diff --git a/COPYING b/COPYING index d60c31a97..d159169d1 100644 --- a/COPYING +++ b/COPYING @@ -1,12 +1,12 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. - Preamble + Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public @@ -15,7 +15,7 @@ software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to +the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not @@ -55,8 +55,8 @@ patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. - - GNU GENERAL PUBLIC LICENSE + + GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains @@ -110,7 +110,