASSL_MSG("Bad Cavium 3Des Decrypt"); } + XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE); } } diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c index b4d1eb258..9c6df7cd5 100644 --- a/ctaocrypt/src/error.c +++ b/ctaocrypt/src/error.c @@ -277,6 +277,10 @@ void CTaoCryptErrorString(int error, char* buffer) XSTRNCPY(buffer, "AES-CCM Authentication check fail", max); break; + case CAVIUM_INIT_E: + XSTRNCPY(buffer, "Cavium Init type error", max); + break; + default: XSTRNCPY(buffer, "unknown error number", max); diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 05ddf08f5..1bd34abcd 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -160,29 +160,6 @@ typedef struct func_args { -#ifdef HAVE_CAVIUM - -static int OpenNitroxDevice(int dma_mode,int dev_id) -{ - Csp1CoreAssignment core_assign; - Uint32 device; - - if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID)) - return -1; - if (Csp1GetDevType(&device)) - return -1; - if (device != NPX_DEVICE) { - if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT, - (Uint32 *)&core_assign)!= 0) - return -1; - } - CspShutdown(CAVIUM_DEV_ID); - - return CspInitialize(dma_mode, dev_id); -} - -#endif - void ctaocrypt_test(void* args) { int ret = 0; @@ -199,11 +176,6 @@ void ctaocrypt_test(void* args) #endif /* USE_FAST_MATH */ #endif /* !CYASSL_LEANPSK */ -#ifdef HAVE_CAVIUM - ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); - if (ret != 0) - err_sys("Cavium OpenNitroxDevice failed", -1236); -#endif /* HAVE_CAVIUM */ #ifndef NO_MD5 if ( (ret = md5_test()) ) @@ -398,25 +370,56 @@ void ctaocrypt_test(void* args) printf( "ECC test passed!\n"); #endif -#ifdef HAVE_CAVIUM - CspShutdown(CAVIUM_DEV_ID); -#endif ((func_args*)args)->return_code = ret; } -/* so overall tests can pull in test function */ #ifndef NO_MAIN_DRIVER +#ifdef HAVE_CAVIUM + +static int OpenNitroxDevice(int dma_mode,int dev_id) +{ + Csp1CoreAssignment core_assign; + Uint32 device; + + if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID)) + return -1; + if (Csp1GetDevType(&device)) + return -1; + if (device != NPX_DEVICE) { + if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT, + (Uint32 *)&core_assign)!= 0) + return -1; + } + CspShutdown(CAVIUM_DEV_ID); + + return CspInitialize(dma_mode, dev_id); +} + +#endif /* HAVE_CAVIUM */ + + /* so overall tests can pull in test function */ + int main(int argc, char** argv) { func_args args; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed", -1236); +#endif /* HAVE_CAVIUM */ + args.argc = argc; args.argv = argv; ctaocrypt_test(&args); + +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif return args.return_code; } @@ -1490,8 +1493,8 @@ int des3_test(void) return -20006; #endif Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); - Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); + Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); if (memcmp(plain, vector, sizeof(plain))) diff --git a/cyassl/ctaocrypt/error.h b/cyassl/ctaocrypt/error.h index 308fb1d81..47f002516 100644 --- a/cyassl/ctaocrypt/error.h +++ b/cyassl/ctaocrypt/error.h @@ -101,6 +101,8 @@ enum { AES_GCM_AUTH_E = -180, /* AES-GCM Authentication check failure */ AES_CCM_AUTH_E = -181, /* AES-CCM Authentication check failure */ + CAVIUM_INIT_E = -182, /* Cavium Init type error */ + MIN_CODE_E = -200 /* errors -101 - -199 */ }; diff --git a/cyassl/internal.h b/cyassl/internal.h index a7d7bdad4..4d3f0b583 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -567,6 +567,8 @@ enum Misc { HASH_SIG_SIZE = 2, /* default SHA1 RSA */ + NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */ + NO_COPY = 0, /* should we copy static buffer for write */ COPY = 1 /* should we copy static buffer for write */ }; @@ -969,6 +971,9 @@ struct CYASSL_CTX { #ifdef HAVE_OCSP CYASSL_OCSP ocsp; #endif +#ifdef HAVE_CAVIUM + int devId; /* cavium device id to use */ +#endif }; @@ -1470,6 +1475,9 @@ struct CYASSL { #ifdef FORTRESS void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ #endif +#ifdef HAVE_CAVIUM + int devId; /* cavium device id to use */ +#endif }; diff --git a/cyassl/ssl.h b/cyassl/ssl.h index fdd6a3221..cb6c017bc 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -867,6 +867,11 @@ CYASSL_API void CyaSSL_KeepArrays(CYASSL*); CYASSL_API void CyaSSL_FreeArrays(CYASSL*); +/* cavium additions */ +CYASSL_API int CyaSSL_UseCavium(CYASSL*, int devId); +CYASSL_API int CyaSSL_CTX_UseCavium(CYASSL_CTX*, int devId); + + #define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */ #define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */ diff --git a/cyassl/test.h b/cyassl/test.h index 99b005c62..399614a7a 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -40,6 +40,12 @@ #endif #endif /* USE_WINDOWS_API */ +#ifdef HAVE_CAVIUM + #include "cavium_sysdep.h" + #include "cavium_common.h" + #include "cavium_ioctl.h" +#endif + #ifdef _MSC_VER /* disable conversion warning */ /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ @@ -798,6 +804,30 @@ static INLINE void SetDHCtx(CYASSL_CTX* ctx) #endif /* !NO_CERTS */ +#ifdef HAVE_CAVIUM + +static INLINE int OpenNitroxDevice(int dma_mode,int dev_id) +{ + Csp1CoreAssignment core_assign; + Uint32 device; + + if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID)) + return -1; + if (Csp1GetDevType(&device)) + return -1; + if (device != NPX_DEVICE) { + if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT, + (Uint32 *)&core_assign)!= 0) + return -1; + } + CspShutdown(CAVIUM_DEV_ID); + + return CspInitialize(dma_mode, dev_id); +} + +#endif /* HAVE_CAVIUM */ + + #ifdef USE_WINDOWS_API /* do back x number of directories */ diff --git a/examples/client/client.c b/examples/client/client.c index 541dfdf06..fcc38ba89 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -333,6 +333,10 @@ void client_test(void* args) if (!usePsk && doPeerCheck == 0) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); +#ifdef HAVE_CAVIUM + CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID); +#endif + if (benchmark) { /* time passed in number of connects give average */ int times = benchmark; @@ -533,6 +537,12 @@ void client_test(void* args) { func_args args; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + StartTCP(); args.argc = argc; @@ -548,6 +558,9 @@ void client_test(void* args) client_test(&args); CyaSSL_Cleanup(); +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif return args.return_code; } diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index d61cebb59..6275ba6ef 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -186,6 +186,12 @@ void echoclient_test(void* args) { func_args args; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + StartTCP(); args.argc = argc; @@ -200,6 +206,9 @@ void echoclient_test(void* args) echoclient_test(&args); CyaSSL_Cleanup(); +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif return args.return_code; } diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 4cd5ba266..1cd2eb241 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -287,6 +287,12 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) { func_args args; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + StartTCP(); args.argc = argc; @@ -301,6 +307,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) echoserver_test(&args); CyaSSL_Cleanup(); +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif return args.return_code; } diff --git a/examples/server/server.c b/examples/server/server.c index 662e66f8c..4853ae43e 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -383,6 +383,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) { func_args args; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + StartTCP(); args.argc = argc; @@ -398,6 +404,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) server_test(&args); CyaSSL_Cleanup(); +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif return args.return_code; } diff --git a/src/internal.c b/src/internal.c index 254486a2a..b47980285 100644 --- a/src/internal.c +++ b/src/internal.c @@ -397,6 +397,9 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method) #ifdef HAVE_OCSP CyaSSL_OCSP_Init(&ctx->ocsp); #endif +#ifdef HAVE_CAVIUM + ctx->devId = NO_CAVIUM_DEVICE; +#endif if (InitMutex(&ctx->countMutex) < 0) { CYASSL_MSG("Mutex error on CTX init"); @@ -1241,6 +1244,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->toInfoOn = 0; #endif +#ifdef HAVE_CAVIUM + ssl->devId = ctx->devId; +#endif + ssl->rng = NULL; ssl->arrays = NULL; InitCiphers(ssl); diff --git a/src/keys.c b/src/keys.c index fab88ed39..a0cf0f22d 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1203,8 +1203,9 @@ static int SetPrefix(byte* sha_input, int idx) static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, - byte side, void* heap) + byte side, void* heap, int devId) { + (void)devId; #ifdef BUILD_ARC4 word32 sz = specs->key_size; if (specs->bulk_cipher_algorithm == rc4) { @@ -1214,6 +1215,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); if (dec->arc4 == NULL) return MEMORY_E; +#ifdef HAVE_CAVIUM + if (devId != NO_CAVIUM_DEVICE) { + if (Arc4InitCavium(enc->arc4, devId) != 0) { + CYASSL_MSG("Arc4InitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + if (Arc4InitCavium(dec->arc4, devId) != 0) { + CYASSL_MSG("Arc4InitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + } +#endif if (side == CLIENT_END) { Arc4SetKey(enc->arc4, keys->client_write_key, sz); Arc4SetKey(dec->arc4, keys->server_write_key, sz); @@ -1285,6 +1298,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); if (dec->des3 == NULL) return MEMORY_E; +#ifdef HAVE_CAVIUM + if (devId != NO_CAVIUM_DEVICE) { + if (Des3_InitCavium(enc->des3, devId) != 0) { + CYASSL_MSG("Des3_InitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + if (Des3_InitCavium(dec->des3, devId) != 0) { + CYASSL_MSG("Des3_InitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + } +#endif if (side == CLIENT_END) { Des3_SetKey(enc->des3, keys->client_write_key, keys->client_write_IV, DES_ENCRYPTION); @@ -1310,6 +1335,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); if (dec->aes == NULL) return MEMORY_E; +#ifdef HAVE_CAVIUM + if (devId != NO_CAVIUM_DEVICE) { + if (AesInitCavium(enc->aes, devId) != 0) { + CYASSL_MSG("AesInitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + if (AesInitCavium(dec->aes, devId) != 0) { + CYASSL_MSG("AesInitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + } +#endif if (side == CLIENT_END) { AesSetKey(enc->aes, keys->client_write_key, specs->key_size, keys->client_write_IV, @@ -1442,6 +1479,11 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, int StoreKeys(CYASSL* ssl, const byte* keyData) { int sz, i = 0; + int devId = NO_CAVIUM_DEVICE; + +#ifdef HAVE_CAVIUM + devId = ssl->devId; +#endif if (ssl->specs.cipher_type != aead) { sz = ssl->specs.hash_size; @@ -1469,7 +1511,7 @@ int StoreKeys(CYASSL* ssl, const byte* keyData) #endif return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs, - ssl->options.side, ssl->heap); + ssl->options.side, ssl->heap, devId); } #ifndef NO_OLD_TLS diff --git a/src/ssl.c b/src/ssl.c index 75aba4e8a..5a39b87a4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -433,6 +433,34 @@ int CyaSSL_read(CYASSL* ssl, void* data, int sz) return CyaSSL_read_internal(ssl, data, sz, FALSE); } + +#ifdef HAVE_CAVIUM + +int CyaSSL_UseCavium(CYASSL* ssl, int devId) +{ + if (ssl == NULL) + return BAD_FUNC_ARG; + + ssl->devId = devId; + + return 0; +} + + +int CyaSSL_CTX_UseCavium(CYASSL_CTX* ctx, int devId) +{ + if (ctx == NULL) + return BAD_FUNC_ARG; + + ctx->devId = devId; + + return 0; +} + + +#endif /* HAVE_CAVIUM */ + + #ifndef CYASSL_LEANPSK int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags) { diff --git a/tests/unit.c b/tests/unit.c index bc3154ace..5cd361bbe 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -19,6 +19,12 @@ int main(int argc, char** argv) (void)argv; printf("starting unit tests...\n"); +#ifdef HAVE_CAVIUM + ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + if (CurrentDir("tests")) ChangeDirBack(1); else if (CurrentDir("build")) @@ -39,6 +45,10 @@ int main(int argc, char** argv) return ret; } +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif + return 0; } diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 80a8c878f..7ee67b76e 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -60,6 +60,12 @@ int main(int argc, char** argv) tcp_ready ready; THREAD_TYPE serverThread; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + StartTCP(); args.argc = server_args.argc = argc; @@ -144,6 +150,9 @@ int main(int argc, char** argv) CyaSSL_Cleanup(); FreeTcpReady(&ready); +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif printf("\nAll tests passed!\n"); return EXIT_SUCCESS; } From 24e22d4b6eaf1af5bc21e24ede4fc68a188f5183 Mon Sep 17 00:00:00 2001 From: Todd Ouska Date: Fri, 1 Feb 2013 16:26:42 -0800 Subject: [PATCH 21/52] add cavium notes and free ssl cavium ciphers --- README | 17 ++++++++++++++++- ctaocrypt/src/aes.c | 3 +++ ctaocrypt/src/arc4.c | 3 +++ ctaocrypt/src/des3.c | 3 +++ src/internal.c | 18 ++++++++++++++++++ 5 files changed, 43 insertions(+), 1 deletion(-) diff --git a/README b/README index ca99603aa..c6065442e 100644 --- a/README +++ b/README @@ -42,18 +42,33 @@ Release 2.5.0 CyaSSL has bug fixes and new features including: - Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit - Updated CTaoCrypt benchmark app for embedded systems - 1024-bit test certs/keys and cert/key buffers -- Initial Cavium Nitrox support - AES-CCM-8 crypto and cipher suites - Camellia crypto and cipher suites - Bumped minimum autoconf version to 2.65, automake version to 1.12 - Addition of OCSP callbacks - STM32F2 support with hardware crypto and RNG +- Cavium NITROX support CTaoCrypt now has support for the Microchip PIC32 and has been tested with the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README located under the /mplabx directory for more details. +To add Cavium NITROX support do: + +./configure --with-cavium=/home/user/cavium/software + +pointing to your licensed cavium/software directory. Since Cavium doesn't +build a library we pull in the cavium_common.o file which gives a libtool +warning about the portability of this. Also, if you're using the github source +tree you'll need to remove the -Wredundant-decls warning from the generated +Makefile because the cavium headers don't conform to this warning. Currently +CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto +layer. Support at the SSL level is parital and currently just does AES, 3DES, +and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non +blocking mode. The example client turns on cavium support as does the crypto +test and benchmark. Please see the HAVE_CAVIUM define. + CyaSSL is able to use the STM32F2 hardware-based cryptography and random number generator through the STM32F2 Standard Peripheral Library. For necessary defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index d7a7a3aa4..c9a142315 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -2789,6 +2789,9 @@ void AesFreeCavium(Aes* aes) if (aes == NULL) return; + if (aes->magic != CYASSL_AES_CAVIUM_MAGIC) + return; + CspFreeContext(CONTEXT_SSL, aes->contextHandle, aes->devId); aes->magic = 0; } diff --git a/ctaocrypt/src/arc4.c b/ctaocrypt/src/arc4.c index f49d4e7aa..ba9651eda 100644 --- a/ctaocrypt/src/arc4.c +++ b/ctaocrypt/src/arc4.c @@ -124,6 +124,9 @@ void Arc4FreeCavium(Arc4* arc4) if (arc4 == NULL) return; + if (arc4->magic != CYASSL_ARC4_CAVIUM_MAGIC) + return; + CspFreeContext(CONTEXT_SSL, arc4->contextHandle, arc4->devId); arc4->magic = 0; } diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index 0b46e2cdd..0b85e956f 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -795,6 +795,9 @@ void Des3_FreeCavium(Des3* des3) if (des3 == NULL) return; + if (des3->magic != CYASSL_3DES_CAVIUM_MAGIC) + return; + CspFreeContext(CONTEXT_SSL, des3->contextHandle, des3->devId); des3->magic = 0; } diff --git a/src/internal.c b/src/internal.c index b47980285..6158c4d0c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -496,14 +496,32 @@ void FreeCiphers(CYASSL* ssl) { (void)ssl; #ifdef BUILD_ARC4 + #ifdef HAVE_CAVIUM + if (ssl->devId != NO_CAVIUM_DEVICE) { + Arc4FreeCavium(ssl->encrypt.arc4); + Arc4FreeCavium(ssl->decrypt.arc4); + } + #endif XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); #endif #ifdef BUILD_DES3 + #ifdef HAVE_CAVIUM + if (ssl->devId != NO_CAVIUM_DEVICE) { + Des3_FreeCavium(ssl->encrypt.des3); + Des3_FreeCavium(ssl->decrypt.des3); + } + #endif XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); #endif #ifdef BUILD_AES + #ifdef HAVE_CAVIUM + if (ssl->devId != NO_CAVIUM_DEVICE) { + AesFreeCavium(ssl->encrypt.aes); + AesFreeCavium(ssl->decrypt.aes); + } + #endif XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); #endif From 543d81ba97430844c04c82ea274a99122c9cd1b9 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 4 Feb 2013 13:11:21 -0800 Subject: [PATCH 22/52] release 2.5.0 --- README | 2 ++ configure.ac | 2 +- cyassl/version.h | 4 ++-- src/internal.c | 12 ++++++------ src/keys.c | 2 +- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/README b/README index c6065442e..c3c335c91 100644 --- a/README +++ b/README @@ -38,6 +38,8 @@ before calling SSL_new(); Though it's not recommended. CyaSSL Release 2.5.0 (02/04/2013) Release 2.5.0 CyaSSL has bug fixes and new features including: +- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and + Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ - Microchip PIC32 (MIPS16, MIPS32) support - Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit - Updated CTaoCrypt benchmark app for embedded systems diff --git a/configure.ac b/configure.ac index c07f843f4..9d26e009b 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[2.4.7],[http://www.yassl.com]) +AC_INIT([cyassl],[2.5.0],[http://www.yassl.com]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/cyassl/version.h b/cyassl/version.h index 04b3923bd..c76405051 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBCYASSL_VERSION_STRING "2.4.7" -#define LIBCYASSL_VERSION_HEX 0x02004007 +#define LIBCYASSL_VERSION_STRING "2.5.0" +#define LIBCYASSL_VERSION_HEX 0x02005000 #ifdef __cplusplus } diff --git a/src/internal.c b/src/internal.c index 6158c4d0c..ef6755094 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3445,7 +3445,7 @@ static INLINE void Md5Rounds(int rounds, const byte* data, int sz) InitMd5(&md5); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) Md5Update(&md5, data, sz); } @@ -3459,7 +3459,7 @@ static INLINE void ShaRounds(int rounds, const byte* data, int sz) InitSha(&sha); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) ShaUpdate(&sha, data, sz); } @@ -3473,7 +3473,7 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) InitSha256(&sha256); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) Sha256Update(&sha256, data, sz); } @@ -3489,7 +3489,7 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) InitSha384(&sha384); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) Sha384Update(&sha384, data, sz); } @@ -3505,7 +3505,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) InitSha512(&sha512); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) Sha512Update(&sha512, data, sz); } @@ -3521,7 +3521,7 @@ static INLINE void RmdRounds(int rounds, const byte* data, int sz) InitRipeMd(&ripemd); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) RipeMdUpdate(&ripemd, data, sz); } diff --git a/src/keys.c b/src/keys.c index a0cf0f22d..c822f43fe 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1205,7 +1205,6 @@ static int SetPrefix(byte* sha_input, int idx) static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, byte side, void* heap, int devId) { - (void)devId; #ifdef BUILD_ARC4 word32 sz = specs->key_size; if (specs->bulk_cipher_algorithm == rc4) { @@ -1470,6 +1469,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, (void)enc; (void)dec; (void)specs; + (void)devId; return 0; } From 36f62a57076a679eb62a119e37973326b500dd8c Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 4 Feb 2013 14:11:20 -0800 Subject: [PATCH 23/52] fix CyaSSL_write memory error return, bump dev version --- configure.ac | 2 +- cyassl/version.h | 4 ++-- src/internal.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 9d26e009b..727e838a3 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[2.5.0],[http://www.yassl.com]) +AC_INIT([cyassl],[2.5.1],[http://www.yassl.com]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/cyassl/version.h b/cyassl/version.h index c76405051..568509dda 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBCYASSL_VERSION_STRING "2.5.0" -#define LIBCYASSL_VERSION_HEX 0x02005000 +#define LIBCYASSL_VERSION_STRING "2.5.1" +#define LIBCYASSL_VERSION_HEX 0x02005001 #ifdef __cplusplus } diff --git a/src/internal.c b/src/internal.c index ef6755094..0e371eca7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4716,7 +4716,7 @@ int SendData(CYASSL* ssl, const void* data, int sz) /* check for avalaible size */ if ((ret = CheckAvalaibleSize(ssl, len + COMP_EXTRA + MAX_MSG_EXTRA)) != 0) - return ret; + return ssl->error = ret; /* get ouput buffer */ out = ssl->buffers.outputBuffer.buffer + From f4f13371f98232818af9bec4fcec584691419cbd Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 4 Feb 2013 14:51:41 -0800 Subject: [PATCH 24/52] update copyright date --- configure.ac | 2 +- ctaocrypt/benchmark/benchmark.c | 2 +- ctaocrypt/src/aes.c | 2 +- ctaocrypt/src/aes_asm.s | 2 +- ctaocrypt/src/arc4.c | 2 +- ctaocrypt/src/asm.c | 2 +- ctaocrypt/src/asn.c | 2 +- ctaocrypt/src/coding.c | 2 +- ctaocrypt/src/des3.c | 2 +- ctaocrypt/src/dh.c | 2 +- ctaocrypt/src/dsa.c | 2 +- ctaocrypt/src/ecc.c | 2 +- ctaocrypt/src/error.c | 2 +- ctaocrypt/src/fp_mont_small.i | 2 +- ctaocrypt/src/fp_mul_comba_12.i | 2 +- ctaocrypt/src/fp_mul_comba_17.i | 2 +- ctaocrypt/src/fp_mul_comba_20.i | 2 +- ctaocrypt/src/fp_mul_comba_24.i | 2 +- ctaocrypt/src/fp_mul_comba_28.i | 2 +- ctaocrypt/src/fp_mul_comba_3.i | 2 +- ctaocrypt/src/fp_mul_comba_32.i | 2 +- ctaocrypt/src/fp_mul_comba_4.i | 2 +- ctaocrypt/src/fp_mul_comba_48.i | 2 +- ctaocrypt/src/fp_mul_comba_6.i | 2 +- ctaocrypt/src/fp_mul_comba_64.i | 2 +- ctaocrypt/src/fp_mul_comba_7.i | 2 +- ctaocrypt/src/fp_mul_comba_8.i | 2 +- ctaocrypt/src/fp_mul_comba_9.i | 2 +- ctaocrypt/src/fp_mul_comba_small_set.i | 2 +- ctaocrypt/src/fp_sqr_comba_12.i | 2 +- ctaocrypt/src/fp_sqr_comba_17.i | 2 +- ctaocrypt/src/fp_sqr_comba_20.i | 2 +- ctaocrypt/src/fp_sqr_comba_24.i | 2 +- ctaocrypt/src/fp_sqr_comba_28.i | 2 +- ctaocrypt/src/fp_sqr_comba_3.i | 2 +- ctaocrypt/src/fp_sqr_comba_32.i | 2 +- ctaocrypt/src/fp_sqr_comba_4.i | 2 +- ctaocrypt/src/fp_sqr_comba_48.i | 2 +- ctaocrypt/src/fp_sqr_comba_6.i | 2 +- ctaocrypt/src/fp_sqr_comba_64.i | 2 +- ctaocrypt/src/fp_sqr_comba_7.i | 2 +- ctaocrypt/src/fp_sqr_comba_8.i | 2 +- ctaocrypt/src/fp_sqr_comba_9.i | 2 +- ctaocrypt/src/fp_sqr_comba_small_set.i | 2 +- ctaocrypt/src/hc128.c | 2 +- ctaocrypt/src/hmac.c | 2 +- ctaocrypt/src/integer.c | 2 +- ctaocrypt/src/logging.c | 2 +- ctaocrypt/src/md2.c | 2 +- ctaocrypt/src/md4.c | 2 +- ctaocrypt/src/md5.c | 2 +- ctaocrypt/src/memory.c | 2 +- ctaocrypt/src/misc.c | 2 +- ctaocrypt/src/pwdbased.c | 2 +- ctaocrypt/src/rabbit.c | 2 +- ctaocrypt/src/random.c | 2 +- ctaocrypt/src/ripemd.c | 2 +- ctaocrypt/src/rsa.c | 2 +- ctaocrypt/src/sha.c | 2 +- ctaocrypt/src/sha256.c | 2 +- ctaocrypt/src/sha512.c | 2 +- ctaocrypt/src/tfm.c | 2 +- ctaocrypt/test/test.c | 2 +- ctaocrypt/test/test.h | 2 +- cyassl/callbacks.h | 2 +- cyassl/crl.h | 2 +- cyassl/ctaocrypt/aes.h | 2 +- cyassl/ctaocrypt/arc4.h | 2 +- cyassl/ctaocrypt/asn.h | 2 +- cyassl/ctaocrypt/asn_public.h | 2 +- cyassl/ctaocrypt/coding.h | 2 +- cyassl/ctaocrypt/des3.h | 2 +- cyassl/ctaocrypt/dh.h | 2 +- cyassl/ctaocrypt/dsa.h | 2 +- cyassl/ctaocrypt/ecc.h | 2 +- cyassl/ctaocrypt/error.h | 2 +- cyassl/ctaocrypt/hc128.h | 2 +- cyassl/ctaocrypt/hmac.h | 2 +- cyassl/ctaocrypt/integer.h | 2 +- cyassl/ctaocrypt/logging.h | 2 +- cyassl/ctaocrypt/md2.h | 2 +- cyassl/ctaocrypt/md4.h | 2 +- cyassl/ctaocrypt/md5.h | 2 +- cyassl/ctaocrypt/memory.h | 2 +- cyassl/ctaocrypt/misc.h | 2 +- cyassl/ctaocrypt/mpi_class.h | 2 +- cyassl/ctaocrypt/mpi_superclass.h | 2 +- cyassl/ctaocrypt/pwdbased.h | 2 +- cyassl/ctaocrypt/rabbit.h | 2 +- cyassl/ctaocrypt/random.h | 2 +- cyassl/ctaocrypt/ripemd.h | 2 +- cyassl/ctaocrypt/rsa.h | 2 +- cyassl/ctaocrypt/settings.h | 2 +- cyassl/ctaocrypt/sha.h | 2 +- cyassl/ctaocrypt/sha256.h | 2 +- cyassl/ctaocrypt/sha512.h | 2 +- cyassl/ctaocrypt/tfm.h | 2 +- cyassl/ctaocrypt/types.h | 2 +- cyassl/ctaocrypt/visibility.h | 2 +- cyassl/error.h | 2 +- cyassl/internal.h | 2 +- cyassl/ocsp.h | 2 +- cyassl/openssl/des.h | 2 +- cyassl/openssl/evp.h | 2 +- cyassl/openssl/hmac.h | 2 +- cyassl/openssl/ssl.h | 2 +- cyassl/sniffer.h | 2 +- cyassl/sniffer_error.h | 2 +- cyassl/ssl.h | 2 +- cyassl/version.h | 2 +- cyassl/version.h.in | 2 +- examples/client/client.c | 2 +- examples/client/client.h | 2 +- examples/echoclient/echoclient.c | 2 +- examples/echoclient/echoclient.h | 2 +- examples/echoserver/echoserver.c | 2 +- examples/echoserver/echoserver.h | 2 +- examples/server/server.c | 2 +- examples/server/server.h | 2 +- mplabx/ctaocrypt_benchmark.X/main.c | 2 +- mplabx/ctaocrypt_test.X/main.c | 2 +- src/crl.c | 2 +- src/internal.c | 2 +- src/io.c | 2 +- src/keys.c | 2 +- src/ocsp.c | 2 +- src/sniffer.c | 2 +- src/ssl.c | 2 +- src/tls.c | 2 +- sslSniffer/sslSnifferTest/snifftest.c | 2 +- swig/cyassl.i | 2 +- swig/cyassl_adds.c | 2 +- tests/api.c | 2 +- tests/hash.c | 2 +- tests/suites.c | 2 +- testsuite/testsuite.c | 2 +- 136 files changed, 136 insertions(+), 136 deletions(-) diff --git a/configure.ac b/configure.ac index 727e838a3..0d51f51ab 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # configure.ac # -# Copyright (C) 2006-2012 Sawtooth Consulting Ltd. +# Copyright (C) 2006-2013 Sawtooth Consulting Ltd. # # This file is part of CyaSSL. # diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 268815896..d378cbedf 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -1,6 +1,6 @@ /* benchmark.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index c9a142315..bf3bc2a26 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -1,6 +1,6 @@ /* aes.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/aes_asm.s b/ctaocrypt/src/aes_asm.s index 4aa358619..6c195020e 100755 --- a/ctaocrypt/src/aes_asm.s +++ b/ctaocrypt/src/aes_asm.s @@ -1,6 +1,6 @@ /* aes_asm.s * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/arc4.c b/ctaocrypt/src/arc4.c index ba9651eda..455b5f4d5 100644 --- a/ctaocrypt/src/arc4.c +++ b/ctaocrypt/src/arc4.c @@ -1,6 +1,6 @@ /* arc4.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/asm.c b/ctaocrypt/src/asm.c index d33418afe..682d23bdc 100644 --- a/ctaocrypt/src/asm.c +++ b/ctaocrypt/src/asm.c @@ -1,6 +1,6 @@ /* asm.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 931c22dd3..956ebf9c9 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1,6 +1,6 @@ /* asn.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/coding.c b/ctaocrypt/src/coding.c index 063656ca4..2bfa0e6b2 100644 --- a/ctaocrypt/src/coding.c +++ b/ctaocrypt/src/coding.c @@ -1,6 +1,6 @@ /* coding.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index 0b85e956f..70a30c13d 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -1,6 +1,6 @@ /* des3.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/dh.c b/ctaocrypt/src/dh.c index e7c6faa03..753ec1e4c 100644 --- a/ctaocrypt/src/dh.c +++ b/ctaocrypt/src/dh.c @@ -1,6 +1,6 @@ /* dh.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/dsa.c b/ctaocrypt/src/dsa.c index 6aded3e3a..1b4330722 100644 --- a/ctaocrypt/src/dsa.c +++ b/ctaocrypt/src/dsa.c @@ -1,6 +1,6 @@ /* dsa.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/ecc.c b/ctaocrypt/src/ecc.c index ef35477f2..2c17de227 100644 --- a/ctaocrypt/src/ecc.c +++ b/ctaocrypt/src/ecc.c @@ -1,6 +1,6 @@ /* ecc.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c index 9c6df7cd5..e985cfed2 100644 --- a/ctaocrypt/src/error.c +++ b/ctaocrypt/src/error.c @@ -1,6 +1,6 @@ /* error.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mont_small.i b/ctaocrypt/src/fp_mont_small.i index 3b50d6b21..cd7e01fae 100644 --- a/ctaocrypt/src/fp_mont_small.i +++ b/ctaocrypt/src/fp_mont_small.i @@ -1,6 +1,6 @@ /* fp_mont_small.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_12.i b/ctaocrypt/src/fp_mul_comba_12.i index a7c5871bd..5def6dd2b 100644 --- a/ctaocrypt/src/fp_mul_comba_12.i +++ b/ctaocrypt/src/fp_mul_comba_12.i @@ -1,6 +1,6 @@ /* fp_mul_comba_12.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_17.i b/ctaocrypt/src/fp_mul_comba_17.i index 3ad0716a6..092578944 100644 --- a/ctaocrypt/src/fp_mul_comba_17.i +++ b/ctaocrypt/src/fp_mul_comba_17.i @@ -1,6 +1,6 @@ /* fp_mul_comba_17.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_20.i b/ctaocrypt/src/fp_mul_comba_20.i index b82e77921..885c5e6ae 100644 --- a/ctaocrypt/src/fp_mul_comba_20.i +++ b/ctaocrypt/src/fp_mul_comba_20.i @@ -1,6 +1,6 @@ /* fp_mul_comba_20.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_24.i b/ctaocrypt/src/fp_mul_comba_24.i index 42f44b6ec..43b7631f9 100644 --- a/ctaocrypt/src/fp_mul_comba_24.i +++ b/ctaocrypt/src/fp_mul_comba_24.i @@ -1,6 +1,6 @@ /* fp_mul_comba_24.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_28.i b/ctaocrypt/src/fp_mul_comba_28.i index 060bb8a7e..888714e4f 100644 --- a/ctaocrypt/src/fp_mul_comba_28.i +++ b/ctaocrypt/src/fp_mul_comba_28.i @@ -1,6 +1,6 @@ /* fp_mul_comba_28.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_3.i b/ctaocrypt/src/fp_mul_comba_3.i index 03499c954..0cb267598 100644 --- a/ctaocrypt/src/fp_mul_comba_3.i +++ b/ctaocrypt/src/fp_mul_comba_3.i @@ -1,6 +1,6 @@ /* fp_mul_comba_3.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_32.i b/ctaocrypt/src/fp_mul_comba_32.i index 3ca1fdbb3..6a974a51d 100644 --- a/ctaocrypt/src/fp_mul_comba_32.i +++ b/ctaocrypt/src/fp_mul_comba_32.i @@ -1,6 +1,6 @@ /* fp_mul_comba_32.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_4.i b/ctaocrypt/src/fp_mul_comba_4.i index d715937d0..e189f2153 100644 --- a/ctaocrypt/src/fp_mul_comba_4.i +++ b/ctaocrypt/src/fp_mul_comba_4.i @@ -1,6 +1,6 @@ /* fp_mul_comba_4.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_48.i b/ctaocrypt/src/fp_mul_comba_48.i index 4c185698f..6cf60d0eb 100644 --- a/ctaocrypt/src/fp_mul_comba_48.i +++ b/ctaocrypt/src/fp_mul_comba_48.i @@ -1,6 +1,6 @@ /* fp_mul_comba_48.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_6.i b/ctaocrypt/src/fp_mul_comba_6.i index e691e9813..4d44032c1 100644 --- a/ctaocrypt/src/fp_mul_comba_6.i +++ b/ctaocrypt/src/fp_mul_comba_6.i @@ -1,6 +1,6 @@ /* fp_mul_comba_6.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_64.i b/ctaocrypt/src/fp_mul_comba_64.i index ba0517b13..9c79c1464 100644 --- a/ctaocrypt/src/fp_mul_comba_64.i +++ b/ctaocrypt/src/fp_mul_comba_64.i @@ -1,6 +1,6 @@ /* fp_mul_comba_64.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_7.i b/ctaocrypt/src/fp_mul_comba_7.i index 46fb97010..47c32b77c 100644 --- a/ctaocrypt/src/fp_mul_comba_7.i +++ b/ctaocrypt/src/fp_mul_comba_7.i @@ -1,6 +1,6 @@ /* fp_mul_comba_7.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_8.i b/ctaocrypt/src/fp_mul_comba_8.i index 987d13edf..095b33fe4 100644 --- a/ctaocrypt/src/fp_mul_comba_8.i +++ b/ctaocrypt/src/fp_mul_comba_8.i @@ -1,6 +1,6 @@ /* fp_mul_comba_8.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_9.i b/ctaocrypt/src/fp_mul_comba_9.i index 5b1b3c79b..979cf5b28 100644 --- a/ctaocrypt/src/fp_mul_comba_9.i +++ b/ctaocrypt/src/fp_mul_comba_9.i @@ -1,6 +1,6 @@ /* fp_mul_comba_9.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_small_set.i b/ctaocrypt/src/fp_mul_comba_small_set.i index db40da73b..afe6b888a 100644 --- a/ctaocrypt/src/fp_mul_comba_small_set.i +++ b/ctaocrypt/src/fp_mul_comba_small_set.i @@ -1,6 +1,6 @@ /* fp_mul_comba_small_set.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_12.i b/ctaocrypt/src/fp_sqr_comba_12.i index 382ebe271..1514edbad 100644 --- a/ctaocrypt/src/fp_sqr_comba_12.i +++ b/ctaocrypt/src/fp_sqr_comba_12.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_12.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_17.i b/ctaocrypt/src/fp_sqr_comba_17.i index 153ce878b..94894f758 100644 --- a/ctaocrypt/src/fp_sqr_comba_17.i +++ b/ctaocrypt/src/fp_sqr_comba_17.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_17.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_20.i b/ctaocrypt/src/fp_sqr_comba_20.i index 34d6593c3..d3adc4ba0 100644 --- a/ctaocrypt/src/fp_sqr_comba_20.i +++ b/ctaocrypt/src/fp_sqr_comba_20.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_20.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_24.i b/ctaocrypt/src/fp_sqr_comba_24.i index 35092def4..2ad672062 100644 --- a/ctaocrypt/src/fp_sqr_comba_24.i +++ b/ctaocrypt/src/fp_sqr_comba_24.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_24.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_28.i b/ctaocrypt/src/fp_sqr_comba_28.i index 7164f3946..a8bc9fe26 100644 --- a/ctaocrypt/src/fp_sqr_comba_28.i +++ b/ctaocrypt/src/fp_sqr_comba_28.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_28.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_3.i b/ctaocrypt/src/fp_sqr_comba_3.i index 6ff9d156b..99cb80860 100644 --- a/ctaocrypt/src/fp_sqr_comba_3.i +++ b/ctaocrypt/src/fp_sqr_comba_3.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_3.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_32.i b/ctaocrypt/src/fp_sqr_comba_32.i index ada0007d8..3bbe50f4e 100644 --- a/ctaocrypt/src/fp_sqr_comba_32.i +++ b/ctaocrypt/src/fp_sqr_comba_32.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_32.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_4.i b/ctaocrypt/src/fp_sqr_comba_4.i index cd19f761b..10ef87f09 100644 --- a/ctaocrypt/src/fp_sqr_comba_4.i +++ b/ctaocrypt/src/fp_sqr_comba_4.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_4.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_48.i b/ctaocrypt/src/fp_sqr_comba_48.i index 27dddfe50..c81ffcca9 100644 --- a/ctaocrypt/src/fp_sqr_comba_48.i +++ b/ctaocrypt/src/fp_sqr_comba_48.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_48.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_6.i b/ctaocrypt/src/fp_sqr_comba_6.i index 695e6d3d0..58eb3cb67 100644 --- a/ctaocrypt/src/fp_sqr_comba_6.i +++ b/ctaocrypt/src/fp_sqr_comba_6.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_6.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_64.i b/ctaocrypt/src/fp_sqr_comba_64.i index a2fedc8e4..17ec5d57c 100644 --- a/ctaocrypt/src/fp_sqr_comba_64.i +++ b/ctaocrypt/src/fp_sqr_comba_64.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_64.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_7.i b/ctaocrypt/src/fp_sqr_comba_7.i index 1d620fce6..3c9eca81a 100644 --- a/ctaocrypt/src/fp_sqr_comba_7.i +++ b/ctaocrypt/src/fp_sqr_comba_7.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_7.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_8.i b/ctaocrypt/src/fp_sqr_comba_8.i index 7d7e58f3f..251d4bed2 100644 --- a/ctaocrypt/src/fp_sqr_comba_8.i +++ b/ctaocrypt/src/fp_sqr_comba_8.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_8.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_9.i b/ctaocrypt/src/fp_sqr_comba_9.i index f0b04b645..5b775ea76 100644 --- a/ctaocrypt/src/fp_sqr_comba_9.i +++ b/ctaocrypt/src/fp_sqr_comba_9.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_9.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_small_set.i b/ctaocrypt/src/fp_sqr_comba_small_set.i index 140c4361f..aa8960890 100644 --- a/ctaocrypt/src/fp_sqr_comba_small_set.i +++ b/ctaocrypt/src/fp_sqr_comba_small_set.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_small_set.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/hc128.c b/ctaocrypt/src/hc128.c index 20081fc54..9a3509567 100644 --- a/ctaocrypt/src/hc128.c +++ b/ctaocrypt/src/hc128.c @@ -1,6 +1,6 @@ /* hc128.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index db7019e33..7a8144c62 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -1,6 +1,6 @@ /* hmac.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/integer.c b/ctaocrypt/src/integer.c index 000669db5..65338230b 100644 --- a/ctaocrypt/src/integer.c +++ b/ctaocrypt/src/integer.c @@ -1,6 +1,6 @@ /* integer.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/logging.c b/ctaocrypt/src/logging.c index 790b0db94..6c627cd0d 100644 --- a/ctaocrypt/src/logging.c +++ b/ctaocrypt/src/logging.c @@ -1,6 +1,6 @@ /* logging.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/md2.c b/ctaocrypt/src/md2.c index 0c1bb9c38..3f1d4bf96 100644 --- a/ctaocrypt/src/md2.c +++ b/ctaocrypt/src/md2.c @@ -1,6 +1,6 @@ /* md2.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/md4.c b/ctaocrypt/src/md4.c index e47c43277..ba34b37ef 100644 --- a/ctaocrypt/src/md4.c +++ b/ctaocrypt/src/md4.c @@ -1,6 +1,6 @@ /* md4.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/md5.c b/ctaocrypt/src/md5.c index 13bee81bd..1129a67b9 100644 --- a/ctaocrypt/src/md5.c +++ b/ctaocrypt/src/md5.c @@ -1,6 +1,6 @@ /* md5.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/memory.c b/ctaocrypt/src/memory.c index b98e548ad..7291c8557 100644 --- a/ctaocrypt/src/memory.c +++ b/ctaocrypt/src/memory.c @@ -1,6 +1,6 @@ /* memory.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/misc.c b/ctaocrypt/src/misc.c index 60d84de19..3efcfe65b 100644 --- a/ctaocrypt/src/misc.c +++ b/ctaocrypt/src/misc.c @@ -1,6 +1,6 @@ /* misc.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index 3e9535ba9..5e8684489 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -1,6 +1,6 @@ /* pwdbased.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/rabbit.c b/ctaocrypt/src/rabbit.c index d1ecc3421..d62a94f2a 100644 --- a/ctaocrypt/src/rabbit.c +++ b/ctaocrypt/src/rabbit.c @@ -1,6 +1,6 @@ /* rabbit.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/random.c b/ctaocrypt/src/random.c index e8217034b..1ef3ff546 100644 --- a/ctaocrypt/src/random.c +++ b/ctaocrypt/src/random.c @@ -1,6 +1,6 @@ /* random.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/ripemd.c b/ctaocrypt/src/ripemd.c index 1cb6ae8f1..2d542c671 100644 --- a/ctaocrypt/src/ripemd.c +++ b/ctaocrypt/src/ripemd.c @@ -1,6 +1,6 @@ /* ripemd.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/rsa.c b/ctaocrypt/src/rsa.c index bcbf0b80b..e6ac94b7f 100644 --- a/ctaocrypt/src/rsa.c +++ b/ctaocrypt/src/rsa.c @@ -1,6 +1,6 @@ /* rsa.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/sha.c b/ctaocrypt/src/sha.c index 725760d19..641438443 100644 --- a/ctaocrypt/src/sha.c +++ b/ctaocrypt/src/sha.c @@ -1,6 +1,6 @@ /* sha.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/sha256.c b/ctaocrypt/src/sha256.c index 5290d1d9a..99c0029dc 100644 --- a/ctaocrypt/src/sha256.c +++ b/ctaocrypt/src/sha256.c @@ -1,6 +1,6 @@ /* sha256.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/sha512.c b/ctaocrypt/src/sha512.c index f14efecff..c2bf39639 100644 --- a/ctaocrypt/src/sha512.c +++ b/ctaocrypt/src/sha512.c @@ -1,6 +1,6 @@ /* sha512.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/tfm.c b/ctaocrypt/src/tfm.c index e6c1af2aa..9d82c57af 100644 --- a/ctaocrypt/src/tfm.c +++ b/ctaocrypt/src/tfm.c @@ -1,6 +1,6 @@ /* tfm.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 1bd34abcd..c7063876e 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1,6 +1,6 @@ /* test.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/test/test.h b/ctaocrypt/test/test.h index 3557f9773..b4cc161e0 100644 --- a/ctaocrypt/test/test.h +++ b/ctaocrypt/test/test.h @@ -1,6 +1,6 @@ /* ctaocrypt/test/test.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/callbacks.h b/cyassl/callbacks.h index f43fbdd7b..11092401c 100644 --- a/cyassl/callbacks.h +++ b/cyassl/callbacks.h @@ -1,6 +1,6 @@ /* cyassl_callbacks.h * - * Copyright (C) 2012 Sawtooth Consulting Ltd. + * Copyright (C) 2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/crl.h b/cyassl/crl.h index 2e3a29e06..6209023a6 100644 --- a/cyassl/crl.h +++ b/cyassl/crl.h @@ -1,6 +1,6 @@ /* crl.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index 53e37c5dc..219183e52 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/arc4.h b/cyassl/ctaocrypt/arc4.h index a74f14e37..1e3edf214 100644 --- a/cyassl/ctaocrypt/arc4.h +++ b/cyassl/ctaocrypt/arc4.h @@ -1,6 +1,6 @@ /* arc4.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index cc3d8a4f0..5953afd69 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -1,6 +1,6 @@ /* asn.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index efc21fd83..ba98b1b8c 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -1,6 +1,6 @@ /* asn_public.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/coding.h b/cyassl/ctaocrypt/coding.h index 5bed1009d..17d9a2665 100644 --- a/cyassl/ctaocrypt/coding.h +++ b/cyassl/ctaocrypt/coding.h @@ -1,6 +1,6 @@ /* coding.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index 1f8a47e9f..6a58a7abe 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -1,6 +1,6 @@ /* des3.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/dh.h b/cyassl/ctaocrypt/dh.h index 0b002ac84..552a2c8f8 100644 --- a/cyassl/ctaocrypt/dh.h +++ b/cyassl/ctaocrypt/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/dsa.h b/cyassl/ctaocrypt/dsa.h index 2264773cc..a4c58269d 100644 --- a/cyassl/ctaocrypt/dsa.h +++ b/cyassl/ctaocrypt/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/ecc.h b/cyassl/ctaocrypt/ecc.h index 4d54c0415..3b0932a01 100644 --- a/cyassl/ctaocrypt/ecc.h +++ b/cyassl/ctaocrypt/ecc.h @@ -1,6 +1,6 @@ /* ecc.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/error.h b/cyassl/ctaocrypt/error.h index 47f002516..0cc2639ce 100644 --- a/cyassl/ctaocrypt/error.h +++ b/cyassl/ctaocrypt/error.h @@ -1,6 +1,6 @@ /* error.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/hc128.h b/cyassl/ctaocrypt/hc128.h index d3e5f21e8..d805269b4 100644 --- a/cyassl/ctaocrypt/hc128.h +++ b/cyassl/ctaocrypt/hc128.h @@ -1,6 +1,6 @@ /* hc128.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/hmac.h b/cyassl/ctaocrypt/hmac.h index ea2697f61..f4d9415e9 100644 --- a/cyassl/ctaocrypt/hmac.h +++ b/cyassl/ctaocrypt/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/integer.h b/cyassl/ctaocrypt/integer.h index ff1c5916b..efe209030 100644 --- a/cyassl/ctaocrypt/integer.h +++ b/cyassl/ctaocrypt/integer.h @@ -1,6 +1,6 @@ /* integer.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/logging.h b/cyassl/ctaocrypt/logging.h index efe3d3bfa..514c50ae8 100644 --- a/cyassl/ctaocrypt/logging.h +++ b/cyassl/ctaocrypt/logging.h @@ -1,6 +1,6 @@ /* logging.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/md2.h b/cyassl/ctaocrypt/md2.h index a57a92fb0..632612ec5 100644 --- a/cyassl/ctaocrypt/md2.h +++ b/cyassl/ctaocrypt/md2.h @@ -1,6 +1,6 @@ /* md2.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/md4.h b/cyassl/ctaocrypt/md4.h index f6e8c7b7a..01f3a0861 100644 --- a/cyassl/ctaocrypt/md4.h +++ b/cyassl/ctaocrypt/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/md5.h b/cyassl/ctaocrypt/md5.h index 9c06722a4..95d4a4b6b 100644 --- a/cyassl/ctaocrypt/md5.h +++ b/cyassl/ctaocrypt/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/memory.h b/cyassl/ctaocrypt/memory.h index e1467bcf9..ba3468964 100644 --- a/cyassl/ctaocrypt/memory.h +++ b/cyassl/ctaocrypt/memory.h @@ -1,6 +1,6 @@ /* memory.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/misc.h b/cyassl/ctaocrypt/misc.h index 41e236828..d48ea285b 100644 --- a/cyassl/ctaocrypt/misc.h +++ b/cyassl/ctaocrypt/misc.h @@ -1,6 +1,6 @@ /* misc.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/mpi_class.h b/cyassl/ctaocrypt/mpi_class.h index 1381a8666..ddd0f0347 100644 --- a/cyassl/ctaocrypt/mpi_class.h +++ b/cyassl/ctaocrypt/mpi_class.h @@ -1,6 +1,6 @@ /* mpi_class.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/mpi_superclass.h b/cyassl/ctaocrypt/mpi_superclass.h index 60d6e3404..1f383d1b4 100644 --- a/cyassl/ctaocrypt/mpi_superclass.h +++ b/cyassl/ctaocrypt/mpi_superclass.h @@ -1,6 +1,6 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/pwdbased.h b/cyassl/ctaocrypt/pwdbased.h index 27029eaa5..27f09a8d8 100644 --- a/cyassl/ctaocrypt/pwdbased.h +++ b/cyassl/ctaocrypt/pwdbased.h @@ -1,6 +1,6 @@ /* pwdbased.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/rabbit.h b/cyassl/ctaocrypt/rabbit.h index ea1ea9f16..a1af385d9 100644 --- a/cyassl/ctaocrypt/rabbit.h +++ b/cyassl/ctaocrypt/rabbit.h @@ -1,6 +1,6 @@ /* rabbit.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/random.h b/cyassl/ctaocrypt/random.h index a4452582b..f4ac5ae58 100644 --- a/cyassl/ctaocrypt/random.h +++ b/cyassl/ctaocrypt/random.h @@ -1,6 +1,6 @@ /* random.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/ripemd.h b/cyassl/ctaocrypt/ripemd.h index 5895cce26..582afae8e 100644 --- a/cyassl/ctaocrypt/ripemd.h +++ b/cyassl/ctaocrypt/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/rsa.h b/cyassl/ctaocrypt/rsa.h index 41486f3e8..1d3d4765b 100644 --- a/cyassl/ctaocrypt/rsa.h +++ b/cyassl/ctaocrypt/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index 63888df6a..84a40f01b 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -1,6 +1,6 @@ /* settings.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/sha.h b/cyassl/ctaocrypt/sha.h index 5ce340445..b24f8f9d3 100644 --- a/cyassl/ctaocrypt/sha.h +++ b/cyassl/ctaocrypt/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/sha256.h b/cyassl/ctaocrypt/sha256.h index 179a78031..a02d9dddd 100644 --- a/cyassl/ctaocrypt/sha256.h +++ b/cyassl/ctaocrypt/sha256.h @@ -1,6 +1,6 @@ /* sha256.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/sha512.h b/cyassl/ctaocrypt/sha512.h index 79861afee..2caa8d4b0 100644 --- a/cyassl/ctaocrypt/sha512.h +++ b/cyassl/ctaocrypt/sha512.h @@ -1,6 +1,6 @@ /* sha512.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index 320fb594e..d76ab2d9b 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -1,6 +1,6 @@ /* tfm.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index bf1db9f2e..2bc0231f8 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -1,6 +1,6 @@ /* types.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/visibility.h b/cyassl/ctaocrypt/visibility.h index 0143f208d..2fc38bdfc 100644 --- a/cyassl/ctaocrypt/visibility.h +++ b/cyassl/ctaocrypt/visibility.h @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/error.h b/cyassl/error.h index 6d20030a8..48c55ebbf 100644 --- a/cyassl/error.h +++ b/cyassl/error.h @@ -1,6 +1,6 @@ /* error.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/internal.h b/cyassl/internal.h index 4d3f0b583..c3ad3d2a1 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ocsp.h b/cyassl/ocsp.h index 4a01cecb2..32a72fec7 100644 --- a/cyassl/ocsp.h +++ b/cyassl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/des.h b/cyassl/openssl/des.h index aacc276b0..ef7a3c046 100644 --- a/cyassl/openssl/des.h +++ b/cyassl/openssl/des.h @@ -1,6 +1,6 @@ /* des.h * - * Copyright (C) 2012 Sawtooth Consulting Ltd. + * Copyright (C) 2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/evp.h b/cyassl/openssl/evp.h index 1ffc3b6aa..8b7aab642 100644 --- a/cyassl/openssl/evp.h +++ b/cyassl/openssl/evp.h @@ -1,6 +1,6 @@ /* evp.h * - * Copyright (C) 2012 Sawtooth Consulting Ltd. + * Copyright (C) 2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/hmac.h b/cyassl/openssl/hmac.h index 03e9bcef7..e9c629e9a 100644 --- a/cyassl/openssl/hmac.h +++ b/cyassl/openssl/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2012 Sawtooth Consulting Ltd. + * Copyright (C) 2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index 432abd32d..0fb042182 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/sniffer.h b/cyassl/sniffer.h index 0d14fbc6f..4321a5edb 100644 --- a/cyassl/sniffer.h +++ b/cyassl/sniffer.h @@ -1,6 +1,6 @@ /* sniffer.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/sniffer_error.h b/cyassl/sniffer_error.h index 27e56f8ee..8b64109a5 100644 --- a/cyassl/sniffer_error.h +++ b/cyassl/sniffer_error.h @@ -1,6 +1,6 @@ /* sniffer_error.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/ssl.h b/cyassl/ssl.h index cb6c017bc..2f892a2f0 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/version.h b/cyassl/version.h index 568509dda..3a026c833 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -1,6 +1,6 @@ /* cyassl_version.h.in * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/cyassl/version.h.in b/cyassl/version.h.in index 6af4f0ae5..622536707 100644 --- a/cyassl/version.h.in +++ b/cyassl/version.h.in @@ -1,6 +1,6 @@ /* cyassl_version.h.in * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/examples/client/client.c b/examples/client/client.c index fcc38ba89..3d6fc0432 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/examples/client/client.h b/examples/client/client.h index d4f33df55..1e9cc3aeb 100644 --- a/examples/client/client.h +++ b/examples/client/client.h @@ -1,6 +1,6 @@ /* client.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 6275ba6ef..f1aeb445f 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -1,6 +1,6 @@ /* echoclient.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/examples/echoclient/echoclient.h b/examples/echoclient/echoclient.h index 37e6c0929..0ddb68e57 100644 --- a/examples/echoclient/echoclient.h +++ b/examples/echoclient/echoclient.h @@ -1,6 +1,6 @@ /* echoclient.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 1cd2eb241..45b9bd47b 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -1,6 +1,6 @@ /* echoserver.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/examples/echoserver/echoserver.h b/examples/echoserver/echoserver.h index 20f7b52e2..6df8d91eb 100644 --- a/examples/echoserver/echoserver.h +++ b/examples/echoserver/echoserver.h @@ -1,6 +1,6 @@ /* echoserver.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/examples/server/server.c b/examples/server/server.c index 4853ae43e..1ebfbce32 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/examples/server/server.h b/examples/server/server.h index 658c4007b..537177a27 100644 --- a/examples/server/server.h +++ b/examples/server/server.h @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/mplabx/ctaocrypt_benchmark.X/main.c b/mplabx/ctaocrypt_benchmark.X/main.c index b2bcf39dc..4e76f1548 100644 --- a/mplabx/ctaocrypt_benchmark.X/main.c +++ b/mplabx/ctaocrypt_benchmark.X/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/mplabx/ctaocrypt_test.X/main.c b/mplabx/ctaocrypt_test.X/main.c index 79a91bc0f..951b2edd6 100644 --- a/mplabx/ctaocrypt_test.X/main.c +++ b/mplabx/ctaocrypt_test.X/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/src/crl.c b/src/crl.c index 7b06b8218..7a91b5115 100644 --- a/src/crl.c +++ b/src/crl.c @@ -1,6 +1,6 @@ /* crl.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/src/internal.c b/src/internal.c index 0e371eca7..f89999388 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1,6 +1,6 @@ /* internal.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/src/io.c b/src/io.c index 259297325..d658425f3 100644 --- a/src/io.c +++ b/src/io.c @@ -1,6 +1,6 @@ /* io.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/src/keys.c b/src/keys.c index c822f43fe..5c4706279 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1,6 +1,6 @@ /* keys.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/src/ocsp.c b/src/ocsp.c index 1826e6ee8..fb918afd1 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1,6 +1,6 @@ /* ocsp.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/src/sniffer.c b/src/sniffer.c index 02a64d9f3..0198a842b 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1,6 +1,6 @@ /* sniffer.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/src/ssl.c b/src/ssl.c index 5a39b87a4..1c1338f30 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1,6 +1,6 @@ /* ssl.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/src/tls.c b/src/tls.c index db19785f6..997d19179 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1,6 +1,6 @@ /* tls.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index e7cc499fa..75fbd4bf2 100755 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -1,6 +1,6 @@ /* snifftest.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/swig/cyassl.i b/swig/cyassl.i index d32776ff2..8101c3ed0 100644 --- a/swig/cyassl.i +++ b/swig/cyassl.i @@ -1,6 +1,6 @@ /* cyassl.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/swig/cyassl_adds.c b/swig/cyassl_adds.c index a6c7b2e4a..189c9fa6b 100644 --- a/swig/cyassl_adds.c +++ b/swig/cyassl_adds.c @@ -1,6 +1,6 @@ /* cyassl_adds.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/tests/api.c b/tests/api.c index cdeeaf411..bd9d88b80 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1,6 +1,6 @@ /* api.c API unit tests * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/tests/hash.c b/tests/hash.c index 1baa5ca59..1e6fc3fb2 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -1,6 +1,6 @@ /* hash.c has unit tests * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/tests/suites.c b/tests/suites.c index aa2160304..c35091b90 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -1,6 +1,6 @@ /* suites.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 7ee67b76e..aa17dbdf5 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -1,6 +1,6 @@ /* testsuite.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. * * This file is part of CyaSSL. * From 834ebe5bd84197fe70aa23f5cbbe55568202284e Mon Sep 17 00:00:00 2001 From: Joakim Soderberg Date: Tue, 5 Feb 2013 11:10:23 +0000 Subject: [PATCH 25/52] BUGFIX: Fixed segmentation fault on CyaSSL_BIO_free(). In CyaSSL_BIO_new_socket() bio->mem is never initialized. This will cause freeing of unallocated memory in CyaSSL_BIO_free: if (bio->mem) XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL); since bio->mem is not NULL, resulting in a crash. --- src/ssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 1c1338f30..7aeaaa4ae 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4012,6 +4012,8 @@ int CyaSSL_set_compression(CYASSL* ssl) bio->fd = sfd; bio->prev = 0; bio->next = 0; + bio->mem = NULL; + bio->memLen = 0; } return bio; } From 44e0d7543c246e2080e2f845ad3e22d8c400a2a1 Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 5 Feb 2013 12:44:17 -0800 Subject: [PATCH 26/52] change copyright name with name change --- configure.ac | 2 +- ctaocrypt/benchmark/benchmark.c | 2 +- ctaocrypt/src/aes.c | 2 +- ctaocrypt/src/aes_asm.s | 2 +- ctaocrypt/src/arc4.c | 2 +- ctaocrypt/src/asm.c | 2 +- ctaocrypt/src/asn.c | 2 +- ctaocrypt/src/camellia.c | 2 +- ctaocrypt/src/coding.c | 2 +- ctaocrypt/src/des3.c | 2 +- ctaocrypt/src/dh.c | 2 +- ctaocrypt/src/dsa.c | 2 +- ctaocrypt/src/ecc.c | 2 +- ctaocrypt/src/error.c | 2 +- ctaocrypt/src/fp_mont_small.i | 2 +- ctaocrypt/src/fp_mul_comba_12.i | 2 +- ctaocrypt/src/fp_mul_comba_17.i | 2 +- ctaocrypt/src/fp_mul_comba_20.i | 2 +- ctaocrypt/src/fp_mul_comba_24.i | 2 +- ctaocrypt/src/fp_mul_comba_28.i | 2 +- ctaocrypt/src/fp_mul_comba_3.i | 2 +- ctaocrypt/src/fp_mul_comba_32.i | 2 +- ctaocrypt/src/fp_mul_comba_4.i | 2 +- ctaocrypt/src/fp_mul_comba_48.i | 2 +- ctaocrypt/src/fp_mul_comba_6.i | 2 +- ctaocrypt/src/fp_mul_comba_64.i | 2 +- ctaocrypt/src/fp_mul_comba_7.i | 2 +- ctaocrypt/src/fp_mul_comba_8.i | 2 +- ctaocrypt/src/fp_mul_comba_9.i | 2 +- ctaocrypt/src/fp_mul_comba_small_set.i | 2 +- ctaocrypt/src/fp_sqr_comba_12.i | 2 +- ctaocrypt/src/fp_sqr_comba_17.i | 2 +- ctaocrypt/src/fp_sqr_comba_20.i | 2 +- ctaocrypt/src/fp_sqr_comba_24.i | 2 +- ctaocrypt/src/fp_sqr_comba_28.i | 2 +- ctaocrypt/src/fp_sqr_comba_3.i | 2 +- ctaocrypt/src/fp_sqr_comba_32.i | 2 +- ctaocrypt/src/fp_sqr_comba_4.i | 2 +- ctaocrypt/src/fp_sqr_comba_48.i | 2 +- ctaocrypt/src/fp_sqr_comba_6.i | 2 +- ctaocrypt/src/fp_sqr_comba_64.i | 2 +- ctaocrypt/src/fp_sqr_comba_7.i | 2 +- ctaocrypt/src/fp_sqr_comba_8.i | 2 +- ctaocrypt/src/fp_sqr_comba_9.i | 2 +- ctaocrypt/src/fp_sqr_comba_small_set.i | 2 +- ctaocrypt/src/hc128.c | 2 +- ctaocrypt/src/hmac.c | 2 +- ctaocrypt/src/integer.c | 2 +- ctaocrypt/src/logging.c | 2 +- ctaocrypt/src/md2.c | 2 +- ctaocrypt/src/md4.c | 2 +- ctaocrypt/src/md5.c | 2 +- ctaocrypt/src/memory.c | 2 +- ctaocrypt/src/misc.c | 2 +- ctaocrypt/src/pwdbased.c | 2 +- ctaocrypt/src/rabbit.c | 2 +- ctaocrypt/src/random.c | 2 +- ctaocrypt/src/ripemd.c | 2 +- ctaocrypt/src/rsa.c | 2 +- ctaocrypt/src/sha.c | 2 +- ctaocrypt/src/sha256.c | 2 +- ctaocrypt/src/sha512.c | 2 +- ctaocrypt/src/tfm.c | 2 +- ctaocrypt/test/test.c | 2 +- ctaocrypt/test/test.h | 2 +- cyassl/callbacks.h | 2 +- cyassl/crl.h | 2 +- cyassl/ctaocrypt/aes.h | 2 +- cyassl/ctaocrypt/arc4.h | 2 +- cyassl/ctaocrypt/asn.h | 2 +- cyassl/ctaocrypt/asn_public.h | 2 +- cyassl/ctaocrypt/camellia.h | 2 +- cyassl/ctaocrypt/coding.h | 2 +- cyassl/ctaocrypt/des3.h | 2 +- cyassl/ctaocrypt/dh.h | 2 +- cyassl/ctaocrypt/dsa.h | 2 +- cyassl/ctaocrypt/ecc.h | 2 +- cyassl/ctaocrypt/error.h | 2 +- cyassl/ctaocrypt/hc128.h | 2 +- cyassl/ctaocrypt/hmac.h | 2 +- cyassl/ctaocrypt/integer.h | 2 +- cyassl/ctaocrypt/logging.h | 2 +- cyassl/ctaocrypt/md2.h | 2 +- cyassl/ctaocrypt/md4.h | 2 +- cyassl/ctaocrypt/md5.h | 2 +- cyassl/ctaocrypt/memory.h | 2 +- cyassl/ctaocrypt/misc.h | 2 +- cyassl/ctaocrypt/mpi_class.h | 2 +- cyassl/ctaocrypt/mpi_superclass.h | 2 +- cyassl/ctaocrypt/pwdbased.h | 2 +- cyassl/ctaocrypt/rabbit.h | 2 +- cyassl/ctaocrypt/random.h | 2 +- cyassl/ctaocrypt/ripemd.h | 2 +- cyassl/ctaocrypt/rsa.h | 2 +- cyassl/ctaocrypt/settings.h | 2 +- cyassl/ctaocrypt/sha.h | 2 +- cyassl/ctaocrypt/sha256.h | 2 +- cyassl/ctaocrypt/sha512.h | 2 +- cyassl/ctaocrypt/tfm.h | 2 +- cyassl/ctaocrypt/types.h | 2 +- cyassl/ctaocrypt/visibility.h | 2 +- cyassl/error.h | 2 +- cyassl/internal.h | 2 +- cyassl/ocsp.h | 2 +- cyassl/openssl/des.h | 2 +- cyassl/openssl/evp.h | 2 +- cyassl/openssl/hmac.h | 2 +- cyassl/openssl/ssl.h | 2 +- cyassl/sniffer.h | 2 +- cyassl/sniffer_error.h | 2 +- cyassl/ssl.h | 2 +- cyassl/version.h | 2 +- cyassl/version.h.in | 2 +- examples/client/client.c | 2 +- examples/client/client.h | 2 +- examples/echoclient/echoclient.c | 2 +- examples/echoclient/echoclient.h | 2 +- examples/echoserver/echoserver.c | 2 +- examples/echoserver/echoserver.h | 2 +- examples/server/server.c | 2 +- examples/server/server.h | 2 +- mplabx/ctaocrypt_benchmark.X/main.c | 2 +- mplabx/ctaocrypt_test.X/main.c | 2 +- src/crl.c | 2 +- src/internal.c | 2 +- src/io.c | 2 +- src/keys.c | 2 +- src/ocsp.c | 2 +- src/sniffer.c | 2 +- src/ssl.c | 2 +- src/tls.c | 2 +- sslSniffer/sslSnifferTest/snifftest.c | 2 +- swig/cyassl.i | 2 +- swig/cyassl_adds.c | 2 +- tests/api.c | 2 +- tests/hash.c | 2 +- tests/suites.c | 2 +- testsuite/testsuite.c | 2 +- 138 files changed, 138 insertions(+), 138 deletions(-) diff --git a/configure.ac b/configure.ac index 0d51f51ab..48ae4058f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # configure.ac # -# Copyright (C) 2006-2013 Sawtooth Consulting Ltd. +# Copyright (C) 2006-2013 wolfSSL Inc. # # This file is part of CyaSSL. # diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index d378cbedf..6ca7b1abe 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -1,6 +1,6 @@ /* benchmark.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index bf3bc2a26..24b9f0e0d 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -1,6 +1,6 @@ /* aes.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/aes_asm.s b/ctaocrypt/src/aes_asm.s index 6c195020e..458db1ae8 100755 --- a/ctaocrypt/src/aes_asm.s +++ b/ctaocrypt/src/aes_asm.s @@ -1,6 +1,6 @@ /* aes_asm.s * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/arc4.c b/ctaocrypt/src/arc4.c index 455b5f4d5..7c3c2f07a 100644 --- a/ctaocrypt/src/arc4.c +++ b/ctaocrypt/src/arc4.c @@ -1,6 +1,6 @@ /* arc4.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/asm.c b/ctaocrypt/src/asm.c index 682d23bdc..ba1d4a716 100644 --- a/ctaocrypt/src/asm.c +++ b/ctaocrypt/src/asm.c @@ -1,6 +1,6 @@ /* asm.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 956ebf9c9..0cc31abf8 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1,6 +1,6 @@ /* asn.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/camellia.c b/ctaocrypt/src/camellia.c index 573eb2af3..a56487807 100644 --- a/ctaocrypt/src/camellia.c +++ b/ctaocrypt/src/camellia.c @@ -27,7 +27,7 @@ /* camellia.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/coding.c b/ctaocrypt/src/coding.c index 2bfa0e6b2..d5afdcbe6 100644 --- a/ctaocrypt/src/coding.c +++ b/ctaocrypt/src/coding.c @@ -1,6 +1,6 @@ /* coding.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index 70a30c13d..12cf4692b 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -1,6 +1,6 @@ /* des3.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/dh.c b/ctaocrypt/src/dh.c index 753ec1e4c..ff64543b0 100644 --- a/ctaocrypt/src/dh.c +++ b/ctaocrypt/src/dh.c @@ -1,6 +1,6 @@ /* dh.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/dsa.c b/ctaocrypt/src/dsa.c index 1b4330722..d9b0992ed 100644 --- a/ctaocrypt/src/dsa.c +++ b/ctaocrypt/src/dsa.c @@ -1,6 +1,6 @@ /* dsa.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/ecc.c b/ctaocrypt/src/ecc.c index 2c17de227..fc37b66d1 100644 --- a/ctaocrypt/src/ecc.c +++ b/ctaocrypt/src/ecc.c @@ -1,6 +1,6 @@ /* ecc.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c index e985cfed2..b98db04ca 100644 --- a/ctaocrypt/src/error.c +++ b/ctaocrypt/src/error.c @@ -1,6 +1,6 @@ /* error.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mont_small.i b/ctaocrypt/src/fp_mont_small.i index cd7e01fae..783d8a258 100644 --- a/ctaocrypt/src/fp_mont_small.i +++ b/ctaocrypt/src/fp_mont_small.i @@ -1,6 +1,6 @@ /* fp_mont_small.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_12.i b/ctaocrypt/src/fp_mul_comba_12.i index 5def6dd2b..eb3bf16e9 100644 --- a/ctaocrypt/src/fp_mul_comba_12.i +++ b/ctaocrypt/src/fp_mul_comba_12.i @@ -1,6 +1,6 @@ /* fp_mul_comba_12.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_17.i b/ctaocrypt/src/fp_mul_comba_17.i index 092578944..a6508a58d 100644 --- a/ctaocrypt/src/fp_mul_comba_17.i +++ b/ctaocrypt/src/fp_mul_comba_17.i @@ -1,6 +1,6 @@ /* fp_mul_comba_17.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_20.i b/ctaocrypt/src/fp_mul_comba_20.i index 885c5e6ae..ed7a23bbe 100644 --- a/ctaocrypt/src/fp_mul_comba_20.i +++ b/ctaocrypt/src/fp_mul_comba_20.i @@ -1,6 +1,6 @@ /* fp_mul_comba_20.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_24.i b/ctaocrypt/src/fp_mul_comba_24.i index 43b7631f9..0664bd50a 100644 --- a/ctaocrypt/src/fp_mul_comba_24.i +++ b/ctaocrypt/src/fp_mul_comba_24.i @@ -1,6 +1,6 @@ /* fp_mul_comba_24.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_28.i b/ctaocrypt/src/fp_mul_comba_28.i index 888714e4f..0b047adc1 100644 --- a/ctaocrypt/src/fp_mul_comba_28.i +++ b/ctaocrypt/src/fp_mul_comba_28.i @@ -1,6 +1,6 @@ /* fp_mul_comba_28.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_3.i b/ctaocrypt/src/fp_mul_comba_3.i index 0cb267598..77fffae60 100644 --- a/ctaocrypt/src/fp_mul_comba_3.i +++ b/ctaocrypt/src/fp_mul_comba_3.i @@ -1,6 +1,6 @@ /* fp_mul_comba_3.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_32.i b/ctaocrypt/src/fp_mul_comba_32.i index 6a974a51d..1de4f4b8e 100644 --- a/ctaocrypt/src/fp_mul_comba_32.i +++ b/ctaocrypt/src/fp_mul_comba_32.i @@ -1,6 +1,6 @@ /* fp_mul_comba_32.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_4.i b/ctaocrypt/src/fp_mul_comba_4.i index e189f2153..231a0e176 100644 --- a/ctaocrypt/src/fp_mul_comba_4.i +++ b/ctaocrypt/src/fp_mul_comba_4.i @@ -1,6 +1,6 @@ /* fp_mul_comba_4.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_48.i b/ctaocrypt/src/fp_mul_comba_48.i index 6cf60d0eb..0bd73c4e8 100644 --- a/ctaocrypt/src/fp_mul_comba_48.i +++ b/ctaocrypt/src/fp_mul_comba_48.i @@ -1,6 +1,6 @@ /* fp_mul_comba_48.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_6.i b/ctaocrypt/src/fp_mul_comba_6.i index 4d44032c1..94f3f63c3 100644 --- a/ctaocrypt/src/fp_mul_comba_6.i +++ b/ctaocrypt/src/fp_mul_comba_6.i @@ -1,6 +1,6 @@ /* fp_mul_comba_6.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_64.i b/ctaocrypt/src/fp_mul_comba_64.i index 9c79c1464..804391a78 100644 --- a/ctaocrypt/src/fp_mul_comba_64.i +++ b/ctaocrypt/src/fp_mul_comba_64.i @@ -1,6 +1,6 @@ /* fp_mul_comba_64.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_7.i b/ctaocrypt/src/fp_mul_comba_7.i index 47c32b77c..0318beb6e 100644 --- a/ctaocrypt/src/fp_mul_comba_7.i +++ b/ctaocrypt/src/fp_mul_comba_7.i @@ -1,6 +1,6 @@ /* fp_mul_comba_7.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_8.i b/ctaocrypt/src/fp_mul_comba_8.i index 095b33fe4..cf7459157 100644 --- a/ctaocrypt/src/fp_mul_comba_8.i +++ b/ctaocrypt/src/fp_mul_comba_8.i @@ -1,6 +1,6 @@ /* fp_mul_comba_8.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_9.i b/ctaocrypt/src/fp_mul_comba_9.i index 979cf5b28..c84d3bca6 100644 --- a/ctaocrypt/src/fp_mul_comba_9.i +++ b/ctaocrypt/src/fp_mul_comba_9.i @@ -1,6 +1,6 @@ /* fp_mul_comba_9.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_small_set.i b/ctaocrypt/src/fp_mul_comba_small_set.i index afe6b888a..b9cd31f95 100644 --- a/ctaocrypt/src/fp_mul_comba_small_set.i +++ b/ctaocrypt/src/fp_mul_comba_small_set.i @@ -1,6 +1,6 @@ /* fp_mul_comba_small_set.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_12.i b/ctaocrypt/src/fp_sqr_comba_12.i index 1514edbad..7ecb7c9e1 100644 --- a/ctaocrypt/src/fp_sqr_comba_12.i +++ b/ctaocrypt/src/fp_sqr_comba_12.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_12.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_17.i b/ctaocrypt/src/fp_sqr_comba_17.i index 94894f758..fcd4daa5e 100644 --- a/ctaocrypt/src/fp_sqr_comba_17.i +++ b/ctaocrypt/src/fp_sqr_comba_17.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_17.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_20.i b/ctaocrypt/src/fp_sqr_comba_20.i index d3adc4ba0..b31ed7f15 100644 --- a/ctaocrypt/src/fp_sqr_comba_20.i +++ b/ctaocrypt/src/fp_sqr_comba_20.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_20.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_24.i b/ctaocrypt/src/fp_sqr_comba_24.i index 2ad672062..a99a2bc4b 100644 --- a/ctaocrypt/src/fp_sqr_comba_24.i +++ b/ctaocrypt/src/fp_sqr_comba_24.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_24.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_28.i b/ctaocrypt/src/fp_sqr_comba_28.i index a8bc9fe26..9c0315af1 100644 --- a/ctaocrypt/src/fp_sqr_comba_28.i +++ b/ctaocrypt/src/fp_sqr_comba_28.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_28.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_3.i b/ctaocrypt/src/fp_sqr_comba_3.i index 99cb80860..5d1221c47 100644 --- a/ctaocrypt/src/fp_sqr_comba_3.i +++ b/ctaocrypt/src/fp_sqr_comba_3.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_3.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_32.i b/ctaocrypt/src/fp_sqr_comba_32.i index 3bbe50f4e..e245ba9f9 100644 --- a/ctaocrypt/src/fp_sqr_comba_32.i +++ b/ctaocrypt/src/fp_sqr_comba_32.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_32.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_4.i b/ctaocrypt/src/fp_sqr_comba_4.i index 10ef87f09..5233e2883 100644 --- a/ctaocrypt/src/fp_sqr_comba_4.i +++ b/ctaocrypt/src/fp_sqr_comba_4.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_4.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_48.i b/ctaocrypt/src/fp_sqr_comba_48.i index c81ffcca9..77cb92035 100644 --- a/ctaocrypt/src/fp_sqr_comba_48.i +++ b/ctaocrypt/src/fp_sqr_comba_48.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_48.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_6.i b/ctaocrypt/src/fp_sqr_comba_6.i index 58eb3cb67..189f339a4 100644 --- a/ctaocrypt/src/fp_sqr_comba_6.i +++ b/ctaocrypt/src/fp_sqr_comba_6.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_6.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_64.i b/ctaocrypt/src/fp_sqr_comba_64.i index 17ec5d57c..ca9742fd5 100644 --- a/ctaocrypt/src/fp_sqr_comba_64.i +++ b/ctaocrypt/src/fp_sqr_comba_64.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_64.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_7.i b/ctaocrypt/src/fp_sqr_comba_7.i index 3c9eca81a..1a0cd2c19 100644 --- a/ctaocrypt/src/fp_sqr_comba_7.i +++ b/ctaocrypt/src/fp_sqr_comba_7.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_7.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_8.i b/ctaocrypt/src/fp_sqr_comba_8.i index 251d4bed2..b71feae3b 100644 --- a/ctaocrypt/src/fp_sqr_comba_8.i +++ b/ctaocrypt/src/fp_sqr_comba_8.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_8.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_9.i b/ctaocrypt/src/fp_sqr_comba_9.i index 5b775ea76..1db06de22 100644 --- a/ctaocrypt/src/fp_sqr_comba_9.i +++ b/ctaocrypt/src/fp_sqr_comba_9.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_9.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_small_set.i b/ctaocrypt/src/fp_sqr_comba_small_set.i index aa8960890..96c06c017 100644 --- a/ctaocrypt/src/fp_sqr_comba_small_set.i +++ b/ctaocrypt/src/fp_sqr_comba_small_set.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_small_set.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/hc128.c b/ctaocrypt/src/hc128.c index 9a3509567..8c3b34369 100644 --- a/ctaocrypt/src/hc128.c +++ b/ctaocrypt/src/hc128.c @@ -1,6 +1,6 @@ /* hc128.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index 7a8144c62..63c3967ad 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -1,6 +1,6 @@ /* hmac.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/integer.c b/ctaocrypt/src/integer.c index 65338230b..94d5f944e 100644 --- a/ctaocrypt/src/integer.c +++ b/ctaocrypt/src/integer.c @@ -1,6 +1,6 @@ /* integer.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/logging.c b/ctaocrypt/src/logging.c index 6c627cd0d..2dfc551b7 100644 --- a/ctaocrypt/src/logging.c +++ b/ctaocrypt/src/logging.c @@ -1,6 +1,6 @@ /* logging.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/md2.c b/ctaocrypt/src/md2.c index 3f1d4bf96..125c0cd1a 100644 --- a/ctaocrypt/src/md2.c +++ b/ctaocrypt/src/md2.c @@ -1,6 +1,6 @@ /* md2.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/md4.c b/ctaocrypt/src/md4.c index ba34b37ef..d9a3dfc53 100644 --- a/ctaocrypt/src/md4.c +++ b/ctaocrypt/src/md4.c @@ -1,6 +1,6 @@ /* md4.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/md5.c b/ctaocrypt/src/md5.c index 1129a67b9..6009c569b 100644 --- a/ctaocrypt/src/md5.c +++ b/ctaocrypt/src/md5.c @@ -1,6 +1,6 @@ /* md5.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/memory.c b/ctaocrypt/src/memory.c index 7291c8557..a2e5fa883 100644 --- a/ctaocrypt/src/memory.c +++ b/ctaocrypt/src/memory.c @@ -1,6 +1,6 @@ /* memory.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/misc.c b/ctaocrypt/src/misc.c index 3efcfe65b..653be2f3b 100644 --- a/ctaocrypt/src/misc.c +++ b/ctaocrypt/src/misc.c @@ -1,6 +1,6 @@ /* misc.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index 5e8684489..b16638efc 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -1,6 +1,6 @@ /* pwdbased.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/rabbit.c b/ctaocrypt/src/rabbit.c index d62a94f2a..ee1b4d664 100644 --- a/ctaocrypt/src/rabbit.c +++ b/ctaocrypt/src/rabbit.c @@ -1,6 +1,6 @@ /* rabbit.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/random.c b/ctaocrypt/src/random.c index 1ef3ff546..ba5092e31 100644 --- a/ctaocrypt/src/random.c +++ b/ctaocrypt/src/random.c @@ -1,6 +1,6 @@ /* random.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/ripemd.c b/ctaocrypt/src/ripemd.c index 2d542c671..6501aac09 100644 --- a/ctaocrypt/src/ripemd.c +++ b/ctaocrypt/src/ripemd.c @@ -1,6 +1,6 @@ /* ripemd.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/rsa.c b/ctaocrypt/src/rsa.c index e6ac94b7f..9f93253fb 100644 --- a/ctaocrypt/src/rsa.c +++ b/ctaocrypt/src/rsa.c @@ -1,6 +1,6 @@ /* rsa.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/sha.c b/ctaocrypt/src/sha.c index 641438443..b0b0cc8f1 100644 --- a/ctaocrypt/src/sha.c +++ b/ctaocrypt/src/sha.c @@ -1,6 +1,6 @@ /* sha.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/sha256.c b/ctaocrypt/src/sha256.c index 99c0029dc..4dd3e11ef 100644 --- a/ctaocrypt/src/sha256.c +++ b/ctaocrypt/src/sha256.c @@ -1,6 +1,6 @@ /* sha256.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/sha512.c b/ctaocrypt/src/sha512.c index c2bf39639..f0f10338b 100644 --- a/ctaocrypt/src/sha512.c +++ b/ctaocrypt/src/sha512.c @@ -1,6 +1,6 @@ /* sha512.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/tfm.c b/ctaocrypt/src/tfm.c index 9d82c57af..7dfb24e35 100644 --- a/ctaocrypt/src/tfm.c +++ b/ctaocrypt/src/tfm.c @@ -1,6 +1,6 @@ /* tfm.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index c7063876e..0f9b434f3 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1,6 +1,6 @@ /* test.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/test/test.h b/ctaocrypt/test/test.h index b4cc161e0..17e8e90b6 100644 --- a/ctaocrypt/test/test.h +++ b/ctaocrypt/test/test.h @@ -1,6 +1,6 @@ /* ctaocrypt/test/test.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/callbacks.h b/cyassl/callbacks.h index 11092401c..71f23bc43 100644 --- a/cyassl/callbacks.h +++ b/cyassl/callbacks.h @@ -1,6 +1,6 @@ /* cyassl_callbacks.h * - * Copyright (C) 2013 Sawtooth Consulting Ltd. + * Copyright (C) 2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/crl.h b/cyassl/crl.h index 6209023a6..4b350164f 100644 --- a/cyassl/crl.h +++ b/cyassl/crl.h @@ -1,6 +1,6 @@ /* crl.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index 219183e52..18b7a035c 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/arc4.h b/cyassl/ctaocrypt/arc4.h index 1e3edf214..2654aaaaa 100644 --- a/cyassl/ctaocrypt/arc4.h +++ b/cyassl/ctaocrypt/arc4.h @@ -1,6 +1,6 @@ /* arc4.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index 5953afd69..99854207c 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -1,6 +1,6 @@ /* asn.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index ba98b1b8c..a1b05bcd5 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -1,6 +1,6 @@ /* asn_public.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/camellia.h b/cyassl/ctaocrypt/camellia.h index f736ce1d7..32219cbf1 100644 --- a/cyassl/ctaocrypt/camellia.h +++ b/cyassl/ctaocrypt/camellia.h @@ -27,7 +27,7 @@ /* camellia.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/coding.h b/cyassl/ctaocrypt/coding.h index 17d9a2665..a22cd3801 100644 --- a/cyassl/ctaocrypt/coding.h +++ b/cyassl/ctaocrypt/coding.h @@ -1,6 +1,6 @@ /* coding.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index 6a58a7abe..6a970d40d 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -1,6 +1,6 @@ /* des3.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/dh.h b/cyassl/ctaocrypt/dh.h index 552a2c8f8..35f5a481c 100644 --- a/cyassl/ctaocrypt/dh.h +++ b/cyassl/ctaocrypt/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/dsa.h b/cyassl/ctaocrypt/dsa.h index a4c58269d..b8cc026a4 100644 --- a/cyassl/ctaocrypt/dsa.h +++ b/cyassl/ctaocrypt/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/ecc.h b/cyassl/ctaocrypt/ecc.h index 3b0932a01..7b5e8d5ed 100644 --- a/cyassl/ctaocrypt/ecc.h +++ b/cyassl/ctaocrypt/ecc.h @@ -1,6 +1,6 @@ /* ecc.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/error.h b/cyassl/ctaocrypt/error.h index 0cc2639ce..204600721 100644 --- a/cyassl/ctaocrypt/error.h +++ b/cyassl/ctaocrypt/error.h @@ -1,6 +1,6 @@ /* error.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/hc128.h b/cyassl/ctaocrypt/hc128.h index d805269b4..c395b0483 100644 --- a/cyassl/ctaocrypt/hc128.h +++ b/cyassl/ctaocrypt/hc128.h @@ -1,6 +1,6 @@ /* hc128.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/hmac.h b/cyassl/ctaocrypt/hmac.h index f4d9415e9..7d71522be 100644 --- a/cyassl/ctaocrypt/hmac.h +++ b/cyassl/ctaocrypt/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/integer.h b/cyassl/ctaocrypt/integer.h index efe209030..9b4b6db16 100644 --- a/cyassl/ctaocrypt/integer.h +++ b/cyassl/ctaocrypt/integer.h @@ -1,6 +1,6 @@ /* integer.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/logging.h b/cyassl/ctaocrypt/logging.h index 514c50ae8..04ad59e24 100644 --- a/cyassl/ctaocrypt/logging.h +++ b/cyassl/ctaocrypt/logging.h @@ -1,6 +1,6 @@ /* logging.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/md2.h b/cyassl/ctaocrypt/md2.h index 632612ec5..ea67d8912 100644 --- a/cyassl/ctaocrypt/md2.h +++ b/cyassl/ctaocrypt/md2.h @@ -1,6 +1,6 @@ /* md2.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/md4.h b/cyassl/ctaocrypt/md4.h index 01f3a0861..1a581aacb 100644 --- a/cyassl/ctaocrypt/md4.h +++ b/cyassl/ctaocrypt/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/md5.h b/cyassl/ctaocrypt/md5.h index 95d4a4b6b..6c4b8c887 100644 --- a/cyassl/ctaocrypt/md5.h +++ b/cyassl/ctaocrypt/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/memory.h b/cyassl/ctaocrypt/memory.h index ba3468964..9646c106f 100644 --- a/cyassl/ctaocrypt/memory.h +++ b/cyassl/ctaocrypt/memory.h @@ -1,6 +1,6 @@ /* memory.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/misc.h b/cyassl/ctaocrypt/misc.h index d48ea285b..49c9fa179 100644 --- a/cyassl/ctaocrypt/misc.h +++ b/cyassl/ctaocrypt/misc.h @@ -1,6 +1,6 @@ /* misc.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/mpi_class.h b/cyassl/ctaocrypt/mpi_class.h index ddd0f0347..d27ea2371 100644 --- a/cyassl/ctaocrypt/mpi_class.h +++ b/cyassl/ctaocrypt/mpi_class.h @@ -1,6 +1,6 @@ /* mpi_class.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/mpi_superclass.h b/cyassl/ctaocrypt/mpi_superclass.h index 1f383d1b4..a6cc2608d 100644 --- a/cyassl/ctaocrypt/mpi_superclass.h +++ b/cyassl/ctaocrypt/mpi_superclass.h @@ -1,6 +1,6 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/pwdbased.h b/cyassl/ctaocrypt/pwdbased.h index 27f09a8d8..4e85f0ee5 100644 --- a/cyassl/ctaocrypt/pwdbased.h +++ b/cyassl/ctaocrypt/pwdbased.h @@ -1,6 +1,6 @@ /* pwdbased.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/rabbit.h b/cyassl/ctaocrypt/rabbit.h index a1af385d9..93f9c7a95 100644 --- a/cyassl/ctaocrypt/rabbit.h +++ b/cyassl/ctaocrypt/rabbit.h @@ -1,6 +1,6 @@ /* rabbit.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/random.h b/cyassl/ctaocrypt/random.h index f4ac5ae58..8aa294296 100644 --- a/cyassl/ctaocrypt/random.h +++ b/cyassl/ctaocrypt/random.h @@ -1,6 +1,6 @@ /* random.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/ripemd.h b/cyassl/ctaocrypt/ripemd.h index 582afae8e..eb9956cb2 100644 --- a/cyassl/ctaocrypt/ripemd.h +++ b/cyassl/ctaocrypt/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/rsa.h b/cyassl/ctaocrypt/rsa.h index 1d3d4765b..a4339e158 100644 --- a/cyassl/ctaocrypt/rsa.h +++ b/cyassl/ctaocrypt/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index 84a40f01b..b80bcc13f 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -1,6 +1,6 @@ /* settings.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/sha.h b/cyassl/ctaocrypt/sha.h index b24f8f9d3..aaed8813a 100644 --- a/cyassl/ctaocrypt/sha.h +++ b/cyassl/ctaocrypt/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/sha256.h b/cyassl/ctaocrypt/sha256.h index a02d9dddd..7c65e133c 100644 --- a/cyassl/ctaocrypt/sha256.h +++ b/cyassl/ctaocrypt/sha256.h @@ -1,6 +1,6 @@ /* sha256.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/sha512.h b/cyassl/ctaocrypt/sha512.h index 2caa8d4b0..c9ec31a8d 100644 --- a/cyassl/ctaocrypt/sha512.h +++ b/cyassl/ctaocrypt/sha512.h @@ -1,6 +1,6 @@ /* sha512.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index d76ab2d9b..314feb608 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -1,6 +1,6 @@ /* tfm.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 2bc0231f8..b08628d74 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -1,6 +1,6 @@ /* types.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/visibility.h b/cyassl/ctaocrypt/visibility.h index 2fc38bdfc..6efe2728b 100644 --- a/cyassl/ctaocrypt/visibility.h +++ b/cyassl/ctaocrypt/visibility.h @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/error.h b/cyassl/error.h index 48c55ebbf..e7c4007d5 100644 --- a/cyassl/error.h +++ b/cyassl/error.h @@ -1,6 +1,6 @@ /* error.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/internal.h b/cyassl/internal.h index c3ad3d2a1..49a3a35b1 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ocsp.h b/cyassl/ocsp.h index 32a72fec7..8ce560a43 100644 --- a/cyassl/ocsp.h +++ b/cyassl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/des.h b/cyassl/openssl/des.h index ef7a3c046..8bedd3cc5 100644 --- a/cyassl/openssl/des.h +++ b/cyassl/openssl/des.h @@ -1,6 +1,6 @@ /* des.h * - * Copyright (C) 2013 Sawtooth Consulting Ltd. + * Copyright (C) 2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/evp.h b/cyassl/openssl/evp.h index 8b7aab642..b934e6112 100644 --- a/cyassl/openssl/evp.h +++ b/cyassl/openssl/evp.h @@ -1,6 +1,6 @@ /* evp.h * - * Copyright (C) 2013 Sawtooth Consulting Ltd. + * Copyright (C) 2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/hmac.h b/cyassl/openssl/hmac.h index e9c629e9a..ac966f4e8 100644 --- a/cyassl/openssl/hmac.h +++ b/cyassl/openssl/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2013 Sawtooth Consulting Ltd. + * Copyright (C) 2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index 0fb042182..b5070d18f 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/sniffer.h b/cyassl/sniffer.h index 4321a5edb..543b2e6cf 100644 --- a/cyassl/sniffer.h +++ b/cyassl/sniffer.h @@ -1,6 +1,6 @@ /* sniffer.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/sniffer_error.h b/cyassl/sniffer_error.h index 8b64109a5..586efcb7d 100644 --- a/cyassl/sniffer_error.h +++ b/cyassl/sniffer_error.h @@ -1,6 +1,6 @@ /* sniffer_error.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 2f892a2f0..7821b0456 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/version.h b/cyassl/version.h index 3a026c833..403c3725a 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -1,6 +1,6 @@ /* cyassl_version.h.in * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/version.h.in b/cyassl/version.h.in index 622536707..f84bd0cd1 100644 --- a/cyassl/version.h.in +++ b/cyassl/version.h.in @@ -1,6 +1,6 @@ /* cyassl_version.h.in * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/client/client.c b/examples/client/client.c index 3d6fc0432..0702c22a3 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/client/client.h b/examples/client/client.h index 1e9cc3aeb..75356b75f 100644 --- a/examples/client/client.h +++ b/examples/client/client.h @@ -1,6 +1,6 @@ /* client.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index f1aeb445f..51944d643 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -1,6 +1,6 @@ /* echoclient.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/echoclient/echoclient.h b/examples/echoclient/echoclient.h index 0ddb68e57..815301a8c 100644 --- a/examples/echoclient/echoclient.h +++ b/examples/echoclient/echoclient.h @@ -1,6 +1,6 @@ /* echoclient.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 45b9bd47b..d5c11405e 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -1,6 +1,6 @@ /* echoserver.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/echoserver/echoserver.h b/examples/echoserver/echoserver.h index 6df8d91eb..e88c4c699 100644 --- a/examples/echoserver/echoserver.h +++ b/examples/echoserver/echoserver.h @@ -1,6 +1,6 @@ /* echoserver.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/server/server.c b/examples/server/server.c index 1ebfbce32..7bf278805 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/server/server.h b/examples/server/server.h index 537177a27..3c03c4dba 100644 --- a/examples/server/server.h +++ b/examples/server/server.h @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/mplabx/ctaocrypt_benchmark.X/main.c b/mplabx/ctaocrypt_benchmark.X/main.c index 4e76f1548..587eae1e2 100644 --- a/mplabx/ctaocrypt_benchmark.X/main.c +++ b/mplabx/ctaocrypt_benchmark.X/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/mplabx/ctaocrypt_test.X/main.c b/mplabx/ctaocrypt_test.X/main.c index 951b2edd6..1ecfc2ada 100644 --- a/mplabx/ctaocrypt_test.X/main.c +++ b/mplabx/ctaocrypt_test.X/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/src/crl.c b/src/crl.c index 7a91b5115..38487eb67 100644 --- a/src/crl.c +++ b/src/crl.c @@ -1,6 +1,6 @@ /* crl.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/src/internal.c b/src/internal.c index f89999388..3c6689f56 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1,6 +1,6 @@ /* internal.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/src/io.c b/src/io.c index d658425f3..8e22d5979 100644 --- a/src/io.c +++ b/src/io.c @@ -1,6 +1,6 @@ /* io.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/src/keys.c b/src/keys.c index 5c4706279..4b89013ff 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1,6 +1,6 @@ /* keys.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/src/ocsp.c b/src/ocsp.c index fb918afd1..c9838b556 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1,6 +1,6 @@ /* ocsp.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/src/sniffer.c b/src/sniffer.c index 0198a842b..56aeac9d8 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1,6 +1,6 @@ /* sniffer.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/src/ssl.c b/src/ssl.c index 7aeaaa4ae..7bb755ba5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1,6 +1,6 @@ /* ssl.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/src/tls.c b/src/tls.c index 997d19179..ff555d022 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1,6 +1,6 @@ /* tls.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 75fbd4bf2..6cb141b77 100755 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -1,6 +1,6 @@ /* snifftest.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/swig/cyassl.i b/swig/cyassl.i index 8101c3ed0..a381ad689 100644 --- a/swig/cyassl.i +++ b/swig/cyassl.i @@ -1,6 +1,6 @@ /* cyassl.i * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/swig/cyassl_adds.c b/swig/cyassl_adds.c index 189c9fa6b..d9035f17b 100644 --- a/swig/cyassl_adds.c +++ b/swig/cyassl_adds.c @@ -1,6 +1,6 @@ /* cyassl_adds.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/tests/api.c b/tests/api.c index bd9d88b80..7d5c417a9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1,6 +1,6 @@ /* api.c API unit tests * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/tests/hash.c b/tests/hash.c index 1e6fc3fb2..420dc36cb 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -1,6 +1,6 @@ /* hash.c has unit tests * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/tests/suites.c b/tests/suites.c index c35091b90..47d318019 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -1,6 +1,6 @@ /* suites.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index aa17dbdf5..afa3e4199 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -1,6 +1,6 @@ /* testsuite.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * From 30004498c5520a47e42323a8088b5e23bc8c9283 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 6 Feb 2013 13:08:28 -0800 Subject: [PATCH 27/52] For TLSv1.2, cert and key messages use SHA-256 or SHA-384 as expected. --- cyassl/internal.h | 13 +- src/internal.c | 338 +++++++++++++++++++++++++++++++++++++--------- src/tls.c | 6 - 3 files changed, 282 insertions(+), 75 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 4d3f0b583..2d426a890 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1164,14 +1164,15 @@ CYASSL_LOCAL void InitCiphers(CYASSL* ssl); CYASSL_LOCAL void FreeCiphers(CYASSL* ssl); +#ifdef CYASSL_SHA384 + #define HASHES_SZ SHA384_DIGEST_SIZE +#else + #define HASHES_SZ FINISHED_SZ +#endif + /* hashes type */ typedef struct Hashes { - #ifndef NO_MD5 - byte md5[MD5_DIGEST_SIZE]; - byte sha[SHA_DIGEST_SIZE]; - #else - byte hash[FINISHED_SZ]; - #endif + byte hash[HASHES_SZ]; } Hashes; diff --git a/src/internal.c b/src/internal.c index 6158c4d0c..df6a03781 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2270,7 +2270,7 @@ static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender) Md5Update(&ssl->hashMd5, PAD2, PAD_MD5); Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE); - Md5Final(&ssl->hashMd5, hashes->md5); + Md5Final(&ssl->hashMd5, &hashes->hash[0]); } @@ -2290,7 +2290,7 @@ static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender) ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA); ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE); - ShaFinal(&ssl->hashSha, hashes->sha); + ShaFinal(&ssl->hashSha, &hashes->hash[MD5_DIGEST_SIZE]); } #endif @@ -4322,29 +4322,58 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) /* store current states, building requires get_digest which resets state */ Md5 md5 = ssl->hashMd5; Sha sha = ssl->hashSha; -#ifndef NO_SHA256 /* for possible future changes */ - Sha256 sha256; - InitSha256(&sha256); - if (IsAtLeastTLSv1_2(ssl)) - sha256 = ssl->hashSha256; -#endif + #ifndef NO_SHA256 + Sha256 sha256; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + #endif + + #ifndef NO_SHA256 + InitSha256(&sha256); + if (IsAtLeastTLSv1_2(ssl)) + sha256 = ssl->hashSha256; + #endif + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + if (IsAtLeastTLSv1_2(ssl)) + sha384 = ssl->hashSha384; + #endif if (ssl->options.tls) { - Md5Final(&ssl->hashMd5, hashes->md5); - ShaFinal(&ssl->hashSha, hashes->sha); + if (IsAtLeastTLSv1_2(ssl)) { + if (ssl->specs.mac_algorithm <= sha256_mac) { + #ifndef NO_SHA256 + Sha256Final(&ssl->hashSha256, hashes->hash); + #endif + } + else if (ssl->specs.mac_algorithm == sha384_mac) { + #ifdef CYASSL_SHA384 + Sha384Final(&ssl->hashSha384, hashes->hash); + #endif + } + } + else { + Md5Final(&ssl->hashMd5, &hashes->hash[0]); + ShaFinal(&ssl->hashSha, &hashes->hash[MD5_DIGEST_SIZE]); + } } else { - BuildMD5_CertVerify(ssl, hashes->md5); - BuildSHA_CertVerify(ssl, hashes->sha); + BuildMD5_CertVerify(ssl, &hashes->hash[0]); + BuildSHA_CertVerify(ssl, &hashes->hash[MD5_DIGEST_SIZE]); } /* restore */ ssl->hashMd5 = md5; ssl->hashSha = sha; -#ifndef NO_SHA256 - if (IsAtLeastTLSv1_2(ssl)) - ssl->hashSha256 = sha256; -#endif + #ifndef NO_SHA256 + if (IsAtLeastTLSv1_2(ssl)) + ssl->hashSha256 = sha256; + #endif + #ifdef CYASSL_SHA384 + if (IsAtLeastTLSv1_2(ssl)) + ssl->hashSha384 = sha384; + #endif } #endif @@ -6403,6 +6432,14 @@ int SetCipherList(Suites* s, const char* list) Md5 md5; Sha sha; byte hash[FINISHED_SZ]; + #ifndef NO_SHA256 + Sha256 sha256; + byte hash256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + byte hash384[SHA384_DIGEST_SIZE]; + #endif byte messageVerify[MAX_DH_SZ]; /* adjust from start idx */ @@ -6442,6 +6479,22 @@ int SetCipherList(Suites* s, const char* list) ShaUpdate(&sha, messageVerify, verifySz); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); + #ifndef NO_SHA256 + InitSha256(&sha256); + Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + Sha256Update(&sha256, messageVerify, verifySz); + Sha256Final(&sha256, hash256); + #endif + + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + Sha384Update(&sha384, messageVerify, verifySz); + Sha384Final(&sha384, hash384); + #endif + /* rsa */ if (ssl->specs.sig_algo == rsa_sa_algo) { @@ -6456,14 +6509,24 @@ int SetCipherList(Suites* s, const char* list) if (IsAtLeastTLSv1_2(ssl)) { byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 encSigSz; - byte* digest; - int typeH; - int digestSz; + byte* digest = &hash[MD5_DIGEST_SIZE]; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = &hash[MD5_DIGEST_SIZE]; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (ssl->specs.mac_algorithm <= sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->specs.mac_algorithm == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); @@ -6480,11 +6543,28 @@ int SetCipherList(Suites* s, const char* list) /* ecdsa */ else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { int verify = 0, ret; + byte* digest = &hash[MD5_DIGEST_SIZE]; + word32 digestSz = SHA_DIGEST_SIZE; if (!ssl->peerEccDsaKeyPresent) return NO_PEER_KEY; - ret = ecc_verify_hash(signature, sigLen, &hash[MD5_DIGEST_SIZE], - SHA_DIGEST_SIZE, &verify, ssl->peerEccDsaKey); + if (IsAtLeastTLSv1_2(ssl)) { + if (ssl->specs.mac_algorithm <= sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->specs.mac_algorithm == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + + ret = ecc_verify_hash(signature, sigLen, digest, digestSz, + &verify, ssl->peerEccDsaKey); if (ret != 0 || verify == 0) return VERIFY_SIGN_ERROR; } @@ -6799,8 +6879,8 @@ int SetCipherList(Suites* s, const char* list) if (ret == 0) { byte* verify = (byte*)&output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ]; - byte* signBuffer = ssl->certHashes.md5; - word32 signSz = sizeof(Hashes); + byte* signBuffer = ssl->certHashes.hash; + word32 signSz = FINISHED_SZ; byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 extraSz = 0; /* tls 1.2 hash/sig */ @@ -6810,7 +6890,7 @@ int SetCipherList(Suites* s, const char* list) #endif length = sigOutSz; if (IsAtLeastTLSv1_2(ssl)) { - verify[0] = sha_mac; + verify[0] = ssl->specs.mac_algorithm; verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo; extraSz = HASH_SIG_SIZE; } @@ -6819,21 +6899,46 @@ int SetCipherList(Suites* s, const char* list) if (usingEcc) { #ifdef HAVE_ECC word32 localSz = sigOutSz; - ret = ecc_sign_hash(signBuffer + MD5_DIGEST_SIZE, - SHA_DIGEST_SIZE, verify + extraSz + VERIFY_HEADER, + word32 digestSz = SHA_DIGEST_SIZE; + byte* digest = signBuffer + MD5_DIGEST_SIZE; + + if (IsAtLeastTLSv1_2(ssl)) { + digest = ssl->certHashes.hash; + if (ssl->specs.mac_algorithm <= sha256_mac) { + #ifndef NO_SHA256 + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->specs.mac_algorithm == sha384_mac) { + #ifdef CYASSL_SHA384 + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + + ret = ecc_sign_hash(digest, digestSz, + verify + extraSz + VERIFY_HEADER, &localSz, ssl->rng, &eccKey); #endif } else { if (IsAtLeastTLSv1_2(ssl)) { - byte* digest; - int typeH; - int digestSz; + byte* digest = ssl->certHashes.hash; + int digestSz = SHA_DIGEST_SIZE; + int typeH = SHAh; - /* sha1 for now */ - digest = ssl->certHashes.sha; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (ssl->specs.mac_algorithm <= sha256_mac) { + #ifndef NO_SHA256 + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->specs.mac_algorithm == sha384_mac) { + #ifdef CYASSL_SHA384 + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } signSz = EncodeSignature(encodedSig, digest,digestSz,typeH); signBuffer = encodedSig; @@ -7183,6 +7288,14 @@ int SetCipherList(Suites* s, const char* list) Md5 md5; Sha sha; byte hash[FINISHED_SZ]; + #ifndef NO_SHA256 + Sha256 sha256; + byte hash256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + byte hash384[SHA384_DIGEST_SIZE]; + #endif /* md5 */ InitMd5(&md5); @@ -7198,22 +7311,48 @@ int SetCipherList(Suites* s, const char* list) ShaUpdate(&sha, output + preSigIdx, preSigSz); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); + #ifndef NO_SHA256 + InitSha256(&sha256); + Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + Sha256Update(&sha256, output + preSigIdx, preSigSz); + Sha256Final(&sha256, hash256); + #endif + + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + Sha384Update(&sha384, output + preSigIdx, preSigSz); + Sha384Final(&sha384, hash384); + #endif + if (ssl->specs.sig_algo == rsa_sa_algo) { byte* signBuffer = hash; word32 signSz = sizeof(hash); byte encodedSig[MAX_ENCODED_SIG_SZ]; if (IsAtLeastTLSv1_2(ssl)) { - byte* digest; - int hType; - int digestSz; + byte* digest = &hash[MD5_DIGEST_SIZE]; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = &hash[MD5_DIGEST_SIZE]; - hType = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (ssl->specs.mac_algorithm <= sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->specs.mac_algorithm == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } signSz = EncodeSignature(encodedSig, digest, digestSz, - hType); + typeH); signBuffer = encodedSig; } ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz, @@ -7226,9 +7365,26 @@ int SetCipherList(Suites* s, const char* list) return ret; } else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { + byte* digest = &hash[MD5_DIGEST_SIZE]; + word32 digestSz = SHA_DIGEST_SIZE; word32 sz = sigSz; - ret = ecc_sign_hash(&hash[MD5_DIGEST_SIZE], SHA_DIGEST_SIZE, + if (IsAtLeastTLSv1_2(ssl)) { + if (ssl->specs.mac_algorithm <= sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->specs.mac_algorithm == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + + ret = ecc_sign_hash(digest, digestSz, output + idx, &sz, ssl->rng, &dsaKey); FreeRsaKey(&rsaKey); ecc_free(&dsaKey); @@ -7385,6 +7541,14 @@ int SetCipherList(Suites* s, const char* list) Md5 md5; Sha sha; byte hash[FINISHED_SZ]; + #ifndef NO_SHA256 + Sha256 sha256; + byte hash256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + byte hash384[SHA384_DIGEST_SIZE]; + #endif /* md5 */ InitMd5(&md5); @@ -7400,19 +7564,45 @@ int SetCipherList(Suites* s, const char* list) ShaUpdate(&sha, output + preSigIdx, preSigSz); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); + #ifndef NO_SHA256 + InitSha256(&sha256); + Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + Sha256Update(&sha256, output + preSigIdx, preSigSz); + Sha256Final(&sha256, hash256); + #endif + + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + Sha384Update(&sha384, output + preSigIdx, preSigSz); + Sha384Final(&sha384, hash384); + #endif + if (ssl->specs.sig_algo == rsa_sa_algo) { byte* signBuffer = hash; word32 signSz = sizeof(hash); byte encodedSig[MAX_ENCODED_SIG_SZ]; if (IsAtLeastTLSv1_2(ssl)) { - byte* digest; - int typeH; - int digestSz; + byte* digest = &hash[MD5_DIGEST_SIZE]; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = &hash[MD5_DIGEST_SIZE]; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (ssl->specs.mac_algorithm <= sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->specs.mac_algorithm == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } signSz = EncodeSignature(encodedSig, digest, digestSz, typeH); @@ -8304,14 +8494,22 @@ int SetCipherList(Suites* s, const char* list) if (IsAtLeastTLSv1_2(ssl)) { byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 sigSz; - byte* digest; - int typeH; - int digestSz; + byte* digest = ssl->certHashes.hash; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = ssl->certHashes.sha; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (ssl->specs.mac_algorithm <= sha256_mac) { + #ifndef NO_SHA256 + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->specs.mac_algorithm == sha384_mac) { + #ifdef CYASSL_SHA384 + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); @@ -8320,8 +8518,8 @@ int SetCipherList(Suites* s, const char* list) ret = 0; /* verified */ } else { - if (outLen == sizeof(ssl->certHashes) && XMEMCMP(out, - &ssl->certHashes, sizeof(ssl->certHashes)) == 0) + if (outLen == FINISHED_SZ && XMEMCMP(out, + &ssl->certHashes, FINISHED_SZ) == 0) ret = 0; /* verified */ } } @@ -8330,10 +8528,24 @@ int SetCipherList(Suites* s, const char* list) if (ssl->peerEccDsaKeyPresent) { int verify = 0; int err = -1; + byte* digest = ssl->certHashes.hash; + word32 digestSz = SHA_DIGEST_SIZE; CYASSL_MSG("Doing ECC peer cert verify"); - err = ecc_verify_hash(sig, sz, ssl->certHashes.sha, SHA_DIGEST_SIZE, + if (IsAtLeastTLSv1_2(ssl)) { + if (ssl->specs.mac_algorithm <= sha256_mac) { + #ifndef NO_SHA256 + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->specs.mac_algorithm == sha384_mac) { + #ifdef CYASSL_SHA384 + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + err = ecc_verify_hash(sig, sz, digest, digestSz, &verify, ssl->peerEccDsaKey); if (err == 0 && verify == 1) diff --git a/src/tls.c b/src/tls.c index db19785f6..b3e67c27d 100644 --- a/src/tls.c +++ b/src/tls.c @@ -239,15 +239,9 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) else side = tls_server; -#ifndef NO_MD5 - PRF(hashes->md5, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, - side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), - ssl->specs.mac_algorithm); -#else PRF(hashes->hash, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); -#endif } From 982b72796e1ce74699976746e806ddb1ffb7e7c2 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 7 Feb 2013 11:26:02 -0800 Subject: [PATCH 28/52] added list for DTLS handshake datagram reordering --- cyassl/ctaocrypt/types.h | 3 +- cyassl/internal.h | 12 +++++++ src/internal.c | 76 +++++++++++++++++++++++++++++++++++++++- 3 files changed, 89 insertions(+), 2 deletions(-) diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 82bbaec5b..f6a06e19e 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -228,7 +228,8 @@ enum { DYNAMIC_TYPE_SOCKADDR = 35, DYNAMIC_TYPE_LIBZ = 36, DYNAMIC_TYPE_ECC = 37, - DYNAMIC_TYPE_TMP_BUFFER = 38 + DYNAMIC_TYPE_TMP_BUFFER = 38, + DYNAMIC_TYPE_DTLS_MSG = 39 }; /* stack protection */ diff --git a/cyassl/internal.h b/cyassl/internal.h index a7d7bdad4..9a68f0faf 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1385,6 +1385,13 @@ typedef struct DtlsPool { int used; } DtlsPool; +typedef struct DtlsMsg { + struct DtlsMsg* next; + word32 seq; + word32 sz; + byte msg[1500]; +} DtlsMsg; + /* CyaSSL ssl type */ struct CYASSL { @@ -1457,6 +1464,7 @@ struct CYASSL { #ifdef CYASSL_DTLS int dtls_timeout; DtlsPool* dtls_pool; + DtlsMsg* dtls_msg_list; #endif #ifdef CYASSL_CALLBACKS HandShakeInfo handShakeInfo; /* info saved during handshake */ @@ -1677,6 +1685,10 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength); CYASSL_LOCAL int DtlsPoolTimeout(CYASSL*); CYASSL_LOCAL int DtlsPoolSend(CYASSL*); CYASSL_LOCAL void DtlsPoolReset(CYASSL*); + CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, byte*, word32, void*); + CYASSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); + CYASSL_LOCAL void DtlsMsgListFree(DtlsMsg*, void*); + CYASSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); #endif /* CYASSL_DTLS */ #ifndef NO_TLS diff --git a/src/internal.c b/src/internal.c index f4c34a648..ad596254d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1164,6 +1164,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->keys.dtls_expected_peer_epoch = 0; ssl->dtls_timeout = DTLS_DEFAULT_TIMEOUT; ssl->dtls_pool = NULL; + ssl->dtls_msg_list = NULL; #endif ssl->keys.encryptionOn = 0; /* initially off */ ssl->keys.decryptedCur = 0; /* initially off */ @@ -1412,6 +1413,10 @@ void SSL_ResourceFree(CYASSL* ssl) DtlsPoolReset(ssl); XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_NONE); } + if (ssl->dtls_msg_list != NULL) { + DtlsMsgListFree(ssl->dtls_msg_list, ssl->heap); + ssl->dtls_msg_list = NULL; + } XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR); ssl->buffers.dtlsCtx.peer.sa = NULL; #endif @@ -1644,7 +1649,76 @@ int DtlsPoolSend(CYASSL* ssl) return 0; } -#endif + +/* functions for managing DTLS datagram reordering */ + +DtlsMsg* DtlsMsgNew(word32 dataSz, byte* data, word32 seq, void* heap) +{ + DtlsMsg* msg = NULL; + + if (dataSz > 0) + msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG); + + if (msg != NULL) { + msg->next = NULL; + msg->seq = seq; + msg->sz = dataSz; + XMEMCPY(msg->msg, data, dataSz); + } + + return msg; +} + + +void DtlsMsgDelete(DtlsMsg* msg, void* heap) +{ + (void)heap; + if (msg != NULL) + XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG); +} + + +void DtlsMsgListFree(DtlsMsg* head, void* heap) +{ + DtlsMsg* next; + while (head) { + next = head->next; + DtlsMsgDelete(head, heap); + head = next; + } +} + + +DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item) +{ + if (head == NULL || item->seq < head->seq) { + item->next = head; + head = item; + } + else if (head->next == NULL) { + head->next = item; + } + else { + DtlsMsg* cur = head->next; + DtlsMsg* prev = head; + while (cur) { + if (item->seq < cur->seq) { + item->next = cur; + prev->next = item; + break; + } + prev = cur; + cur = cur->next; + } + if (cur == NULL) { + prev->next = item; + } + } + + return head; +} + +#endif /* CYASSL_DTLS */ #ifndef NO_OLD_TLS From 8ace08499bc3d6f7c5037dadd474e78cc1ff4ff0 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 8 Feb 2013 11:21:48 -0800 Subject: [PATCH 29/52] make sure example CyaSSL_read()s that fill buffer don't overrun by 1 byte if trying to output with null terminator --- examples/client/client.c | 6 +++--- examples/echoclient/echoclient.c | 4 ++-- examples/echoserver/echoserver.c | 4 ++-- examples/server/server.c | 2 +- mqx/cyassl_client/Sources/main.c | 4 ++-- tests/api.c | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 0702c22a3..a58067910 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -419,14 +419,14 @@ void client_test(void* args) if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); - input = CyaSSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); if (sendGET) { /* get html */ while (1) { - input = CyaSSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); @@ -510,7 +510,7 @@ void client_test(void* args) #endif } - input = CyaSSL_read(sslResume, reply, sizeof(reply)); + input = CyaSSL_read(sslResume, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server resume response: %s\n", reply); diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 51944d643..9f9ce0a85 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -39,7 +39,7 @@ void echoclient_test(void* args) int outCreated = 0; char msg[1024]; - char reply[1024]; + char reply[1024+1]; SSL_METHOD* method = 0; SSL_CTX* ctx = 0; @@ -148,7 +148,7 @@ void echoclient_test(void* args) while (sendSz) { int got; - if ( (got = SSL_read(ssl, reply, sizeof(reply))) > 0) { + if ( (got = SSL_read(ssl, reply, sizeof(reply)-1)) > 0) { reply[got] = 0; fputs(reply, fout); sendSz -= got; diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index d5c11405e..364527607 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -163,7 +163,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) while (!shutDown) { CYASSL* ssl = 0; - char command[1024]; + char command[1024+1]; int echoSz = 0; int clientfd; int firstRead = 1; @@ -197,7 +197,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) showPeer(ssl); #endif - while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command))) > 0) { + while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command)-1)) > 0) { if (firstRead == 1) { firstRead = 0; /* browser may send 1 byte 'G' to start */ diff --git a/examples/server/server.c b/examples/server/server.c index 7bf278805..fc22537ad 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -351,7 +351,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #endif showPeer(ssl); - idx = SSL_read(ssl, input, sizeof(input)); + idx = SSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); diff --git a/mqx/cyassl_client/Sources/main.c b/mqx/cyassl_client/Sources/main.c index 7d04f9f3f..3938a87ac 100644 --- a/mqx/cyassl_client/Sources/main.c +++ b/mqx/cyassl_client/Sources/main.c @@ -214,13 +214,13 @@ void client_test(void) { if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("CyaSSL_write() failed"); - input = CyaSSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); while(1) { - input = CyaSSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); diff --git a/tests/api.c b/tests/api.c index 7d5c417a9..d598b4e73 100644 --- a/tests/api.c +++ b/tests/api.c @@ -651,7 +651,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) return 0; } - idx = CyaSSL_read(ssl, input, sizeof(input)); + idx = CyaSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); @@ -732,7 +732,7 @@ void test_client_nofail(void* args) return; } - input = CyaSSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; From 5f7359be7ebdf2f634e9e577109029f988278792 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 12 Feb 2013 13:47:13 -0800 Subject: [PATCH 30/52] Builds the hash/sig algorithm extension list based on the available cipher suites and hashes --- cyassl/internal.h | 12 ++++-- src/internal.c | 101 +++++++++++++++++++++++++++++++++++++++------- 2 files changed, 95 insertions(+), 18 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 2d426a890..c2c735289 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -480,10 +480,10 @@ enum Misc { CERT_HEADER_SZ = 3, /* always 3 bytes */ REQ_HEADER_SZ = 2, /* cert request header sz */ HINT_LEN_SZ = 2, /* length of hint size field */ - HELLO_EXT_SZ = 14, /* total length of the lazy hello extensions */ - HELLO_EXT_LEN = 12, /* length of the lazy hello extensions */ - HELLO_EXT_SIGALGO_SZ = 8, /* length of signature algo extension */ - HELLO_EXT_SIGALGO_LEN = 6, /* number of items in the signature algo list */ + HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */ + HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */ + HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */ + HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */ DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ @@ -749,6 +749,10 @@ typedef struct Suites { int setSuites; /* user set suites from default */ byte suites[MAX_SUITE_SZ]; word16 suiteSz; /* suite length in bytes */ + byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; + word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ + byte hashAlgo; /* selected hash algorithm */ + byte signAlgo; /* selected sig algorithm */ } Suites; diff --git a/src/internal.c b/src/internal.c index df6a03781..a64d7fce4 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1049,6 +1049,38 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, #endif suites->suiteSz = idx; + + { + idx = 0; + + if (haveECDSAsig) { + #ifdef CYASSL_SHA384 + suites->hashSigAlgo[idx++] = sha384_mac; + suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + #ifndef NO_SHA256 + suites->hashSigAlgo[idx++] = sha256_mac; + suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + suites->hashSigAlgo[idx++] = sha_mac; + suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + } + + if (haveRSAsig) { + #ifdef CYASSL_SHA384 + suites->hashSigAlgo[idx++] = sha384_mac; + suites->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + #ifndef NO_SHA256 + suites->hashSigAlgo[idx++] = sha256_mac; + suites->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + suites->hashSigAlgo[idx++] = sha_mac; + suites->hashSigAlgo[idx++] = rsa_sa_algo; + } + + suites->hashSigAlgoSz = idx; + } } @@ -5794,6 +5826,7 @@ int SetCipherList(Suites* s, const char* list) const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]); int idx = 0; + int haveRSA = 0, haveECDSA = 0; if (s == NULL) { CYASSL_MSG("SetCipherList suite pointer error"); @@ -5805,7 +5838,7 @@ int SetCipherList(Suites* s, const char* list) if (*list == 0) return 1; /* CyaSSL default */ - if (XSTRNCMP(haystack, "ALL", 3) == 0) return 1; /* CyaSSL defualt */ + if (XSTRNCMP(haystack, "ALL", 3) == 0) return 1; /* CyaSSL default */ for(;;) { word32 len; @@ -5828,6 +5861,15 @@ int SetCipherList(Suites* s, const char* list) s->suites[idx++] = 0x00; /* normal */ s->suites[idx++] = (byte)cipher_name_idx[i]; + /* The suites are either ECDSA, RSA, or PSK. The RSA suites + * don't necessarily have RSA in the name. */ + if ((haveECDSA == 0) && XSTRSTR(name, "ECDSA")) { + haveECDSA = 1; + } + else if ((haveRSA == 0) && (XSTRSTR(name, "PSK") == NULL)) { + haveRSA = 1; + } + if (!ret) ret = 1; /* found at least one */ break; } @@ -5838,6 +5880,36 @@ int SetCipherList(Suites* s, const char* list) if (ret) { s->setSuites = 1; s->suiteSz = (word16)idx; + + idx = 0; + + if (haveECDSA) { + #ifdef CYASSL_SHA384 + s->hashSigAlgo[idx++] = sha384_mac; + s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + #ifndef NO_SHA256 + s->hashSigAlgo[idx++] = sha256_mac; + s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + s->hashSigAlgo[idx++] = sha_mac; + s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + } + + if (haveRSA) { + #ifdef CYASSL_SHA384 + s->hashSigAlgo[idx++] = sha384_mac; + s->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + #ifndef NO_SHA256 + s->hashSigAlgo[idx++] = sha256_mac; + s->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + s->hashSigAlgo[idx++] = sha_mac; + s->hashSigAlgo[idx++] = rsa_sa_algo; + } + + s->hashSigAlgoSz = idx; } return ret; @@ -6009,9 +6081,11 @@ int SetCipherList(Suites* s, const char* list) + ssl->suites->suiteSz + SUITE_LEN + COMP_LEN + ENUM_LEN; - if (IsAtLeastTLSv1_2(ssl)) - length += HELLO_EXT_SZ; - + if (IsAtLeastTLSv1_2(ssl)) { + if (ssl->suites->hashSigAlgoSz) { + length += ssl->suites->hashSigAlgoSz + HELLO_EXT_SZ; + } + } sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; #ifdef CYASSL_DTLS @@ -6084,26 +6158,25 @@ int SetCipherList(Suites* s, const char* list) else output[idx++] = NO_COMPRESSION; - if (IsAtLeastTLSv1_2(ssl)) + if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) { + int i; /* add in the extensions length */ - c16toa(HELLO_EXT_LEN, output + idx); + c16toa(HELLO_EXT_LEN + ssl->suites->hashSigAlgoSz, output + idx); idx += 2; c16toa(HELLO_EXT_SIG_ALGO, output + idx); idx += 2; - c16toa(HELLO_EXT_SIGALGO_SZ, output + idx); + c16toa(HELLO_EXT_SIGALGO_SZ+ssl->suites->hashSigAlgoSz, output+idx); idx += 2; /* This is a lazy list setup. Eventually, we'll need to support * using other hash types or even other extensions. */ - c16toa(HELLO_EXT_SIGALGO_LEN, output + idx); + c16toa(ssl->suites->hashSigAlgoSz, output + idx); idx += 2; - output[idx++] = sha_mac; - output[idx++] = rsa_sa_algo; - output[idx++] = sha_mac; - output[idx++] = dsa_sa_algo; - output[idx++] = sha_mac; - output[idx++] = ecc_dsa_sa_algo; + for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) { + output[idx] = ssl->suites->hashSigAlgo[i]; + } + idx += i; } #ifdef CYASSL_DTLS From afb0cb3e2070cb559f85962548c01a54865750bb Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 12 Feb 2013 14:57:39 -0800 Subject: [PATCH 31/52] Fixed merge conflict with stashed code --- src/internal.c | 86 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 61 insertions(+), 25 deletions(-) diff --git a/src/internal.c b/src/internal.c index a64d7fce4..ba758c2e4 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4374,7 +4374,10 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) if (ssl->options.tls) { if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (ssl->specs.mac_algorithm == sha_mac) { + ShaFinal(&ssl->hashSha, hashes->hash); + } + else if (ssl->specs.mac_algorithm == sha256_mac) { #ifndef NO_SHA256 Sha256Final(&ssl->hashSha256, hashes->hash); #endif @@ -6081,10 +6084,8 @@ int SetCipherList(Suites* s, const char* list) + ssl->suites->suiteSz + SUITE_LEN + COMP_LEN + ENUM_LEN; - if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->suites->hashSigAlgoSz) { - length += ssl->suites->hashSigAlgoSz + HELLO_EXT_SZ; - } + if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) { + length += ssl->suites->hashSigAlgoSz + HELLO_EXT_SZ; } sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; @@ -6169,14 +6170,11 @@ int SetCipherList(Suites* s, const char* list) idx += 2; c16toa(HELLO_EXT_SIGALGO_SZ+ssl->suites->hashSigAlgoSz, output+idx); idx += 2; - /* This is a lazy list setup. Eventually, we'll need to support - * using other hash types or even other extensions. */ c16toa(ssl->suites->hashSigAlgoSz, output + idx); idx += 2; for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) { output[idx] = ssl->suites->hashSigAlgo[i]; } - idx += i; } #ifdef CYASSL_DTLS @@ -6514,6 +6512,8 @@ int SetCipherList(Suites* s, const char* list) byte hash384[SHA384_DIGEST_SIZE]; #endif byte messageVerify[MAX_DH_SZ]; + byte sigAlgo = ssl->specs.sig_algo; + byte hashAlgo = ssl->specs.mac_algorithm; /* adjust from start idx */ verifySz = (word16)(*inOutIdx - verifySz); @@ -6525,7 +6525,14 @@ int SetCipherList(Suites* s, const char* list) if (IsAtLeastTLSv1_2(ssl)) { /* just advance for now TODO: validate hash algo params */ - *inOutIdx += LENGTH_SZ; + /* XXX This is where we look at the signature algorithm, + * which should match what is in ssl->specs.sig_algo. We + * check that the hash is in our list of available hashes, + * and just use it and only it. */ + hashAlgo = input[*inOutIdx]; + *inOutIdx += 1; + sigAlgo = input[*inOutIdx]; + *inOutIdx += 1; } /* signature */ @@ -6569,7 +6576,7 @@ int SetCipherList(Suites* s, const char* list) #endif /* rsa */ - if (ssl->specs.sig_algo == rsa_sa_algo) + if (sigAlgo == rsa_sa_algo) { int ret; byte* out; @@ -6586,14 +6593,14 @@ int SetCipherList(Suites* s, const char* list) int typeH = SHAh; int digestSz = SHA_DIGEST_SIZE; - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (hashAlgo == sha256_mac) { #ifndef NO_SHA256 digest = hash256; typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; #endif } - else if (ssl->specs.mac_algorithm == sha384_mac) { + else if (hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 digest = hash384; typeH = SHA384h; @@ -6614,7 +6621,7 @@ int SetCipherList(Suites* s, const char* list) } #ifdef HAVE_ECC /* ecdsa */ - else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { + else if (sigAlgo == ecc_dsa_sa_algo) { int verify = 0, ret; byte* digest = &hash[MD5_DIGEST_SIZE]; word32 digestSz = SHA_DIGEST_SIZE; @@ -6622,13 +6629,13 @@ int SetCipherList(Suites* s, const char* list) return NO_PEER_KEY; if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (hashAlgo == sha256_mac) { #ifndef NO_SHA256 digest = hash256; digestSz = SHA256_DIGEST_SIZE; #endif } - else if (ssl->specs.mac_algorithm == sha384_mac) { + else if (hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 digest = hash384; digestSz = SHA384_DIGEST_SIZE; @@ -6964,7 +6971,7 @@ int SetCipherList(Suites* s, const char* list) length = sigOutSz; if (IsAtLeastTLSv1_2(ssl)) { verify[0] = ssl->specs.mac_algorithm; - verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo; + verify[1] = ssl->specs.sig_algo; extraSz = HASH_SIG_SIZE; } c16toa((word16)length, verify + extraSz); /* prepend verify header*/ @@ -6977,7 +6984,7 @@ int SetCipherList(Suites* s, const char* list) if (IsAtLeastTLSv1_2(ssl)) { digest = ssl->certHashes.hash; - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (ssl->specs.mac_algorithm == sha256_mac) { #ifndef NO_SHA256 digestSz = SHA256_DIGEST_SIZE; #endif @@ -7000,7 +7007,7 @@ int SetCipherList(Suites* s, const char* list) int digestSz = SHA_DIGEST_SIZE; int typeH = SHAh; - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (ssl->specs.mac_algorithm == sha256_mac) { #ifndef NO_SHA256 typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; @@ -7409,7 +7416,7 @@ int SetCipherList(Suites* s, const char* list) int typeH = SHAh; int digestSz = SHA_DIGEST_SIZE; - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (ssl->specs.mac_algorithm == sha256_mac) { #ifndef NO_SHA256 digest = hash256; typeH = SHA256h; @@ -7443,7 +7450,7 @@ int SetCipherList(Suites* s, const char* list) word32 sz = sigSz; if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (ssl->specs.mac_algorithm == sha256_mac) { #ifndef NO_SHA256 digest = hash256; digestSz = SHA256_DIGEST_SIZE; @@ -7662,7 +7669,7 @@ int SetCipherList(Suites* s, const char* list) int typeH = SHAh; int digestSz = SHA_DIGEST_SIZE; - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (ssl->specs.mac_algorithm == sha256_mac) { #ifndef NO_SHA256 digest = hash256; typeH = SHA256h; @@ -8489,8 +8496,37 @@ int SetCipherList(Suites* s, const char* list) ssl->options.clientState = CLIENT_HELLO_COMPLETE; *inOutIdx = i; - if ( (i - begin) < helloSz) - *inOutIdx = begin + helloSz; /* skip extensions */ + if ( (i - begin) < helloSz) { + if (IsAtLeastTLSv1_2(ssl)) { + word16 totalExtSz, extId, extSz; + + ato16(&input[i], &totalExtSz); + i += 2; + ato16(&input[i], &extId); + i += 2; + ato16(&input[i], &extSz); + i += 2; + ato16(&input[i], &clSuites.hashSigAlgoSz); + i += 2; + + if (i + clSuites.hashSigAlgoSz > totalSz) + return INCOMPLETE_DATA; + if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX) + return BUFFER_ERROR; + + XMEMCPY(clSuites.hashSigAlgo, input+i, clSuites.hashSigAlgoSz); + i += clSuites.hashSigAlgoSz; + + *inOutIdx = i; + } + else + *inOutIdx = begin + helloSz; /* skip extensions */ + } + else { + if (IsAtLeastTLSv1_2(ssl)) { + clSuites.hashSigAlgoSz = 0; + } + } ssl->options.haveSessionId = 1; /* ProcessOld uses same resume code */ @@ -8571,7 +8607,7 @@ int SetCipherList(Suites* s, const char* list) int typeH = SHAh; int digestSz = SHA_DIGEST_SIZE; - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (ssl->specs.mac_algorithm == sha256_mac) { #ifndef NO_SHA256 typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; @@ -8607,7 +8643,7 @@ int SetCipherList(Suites* s, const char* list) CYASSL_MSG("Doing ECC peer cert verify"); if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (ssl->specs.mac_algorithm == sha256_mac) { #ifndef NO_SHA256 digestSz = SHA256_DIGEST_SIZE; #endif From d65e5ef3e4d9fac98bf188a728038370ec95992f Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 13 Feb 2013 12:05:56 -0800 Subject: [PATCH 32/52] bug fix --- src/internal.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/internal.c b/src/internal.c index ba758c2e4..048ee9eee 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4374,8 +4374,8 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) if (ssl->options.tls) { if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->specs.mac_algorithm == sha_mac) { - ShaFinal(&ssl->hashSha, hashes->hash); + if (ssl->specs.mac_algorithm <= sha_mac) { + ShaFinal(&ssl->hashSha, &hashes->hash[MD5_DIGEST_SIZE]); } else if (ssl->specs.mac_algorithm == sha256_mac) { #ifndef NO_SHA256 @@ -7003,18 +7003,20 @@ int SetCipherList(Suites* s, const char* list) } else { if (IsAtLeastTLSv1_2(ssl)) { - byte* digest = ssl->certHashes.hash; + byte* digest = &ssl->certHashes.hash[MD5_DIGEST_SIZE]; int digestSz = SHA_DIGEST_SIZE; int typeH = SHAh; if (ssl->specs.mac_algorithm == sha256_mac) { #ifndef NO_SHA256 + digest = ssl->certHashes.hash; typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; #endif } else if (ssl->specs.mac_algorithm == sha384_mac) { #ifdef CYASSL_SHA384 + digest = ssl->certHashes.hash; typeH = SHA384h; digestSz = SHA384_DIGEST_SIZE; #endif @@ -7357,7 +7359,7 @@ int SetCipherList(Suites* s, const char* list) XMEMCPY(output + idx, exportBuf, expSz); idx += expSz; if (IsAtLeastTLSv1_2(ssl)) { - output[idx++] = sha_mac; + output[idx++] = ssl->specs.mac_algorithm; output[idx++] = ssl->specs.sig_algo; } c16toa((word16)sigSz, output + idx); @@ -7609,7 +7611,7 @@ int SetCipherList(Suites* s, const char* list) /* Add signature */ if (IsAtLeastTLSv1_2(ssl)) { - output[idx++] = sha_mac; + output[idx++] = ssl->specs.mac_algorithm; output[idx++] = ssl->specs.sig_algo; } /* size */ @@ -8603,18 +8605,20 @@ int SetCipherList(Suites* s, const char* list) if (IsAtLeastTLSv1_2(ssl)) { byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 sigSz; - byte* digest = ssl->certHashes.hash; + byte* digest = &ssl->certHashes.hash[MD5_DIGEST_SIZE]; int typeH = SHAh; int digestSz = SHA_DIGEST_SIZE; if (ssl->specs.mac_algorithm == sha256_mac) { #ifndef NO_SHA256 + digest = ssl->certHashes.hash; typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; #endif } else if (ssl->specs.mac_algorithm == sha384_mac) { #ifdef CYASSL_SHA384 + digest = ssl->certHashes.hash; typeH = SHA384h; digestSz = SHA384_DIGEST_SIZE; #endif From 657b10c8b24b13adc1a735afd4f129896c059eb3 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 13 Feb 2013 15:30:46 -0800 Subject: [PATCH 33/52] client sends sig/hash hello extension to server, server sends a selection (hardcoded) back, and both use the selection --- src/internal.c | 88 +++++++++++++++++++++++++++++--------------------- 1 file changed, 51 insertions(+), 37 deletions(-) diff --git a/src/internal.c b/src/internal.c index 048ee9eee..da86979e2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4374,15 +4374,15 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) if (ssl->options.tls) { if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->specs.mac_algorithm <= sha_mac) { + if (ssl->suites->hashAlgo <= sha_mac) { ShaFinal(&ssl->hashSha, &hashes->hash[MD5_DIGEST_SIZE]); } - else if (ssl->specs.mac_algorithm == sha256_mac) { + else if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 Sha256Final(&ssl->hashSha256, hashes->hash); #endif } - else if (ssl->specs.mac_algorithm == sha384_mac) { + else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 Sha384Final(&ssl->hashSha384, hashes->hash); #endif @@ -4695,8 +4695,8 @@ int SendCertificateRequest(CYASSL* ssl) c16toa(HASH_SIG_SIZE, &output[i]); i += LENGTH_SZ; - output[i++] = sha_mac; /* hash */ - output[i++] = rsa_sa_algo; /* sig */ + output[i++] = ssl->suites->hashAlgo; /* hash */ + output[i++] = ssl->specs.sig_algo; /* sig */ } c16toa(0, &output[i]); /* auth's */ @@ -6358,17 +6358,20 @@ int SetCipherList(Suites* s, const char* list) /* types, read in here */ *inOutIdx += len; - ato16(&input[*inOutIdx], &len); - *inOutIdx += LENGTH_SZ; if (IsAtLeastTLSv1_2(ssl)) { /* hash sig format */ - *inOutIdx += len; ato16(&input[*inOutIdx], &len); *inOutIdx += LENGTH_SZ; + /* XXX Read the hash sig format, can be more than one pair. */ + ssl->suites->hashAlgo = input[(*inOutIdx)++]; + ssl->suites->signAlgo = input[(*inOutIdx)++]; + /**inOutIdx += len;*/ } /* authorities */ + ato16(&input[*inOutIdx], &len); + *inOutIdx += LENGTH_SZ; while (len) { word16 dnSz; @@ -6970,7 +6973,7 @@ int SetCipherList(Suites* s, const char* list) #endif length = sigOutSz; if (IsAtLeastTLSv1_2(ssl)) { - verify[0] = ssl->specs.mac_algorithm; + verify[0] = ssl->suites->hashAlgo; verify[1] = ssl->specs.sig_algo; extraSz = HASH_SIG_SIZE; } @@ -6984,12 +6987,12 @@ int SetCipherList(Suites* s, const char* list) if (IsAtLeastTLSv1_2(ssl)) { digest = ssl->certHashes.hash; - if (ssl->specs.mac_algorithm == sha256_mac) { + if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 digestSz = SHA256_DIGEST_SIZE; #endif } - else if (ssl->specs.mac_algorithm == sha384_mac) { + else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 digestSz = SHA384_DIGEST_SIZE; #endif @@ -7007,14 +7010,14 @@ int SetCipherList(Suites* s, const char* list) int digestSz = SHA_DIGEST_SIZE; int typeH = SHAh; - if (ssl->specs.mac_algorithm == sha256_mac) { + if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 digest = ssl->certHashes.hash; typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; #endif } - else if (ssl->specs.mac_algorithm == sha384_mac) { + else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 digest = ssl->certHashes.hash; typeH = SHA384h; @@ -7359,7 +7362,7 @@ int SetCipherList(Suites* s, const char* list) XMEMCPY(output + idx, exportBuf, expSz); idx += expSz; if (IsAtLeastTLSv1_2(ssl)) { - output[idx++] = ssl->specs.mac_algorithm; + output[idx++] = ssl->suites->hashAlgo; output[idx++] = ssl->specs.sig_algo; } c16toa((word16)sigSz, output + idx); @@ -7418,14 +7421,14 @@ int SetCipherList(Suites* s, const char* list) int typeH = SHAh; int digestSz = SHA_DIGEST_SIZE; - if (ssl->specs.mac_algorithm == sha256_mac) { + if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 digest = hash256; typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; #endif } - else if (ssl->specs.mac_algorithm == sha384_mac) { + else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 digest = hash384; typeH = SHA384h; @@ -7452,13 +7455,13 @@ int SetCipherList(Suites* s, const char* list) word32 sz = sigSz; if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->specs.mac_algorithm == sha256_mac) { + if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 digest = hash256; digestSz = SHA256_DIGEST_SIZE; #endif } - else if (ssl->specs.mac_algorithm == sha384_mac) { + else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 digest = hash384; digestSz = SHA384_DIGEST_SIZE; @@ -7611,7 +7614,7 @@ int SetCipherList(Suites* s, const char* list) /* Add signature */ if (IsAtLeastTLSv1_2(ssl)) { - output[idx++] = ssl->specs.mac_algorithm; + output[idx++] = ssl->suites->hashAlgo; output[idx++] = ssl->specs.sig_algo; } /* size */ @@ -7671,14 +7674,14 @@ int SetCipherList(Suites* s, const char* list) int typeH = SHAh; int digestSz = SHA_DIGEST_SIZE; - if (ssl->specs.mac_algorithm == sha256_mac) { + if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 digest = hash256; typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; #endif } - else if (ssl->specs.mac_algorithm == sha384_mac) { + else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 digest = hash384; typeH = SHA384h; @@ -8179,7 +8182,6 @@ int SetCipherList(Suites* s, const char* list) if (ssl->suites == NULL) return SUITES_ERROR; - /* start with best, if a match we are good */ for (i = 0; i < ssl->suites->suiteSz; i += 2) for (j = 0; j < peerSuites->suiteSz; j += 2) @@ -8187,10 +8189,17 @@ int SetCipherList(Suites* s, const char* list) ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) { if (VerifySuite(ssl, i)) { + int result; CYASSL_MSG("Verified suite validity"); ssl->options.cipherSuite0 = ssl->suites->suites[i]; ssl->options.cipherSuite = ssl->suites->suites[i+1]; - return SetCipherSpecs(ssl); + result = SetCipherSpecs(ssl); + if (result == 0) { + /* XXX */ + ssl->suites->hashAlgo = sha256_mac; + ssl->suites->signAlgo = ssl->specs.sig_algo; + } + return result; } else { CYASSL_MSG("Could not verify suite validity, continue"); @@ -8508,16 +8517,21 @@ int SetCipherList(Suites* s, const char* list) i += 2; ato16(&input[i], &extSz); i += 2; - ato16(&input[i], &clSuites.hashSigAlgoSz); - i += 2; - - if (i + clSuites.hashSigAlgoSz > totalSz) - return INCOMPLETE_DATA; - if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX) - return BUFFER_ERROR; - - XMEMCPY(clSuites.hashSigAlgo, input+i, clSuites.hashSigAlgoSz); - i += clSuites.hashSigAlgoSz; + if (extId == HELLO_EXT_SIG_ALGO) { + ato16(&input[i], &clSuites.hashSigAlgoSz); + i += 2; + + if (i + clSuites.hashSigAlgoSz > totalSz) + return INCOMPLETE_DATA; + if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX) + return BUFFER_ERROR; + + XMEMCPY(clSuites.hashSigAlgo, + input+i, clSuites.hashSigAlgoSz); + i += clSuites.hashSigAlgoSz; + } + else + i += extSz; *inOutIdx = i; } @@ -8609,14 +8623,14 @@ int SetCipherList(Suites* s, const char* list) int typeH = SHAh; int digestSz = SHA_DIGEST_SIZE; - if (ssl->specs.mac_algorithm == sha256_mac) { + if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 digest = ssl->certHashes.hash; typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; #endif } - else if (ssl->specs.mac_algorithm == sha384_mac) { + else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 digest = ssl->certHashes.hash; typeH = SHA384h; @@ -8647,12 +8661,12 @@ int SetCipherList(Suites* s, const char* list) CYASSL_MSG("Doing ECC peer cert verify"); if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->specs.mac_algorithm == sha256_mac) { + if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 digestSz = SHA256_DIGEST_SIZE; #endif } - else if (ssl->specs.mac_algorithm == sha384_mac) { + else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 digestSz = SHA384_DIGEST_SIZE; #endif From 62ef5de25c18fd296a679ae74e2792e038a5636b Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 14 Feb 2013 14:09:41 -0800 Subject: [PATCH 34/52] scan build fixes --- ctaocrypt/benchmark/benchmark.c | 21 +++++++++++++++++---- ctaocrypt/src/asn.c | 6 ++++-- ctaocrypt/src/hmac.c | 3 ++- ctaocrypt/test/test.c | 14 ++++---------- cyassl/test.h | 21 ++++++++++++++++----- examples/client/client.c | 3 ++- src/ssl.c | 20 ++++++++++++++++++++ tests/api.c | 20 +++++++++++--------- tests/suites.c | 15 ++++++++++++++- 9 files changed, 90 insertions(+), 33 deletions(-) diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 6ca7b1abe..a8df9d993 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -619,6 +619,7 @@ RNG rng; void bench_rsa(void) { int i; + int ret; byte tmp[3072]; size_t bytes; word32 idx = 0; @@ -654,14 +655,18 @@ void bench_rsa(void) if (RsaInitCavium(&rsaKey, CAVIUM_DEV_ID) != 0) printf("RSA init cavium failed\n"); #endif - InitRng(&rng); + ret = InitRng(&rng); + if (ret < 0) { + printf("InitRNG failed\n"); + return; + } InitRsaKey(&rsaKey, 0); - bytes = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes); + ret = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes); start = current_time(1); for (i = 0; i < times; i++) - bytes = RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng); + ret = RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng); total = current_time(0) - start; each = total / times; /* per second */ @@ -670,11 +675,16 @@ void bench_rsa(void) printf("RSA %d encryption took %6.2f milliseconds, avg over %d" " iterations\n", rsaKeySz, milliEach, times); + if (ret < 0) { + printf("Rsa Public Encrypt failed\n"); + return; + } + start = current_time(1); for (i = 0; i < times; i++) { byte out[512]; /* for up to 4096 bit */ - RsaPrivateDecrypt(enc, (word32)bytes, out, sizeof(out), &rsaKey); + RsaPrivateDecrypt(enc, (word32)ret, out, sizeof(out), &rsaKey); } total = current_time(0) - start; @@ -736,6 +746,9 @@ void bench_dh(void) bytes = DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes); if (bytes != 0) { printf("dhekydecode failed, can't benchmark\n"); + #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + fclose(file); + #endif return; } diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 0cc31abf8..fcf812e8f 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -791,6 +791,8 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, ret += PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz, iterations, 8, typeH, 2); } + else + return ALGO_ID_E; if (ret != 0) return ret; @@ -1610,7 +1612,7 @@ static int GetName(DecodedCert* cert, int nameType) } if (email) { - if (14 > (ASN_NAME_MAX - idx)) { + if ( (14 + adv) > (int)(ASN_NAME_MAX - idx)) { CYASSL_MSG("ASN name too big, skipping"); tooBig = TRUE; } @@ -1633,7 +1635,7 @@ static int GetName(DecodedCert* cert, int nameType) } if (uid) { - if (5 > (ASN_NAME_MAX - idx)) { + if ( (5 + adv) > (int)(ASN_NAME_MAX - idx)) { CYASSL_MSG("ASN name too big, skipping"); tooBig = TRUE; } diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index 63c3967ad..ce5fe2920 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -154,7 +154,8 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) default: break; } - XMEMSET(ip + length, 0, hmac_block_size - length); + if ( (hmac_block_size - length) > 0) + XMEMSET(ip + length, 0, hmac_block_size - length); for(i = 0; i < hmac_block_size; i++) { op[i] = ip[i] ^ OPAD; diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 0f9b434f3..202170a2c 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -2110,6 +2110,7 @@ int rsa_test(void) "Please run from CyaSSL home dir", -40); bytes = fread(tmp, 1, FOURK_BUF, file); + fclose(file); #endif /* USE_CERT_BUFFERS */ #ifdef HAVE_CAVIUM @@ -2151,6 +2152,7 @@ int rsa_test(void) return -49; bytes = fread(tmp, 1, FOURK_BUF, file2); + fclose(file2); #endif #ifdef CYASSL_TEST_CERT @@ -2164,10 +2166,6 @@ int rsa_test(void) (void)bytes; #endif -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - fclose(file2); - fclose(file); -#endif #ifdef CYASSL_KEY_GEN { @@ -2541,6 +2539,7 @@ int dh_test(void) return -50; bytes = (word32) fread(tmp, 1, sizeof(tmp), file); + fclose(file); #endif /* USE_CERT_BUFFERS */ InitDhKey(&key); @@ -2573,9 +2572,6 @@ int dh_test(void) FreeDhKey(&key); FreeDhKey(&key2); -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - fclose(file); -#endif return 0; } @@ -2615,6 +2611,7 @@ int dsa_test(void) return -60; bytes = (word32) fread(tmp, 1, sizeof(tmp), file); + fclose(file); #endif /* USE_CERT_BUFFERS */ InitSha(&sha); @@ -2636,9 +2633,6 @@ int dsa_test(void) if (answer != 1) return -65; FreeDsaKey(&key); -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - fclose(file); -#endif return 0; } diff --git a/cyassl/test.h b/cyassl/test.h index 399614a7a..fe6118215 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -359,6 +359,9 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, int udp) else *sockfd = socket(AF_INET_V, SOCK_STREAM, 0); + if (*sockfd < 0) + err_sys("socket failed\n"); + #ifndef USE_WINDOWS_API #ifdef SO_NOSIGPIPE { @@ -414,7 +417,7 @@ enum { TEST_ERROR_READY }; -static INLINE int tcp_select(SOCKET_T socketfd, unsigned int to_sec) +static INLINE int tcp_select(SOCKET_T socketfd, int to_sec) { fd_set recvfds, errfds; SOCKET_T nfds = socketfd + 1; @@ -453,9 +456,11 @@ static INLINE void tcp_listen(SOCKET_T* sockfd, int port, int useAnyAddr, #ifndef USE_WINDOWS_API { - int on = 1; + int res, on = 1; socklen_t len = sizeof(on); - setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + if (res < 0) + err_sys("setsockopt SO_REUSEADDR failed\n"); } #endif @@ -500,9 +505,11 @@ static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, int useAnyAddr, #ifndef USE_WINDOWS_API { - int on = 1; + int res, on = 1; socklen_t len = sizeof(on); - setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + if (res < 0) + err_sys("setsockopt SO_REUSEADDR failed\n"); } #endif @@ -561,7 +568,11 @@ static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) int ret = ioctlsocket(*sockfd, FIONBIO, &blocking); #else int flags = fcntl(*sockfd, F_GETFL, 0); + if (flags < 0) + err_sys("fcntl get failed"); fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK); + if (flags < 0) + err_sys("fcntl set failed"); #endif } diff --git a/examples/client/client.c b/examples/client/client.c index a58067910..fa9f2dae9 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -415,6 +415,7 @@ void client_test(void* args) printf("SSL connect ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); + msg[msgSz] = '\0'; } if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); @@ -521,10 +522,10 @@ void client_test(void* args) CyaSSL_shutdown(sslResume); CyaSSL_free(sslResume); + CloseSocket(sockfd); } CyaSSL_CTX_free(ctx); - CloseSocket(sockfd); ((func_args*)args)->return_code = 0; } diff --git a/src/ssl.c b/src/ssl.c index 7bb755ba5..030d96fb3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -500,6 +500,9 @@ int CyaSSL_shutdown(CYASSL* ssl) { CYASSL_ENTER("SSL_shutdown()"); + if (ssl == NULL) + return 0; + if (ssl->options.quietShutdown) { CYASSL_MSG("quiet shutdown, no close notify sent"); return 0; @@ -1578,6 +1581,10 @@ int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type, } dynamic = 1; } + else if (sz < 0) { + XFCLOSE(file); + return SSL_BAD_FILE; + } if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) ret = SSL_BAD_FILE; @@ -1741,6 +1748,10 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname, } dynamic = 1; } + else if (sz < 0) { + XFCLOSE(file); + return SSL_BAD_FILE; + } if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) ret = SSL_BAD_FILE; @@ -2051,6 +2062,10 @@ int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) } dynamic = 1; } + else if (sz < 0) { + XFCLOSE(file); + return SSL_BAD_FILE; + } if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) ret = SSL_BAD_FILE; @@ -2262,6 +2277,10 @@ static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl, } dynamic = 1; } + else if (sz < 0) { + XFCLOSE(file); + return SSL_BAD_FILE; + } if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) ret = SSL_BAD_FILE; @@ -6401,6 +6420,7 @@ int CyaSSL_set_compression(CYASSL* ssl) } if ((myBuffer != NULL) && + (sz > 0) && (XFREAD(myBuffer, sz, 1, file) > 0) && (PemToDer(myBuffer, sz, CERT_TYPE, &fileDer, ctx->heap, &info, &eccKey) == 0) && diff --git a/tests/api.c b/tests/api.c index d598b4e73..7db26fc68 100644 --- a/tests/api.c +++ b/tests/api.c @@ -613,21 +613,21 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) if (CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS) { /*err_sys("can't load ca file, Please run from CyaSSL home dir");*/ - return 0; + goto done; } if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from CyaSSL home dir");*/ - return 0; + goto done; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from CyaSSL home dir");*/ - return 0; + goto done; } ssl = CyaSSL_new(ctx); tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0); @@ -648,7 +648,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) char buffer[80]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*err_sys("SSL_accept failed");*/ - return 0; + goto done; } idx = CyaSSL_read(ssl, input, sizeof(input)-1); @@ -663,6 +663,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) return 0; } +done: CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); @@ -696,21 +697,21 @@ void test_client_nofail(void* args) if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) { /* err_sys("can't load ca file, Please run from CyaSSL home dir");*/ - return; + goto done2; } if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from CyaSSL home dir");*/ - return; + goto done2; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from CyaSSL home dir");*/ - return; + goto done2; } tcp_connect(&sockfd, yasslIP, yasslPort, 0); @@ -723,13 +724,13 @@ void test_client_nofail(void* args) char buffer[80]; printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*printf("SSL_connect failed");*/ - return; + goto done2; } if (CyaSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ - return; + goto done2; } input = CyaSSL_read(ssl, reply, sizeof(reply)-1); @@ -739,6 +740,7 @@ void test_client_nofail(void* args) printf("Server response: %s\n", reply); } +done2: CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); diff --git a/tests/suites.c b/tests/suites.c index 47d318019..bdcb56556 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -46,17 +46,29 @@ static void execute_test_case(int svr_argc, char** svr_argv, THREAD_TYPE serverThread; char commandLine[MAX_COMMAND_SZ]; int i; + size_t added = 0; static int tests = 1; commandLine[0] = '\0'; for (i = 0; i < svr_argc; i++) { + added += strlen(svr_argv[i]) + 2; + if (added >= MAX_COMMAND_SZ) { + printf("server command line too long\n"); + break; + } strcat(commandLine, svr_argv[i]); strcat(commandLine, " "); } printf("trying server command line[%d]: %s\n", tests, commandLine); commandLine[0] = '\0'; + added = 0; for (i = 0; i < cli_argc; i++) { + added += strlen(cli_argv[i]) + 2; + if (added >= MAX_COMMAND_SZ) { + printf("client command line too long\n"); + break; + } strcat(commandLine, cli_argv[i]); strcat(commandLine, " "); } @@ -124,7 +136,7 @@ static void test_harness(void* vargs) fseek(file, 0, SEEK_END); sz = ftell(file); rewind(file); - if (sz == 0) { + if (sz <= 0) { fprintf(stderr, "%s is empty\n", fname); fclose(file); args->return_code = 1; @@ -143,6 +155,7 @@ static void test_harness(void* vargs) if (len != sz) { fprintf(stderr, "read error\n"); fclose(file); + free(script); args->return_code = 1; return; } From cdc651a75af07fc39f4e118a0f3fe82fa4bfe7c3 Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 14 Feb 2013 14:13:19 -0800 Subject: [PATCH 35/52] coverity ignores --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 9bcf512de..1d8b7f5bd 100644 --- a/.gitignore +++ b/.gitignore @@ -75,3 +75,5 @@ swig/cyassl_wrap.c stamp-h1 clang_output_* internal.plist +cov-int +cyassl.tgz From 9ea337107990a8dd5d563c1f70b98a72c54aa13e Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 14 Feb 2013 16:00:45 -0800 Subject: [PATCH 36/52] 2nd round scan build --- ctaocrypt/benchmark/benchmark.c | 4 +--- ctaocrypt/src/hmac.c | 2 +- cyassl/internal.h | 2 ++ cyassl/test.h | 4 ++-- src/ssl.c | 6 ++++++ 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index a8df9d993..021f4d5f0 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -649,6 +649,7 @@ void bench_rsa(void) } bytes = fread(tmp, 1, sizeof(tmp), file); + fclose(file); #endif /* USE_CERT_BUFFERS */ #ifdef HAVE_CAVIUM @@ -694,9 +695,6 @@ void bench_rsa(void) printf("RSA %d decryption took %6.2f milliseconds, avg over %d" " iterations\n", rsaKeySz, milliEach, times); -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - fclose(file); -#endif FreeRsaKey(&rsaKey); #ifdef HAVE_CAVIUM RsaFreeCavium(&rsaKey); diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index ce5fe2920..291c6b70f 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -154,7 +154,7 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) default: break; } - if ( (hmac_block_size - length) > 0) + if (length < hmac_block_size) XMEMSET(ip + length, 0, hmac_block_size - length); for(i = 0; i < hmac_block_size; i++) { diff --git a/cyassl/internal.h b/cyassl/internal.h index 49a3a35b1..f49d196dd 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -549,6 +549,8 @@ enum Misc { MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ MAX_PSK_KEY_LEN = 64, /* max psk key supported */ + MAX_CYASSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */ + #ifdef FORTRESS MAX_EX_DATA = 3, /* allow for three items of ex_data */ #endif diff --git a/cyassl/test.h b/cyassl/test.h index fe6118215..d4a2b986f 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -421,7 +421,7 @@ static INLINE int tcp_select(SOCKET_T socketfd, int to_sec) { fd_set recvfds, errfds; SOCKET_T nfds = socketfd + 1; - struct timeval timeout = {to_sec, 0}; + struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0}; int result; FD_ZERO(&recvfds); @@ -570,7 +570,7 @@ static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) int flags = fcntl(*sockfd, F_GETFL, 0); if (flags < 0) err_sys("fcntl get failed"); - fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK); + flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK); if (flags < 0) err_sys("fcntl set failed"); #endif diff --git a/src/ssl.c b/src/ssl.c index 030d96fb3..cd9225e76 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1739,6 +1739,12 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname, sz = XFTELL(file); XREWIND(file); + if (sz > MAX_CYASSL_FILE_SIZE) { + CYASSL_MSG("CertManagerVerify file too big"); + XFCLOSE(file); + return SSL_BAD_FILE; + } + if (sz > (long)sizeof(staticBuffer)) { CYASSL_MSG("Getting dynamic buffer"); myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE); From dfa15535489d44a8e5e453ac21d72d9906c88684 Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 14 Feb 2013 16:23:48 -0800 Subject: [PATCH 37/52] 3rd scan build fixes --- cyassl/ssl.h | 2 +- src/ssl.c | 14 +++++--------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 7821b0456..f9876fb23 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -838,7 +838,7 @@ typedef void (*CbMissingCRL)(const char* url); CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f, int format); CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, - const unsigned char* buff, int sz, int format); + const unsigned char* buff, long sz, int format); CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*, int sz); CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, diff --git a/src/ssl.c b/src/ssl.c index cd9225e76..735752d81 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1682,7 +1682,7 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file, /* Verify the ceritficate, 1 for success, < 0 for error */ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff, - int sz, int format) + long sz, int format) { int ret = 0; int eccKey = 0; /* not used */ @@ -1705,7 +1705,7 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff, InitDecodedCert(&cert, der.buffer, der.length, cm->heap); } else - InitDecodedCert(&cert, (byte*)buff, sz, cm->heap); + InitDecodedCert(&cert, (byte*)buff, (word32)sz, cm->heap); if (ret == 0) ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm); @@ -1739,8 +1739,8 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname, sz = XFTELL(file); XREWIND(file); - if (sz > MAX_CYASSL_FILE_SIZE) { - CYASSL_MSG("CertManagerVerify file too big"); + if (sz > MAX_CYASSL_FILE_SIZE || sz < 0) { + CYASSL_MSG("CertManagerVerify file bad size"); XFCLOSE(file); return SSL_BAD_FILE; } @@ -1754,15 +1754,11 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname, } dynamic = 1; } - else if (sz < 0) { - XFCLOSE(file); - return SSL_BAD_FILE; - } if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) ret = SSL_BAD_FILE; else - ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, (int)sz, format); + ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format); XFCLOSE(file); if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE); From 0acd8f0670369b7405a748e59f6953bc94d04a41 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 15 Feb 2013 12:16:19 -0800 Subject: [PATCH 38/52] added sig_algo for rsa for missing cases in SetCipherSpecs() --- src/keys.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/keys.c b/src/keys.c index 4b89013ff..75866cf16 100644 --- a/src/keys.c +++ b/src/keys.c @@ -531,6 +531,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -547,6 +548,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -563,6 +565,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = md5_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = MD5_DIGEST_SIZE; ssl->specs.pad_size = PAD_MD5; ssl->specs.static_ecdh = 0; @@ -579,6 +582,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -595,6 +599,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -611,6 +616,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -627,6 +633,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -643,6 +650,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -659,6 +667,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -675,6 +684,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -691,6 +701,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -707,6 +718,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -723,6 +735,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -739,6 +752,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -756,6 +770,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -773,6 +788,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -790,6 +806,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -807,6 +824,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -892,6 +910,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = md5_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = MD5_DIGEST_SIZE; ssl->specs.pad_size = PAD_MD5; ssl->specs.static_ecdh = 0; @@ -908,6 +927,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -924,6 +944,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -1008,6 +1029,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -1024,6 +1046,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -1040,6 +1063,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -1056,6 +1080,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; From df011b2e40f70e49ca027f5524afea5298f807a2 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 18 Feb 2013 11:54:23 -0800 Subject: [PATCH 39/52] Server and client tell each other which sig/hash algos they support, peers pick from the list and use it indicating which one they used as appropriate. --- cyassl/internal.h | 21 ++-- src/internal.c | 260 +++++++++++++++++++++++++--------------------- src/tls.c | 2 +- 3 files changed, 156 insertions(+), 127 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index c2c735289..c6228b8ca 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -749,10 +749,10 @@ typedef struct Suites { int setSuites; /* user set suites from default */ byte suites[MAX_SUITE_SZ]; word16 suiteSz; /* suite length in bytes */ - byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; + byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */ word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ byte hashAlgo; /* selected hash algorithm */ - byte signAlgo; /* selected sig algorithm */ + byte sigAlgo; /* selected sig algorithm */ } Suites; @@ -1168,15 +1168,18 @@ CYASSL_LOCAL void InitCiphers(CYASSL* ssl); CYASSL_LOCAL void FreeCiphers(CYASSL* ssl); -#ifdef CYASSL_SHA384 - #define HASHES_SZ SHA384_DIGEST_SIZE -#else - #define HASHES_SZ FINISHED_SZ -#endif - /* hashes type */ typedef struct Hashes { - byte hash[HASHES_SZ]; + #ifndef NO_MD5 + byte md5[MD5_DIGEST_SIZE]; + #endif + byte sha[SHA_DIGEST_SIZE]; + #ifndef NO_SHA256 + byte sha256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + byte sha384[SHA384_DIGEST_SIZE]; + #endif } Hashes; diff --git a/src/internal.c b/src/internal.c index da86979e2..9e421b5bc 100644 --- a/src/internal.c +++ b/src/internal.c @@ -97,6 +97,8 @@ static void Hmac(CYASSL* ssl, byte* digest, const byte* buffer, word32 sz, static void BuildCertHashes(CYASSL* ssl, Hashes* hashes); #endif +static void PickHashSigAlgo(CYASSL* ssl, + const byte* hashSigAlgo, word32 hashSigAlgoSz); #ifndef min @@ -2302,7 +2304,7 @@ static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender) Md5Update(&ssl->hashMd5, PAD2, PAD_MD5); Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE); - Md5Final(&ssl->hashMd5, &hashes->hash[0]); + Md5Final(&ssl->hashMd5, hashes->md5); } @@ -2322,7 +2324,7 @@ static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender) ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA); ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE); - ShaFinal(&ssl->hashSha, &hashes->hash[MD5_DIGEST_SIZE]); + ShaFinal(&ssl->hashSha, hashes->sha); } #endif @@ -2341,16 +2343,16 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) Sha384 sha384; #endif -#ifndef NO_SHA256 - InitSha256(&sha256); - if (IsAtLeastTLSv1_2(ssl)) - sha256 = ssl->hashSha256; -#endif -#ifdef CYASSL_SHA384 - InitSha384(&sha384); - if (IsAtLeastTLSv1_2(ssl)) - sha384 = ssl->hashSha384; -#endif + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 + InitSha256(&sha256); + sha256 = ssl->hashSha256; + #endif + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + sha384 = ssl->hashSha384; + #endif + } if (ssl->options.tls) BuildTlsFinished(ssl, hashes, sender); @@ -2362,17 +2364,17 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) #endif /* restore */ -#ifndef NO_MD5 - ssl->hashMd5 = md5; -#endif + #ifndef NO_MD5 + ssl->hashMd5 = md5; + #endif ssl->hashSha = sha; if (IsAtLeastTLSv1_2(ssl)) { -#ifndef NO_SHA256 - ssl->hashSha256 = sha256; -#endif -#ifdef CYASSL_SHA384 - ssl->hashSha384 = sha384; -#endif + #ifndef NO_SHA256 + ssl->hashSha256 = sha256; + #endif + #ifdef CYASSL_SHA384 + ssl->hashSha384 = sha384; + #endif } } @@ -4361,54 +4363,45 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) Sha384 sha384; #endif - #ifndef NO_SHA256 - InitSha256(&sha256); - if (IsAtLeastTLSv1_2(ssl)) + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 + InitSha256(&sha256); sha256 = ssl->hashSha256; - #endif - #ifdef CYASSL_SHA384 - InitSha384(&sha384); - if (IsAtLeastTLSv1_2(ssl)) + #endif + #ifdef CYASSL_SHA384 + InitSha384(&sha384); sha384 = ssl->hashSha384; - #endif + #endif + } if (ssl->options.tls) { + Md5Final(&ssl->hashMd5, hashes->md5); + ShaFinal(&ssl->hashSha, hashes->sha); if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->suites->hashAlgo <= sha_mac) { - ShaFinal(&ssl->hashSha, &hashes->hash[MD5_DIGEST_SIZE]); - } - else if (ssl->suites->hashAlgo == sha256_mac) { - #ifndef NO_SHA256 - Sha256Final(&ssl->hashSha256, hashes->hash); - #endif - } - else if (ssl->suites->hashAlgo == sha384_mac) { - #ifdef CYASSL_SHA384 - Sha384Final(&ssl->hashSha384, hashes->hash); - #endif - } - } - else { - Md5Final(&ssl->hashMd5, &hashes->hash[0]); - ShaFinal(&ssl->hashSha, &hashes->hash[MD5_DIGEST_SIZE]); + #ifndef NO_SHA256 + Sha256Final(&ssl->hashSha256, hashes->sha256); + #endif + #ifdef CYASSL_SHA384 + Sha384Final(&ssl->hashSha384, hashes->sha384); + #endif } } else { - BuildMD5_CertVerify(ssl, &hashes->hash[0]); - BuildSHA_CertVerify(ssl, &hashes->hash[MD5_DIGEST_SIZE]); + BuildMD5_CertVerify(ssl, hashes->md5); + BuildSHA_CertVerify(ssl, hashes->sha); } /* restore */ ssl->hashMd5 = md5; ssl->hashSha = sha; - #ifndef NO_SHA256 - if (IsAtLeastTLSv1_2(ssl)) + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 ssl->hashSha256 = sha256; - #endif - #ifdef CYASSL_SHA384 - if (IsAtLeastTLSv1_2(ssl)) + #endif + #ifdef CYASSL_SHA384 ssl->hashSha384 = sha384; - #endif + #endif + } } #endif @@ -4664,7 +4657,7 @@ int SendCertificateRequest(CYASSL* ssl) int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */ if (IsAtLeastTLSv1_2(ssl)) - reqSz += LENGTH_SZ + HASH_SIG_SIZE; + reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz; if (ssl->options.usingPSK_cipher) return 0; /* not needed */ @@ -4692,11 +4685,12 @@ int SendCertificateRequest(CYASSL* ssl) /* supported hash/sig */ if (IsAtLeastTLSv1_2(ssl)) { - c16toa(HASH_SIG_SIZE, &output[i]); + c16toa(ssl->suites->hashSigAlgoSz, &output[i]); i += LENGTH_SZ; - output[i++] = ssl->suites->hashAlgo; /* hash */ - output[i++] = ssl->specs.sig_algo; /* sig */ + XMEMCPY(&output[i], + ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz); + i += ssl->suites->hashSigAlgoSz; } c16toa(0, &output[i]); /* auth's */ @@ -5841,7 +5835,7 @@ int SetCipherList(Suites* s, const char* list) if (*list == 0) return 1; /* CyaSSL default */ - if (XSTRNCMP(haystack, "ALL", 3) == 0) return 1; /* CyaSSL default */ + if (XSTRNCMP(haystack, "ALL", 3) == 0) return 1; /* CyaSSL defualt */ for(;;) { word32 len; @@ -6363,10 +6357,8 @@ int SetCipherList(Suites* s, const char* list) /* hash sig format */ ato16(&input[*inOutIdx], &len); *inOutIdx += LENGTH_SZ; - /* XXX Read the hash sig format, can be more than one pair. */ - ssl->suites->hashAlgo = input[(*inOutIdx)++]; - ssl->suites->signAlgo = input[(*inOutIdx)++]; - /**inOutIdx += len;*/ + PickHashSigAlgo(ssl, &input[*inOutIdx], len); + *inOutIdx += len; } /* authorities */ @@ -6515,8 +6507,8 @@ int SetCipherList(Suites* s, const char* list) byte hash384[SHA384_DIGEST_SIZE]; #endif byte messageVerify[MAX_DH_SZ]; + byte hashAlgo = sha_mac; byte sigAlgo = ssl->specs.sig_algo; - byte hashAlgo = ssl->specs.mac_algorithm; /* adjust from start idx */ verifySz = (word16)(*inOutIdx - verifySz); @@ -6527,11 +6519,6 @@ int SetCipherList(Suites* s, const char* list) XMEMCPY(messageVerify, &input[*inOutIdx - verifySz], verifySz); if (IsAtLeastTLSv1_2(ssl)) { - /* just advance for now TODO: validate hash algo params */ - /* XXX This is where we look at the signature algorithm, - * which should match what is in ssl->specs.sig_algo. We - * check that the hash is in our list of available hashes, - * and just use it and only it. */ hashAlgo = input[*inOutIdx]; *inOutIdx += 1; sigAlgo = input[*inOutIdx]; @@ -6962,7 +6949,7 @@ int SetCipherList(Suites* s, const char* list) if (ret == 0) { byte* verify = (byte*)&output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ]; - byte* signBuffer = ssl->certHashes.hash; + byte* signBuffer = ssl->certHashes.md5; word32 signSz = FINISHED_SZ; byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 extraSz = 0; /* tls 1.2 hash/sig */ @@ -6974,7 +6961,7 @@ int SetCipherList(Suites* s, const char* list) length = sigOutSz; if (IsAtLeastTLSv1_2(ssl)) { verify[0] = ssl->suites->hashAlgo; - verify[1] = ssl->specs.sig_algo; + verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo; extraSz = HASH_SIG_SIZE; } c16toa((word16)length, verify + extraSz); /* prepend verify header*/ @@ -6983,17 +6970,18 @@ int SetCipherList(Suites* s, const char* list) #ifdef HAVE_ECC word32 localSz = sigOutSz; word32 digestSz = SHA_DIGEST_SIZE; - byte* digest = signBuffer + MD5_DIGEST_SIZE; + byte* digest = ssl->certHashes.sha; if (IsAtLeastTLSv1_2(ssl)) { - digest = ssl->certHashes.hash; if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 + digest = ssl->certHashes.sha256; digestSz = SHA256_DIGEST_SIZE; #endif } else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 + digest = ssl->certHashes.sha384; digestSz = SHA384_DIGEST_SIZE; #endif } @@ -7006,20 +6994,20 @@ int SetCipherList(Suites* s, const char* list) } else { if (IsAtLeastTLSv1_2(ssl)) { - byte* digest = &ssl->certHashes.hash[MD5_DIGEST_SIZE]; + byte* digest = ssl->certHashes.sha; int digestSz = SHA_DIGEST_SIZE; int typeH = SHAh; if (ssl->suites->hashAlgo == sha256_mac) { #ifndef NO_SHA256 - digest = ssl->certHashes.hash; + digest = ssl->certHashes.sha256; typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; #endif } else if (ssl->suites->hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 - digest = ssl->certHashes.hash; + digest = ssl->certHashes.sha384; typeH = SHA384h; digestSz = SHA384_DIGEST_SIZE; #endif @@ -7363,7 +7351,7 @@ int SetCipherList(Suites* s, const char* list) idx += expSz; if (IsAtLeastTLSv1_2(ssl)) { output[idx++] = ssl->suites->hashAlgo; - output[idx++] = ssl->specs.sig_algo; + output[idx++] = ssl->suites->sigAlgo; } c16toa((word16)sigSz, output + idx); idx += LENGTH_SZ; @@ -7412,7 +7400,7 @@ int SetCipherList(Suites* s, const char* list) Sha384Final(&sha384, hash384); #endif - if (ssl->specs.sig_algo == rsa_sa_algo) { + if (ssl->suites->sigAlgo == rsa_sa_algo) { byte* signBuffer = hash; word32 signSz = sizeof(hash); byte encodedSig[MAX_ENCODED_SIG_SZ]; @@ -7449,7 +7437,7 @@ int SetCipherList(Suites* s, const char* list) else return ret; } - else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { + else if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) { byte* digest = &hash[MD5_DIGEST_SIZE]; word32 digestSz = SHA_DIGEST_SIZE; word32 sz = sigSz; @@ -7615,7 +7603,7 @@ int SetCipherList(Suites* s, const char* list) /* Add signature */ if (IsAtLeastTLSv1_2(ssl)) { output[idx++] = ssl->suites->hashAlgo; - output[idx++] = ssl->specs.sig_algo; + output[idx++] = ssl->suites->sigAlgo; } /* size */ c16toa((word16)sigSz, output + idx); @@ -7665,7 +7653,7 @@ int SetCipherList(Suites* s, const char* list) Sha384Final(&sha384, hash384); #endif - if (ssl->specs.sig_algo == rsa_sa_algo) { + if (ssl->suites->sigAlgo == rsa_sa_algo) { byte* signBuffer = hash; word32 signSz = sizeof(hash); byte encodedSig[MAX_ENCODED_SIG_SZ]; @@ -8170,6 +8158,36 @@ int SetCipherList(Suites* s, const char* list) } + static void PickHashSigAlgo(CYASSL* ssl, + const byte* hashSigAlgo, word32 hashSigAlgoSz) + { + word32 i; + + ssl->suites->sigAlgo = ssl->specs.sig_algo; + ssl->suites->hashAlgo = sha_mac; + + for (i = 0; i < hashSigAlgoSz; i += 2) { + if (hashSigAlgo[i+1] == ssl->specs.sig_algo) { + if (hashSigAlgo[i] == sha_mac) { + break; + } + #ifndef NO_SHA256 + else if (hashSigAlgo[i] == sha256_mac) { + ssl->suites->hashAlgo = sha256_mac; + break; + } + #endif + #ifdef CYASSL_SHA384 + else if (hashSigAlgo[i] == sha384_mac) { + ssl->suites->hashAlgo = sha384_mac; + break; + } + #endif + } + } + } + + static int MatchSuite(CYASSL* ssl, Suites* peerSuites) { word16 i, j; @@ -8194,11 +8212,9 @@ int SetCipherList(Suites* s, const char* list) ssl->options.cipherSuite0 = ssl->suites->suites[i]; ssl->options.cipherSuite = ssl->suites->suites[i+1]; result = SetCipherSpecs(ssl); - if (result == 0) { - /* XXX */ - ssl->suites->hashAlgo = sha256_mac; - ssl->suites->signAlgo = ssl->specs.sig_algo; - } + if (result == 0) + PickHashSigAlgo(ssl, peerSuites->hashSigAlgo, + peerSuites->hashSigAlgoSz); return result; } else { @@ -8507,41 +8523,45 @@ int SetCipherList(Suites* s, const char* list) ssl->options.clientState = CLIENT_HELLO_COMPLETE; *inOutIdx = i; + clSuites.hashSigAlgoSz = 0; if ( (i - begin) < helloSz) { if (IsAtLeastTLSv1_2(ssl)) { + /* Need to process all extensions, i.e. skip the ones we don't + * support. */ word16 totalExtSz, extId, extSz; ato16(&input[i], &totalExtSz); i += 2; - ato16(&input[i], &extId); - i += 2; - ato16(&input[i], &extSz); - i += 2; - if (extId == HELLO_EXT_SIG_ALGO) { - ato16(&input[i], &clSuites.hashSigAlgoSz); + while (totalExtSz) { + ato16(&input[i], &extId); i += 2; - - if (i + clSuites.hashSigAlgoSz > totalSz) - return INCOMPLETE_DATA; - if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX) - return BUFFER_ERROR; - - XMEMCPY(clSuites.hashSigAlgo, - input+i, clSuites.hashSigAlgoSz); - i += clSuites.hashSigAlgoSz; + ato16(&input[i], &extSz); + i += 2; + totalExtSz -= 4 + extSz; + if (extId == HELLO_EXT_SIG_ALGO) { + ato16(&input[i], &clSuites.hashSigAlgoSz); + i += 2; + + if (i + clSuites.hashSigAlgoSz > totalSz) + return INCOMPLETE_DATA; + if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX) + return BUFFER_ERROR; + + XMEMCPY(clSuites.hashSigAlgo, + input+i, clSuites.hashSigAlgoSz); + i += clSuites.hashSigAlgoSz; + } + else + i += extSz; + } - else - i += extSz; - *inOutIdx = i; } else *inOutIdx = begin + helloSz; /* skip extensions */ } else { - if (IsAtLeastTLSv1_2(ssl)) { - clSuites.hashSigAlgoSz = 0; - } + clSuites.hashSigAlgoSz = 0; } ssl->options.haveSessionId = 1; @@ -8585,6 +8605,8 @@ int SetCipherList(Suites* s, const char* list) byte* sig; byte* out; int outLen; + byte hashAlgo = sha_mac; + byte sigAlgo; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -8595,8 +8617,10 @@ int SetCipherList(Suites* s, const char* list) if ( (i + VERIFY_HEADER) > totalSz) return INCOMPLETE_DATA; - if (IsAtLeastTLSv1_2(ssl)) - i += HASH_SIG_SIZE; + if (IsAtLeastTLSv1_2(ssl)) { + hashAlgo = input[i++]; + sigAlgo = input[i++]; + } ato16(&input[i], &sz); i += VERIFY_HEADER; @@ -8619,20 +8643,20 @@ int SetCipherList(Suites* s, const char* list) if (IsAtLeastTLSv1_2(ssl)) { byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 sigSz; - byte* digest = &ssl->certHashes.hash[MD5_DIGEST_SIZE]; + byte* digest = ssl->certHashes.sha; int typeH = SHAh; int digestSz = SHA_DIGEST_SIZE; - if (ssl->suites->hashAlgo == sha256_mac) { + if (hashAlgo == sha256_mac) { #ifndef NO_SHA256 - digest = ssl->certHashes.hash; + digest = ssl->certHashes.sha256; typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; #endif } - else if (ssl->suites->hashAlgo == sha384_mac) { + else if (hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 - digest = ssl->certHashes.hash; + digest = ssl->certHashes.sha384; typeH = SHA384h; digestSz = SHA384_DIGEST_SIZE; #endif @@ -8655,19 +8679,21 @@ int SetCipherList(Suites* s, const char* list) if (ssl->peerEccDsaKeyPresent) { int verify = 0; int err = -1; - byte* digest = ssl->certHashes.hash; + byte* digest = ssl->certHashes.sha; word32 digestSz = SHA_DIGEST_SIZE; CYASSL_MSG("Doing ECC peer cert verify"); if (IsAtLeastTLSv1_2(ssl)) { - if (ssl->suites->hashAlgo == sha256_mac) { + if (hashAlgo == sha256_mac) { #ifndef NO_SHA256 + digest = ssl->certHashes.sha256; digestSz = SHA256_DIGEST_SIZE; #endif } - else if (ssl->suites->hashAlgo == sha384_mac) { + else if (hashAlgo == sha384_mac) { #ifdef CYASSL_SHA384 + digest = ssl->certHashes.sha384; digestSz = SHA384_DIGEST_SIZE; #endif } diff --git a/src/tls.c b/src/tls.c index b3e67c27d..838bb1a0c 100644 --- a/src/tls.c +++ b/src/tls.c @@ -239,7 +239,7 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) else side = tls_server; - PRF(hashes->hash, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, + PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); } From d9a9982bc8416b8bbdea1dae2d92b66e6e44b01a Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 18 Feb 2013 12:52:08 -0800 Subject: [PATCH 40/52] length check the hello extensions --- cyassl/internal.h | 1 + src/internal.c | 40 ++++++++++++++++++++-------------------- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index c6228b8ca..2ea1e5a02 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -462,6 +462,7 @@ enum Misc { ALERT_SIZE = 2, /* level + description */ REQUEST_HEADER = 2, /* always use 2 bytes */ VERIFY_HEADER = 2, /* always use 2 bytes */ + EXT_ID_SZ = 2, /* always use 2 bytes */ MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */ MAX_SUITE_SZ = 200, /* 100 suites for now! */ diff --git a/src/internal.c b/src/internal.c index 9e421b5bc..a25cd163c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8500,6 +8500,7 @@ int SetCipherList(Suites* s, const char* list) return BUFFER_ERROR; XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz); i += clSuites.suiteSz; + clSuites.hashSigAlgoSz = 0; b = input[i++]; /* comp len */ if (i + b > totalSz) @@ -8523,46 +8524,45 @@ int SetCipherList(Suites* s, const char* list) ssl->options.clientState = CLIENT_HELLO_COMPLETE; *inOutIdx = i; - clSuites.hashSigAlgoSz = 0; if ( (i - begin) < helloSz) { if (IsAtLeastTLSv1_2(ssl)) { - /* Need to process all extensions, i.e. skip the ones we don't - * support. */ - word16 totalExtSz, extId, extSz; + /* Process the hello extension. Skip unsupported. */ + word16 totalExtSz; ato16(&input[i], &totalExtSz); - i += 2; + i += LENGTH_SZ; + if (totalExtSz > helloSz + begin - i) + return INCOMPLETE_DATA; while (totalExtSz) { + word16 extId, extSz; + ato16(&input[i], &extId); - i += 2; + i += LENGTH_SZ; ato16(&input[i], &extSz); - i += 2; - totalExtSz -= 4 + extSz; + i += EXT_ID_SZ; + if (extSz > totalExtSz - LENGTH_SZ - EXT_ID_SZ) + return INCOMPLETE_DATA; + if (extId == HELLO_EXT_SIG_ALGO) { ato16(&input[i], &clSuites.hashSigAlgoSz); - i += 2; - - if (i + clSuites.hashSigAlgoSz > totalSz) + i += LENGTH_SZ; + if (clSuites.hashSigAlgoSz > extSz - LENGTH_SZ) return INCOMPLETE_DATA; - if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX) - return BUFFER_ERROR; - - XMEMCPY(clSuites.hashSigAlgo, - input+i, clSuites.hashSigAlgoSz); + + XMEMCPY(clSuites.hashSigAlgo, &input[i], + min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX)); i += clSuites.hashSigAlgoSz; } else i += extSz; - + + totalExtSz -= LENGTH_SZ + EXT_ID_SZ + extSz; } *inOutIdx = i; } else *inOutIdx = begin + helloSz; /* skip extensions */ } - else { - clSuites.hashSigAlgoSz = 0; - } ssl->options.haveSessionId = 1; /* ProcessOld uses same resume code */ From a8f6baf37cc007f6dbc624a5574187f4ea7bd6d5 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 18 Feb 2013 14:12:03 -0800 Subject: [PATCH 41/52] repeat each cipher suite test with client cert request off --- tests/suites.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/tests/suites.c b/tests/suites.c index bdcb56556..00df11a55 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -37,7 +37,7 @@ #include "examples/server/server.h" static void execute_test_case(int svr_argc, char** svr_argv, - int cli_argc, char** cli_argv) + int cli_argc, char** cli_argv, int addNoVerify) { func_args cliArgs = {cli_argc, cli_argv, 0, NULL}; func_args svrArgs = {svr_argc, svr_argv, 0, NULL}; @@ -59,6 +59,14 @@ static void execute_test_case(int svr_argc, char** svr_argv, strcat(commandLine, svr_argv[i]); strcat(commandLine, " "); } + if (addNoVerify) { + printf("repeating test with client cert request off\n"); + added += 3; /* -d plus terminator */ + if (added >= MAX_COMMAND_SZ) + printf("server command line too long\n"); + else + strcat(commandLine, "-d"); + } printf("trying server command line[%d]: %s\n", tests, commandLine); commandLine[0] = '\0'; @@ -213,7 +221,8 @@ static void test_harness(void* vargs) } if (do_it) { - execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs); + execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 0); + execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 1); svrArgsSz = 1; cliArgsSz = 1; cliMode = 0; From 87cad7a966285ebc919834c55ba49f797d8593c4 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 18 Feb 2013 14:36:50 -0800 Subject: [PATCH 42/52] merge branch tls12 into master --- cyassl/internal.h | 23 +- src/internal.c | 593 +++++++++++++++++++++++++++++++++++++--------- src/tls.c | 8 +- 3 files changed, 496 insertions(+), 128 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index f49d196dd..ce9b2978d 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -462,6 +462,7 @@ enum Misc { ALERT_SIZE = 2, /* level + description */ REQUEST_HEADER = 2, /* always use 2 bytes */ VERIFY_HEADER = 2, /* always use 2 bytes */ + EXT_ID_SZ = 2, /* always use 2 bytes */ MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */ MAX_SUITE_SZ = 200, /* 100 suites for now! */ @@ -480,10 +481,10 @@ enum Misc { CERT_HEADER_SZ = 3, /* always 3 bytes */ REQ_HEADER_SZ = 2, /* cert request header sz */ HINT_LEN_SZ = 2, /* length of hint size field */ - HELLO_EXT_SZ = 14, /* total length of the lazy hello extensions */ - HELLO_EXT_LEN = 12, /* length of the lazy hello extensions */ - HELLO_EXT_SIGALGO_SZ = 8, /* length of signature algo extension */ - HELLO_EXT_SIGALGO_LEN = 6, /* number of items in the signature algo list */ + HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */ + HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */ + HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */ + HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */ DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ @@ -751,6 +752,10 @@ typedef struct Suites { int setSuites; /* user set suites from default */ byte suites[MAX_SUITE_SZ]; word16 suiteSz; /* suite length in bytes */ + byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */ + word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ + byte hashAlgo; /* selected hash algorithm */ + byte sigAlgo; /* selected sig algorithm */ } Suites; @@ -1170,9 +1175,13 @@ CYASSL_LOCAL void FreeCiphers(CYASSL* ssl); typedef struct Hashes { #ifndef NO_MD5 byte md5[MD5_DIGEST_SIZE]; - byte sha[SHA_DIGEST_SIZE]; - #else - byte hash[FINISHED_SZ]; + #endif + byte sha[SHA_DIGEST_SIZE]; + #ifndef NO_SHA256 + byte sha256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + byte sha384[SHA384_DIGEST_SIZE]; #endif } Hashes; diff --git a/src/internal.c b/src/internal.c index 3c6689f56..689904a92 100644 --- a/src/internal.c +++ b/src/internal.c @@ -97,6 +97,8 @@ static void Hmac(CYASSL* ssl, byte* digest, const byte* buffer, word32 sz, static void BuildCertHashes(CYASSL* ssl, Hashes* hashes); #endif +static void PickHashSigAlgo(CYASSL* ssl, + const byte* hashSigAlgo, word32 hashSigAlgoSz); #ifndef min @@ -1049,6 +1051,38 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, #endif suites->suiteSz = idx; + + { + idx = 0; + + if (haveECDSAsig) { + #ifdef CYASSL_SHA384 + suites->hashSigAlgo[idx++] = sha384_mac; + suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + #ifndef NO_SHA256 + suites->hashSigAlgo[idx++] = sha256_mac; + suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + suites->hashSigAlgo[idx++] = sha_mac; + suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + } + + if (haveRSAsig) { + #ifdef CYASSL_SHA384 + suites->hashSigAlgo[idx++] = sha384_mac; + suites->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + #ifndef NO_SHA256 + suites->hashSigAlgo[idx++] = sha256_mac; + suites->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + suites->hashSigAlgo[idx++] = sha_mac; + suites->hashSigAlgo[idx++] = rsa_sa_algo; + } + + suites->hashSigAlgoSz = idx; + } } @@ -2309,16 +2343,16 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) Sha384 sha384; #endif -#ifndef NO_SHA256 - InitSha256(&sha256); - if (IsAtLeastTLSv1_2(ssl)) - sha256 = ssl->hashSha256; -#endif -#ifdef CYASSL_SHA384 - InitSha384(&sha384); - if (IsAtLeastTLSv1_2(ssl)) - sha384 = ssl->hashSha384; -#endif + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 + InitSha256(&sha256); + sha256 = ssl->hashSha256; + #endif + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + sha384 = ssl->hashSha384; + #endif + } if (ssl->options.tls) BuildTlsFinished(ssl, hashes, sender); @@ -2330,17 +2364,17 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) #endif /* restore */ -#ifndef NO_MD5 - ssl->hashMd5 = md5; -#endif + #ifndef NO_MD5 + ssl->hashMd5 = md5; + #endif ssl->hashSha = sha; if (IsAtLeastTLSv1_2(ssl)) { -#ifndef NO_SHA256 - ssl->hashSha256 = sha256; -#endif -#ifdef CYASSL_SHA384 - ssl->hashSha384 = sha384; -#endif + #ifndef NO_SHA256 + ssl->hashSha256 = sha256; + #endif + #ifdef CYASSL_SHA384 + ssl->hashSha384 = sha384; + #endif } } @@ -4322,16 +4356,35 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) /* store current states, building requires get_digest which resets state */ Md5 md5 = ssl->hashMd5; Sha sha = ssl->hashSha; -#ifndef NO_SHA256 /* for possible future changes */ - Sha256 sha256; - InitSha256(&sha256); - if (IsAtLeastTLSv1_2(ssl)) - sha256 = ssl->hashSha256; -#endif + #ifndef NO_SHA256 + Sha256 sha256; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + #endif + + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 + InitSha256(&sha256); + sha256 = ssl->hashSha256; + #endif + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + sha384 = ssl->hashSha384; + #endif + } if (ssl->options.tls) { Md5Final(&ssl->hashMd5, hashes->md5); ShaFinal(&ssl->hashSha, hashes->sha); + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 + Sha256Final(&ssl->hashSha256, hashes->sha256); + #endif + #ifdef CYASSL_SHA384 + Sha384Final(&ssl->hashSha384, hashes->sha384); + #endif + } } else { BuildMD5_CertVerify(ssl, hashes->md5); @@ -4341,10 +4394,14 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) /* restore */ ssl->hashMd5 = md5; ssl->hashSha = sha; -#ifndef NO_SHA256 - if (IsAtLeastTLSv1_2(ssl)) - ssl->hashSha256 = sha256; -#endif + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 + ssl->hashSha256 = sha256; + #endif + #ifdef CYASSL_SHA384 + ssl->hashSha384 = sha384; + #endif + } } #endif @@ -4600,7 +4657,7 @@ int SendCertificateRequest(CYASSL* ssl) int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */ if (IsAtLeastTLSv1_2(ssl)) - reqSz += LENGTH_SZ + HASH_SIG_SIZE; + reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz; if (ssl->options.usingPSK_cipher) return 0; /* not needed */ @@ -4628,11 +4685,12 @@ int SendCertificateRequest(CYASSL* ssl) /* supported hash/sig */ if (IsAtLeastTLSv1_2(ssl)) { - c16toa(HASH_SIG_SIZE, &output[i]); + c16toa(ssl->suites->hashSigAlgoSz, &output[i]); i += LENGTH_SZ; - output[i++] = sha_mac; /* hash */ - output[i++] = rsa_sa_algo; /* sig */ + XMEMCPY(&output[i], + ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz); + i += ssl->suites->hashSigAlgoSz; } c16toa(0, &output[i]); /* auth's */ @@ -5765,6 +5823,7 @@ int SetCipherList(Suites* s, const char* list) const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]); int idx = 0; + int haveRSA = 0, haveECDSA = 0; if (s == NULL) { CYASSL_MSG("SetCipherList suite pointer error"); @@ -5799,6 +5858,15 @@ int SetCipherList(Suites* s, const char* list) s->suites[idx++] = 0x00; /* normal */ s->suites[idx++] = (byte)cipher_name_idx[i]; + /* The suites are either ECDSA, RSA, or PSK. The RSA suites + * don't necessarily have RSA in the name. */ + if ((haveECDSA == 0) && XSTRSTR(name, "ECDSA")) { + haveECDSA = 1; + } + else if ((haveRSA == 0) && (XSTRSTR(name, "PSK") == NULL)) { + haveRSA = 1; + } + if (!ret) ret = 1; /* found at least one */ break; } @@ -5809,6 +5877,36 @@ int SetCipherList(Suites* s, const char* list) if (ret) { s->setSuites = 1; s->suiteSz = (word16)idx; + + idx = 0; + + if (haveECDSA) { + #ifdef CYASSL_SHA384 + s->hashSigAlgo[idx++] = sha384_mac; + s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + #ifndef NO_SHA256 + s->hashSigAlgo[idx++] = sha256_mac; + s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + s->hashSigAlgo[idx++] = sha_mac; + s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + } + + if (haveRSA) { + #ifdef CYASSL_SHA384 + s->hashSigAlgo[idx++] = sha384_mac; + s->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + #ifndef NO_SHA256 + s->hashSigAlgo[idx++] = sha256_mac; + s->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + s->hashSigAlgo[idx++] = sha_mac; + s->hashSigAlgo[idx++] = rsa_sa_algo; + } + + s->hashSigAlgoSz = idx; } return ret; @@ -5980,9 +6078,9 @@ int SetCipherList(Suites* s, const char* list) + ssl->suites->suiteSz + SUITE_LEN + COMP_LEN + ENUM_LEN; - if (IsAtLeastTLSv1_2(ssl)) - length += HELLO_EXT_SZ; - + if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) { + length += ssl->suites->hashSigAlgoSz + HELLO_EXT_SZ; + } sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; #ifdef CYASSL_DTLS @@ -6055,26 +6153,22 @@ int SetCipherList(Suites* s, const char* list) else output[idx++] = NO_COMPRESSION; - if (IsAtLeastTLSv1_2(ssl)) + if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) { + int i; /* add in the extensions length */ - c16toa(HELLO_EXT_LEN, output + idx); + c16toa(HELLO_EXT_LEN + ssl->suites->hashSigAlgoSz, output + idx); idx += 2; c16toa(HELLO_EXT_SIG_ALGO, output + idx); idx += 2; - c16toa(HELLO_EXT_SIGALGO_SZ, output + idx); + c16toa(HELLO_EXT_SIGALGO_SZ+ssl->suites->hashSigAlgoSz, output+idx); idx += 2; - /* This is a lazy list setup. Eventually, we'll need to support - * using other hash types or even other extensions. */ - c16toa(HELLO_EXT_SIGALGO_LEN, output + idx); + c16toa(ssl->suites->hashSigAlgoSz, output + idx); idx += 2; - output[idx++] = sha_mac; - output[idx++] = rsa_sa_algo; - output[idx++] = sha_mac; - output[idx++] = dsa_sa_algo; - output[idx++] = sha_mac; - output[idx++] = ecc_dsa_sa_algo; + for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) { + output[idx] = ssl->suites->hashSigAlgo[i]; + } } #ifdef CYASSL_DTLS @@ -6258,17 +6352,18 @@ int SetCipherList(Suites* s, const char* list) /* types, read in here */ *inOutIdx += len; - ato16(&input[*inOutIdx], &len); - *inOutIdx += LENGTH_SZ; if (IsAtLeastTLSv1_2(ssl)) { /* hash sig format */ - *inOutIdx += len; ato16(&input[*inOutIdx], &len); *inOutIdx += LENGTH_SZ; + PickHashSigAlgo(ssl, &input[*inOutIdx], len); + *inOutIdx += len; } /* authorities */ + ato16(&input[*inOutIdx], &len); + *inOutIdx += LENGTH_SZ; while (len) { word16 dnSz; @@ -6403,7 +6498,17 @@ int SetCipherList(Suites* s, const char* list) Md5 md5; Sha sha; byte hash[FINISHED_SZ]; + #ifndef NO_SHA256 + Sha256 sha256; + byte hash256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + byte hash384[SHA384_DIGEST_SIZE]; + #endif byte messageVerify[MAX_DH_SZ]; + byte hashAlgo = sha_mac; + byte sigAlgo = ssl->specs.sig_algo; /* adjust from start idx */ verifySz = (word16)(*inOutIdx - verifySz); @@ -6414,8 +6519,10 @@ int SetCipherList(Suites* s, const char* list) XMEMCPY(messageVerify, &input[*inOutIdx - verifySz], verifySz); if (IsAtLeastTLSv1_2(ssl)) { - /* just advance for now TODO: validate hash algo params */ - *inOutIdx += LENGTH_SZ; + hashAlgo = input[*inOutIdx]; + *inOutIdx += 1; + sigAlgo = input[*inOutIdx]; + *inOutIdx += 1; } /* signature */ @@ -6442,8 +6549,24 @@ int SetCipherList(Suites* s, const char* list) ShaUpdate(&sha, messageVerify, verifySz); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); + #ifndef NO_SHA256 + InitSha256(&sha256); + Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + Sha256Update(&sha256, messageVerify, verifySz); + Sha256Final(&sha256, hash256); + #endif + + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + Sha384Update(&sha384, messageVerify, verifySz); + Sha384Final(&sha384, hash384); + #endif + /* rsa */ - if (ssl->specs.sig_algo == rsa_sa_algo) + if (sigAlgo == rsa_sa_algo) { int ret; byte* out; @@ -6456,14 +6579,24 @@ int SetCipherList(Suites* s, const char* list) if (IsAtLeastTLSv1_2(ssl)) { byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 encSigSz; - byte* digest; - int typeH; - int digestSz; + byte* digest = &hash[MD5_DIGEST_SIZE]; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = &hash[MD5_DIGEST_SIZE]; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); @@ -6478,13 +6611,30 @@ int SetCipherList(Suites* s, const char* list) } #ifdef HAVE_ECC /* ecdsa */ - else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { + else if (sigAlgo == ecc_dsa_sa_algo) { int verify = 0, ret; + byte* digest = &hash[MD5_DIGEST_SIZE]; + word32 digestSz = SHA_DIGEST_SIZE; if (!ssl->peerEccDsaKeyPresent) return NO_PEER_KEY; - ret = ecc_verify_hash(signature, sigLen, &hash[MD5_DIGEST_SIZE], - SHA_DIGEST_SIZE, &verify, ssl->peerEccDsaKey); + if (IsAtLeastTLSv1_2(ssl)) { + if (hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + + ret = ecc_verify_hash(signature, sigLen, digest, digestSz, + &verify, ssl->peerEccDsaKey); if (ret != 0 || verify == 0) return VERIFY_SIGN_ERROR; } @@ -6800,7 +6950,7 @@ int SetCipherList(Suites* s, const char* list) byte* verify = (byte*)&output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ]; byte* signBuffer = ssl->certHashes.md5; - word32 signSz = sizeof(Hashes); + word32 signSz = FINISHED_SZ; byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 extraSz = 0; /* tls 1.2 hash/sig */ @@ -6810,7 +6960,7 @@ int SetCipherList(Suites* s, const char* list) #endif length = sigOutSz; if (IsAtLeastTLSv1_2(ssl)) { - verify[0] = sha_mac; + verify[0] = ssl->suites->hashAlgo; verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo; extraSz = HASH_SIG_SIZE; } @@ -6819,21 +6969,49 @@ int SetCipherList(Suites* s, const char* list) if (usingEcc) { #ifdef HAVE_ECC word32 localSz = sigOutSz; - ret = ecc_sign_hash(signBuffer + MD5_DIGEST_SIZE, - SHA_DIGEST_SIZE, verify + extraSz + VERIFY_HEADER, + word32 digestSz = SHA_DIGEST_SIZE; + byte* digest = ssl->certHashes.sha; + + if (IsAtLeastTLSv1_2(ssl)) { + if (ssl->suites->hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = ssl->certHashes.sha256; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->suites->hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = ssl->certHashes.sha384; + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + + ret = ecc_sign_hash(digest, digestSz, + verify + extraSz + VERIFY_HEADER, &localSz, ssl->rng, &eccKey); #endif } else { if (IsAtLeastTLSv1_2(ssl)) { - byte* digest; - int typeH; - int digestSz; + byte* digest = ssl->certHashes.sha; + int digestSz = SHA_DIGEST_SIZE; + int typeH = SHAh; - /* sha1 for now */ - digest = ssl->certHashes.sha; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (ssl->suites->hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = ssl->certHashes.sha256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->suites->hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = ssl->certHashes.sha384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } signSz = EncodeSignature(encodedSig, digest,digestSz,typeH); signBuffer = encodedSig; @@ -7172,8 +7350,8 @@ int SetCipherList(Suites* s, const char* list) XMEMCPY(output + idx, exportBuf, expSz); idx += expSz; if (IsAtLeastTLSv1_2(ssl)) { - output[idx++] = sha_mac; - output[idx++] = ssl->specs.sig_algo; + output[idx++] = ssl->suites->hashAlgo; + output[idx++] = ssl->suites->sigAlgo; } c16toa((word16)sigSz, output + idx); idx += LENGTH_SZ; @@ -7183,6 +7361,14 @@ int SetCipherList(Suites* s, const char* list) Md5 md5; Sha sha; byte hash[FINISHED_SZ]; + #ifndef NO_SHA256 + Sha256 sha256; + byte hash256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + byte hash384[SHA384_DIGEST_SIZE]; + #endif /* md5 */ InitMd5(&md5); @@ -7198,22 +7384,48 @@ int SetCipherList(Suites* s, const char* list) ShaUpdate(&sha, output + preSigIdx, preSigSz); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); - if (ssl->specs.sig_algo == rsa_sa_algo) { + #ifndef NO_SHA256 + InitSha256(&sha256); + Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + Sha256Update(&sha256, output + preSigIdx, preSigSz); + Sha256Final(&sha256, hash256); + #endif + + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + Sha384Update(&sha384, output + preSigIdx, preSigSz); + Sha384Final(&sha384, hash384); + #endif + + if (ssl->suites->sigAlgo == rsa_sa_algo) { byte* signBuffer = hash; word32 signSz = sizeof(hash); byte encodedSig[MAX_ENCODED_SIG_SZ]; if (IsAtLeastTLSv1_2(ssl)) { - byte* digest; - int hType; - int digestSz; + byte* digest = &hash[MD5_DIGEST_SIZE]; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = &hash[MD5_DIGEST_SIZE]; - hType = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (ssl->suites->hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->suites->hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } signSz = EncodeSignature(encodedSig, digest, digestSz, - hType); + typeH); signBuffer = encodedSig; } ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz, @@ -7225,10 +7437,27 @@ int SetCipherList(Suites* s, const char* list) else return ret; } - else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { + else if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) { + byte* digest = &hash[MD5_DIGEST_SIZE]; + word32 digestSz = SHA_DIGEST_SIZE; word32 sz = sigSz; - ret = ecc_sign_hash(&hash[MD5_DIGEST_SIZE], SHA_DIGEST_SIZE, + if (IsAtLeastTLSv1_2(ssl)) { + if (ssl->suites->hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->suites->hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + + ret = ecc_sign_hash(digest, digestSz, output + idx, &sz, ssl->rng, &dsaKey); FreeRsaKey(&rsaKey); ecc_free(&dsaKey); @@ -7373,8 +7602,8 @@ int SetCipherList(Suites* s, const char* list) /* Add signature */ if (IsAtLeastTLSv1_2(ssl)) { - output[idx++] = sha_mac; - output[idx++] = ssl->specs.sig_algo; + output[idx++] = ssl->suites->hashAlgo; + output[idx++] = ssl->suites->sigAlgo; } /* size */ c16toa((word16)sigSz, output + idx); @@ -7385,6 +7614,14 @@ int SetCipherList(Suites* s, const char* list) Md5 md5; Sha sha; byte hash[FINISHED_SZ]; + #ifndef NO_SHA256 + Sha256 sha256; + byte hash256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + byte hash384[SHA384_DIGEST_SIZE]; + #endif /* md5 */ InitMd5(&md5); @@ -7400,19 +7637,45 @@ int SetCipherList(Suites* s, const char* list) ShaUpdate(&sha, output + preSigIdx, preSigSz); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); - if (ssl->specs.sig_algo == rsa_sa_algo) { + #ifndef NO_SHA256 + InitSha256(&sha256); + Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + Sha256Update(&sha256, output + preSigIdx, preSigSz); + Sha256Final(&sha256, hash256); + #endif + + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + Sha384Update(&sha384, output + preSigIdx, preSigSz); + Sha384Final(&sha384, hash384); + #endif + + if (ssl->suites->sigAlgo == rsa_sa_algo) { byte* signBuffer = hash; word32 signSz = sizeof(hash); byte encodedSig[MAX_ENCODED_SIG_SZ]; if (IsAtLeastTLSv1_2(ssl)) { - byte* digest; - int typeH; - int digestSz; + byte* digest = &hash[MD5_DIGEST_SIZE]; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = &hash[MD5_DIGEST_SIZE]; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (ssl->suites->hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->suites->hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } signSz = EncodeSignature(encodedSig, digest, digestSz, typeH); @@ -7895,6 +8158,36 @@ int SetCipherList(Suites* s, const char* list) } + static void PickHashSigAlgo(CYASSL* ssl, + const byte* hashSigAlgo, word32 hashSigAlgoSz) + { + word32 i; + + ssl->suites->sigAlgo = ssl->specs.sig_algo; + ssl->suites->hashAlgo = sha_mac; + + for (i = 0; i < hashSigAlgoSz; i += 2) { + if (hashSigAlgo[i+1] == ssl->specs.sig_algo) { + if (hashSigAlgo[i] == sha_mac) { + break; + } + #ifndef NO_SHA256 + else if (hashSigAlgo[i] == sha256_mac) { + ssl->suites->hashAlgo = sha256_mac; + break; + } + #endif + #ifdef CYASSL_SHA384 + else if (hashSigAlgo[i] == sha384_mac) { + ssl->suites->hashAlgo = sha384_mac; + break; + } + #endif + } + } + } + + static int MatchSuite(CYASSL* ssl, Suites* peerSuites) { word16 i, j; @@ -7907,7 +8200,6 @@ int SetCipherList(Suites* s, const char* list) if (ssl->suites == NULL) return SUITES_ERROR; - /* start with best, if a match we are good */ for (i = 0; i < ssl->suites->suiteSz; i += 2) for (j = 0; j < peerSuites->suiteSz; j += 2) @@ -7915,10 +8207,15 @@ int SetCipherList(Suites* s, const char* list) ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) { if (VerifySuite(ssl, i)) { + int result; CYASSL_MSG("Verified suite validity"); ssl->options.cipherSuite0 = ssl->suites->suites[i]; ssl->options.cipherSuite = ssl->suites->suites[i+1]; - return SetCipherSpecs(ssl); + result = SetCipherSpecs(ssl); + if (result == 0) + PickHashSigAlgo(ssl, peerSuites->hashSigAlgo, + peerSuites->hashSigAlgoSz); + return result; } else { CYASSL_MSG("Could not verify suite validity, continue"); @@ -8203,6 +8500,7 @@ int SetCipherList(Suites* s, const char* list) return BUFFER_ERROR; XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz); i += clSuites.suiteSz; + clSuites.hashSigAlgoSz = 0; b = input[i++]; /* comp len */ if (i + b > totalSz) @@ -8226,8 +8524,45 @@ int SetCipherList(Suites* s, const char* list) ssl->options.clientState = CLIENT_HELLO_COMPLETE; *inOutIdx = i; - if ( (i - begin) < helloSz) - *inOutIdx = begin + helloSz; /* skip extensions */ + if ( (i - begin) < helloSz) { + if (IsAtLeastTLSv1_2(ssl)) { + /* Process the hello extension. Skip unsupported. */ + word16 totalExtSz; + + ato16(&input[i], &totalExtSz); + i += LENGTH_SZ; + if (totalExtSz > helloSz + begin - i) + return INCOMPLETE_DATA; + while (totalExtSz) { + word16 extId, extSz; + + ato16(&input[i], &extId); + i += LENGTH_SZ; + ato16(&input[i], &extSz); + i += EXT_ID_SZ; + if (extSz > totalExtSz - LENGTH_SZ - EXT_ID_SZ) + return INCOMPLETE_DATA; + + if (extId == HELLO_EXT_SIG_ALGO) { + ato16(&input[i], &clSuites.hashSigAlgoSz); + i += LENGTH_SZ; + if (clSuites.hashSigAlgoSz > extSz - LENGTH_SZ) + return INCOMPLETE_DATA; + + XMEMCPY(clSuites.hashSigAlgo, &input[i], + min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX)); + i += clSuites.hashSigAlgoSz; + } + else + i += extSz; + + totalExtSz -= LENGTH_SZ + EXT_ID_SZ + extSz; + } + *inOutIdx = i; + } + else + *inOutIdx = begin + helloSz; /* skip extensions */ + } ssl->options.haveSessionId = 1; /* ProcessOld uses same resume code */ @@ -8270,6 +8605,8 @@ int SetCipherList(Suites* s, const char* list) byte* sig; byte* out; int outLen; + byte hashAlgo = sha_mac; + byte sigAlgo; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -8280,8 +8617,10 @@ int SetCipherList(Suites* s, const char* list) if ( (i + VERIFY_HEADER) > totalSz) return INCOMPLETE_DATA; - if (IsAtLeastTLSv1_2(ssl)) - i += HASH_SIG_SIZE; + if (IsAtLeastTLSv1_2(ssl)) { + hashAlgo = input[i++]; + sigAlgo = input[i++]; + } ato16(&input[i], &sz); i += VERIFY_HEADER; @@ -8304,14 +8643,24 @@ int SetCipherList(Suites* s, const char* list) if (IsAtLeastTLSv1_2(ssl)) { byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 sigSz; - byte* digest; - int typeH; - int digestSz; + byte* digest = ssl->certHashes.sha; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = ssl->certHashes.sha; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = ssl->certHashes.sha256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = ssl->certHashes.sha384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); @@ -8320,8 +8669,8 @@ int SetCipherList(Suites* s, const char* list) ret = 0; /* verified */ } else { - if (outLen == sizeof(ssl->certHashes) && XMEMCMP(out, - &ssl->certHashes, sizeof(ssl->certHashes)) == 0) + if (outLen == FINISHED_SZ && XMEMCMP(out, + &ssl->certHashes, FINISHED_SZ) == 0) ret = 0; /* verified */ } } @@ -8330,10 +8679,26 @@ int SetCipherList(Suites* s, const char* list) if (ssl->peerEccDsaKeyPresent) { int verify = 0; int err = -1; + byte* digest = ssl->certHashes.sha; + word32 digestSz = SHA_DIGEST_SIZE; CYASSL_MSG("Doing ECC peer cert verify"); - err = ecc_verify_hash(sig, sz, ssl->certHashes.sha, SHA_DIGEST_SIZE, + if (IsAtLeastTLSv1_2(ssl)) { + if (hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = ssl->certHashes.sha256; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = ssl->certHashes.sha384; + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + err = ecc_verify_hash(sig, sz, digest, digestSz, &verify, ssl->peerEccDsaKey); if (err == 0 && verify == 1) diff --git a/src/tls.c b/src/tls.c index ff555d022..acb44e9c5 100644 --- a/src/tls.c +++ b/src/tls.c @@ -239,15 +239,9 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) else side = tls_server; -#ifndef NO_MD5 - PRF(hashes->md5, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, + PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); -#else - PRF(hashes->hash, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, - side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), - ssl->specs.mac_algorithm); -#endif } From 59af8944cb97f5a58420e3af507de8a1a7c31256 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 18 Feb 2013 15:11:33 -0800 Subject: [PATCH 43/52] fix opensslextra sb issue --- src/internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 3c6689f56..8b820155f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7298,6 +7298,7 @@ int SetCipherList(Suites* s, const char* list) &ssl->buffers.serverDH_Pub.length); FreeDhKey(&dhKey); + InitRsaKey(&rsaKey, ssl->heap); if (ret == 0) { length = LENGTH_SZ * 3; /* p, g, pub */ length += ssl->buffers.serverDH_P.length + @@ -7313,7 +7314,6 @@ int SetCipherList(Suites* s, const char* list) if (!ssl->buffers.key.buffer) return NO_PRIVATE_KEY; - InitRsaKey(&rsaKey, ssl->heap); ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, &rsaKey, ssl->buffers.key.length); if (ret == 0) { From 116f2403d0af2d1e3f1804244ec86089e3f18396 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 19 Feb 2013 12:51:02 -0800 Subject: [PATCH 44/52] updated the list for storing out of order messages --- cyassl/internal.h | 16 ++++--- src/internal.c | 103 +++++++++++++++++++++++++++++++++++++++------- 2 files changed, 99 insertions(+), 20 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 9a68f0faf..517035cbc 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1387,9 +1387,10 @@ typedef struct DtlsPool { typedef struct DtlsMsg { struct DtlsMsg* next; - word32 seq; - word32 sz; - byte msg[1500]; + word32 seq; /* Handshake sequence number */ + word32 sz; /* Length of whole mesage */ + word32 fragSz; /* Length of fragments received */ + byte* msg; } DtlsMsg; @@ -1685,9 +1686,14 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength); CYASSL_LOCAL int DtlsPoolTimeout(CYASSL*); CYASSL_LOCAL int DtlsPoolSend(CYASSL*); CYASSL_LOCAL void DtlsPoolReset(CYASSL*); - CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, byte*, word32, void*); + + CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); CYASSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); - CYASSL_LOCAL void DtlsMsgListFree(DtlsMsg*, void*); + CYASSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); + CYASSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, word32, word32); + CYASSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); + CYASSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32, + word32, word32, void*); CYASSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); #endif /* CYASSL_DTLS */ diff --git a/src/internal.c b/src/internal.c index ad596254d..0a9078863 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1414,7 +1414,7 @@ void SSL_ResourceFree(CYASSL* ssl) XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_NONE); } if (ssl->dtls_msg_list != NULL) { - DtlsMsgListFree(ssl->dtls_msg_list, ssl->heap); + DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap); ssl->dtls_msg_list = NULL; } XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR); @@ -1652,33 +1652,43 @@ int DtlsPoolSend(CYASSL* ssl) /* functions for managing DTLS datagram reordering */ -DtlsMsg* DtlsMsgNew(word32 dataSz, byte* data, word32 seq, void* heap) +DtlsMsg* DtlsMsgNew(word32 sz, void* heap) { DtlsMsg* msg = NULL; - if (dataSz > 0) + if (sz > 0) msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG); if (msg != NULL) { - msg->next = NULL; - msg->seq = seq; - msg->sz = dataSz; - XMEMCPY(msg->msg, data, dataSz); + msg->msg = (byte*)XMALLOC(sz, heap, DYNAMIC_TYPE_NONE); + if (msg->msg != NULL) { + msg->next = NULL; + msg->seq = 0; + msg->sz = sz; + msg->fragSz = 0; + } + else { + XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG); + msg = NULL; + } } return msg; } - -void DtlsMsgDelete(DtlsMsg* msg, void* heap) +void DtlsMsgDelete(DtlsMsg* item, void* heap) { (void)heap; - if (msg != NULL) - XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG); + + if (item != NULL) { + if (item->msg != NULL) + XFREE(item->msg, heap, DYNAMIC_TYPE_NONE); + XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG); + } } -void DtlsMsgListFree(DtlsMsg* head, void* heap) +void DtlsMsgListDelete(DtlsMsg* head, void* heap) { DtlsMsg* next; while (head) { @@ -1689,6 +1699,66 @@ void DtlsMsgListFree(DtlsMsg* head, void* heap) } +void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, + word32 fragOffset, word32 fragSz) +{ + if (msg != NULL && data != NULL && msg->fragSz <= msg->sz) { + msg->seq = seq; + msg->fragSz += fragSz; + XMEMCPY(&msg->msg[fragOffset], data, fragSz); + } +} + + +DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq) +{ + while (head != NULL && head->seq != seq) { + head = head->next; + } + return head; +} + + +DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data, word32 dataSz, + word32 fragOffset, word32 fragSz, void* heap) +{ + + /* See if seq exists in the list. If it isn't in the list, make + * a new item of size dataSz, copy fragSz bytes from data to msg->msg + * starting at offset fragOffset, and add fragSz to msg->fragSz. If + * the seq is in the list and it isn't full, copy fragSz bytes from + * data to msg->msg starting at offset fragOffset, and add fragSz to + * msg->fragSz. The new item should be inserted into the list in its + * proper position. + * + * 1. Find seq in list, or where seq should go in list. If seq not in + * list, create new item and insert into list. Either case, keep + * pointer to item. + * 2. If msg->fragSz + fragSz < sz, copy data to msg->msg at offset + * fragOffset. Add fragSz to msg->fragSz. + */ + + if (head != NULL) { + DtlsMsg* cur = DtlsMsgFind(head, seq); + if (cur == NULL) { + cur = DtlsMsgNew(dataSz, heap); + DtlsMsgSet(cur, seq, data, fragOffset, fragSz); + head = DtlsMsgInsert(head, cur); + } + else { + DtlsMsgSet(cur, seq, data, fragOffset, fragSz); + } + } + else { + head = DtlsMsgNew(dataSz, heap); + DtlsMsgSet(head, seq, data, fragOffset, fragSz); + } + + return head; +} + + +/* DtlsMsgInsert() is an in-order insert. */ DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item) { if (head == NULL || item->seq < head->seq) { @@ -2201,7 +2271,9 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, return VERSION_ERROR; /* only use requested version */ } } - +#if 0 + /* Instead of this, check the datagram against the sliding window of + * received datagram goodness. */ #ifdef CYASSL_DTLS /* If DTLS, check the sequence number against expected. If out of * order, drop the record. Allows newer records in and resets the @@ -2219,7 +2291,7 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, } } #endif - +#endif /* record layer length check */ if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) return LENGTH_ERROR; @@ -4044,7 +4116,8 @@ int ProcessReply(CYASSL* ssl) &ssl->curRL, &ssl->curSize); #ifdef CYASSL_DTLS if (ssl->options.dtls && ret == SEQUENCE_ERROR) { - /* This message is out of order. Forget it ever happened. */ + /* This message is out of order. If we are handshaking, save + *it for later. Otherwise go ahead and process it. */ ssl->options.processReply = doProcessInit; ssl->buffers.inputBuffer.length = 0; ssl->buffers.inputBuffer.idx = 0; From 07baa27b20ceee7ee22032b34688f9101d52858f Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 19 Feb 2013 12:53:58 -0800 Subject: [PATCH 45/52] fix scan build for fastmath, dtls, ecc, psk, sha512 --- ctaocrypt/benchmark/benchmark.c | 19 +++++++++++++++---- ctaocrypt/src/pwdbased.c | 6 +++++- cyassl/error.h | 1 + src/internal.c | 9 ++++++++- src/io.c | 23 ++++++++++++++++------- 5 files changed, 45 insertions(+), 13 deletions(-) diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 021f4d5f0..bc29ccb39 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -852,15 +852,26 @@ void bench_eccKeyAgree(void) { ecc_key genKey, genKey2; double start, total, each, milliEach; - int i; + int i, ret; const int agreeTimes = 5; byte shared[1024]; byte sig[1024]; byte digest[32]; word32 x; - - ecc_make_key(&rng, 32, &genKey); - ecc_make_key(&rng, 32, &genKey2); + + ecc_init(&genKey); + ecc_init(&genKey2); + + ret = ecc_make_key(&rng, 32, &genKey); + if (ret != 0) { + printf("ecc_make_key failed\n"); + return; + } + ret = ecc_make_key(&rng, 32, &genKey2); + if (ret != 0) { + printf("ecc_make_key failed\n"); + return; + } /* 256 bit */ start = current_time(1); diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index b16638efc..4a791ed14 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -103,7 +103,11 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, int hLen; int j; Hmac hmac; - byte buffer[INNER_HASH_SIZE]; /* max size */ +#ifdef CYASSL_SHA512 + byte buffer[SHA512_DIGEST_SIZE]; +#else + byte buffer[INNER_HASH_SIZE]; /* max size, doesn't handle 512 yet */ +#endif if (hashType == MD5) { hLen = MD5_DIGEST_SIZE; diff --git a/cyassl/error.h b/cyassl/error.h index e7c4007d5..7ad273910 100644 --- a/cyassl/error.h +++ b/cyassl/error.h @@ -109,6 +109,7 @@ enum CyaSSL_ErrorCodes { BAD_KEA_TYPE_E = -274, /* bad KEA type found */ SANITY_CIPHER_E = -275, /* sanity check on cipher error */ RECV_OVERFLOW_E = -276, /* RXCB returned more than rqed */ + GEN_COOKIE_E = -277, /* Generate Cookie Error */ /* add strings to SetErrorString !!!!! */ /* begin negotiation parameter errors */ diff --git a/src/internal.c b/src/internal.c index b25578126..f1f300b5c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5267,6 +5267,10 @@ void SetErrorString(int error, char* str) XSTRNCPY(str, "Receive callback returned more than requested", max); break; + case GEN_COOKIE_E: + XSTRNCPY(str, "Generate Cookie Error", max); + break; + default : XSTRNCPY(str, "unknown error number", max); } @@ -8897,7 +8901,10 @@ int SetCipherList(Suites* s, const char* list) XMEMCPY(ssl->arrays->client_identity, &input[*inOutIdx], ci_sz); *inOutIdx += ci_sz; - ssl->arrays->client_identity[ci_sz] = 0; + if (ci_sz < MAX_PSK_ID_LEN) + ssl->arrays->client_identity[ci_sz] = 0; + else + ssl->arrays->client_identity[MAX_PSK_ID_LEN-1] = 0; ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, ssl->arrays->client_identity, ssl->arrays->psk_key, diff --git a/src/io.c b/src/io.c index 8e22d5979..b55e60fb5 100644 --- a/src/io.c +++ b/src/io.c @@ -29,6 +29,7 @@ #endif #include +#include /* if user writes own I/O callbacks they can define CYASSL_USER_IO to remove automatic setting of default I/O functions EmbedSend() and EmbedReceive() @@ -199,8 +200,10 @@ int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx) #else struct timeval timeout = {dtls_timeout, 0}; #endif - setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, - (char*)&timeout, TIMEVAL_BYTES); + if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, + TIMEVAL_BYTES) != 0) { + CYASSL_MSG("setsockopt rcvtimeo failed"); + } } } #endif @@ -318,14 +321,17 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx) XSOCKLENT peerSz = sizeof(peer); CYASSL_ENTER("EmbedReceiveFrom()"); + if (!CyaSSL_get_using_nonblock(ssl) && dtls_timeout != 0) { #ifdef USE_WINDOWS_API DWORD timeout = dtls_timeout * 1000; #else struct timeval timeout = { dtls_timeout, 0 }; #endif - setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, - (char*)&timeout, TIMEVAL_BYTES); + if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, + TIMEVAL_BYTES) != 0) { + CYASSL_MSG("setsockopt rcvtimeo failed"); + } } recvd = (int)RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags, @@ -365,8 +371,7 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx) } } else { - if (dtlsCtx != NULL - && dtlsCtx->peer.sz > 0 + if (dtlsCtx->peer.sz > 0 && peerSz != (XSOCKLENT)dtlsCtx->peer.sz && memcmp(&peer, dtlsCtx->peer.sa, peerSz) != 0) { CYASSL_MSG(" Ignored packet from invalid peer"); @@ -390,6 +395,7 @@ int EmbedSendTo(CYASSL* ssl, char *buf, int sz, void *ctx) int err; CYASSL_ENTER("EmbedSendTo()"); + sent = (int)SENDTO_FUNCTION(sd, &buf[sz - len], len, ssl->wflags, dtlsCtx->peer.sa, dtlsCtx->peer.sz); if (sent < 0) { @@ -435,7 +441,10 @@ int EmbedGenerateCookie(byte *buf, int sz, void *ctx) int cookieSrcSz = 0; Sha sha; - getpeername(sd, (struct sockaddr*)&peer, &peerSz); + if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) { + CYASSL_MSG("getpeername failed in EmbedGenerateCookie"); + return GEN_COOKIE_E; + } if (peer.sin_family == AF_INET) { struct sockaddr_in *s = (struct sockaddr_in*)&peer; From bdadeab34282c7ee0596b0001602cd524bcfe161 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 19 Feb 2013 16:06:02 -0800 Subject: [PATCH 46/52] added storing of out-of-order and fragmented message, missing processing of the stored list --- cyassl/internal.h | 6 ++- src/internal.c | 115 +++++++++++++++++++++------------------------- src/ssl.c | 2 + 3 files changed, 58 insertions(+), 65 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 517035cbc..9f48d2f1f 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1390,6 +1390,7 @@ typedef struct DtlsMsg { word32 seq; /* Handshake sequence number */ word32 sz; /* Length of whole mesage */ word32 fragSz; /* Length of fragments received */ + byte type; byte* msg; } DtlsMsg; @@ -1690,10 +1691,11 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength); CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); CYASSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); CYASSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); - CYASSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, word32, word32); + CYASSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, + word32, word32); CYASSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); CYASSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32, - word32, word32, void*); + byte, word32, word32, void*); CYASSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); #endif /* CYASSL_DTLS */ diff --git a/src/internal.c b/src/internal.c index 0a9078863..bfd36042b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1699,11 +1699,12 @@ void DtlsMsgListDelete(DtlsMsg* head, void* heap) } -void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, +void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type, word32 fragOffset, word32 fragSz) { if (msg != NULL && data != NULL && msg->fragSz <= msg->sz) { msg->seq = seq; + msg->type = type; msg->fragSz += fragSz; XMEMCPY(&msg->msg[fragOffset], data, fragSz); } @@ -1719,8 +1720,8 @@ DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq) } -DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data, word32 dataSz, - word32 fragOffset, word32 fragSz, void* heap) +DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data, + word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap) { /* See if seq exists in the list. If it isn't in the list, make @@ -1742,16 +1743,16 @@ DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data, word32 dataSz DtlsMsg* cur = DtlsMsgFind(head, seq); if (cur == NULL) { cur = DtlsMsgNew(dataSz, heap); - DtlsMsgSet(cur, seq, data, fragOffset, fragSz); + DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz); head = DtlsMsgInsert(head, cur); } else { - DtlsMsgSet(cur, seq, data, fragOffset, fragSz); + DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz); } } else { head = DtlsMsgNew(dataSz, heap); - DtlsMsgSet(head, seq, data, fragOffset, fragSz); + DtlsMsgSet(head, seq, data, type, fragOffset, fragSz); } return head; @@ -2349,7 +2350,6 @@ static int GetDtlsHandShakeHeader(CYASSL* ssl, const byte* input, c24to32(input + idx, fragOffset); idx += DTLS_HANDSHAKE_FRAG_SZ; c24to32(input + idx, fragSz); - idx += DTLS_HANDSHAKE_FRAG_SZ; return 0; } @@ -3094,66 +3094,55 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, if (*inOutIdx + fragSz > totalSz) return INCOMPLETE_DATA; - if (fragSz < size) { - /* message is fragmented, knit back together */ - byte* buf = ssl->buffers.dtlsHandshake.buffer; - if (ssl->buffers.dtlsHandshake.length == 0) { - /* Need to add a header back into the data. The Hash is calculated - * as if this were a single message, not several fragments. */ - buf = (byte*)XMALLOC(size + DTLS_HANDSHAKE_HEADER_SZ, - ssl->heap, DYNAMIC_TYPE_NONE); - if (buf == NULL) - return MEMORY_ERROR; - - ssl->buffers.dtlsHandshake.length = size; - ssl->buffers.dtlsHandshake.buffer = buf; - ssl->buffers.dtlsUsed = 0; - ssl->buffers.dtlsType = type; - - /* Construct a new header for the reassembled message as if it - * were originally sent as one fragment for the hashing later. */ - XMEMCPY(buf, - input + *inOutIdx - DTLS_HANDSHAKE_HEADER_SZ, - DTLS_HANDSHAKE_HEADER_SZ - DTLS_HANDSHAKE_FRAG_SZ); - XMEMCPY(buf + DTLS_HANDSHAKE_HEADER_SZ - DTLS_HANDSHAKE_FRAG_SZ, - input + *inOutIdx - DTLS_HANDSHAKE_HEADER_SZ + ENUM_LEN, - DTLS_HANDSHAKE_FRAG_SZ); - } - /* readjust the buf pointer past the header */ - buf += DTLS_HANDSHAKE_HEADER_SZ; - - XMEMCPY(buf + fragOffset, input + *inOutIdx, fragSz); - ssl->buffers.dtlsUsed += fragSz; - *inOutIdx += fragSz; - - if (ssl->buffers.dtlsUsed != size) { - CYASSL_LEAVE("DoDtlsHandShakeMsg()", 0); - return 0; - } - else { - if (ssl->keys.dtls_peer_handshake_number == + /* Check the handshake sequence number first. If out of order, + * add the current message to the list. If the message is in order, + * but it is a fragment, add the current message to the list, then + * check the head of the list to see if it is complete, if so, pop + * it out as the current message. If the message is complete and in + * order, process it. Check the head of the list to see if it is in + * order, if so, process it. (Repeat until list exhausted.) If the + * head is out of order, return for more processing. + * NOTE: The hash is calculated on the data, not the header. In + * DoHandShakeMsgType(), HashInput starts with inOutIdx. + */ + if (ssl->keys.dtls_peer_handshake_number > ssl->keys.dtls_expected_peer_handshake_number) { - word32 idx = 0; - totalSz = size; - ssl->keys.dtls_expected_peer_handshake_number++; - ret = DoHandShakeMsgType(ssl, buf, &idx, type, size, totalSz); - } - else { - *inOutIdx += size; - ret = 0; - } + /* Current message is out of order. It will get stored in the list. + * Storing also takes care of defragmentation. */ + ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, + ssl->keys.dtls_peer_handshake_number, input + *inOutIdx, + size, type, fragOffset, fragSz, ssl->heap); + *inOutIdx += fragSz; + ret = 0; + } + else if (ssl->keys.dtls_peer_handshake_number < + ssl->keys.dtls_expected_peer_handshake_number) { + /* Already saw this message and processed it. It can be ignored. */ + *inOutIdx += fragSz; + ret = 0; + } + else if (fragSz < size) { + /* Since this branch is in order, but fragmented, dtls_msg_list will be + * pointing the the message with this fragment in it. Check it to see + * if it is completed. */ + ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, + ssl->keys.dtls_peer_handshake_number, input + *inOutIdx, + size, type, fragOffset, fragSz, ssl->heap); + *inOutIdx += fragSz; + if (ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz) { + DtlsMsg* item = ssl->dtls_msg_list; + word32 idx = 0; + ssl->keys.dtls_expected_peer_handshake_number++; + ret = DoHandShakeMsgType(ssl, item->msg, &idx, + item->type, item->sz, item->sz); + ssl->dtls_msg_list = item->next; + DtlsMsgDelete(item, ssl->heap); } } else { - if (ssl->keys.dtls_peer_handshake_number == - ssl->keys.dtls_expected_peer_handshake_number) { - ssl->keys.dtls_expected_peer_handshake_number++; - ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); - } - else { - *inOutIdx += size; - ret = 0; - } + /* This branch is in order next, and a complete message. */ + ssl->keys.dtls_expected_peer_handshake_number++; + ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); } if (ssl->buffers.dtlsHandshake.buffer != NULL) { diff --git a/src/ssl.c b/src/ssl.c index 97ef9682f..e5a3c9050 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2467,6 +2467,8 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) { #ifdef CYASSL_DTLS int result = SSL_SUCCESS; + DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap); + ssl->dtls_msg_list = NULL; if (DtlsPoolTimeout(ssl) < 0 || DtlsPoolSend(ssl) < 0) { result = SSL_FATAL_ERROR; } From 04d0c581b1df055714f21cd3dab1a3bab0873eeb Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 19 Feb 2013 16:16:40 -0800 Subject: [PATCH 47/52] set output test size to real size, no strlen, make sure input strlens don't have 0x00 --- ctaocrypt/test/test.c | 146 +++++++++++++++++++++--------------------- 1 file changed, 73 insertions(+), 73 deletions(-) diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 202170a2c..08ef0a1e1 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -440,45 +440,45 @@ int md2_test() a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69" "\x27\x73"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = MD2_DIGEST_SIZE; b.input = "a"; b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0" "\xb5\xd1"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = MD2_DIGEST_SIZE; c.input = "abc"; c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde" "\xd6\xbb"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = MD2_DIGEST_SIZE; d.input = "message digest"; d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe" "\x06\xb0"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = MD2_DIGEST_SIZE; e.input = "abcdefghijklmnopqrstuvwxyz"; e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47" "\x94\x0b"; e.inLen = strlen(e.input); - e.outLen = strlen(e.output); + e.outLen = MD2_DIGEST_SIZE; f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" "6789"; f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03" "\x38\xcd"; f.inLen = strlen(f.input); - f.outLen = strlen(f.output); + f.outLen = MD2_DIGEST_SIZE; g.input = "1234567890123456789012345678901234567890123456789012345678" "9012345678901234567890"; g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3" "\xef\xd8"; g.inLen = strlen(g.input); - g.outLen = strlen(g.output); + g.outLen = MD2_DIGEST_SIZE; test_md2[0] = a; test_md2[1] = b; @@ -516,33 +516,33 @@ int md5_test(void) a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f" "\x72"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = MD5_DIGEST_SIZE; b.input = "message digest"; b.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61" "\xd0"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = MD5_DIGEST_SIZE; c.input = "abcdefghijklmnopqrstuvwxyz"; c.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1" "\x3b"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = MD5_DIGEST_SIZE; d.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" "6789"; d.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d" "\x9f"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = MD5_DIGEST_SIZE; e.input = "1234567890123456789012345678901234567890123456789012345678" "9012345678901234567890"; e.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" "\x7a"; e.inLen = strlen(e.input); - e.outLen = strlen(e.output); + e.outLen = MD5_DIGEST_SIZE; test_md5[0] = a; test_md5[1] = b; @@ -580,45 +580,45 @@ int md4_test(void) a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89" "\xc0"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = MD4_DIGEST_SIZE; b.input = "a"; b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb" "\x24"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = MD4_DIGEST_SIZE; c.input = "abc"; c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72" "\x9d"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = MD4_DIGEST_SIZE; d.input = "message digest"; d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01" "\x4b"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = MD4_DIGEST_SIZE; e.input = "abcdefghijklmnopqrstuvwxyz"; e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d" "\xa9"; e.inLen = strlen(e.input); - e.outLen = strlen(e.output); + e.outLen = MD4_DIGEST_SIZE; f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" "6789"; f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0" "\xe4"; f.inLen = strlen(f.input); - f.outLen = strlen(f.output); + f.outLen = MD4_DIGEST_SIZE; g.input = "1234567890123456789012345678901234567890123456789012345678" "9012345678901234567890"; g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05" "\x36"; g.inLen = strlen(g.input); - g.outLen = strlen(g.output); + g.outLen = MD4_DIGEST_SIZE; test_md4[0] = a; test_md4[1] = b; @@ -656,20 +656,20 @@ int sha_test(void) a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2" "\x6C\x9C\xD0\xD8\x9D"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA_DIGEST_SIZE; b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; b.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29" "\xE5\xE5\x46\x70\xF1"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA_DIGEST_SIZE; c.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaa"; c.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44" "\x2A\x25\xEC\x64\x4D"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = SHA_DIGEST_SIZE; d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" @@ -677,7 +677,7 @@ int sha_test(void) d.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" "\x53\x99\x5E\x26\xA0"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = SHA_DIGEST_SIZE; test_sha[0] = a; test_sha[1] = b; @@ -712,26 +712,26 @@ int ripemd_test(void) a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6" "\xb0\x87\xf1\x5a\x0b\xfc"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = RIPEMD_DIGEST_SIZE; b.input = "message digest"; b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8" "\x5f\xfa\x21\x59\x5f\x36"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = RIPEMD_DIGEST_SIZE; c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc" "\xf4\x9a\xda\x62\xeb\x2b"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = RIPEMD_DIGEST_SIZE; d.input = "12345678901234567890123456789012345678901234567890123456" "789012345678901234567890"; d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab" "\x82\xbf\x63\x32\x6b\xfb"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = RIPEMD_DIGEST_SIZE; test_ripemd[0] = a; test_ripemd[1] = b; @@ -769,14 +769,14 @@ int sha256_test(void) "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA256_DIGEST_SIZE; b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; b.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" "\x06\xC1"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA256_DIGEST_SIZE; test_sha[0] = a; test_sha[1] = b; @@ -813,7 +813,7 @@ int sha512_test(void) "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" "\xa5\x4c\xa4\x9f"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA512_DIGEST_SIZE; b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; @@ -823,7 +823,7 @@ int sha512_test(void) "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" "\x87\x4b\xe9\x09"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA512_DIGEST_SIZE; test_sha[0] = a; test_sha[1] = b; @@ -859,7 +859,7 @@ int sha384_test(void) "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" "\xc8\x25\xa7"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA384_DIGEST_SIZE; b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; @@ -868,7 +868,7 @@ int sha384_test(void) "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" "\x74\x60\x39"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA384_DIGEST_SIZE; test_sha[0] = a; test_sha[1] = b; @@ -910,13 +910,13 @@ int hmac_md5_test(void) a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" "\x9d"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = MD5_DIGEST_SIZE; b.input = "what do ya want for nothing?"; b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7" "\x38"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = MD5_DIGEST_SIZE; c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" @@ -925,7 +925,7 @@ int hmac_md5_test(void) c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3" "\xf6"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = MD5_DIGEST_SIZE; test_hmac[0] = a; test_hmac[1] = b; @@ -978,13 +978,13 @@ int hmac_sha_test(void) a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" "\x8e\xf1\x46\xbe\x00"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA_DIGEST_SIZE; b.input = "what do ya want for nothing?"; b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf" "\x9c\x25\x9a\x7c\x79"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA_DIGEST_SIZE; c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" @@ -993,7 +993,7 @@ int hmac_sha_test(void) c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b" "\x4f\x63\xf1\x75\xd3"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = SHA_DIGEST_SIZE; test_hmac[0] = a; test_hmac[1] = b; @@ -1048,14 +1048,14 @@ int hmac_sha256_test(void) "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" "\xcf\xf7"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA256_DIGEST_SIZE; b.input = "what do ya want for nothing?"; b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75" "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec" "\x38\x43"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA256_DIGEST_SIZE; c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" @@ -1065,7 +1065,7 @@ int hmac_sha256_test(void) "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5" "\x65\xfe"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = SHA256_DIGEST_SIZE; test_hmac[0] = a; test_hmac[1] = b; @@ -1121,7 +1121,7 @@ int hmac_sha384_test(void) "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2" "\xfa\x9c\xb6"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA384_DIGEST_SIZE; b.input = "what do ya want for nothing?"; b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b" @@ -1129,7 +1129,7 @@ int hmac_sha384_test(void) "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa" "\xb2\x16\x49"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA384_DIGEST_SIZE; c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" @@ -1140,7 +1140,7 @@ int hmac_sha384_test(void) "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01" "\xa3\x4f\x27"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = SHA384_DIGEST_SIZE; test_hmac[0] = a; test_hmac[1] = b; @@ -1182,23 +1182,23 @@ int arc4_test(void) a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef"; a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96"; - a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.inLen = 8; + a.outLen = 8; b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79"; - b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.inLen = 8; + b.outLen = 8; c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a"; - c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.inLen = 8; + c.outLen = 8; d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61"; - d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.inLen = 10; + d.outLen = 10; test_arc4[0] = a; test_arc4[1] = b; @@ -1273,23 +1273,23 @@ int hc128_test(void) a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48"; - a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.inLen = 8; + a.outLen = 8; b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F"; - b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.inLen = 8; + b.outLen = 8; c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A"; - c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.inLen = 8; + c.outLen = 8; d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29"; - d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.inLen = 15; + d.outLen = 15; test_hc128[0] = a; test_hc128[1] = b; @@ -1351,18 +1351,18 @@ int rabbit_test(void) a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C"; - a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.inLen = 8; + a.outLen = 8; b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0"; - b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.inLen = 8; + b.outLen = 8; c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; c.output = "\x9C\x51\xE2\x87\x84\xC3\x7F\xE9"; - c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.inLen = 8; + c.outLen = 8; test_rabbit[0] = a; test_rabbit[1] = b; @@ -2656,7 +2656,7 @@ int openssl_test(void) a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" "\x7a"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = MD5_DIGEST_SIZE; EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_md5()); @@ -2673,7 +2673,7 @@ int openssl_test(void) b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" "\x53\x99\x5E\x26\xA0"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA_DIGEST_SIZE; EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha1()); @@ -2690,7 +2690,7 @@ int openssl_test(void) "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" "\x06\xC1"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = SHA256_DIGEST_SIZE; EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha256()); @@ -2710,7 +2710,7 @@ int openssl_test(void) "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" "\x74\x60\x39"; e.inLen = strlen(e.input); - e.outLen = strlen(e.output); + e.outLen = SHA384_DIGEST_SIZE; EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha384()); @@ -2734,7 +2734,7 @@ int openssl_test(void) "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" "\x87\x4b\xe9\x09"; f.inLen = strlen(f.input); - f.outLen = strlen(f.output); + f.outLen = SHA512_DIGEST_SIZE; EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha512()); @@ -2755,7 +2755,7 @@ int openssl_test(void) c.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7" "\x38"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = MD5_DIGEST_SIZE; HMAC(EVP_md5(), "Jefe", 4, (byte*)c.input, (int)c.inLen, hash, 0); From 2c1ed7c11cd4fb8b9430727d9f25263202d7cbca Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 20 Feb 2013 08:35:33 -0800 Subject: [PATCH 48/52] removed old defragmentation code. fixed new defragment code. --- cyassl/internal.h | 4 +--- src/internal.c | 51 ++++++++++++++++++++++++++++------------------- 2 files changed, 31 insertions(+), 24 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 9f48d2f1f..357db420e 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1264,9 +1264,6 @@ typedef struct Buffers { byte weOwnKey; /* SSL own key flag */ byte weOwnDH; /* SSL own dh (p,g) flag */ #ifdef CYASSL_DTLS - buffer dtlsHandshake; /* DTLS handshake defragment buf */ - word32 dtlsUsed; /* DTLS bytes used in buffer */ - byte dtlsType; /* DTLS handshake frag type */ CYASSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ #endif } Buffers; @@ -1391,6 +1388,7 @@ typedef struct DtlsMsg { word32 sz; /* Length of whole mesage */ word32 fragSz; /* Length of fragments received */ byte type; + byte* buf; byte* msg; } DtlsMsg; diff --git a/src/internal.c b/src/internal.c index bfd36042b..4a703d9e9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1212,9 +1212,6 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->buffers.weOwnDH = 0; #ifdef CYASSL_DTLS - ssl->buffers.dtlsHandshake.length = 0; - ssl->buffers.dtlsHandshake.buffer = NULL; - ssl->buffers.dtlsType = 0; ssl->buffers.dtlsCtx.fd = -1; ssl->buffers.dtlsCtx.peer.sa = NULL; ssl->buffers.dtlsCtx.peer.sz = 0; @@ -1407,8 +1404,6 @@ void SSL_ResourceFree(CYASSL* ssl) if (ssl->buffers.outputBuffer.dynamicFlag) ShrinkOutputBuffer(ssl); #ifdef CYASSL_DTLS - if (ssl->buffers.dtlsHandshake.buffer != NULL) - XFREE(ssl->buffers.dtlsHandshake.buffer, ssl->heap, DYNAMIC_TYPE_NONE); if (ssl->dtls_pool != NULL) { DtlsPoolReset(ssl); XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_NONE); @@ -1652,6 +1647,11 @@ int DtlsPoolSend(CYASSL* ssl) /* functions for managing DTLS datagram reordering */ +/* Need to allocate space for the handshake message header. The hashing + * routines assume the message pointer is still within the buffer that + * has the headers, and will include those headers in the hash. The store + * routines need to take that into account as well. New will allocate + * extra space for the headers. */ DtlsMsg* DtlsMsgNew(word32 sz, void* heap) { DtlsMsg* msg = NULL; @@ -1660,12 +1660,14 @@ DtlsMsg* DtlsMsgNew(word32 sz, void* heap) msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG); if (msg != NULL) { - msg->msg = (byte*)XMALLOC(sz, heap, DYNAMIC_TYPE_NONE); - if (msg->msg != NULL) { + msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ, + heap, DYNAMIC_TYPE_NONE); + if (msg->buf != NULL) { msg->next = NULL; msg->seq = 0; msg->sz = sz; msg->fragSz = 0; + msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ; } else { XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG); @@ -1681,8 +1683,8 @@ void DtlsMsgDelete(DtlsMsg* item, void* heap) (void)heap; if (item != NULL) { - if (item->msg != NULL) - XFREE(item->msg, heap, DYNAMIC_TYPE_NONE); + if (item->buf != NULL) + XFREE(item->buf, heap, DYNAMIC_TYPE_NONE); XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG); } } @@ -1706,7 +1708,21 @@ void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type, msg->seq = seq; msg->type = type; msg->fragSz += fragSz; - XMEMCPY(&msg->msg[fragOffset], data, fragSz); + /* If fragOffset is zero, this is either a full message that is out + * of order, or the first fragment of a fragmented message. Copy the + * handshake message header as well as the message data. */ + if (fragOffset == 0) + XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ, + fragSz + DTLS_HANDSHAKE_HEADER_SZ); + else { + /* If fragOffet is non-zero, this is an additional fragment that + * needs to be copied to its location in the message buffer. Also + * copy the total size of the message over the fragment size. The + * hash routines look at a defragmented message if it had actually + * come across as a single handshake message. */ + XMEMCPY(msg->msg + fragOffset, data, fragSz); + c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ); + } } } @@ -3123,18 +3139,19 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, } else if (fragSz < size) { /* Since this branch is in order, but fragmented, dtls_msg_list will be - * pointing the the message with this fragment in it. Check it to see + * pointing to the message with this fragment in it. Check it to see * if it is completed. */ ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, ssl->keys.dtls_peer_handshake_number, input + *inOutIdx, size, type, fragOffset, fragSz, ssl->heap); *inOutIdx += fragSz; + ret = 0; if (ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz) { DtlsMsg* item = ssl->dtls_msg_list; word32 idx = 0; ssl->keys.dtls_expected_peer_handshake_number++; - ret = DoHandShakeMsgType(ssl, item->msg, &idx, - item->type, item->sz, item->sz); + ret = DoHandShakeMsgType(ssl, item->msg, + &idx, item->type, item->sz, item->sz); ssl->dtls_msg_list = item->next; DtlsMsgDelete(item, ssl->heap); } @@ -3145,14 +3162,6 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); } - if (ssl->buffers.dtlsHandshake.buffer != NULL) { - XFREE(ssl->buffers.dtlsHandshake.buffer, ssl->heap, DYNAMIC_TYPE_NONE); - ssl->buffers.dtlsHandshake.length = 0; - ssl->buffers.dtlsHandshake.buffer = NULL; - ssl->buffers.dtlsUsed = 0; - ssl->buffers.dtlsType = 0; - } - CYASSL_LEAVE("DoDtlsHandShakeMsg()", ret); return ret; } From 598043dd6f26b41e723a6f6e5b1615630388dea8 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 20 Feb 2013 09:28:09 -0800 Subject: [PATCH 49/52] drains the DTLS message store once an in-order message is received. --- src/internal.c | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/src/internal.c b/src/internal.c index 4a703d9e9..35832648c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3094,6 +3094,31 @@ static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, #ifdef CYASSL_DTLS +static int DtlsMsgDrain(CYASSL* ssl) +{ + DtlsMsg* item = ssl->dtls_msg_list; + int ret = 0; + word32 idx = 0; + + /* While there is an item in the store list, and it is the expected + * message, and it is complete, and there hasn't been an error in the + * last messge... */ + while (item != NULL && + ssl->keys.dtls_expected_peer_handshake_number == item->seq && + item->fragSz == item->sz && + ret == 0) { + ssl->keys.dtls_expected_peer_handshake_number++; + ret = DoHandShakeMsgType(ssl, item->msg, + &idx, item->type, item->sz, item->sz); + ssl->dtls_msg_list = item->next; + DtlsMsgDelete(item, ssl->heap); + item = ssl->dtls_msg_list; + } + + return ret; +} + + static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, word32 totalSz) { @@ -3118,8 +3143,6 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, * order, process it. Check the head of the list to see if it is in * order, if so, process it. (Repeat until list exhausted.) If the * head is out of order, return for more processing. - * NOTE: The hash is calculated on the data, not the header. In - * DoHandShakeMsgType(), HashInput starts with inOutIdx. */ if (ssl->keys.dtls_peer_handshake_number > ssl->keys.dtls_expected_peer_handshake_number) { @@ -3146,20 +3169,15 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, size, type, fragOffset, fragSz, ssl->heap); *inOutIdx += fragSz; ret = 0; - if (ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz) { - DtlsMsg* item = ssl->dtls_msg_list; - word32 idx = 0; - ssl->keys.dtls_expected_peer_handshake_number++; - ret = DoHandShakeMsgType(ssl, item->msg, - &idx, item->type, item->sz, item->sz); - ssl->dtls_msg_list = item->next; - DtlsMsgDelete(item, ssl->heap); - } + if (ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz) + ret = DtlsMsgDrain(ssl); } else { /* This branch is in order next, and a complete message. */ ssl->keys.dtls_expected_peer_handshake_number++; ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); + if (ret == 0 && ssl->dtls_msg_list != NULL) + ret = DtlsMsgDrain(ssl); } CYASSL_LEAVE("DoDtlsHandShakeMsg()", ret); From ffc67892a4c648d9b96834cb3f1481f4e528bc87 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 20 Feb 2013 10:43:50 -0800 Subject: [PATCH 50/52] allow for 0 length handshake messages, still need to store the message header --- src/internal.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index 35832648c..5dcc239f8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1656,8 +1656,7 @@ DtlsMsg* DtlsMsgNew(word32 sz, void* heap) { DtlsMsg* msg = NULL; - if (sz > 0) - msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG); + msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG); if (msg != NULL) { msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ, From b2b45d3f4ade9a84d1a6365a470443155fae0e34 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 20 Feb 2013 15:26:22 -0800 Subject: [PATCH 51/52] sb fixes for crl and ocsp --- ctaocrypt/src/asn.c | 3 ++- src/io.c | 7 ++++++- src/ocsp.c | 4 ++-- src/ssl.c | 10 ++++++++-- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index fcf812e8f..a99fa607f 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -4295,7 +4295,8 @@ static int DecodeSingleResponse(byte* source, break; case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED): cs->status = CERT_REVOKED; - GetLength(source, &idx, &length, size); + if (GetLength(source, &idx, &length, size) < 0) + return ASN_PARSE_E; idx += length; break; case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN): diff --git a/src/io.c b/src/io.c index b55e60fb5..624f5742c 100644 --- a/src/io.c +++ b/src/io.c @@ -506,6 +506,10 @@ static INLINE int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port) } *sockfd = socket(AF_INET_V, SOCK_STREAM, 0); + if (*sockfd < 0) { + CYASSL_MSG("bad socket fd, out of fds?"); + return -1; + } XMEMSET(&addr, 0, sizeof(SOCKADDR_IN_T)); addr.sin_family = AF_INET_V; @@ -672,7 +676,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz, byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf) { char domainName[80], path[80]; - int port, httpBufSz, sfd; + int port, httpBufSz, sfd = -1; int ocspRespSz = 0; byte* httpBuf = NULL; @@ -725,6 +729,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz, } } else { CYASSL_MSG("OCSP Responder connection failed"); + close(sfd); return -1; } diff --git a/src/ocsp.c b/src/ocsp.c index c9838b556..6fd3dbe13 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -274,7 +274,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert) } if (ocsp->useOverrideUrl || cert->extAuthInfo == NULL) { - if (ocsp->overrideUrl != NULL) { + if (ocsp->overrideUrl[0] != '\0') { url = ocsp->overrideUrl; urlSz = (int)XSTRLEN(url); } @@ -299,7 +299,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert) ocspReqBuf, ocspReqSz, &ocspRespBuf); } - if (result >= 0) { + if (result >= 0 && ocspRespBuf) { InitOcspResponse(&ocspResponse, certStatus, ocspRespBuf, result); OcspResponseDecode(&ocspResponse); diff --git a/src/ssl.c b/src/ssl.c index 735752d81..c18dce8fc 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -955,7 +955,10 @@ int CyaSSL_Init(void) ret = BAD_MUTEX_ERROR; } if (ret == 0) { - LockMutex(&count_mutex); + if (LockMutex(&count_mutex) != 0) { + CYASSL_MSG("Bad Lock Mutex count"); + return BAD_MUTEX_ERROR; + } initRefCount++; UnLockMutex(&count_mutex); } @@ -3018,7 +3021,10 @@ int CyaSSL_Cleanup(void) CYASSL_ENTER("CyaSSL_Cleanup"); - LockMutex(&count_mutex); + if (LockMutex(&count_mutex) != 0) { + CYASSL_MSG("Bad Lock Mutex count"); + return BAD_MUTEX_ERROR; + } release = initRefCount-- == 1; if (initRefCount < 0) From f4082f83e5cecc207ea1f935076587a6a9a16efd Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 20 Feb 2013 15:45:10 -0800 Subject: [PATCH 52/52] sb fixes for certgen + keygen --- ctaocrypt/src/asn.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index a99fa607f..fb19e214c 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -3424,6 +3424,10 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, RNG* rng, { (void)ntruKey; (void)ntruSz; + + /* init */ + XMEMSET(der, 0, sizeof(DerCert)); + /* version */ der->versionSz = SetMyVersion(cert->version, der->version, TRUE);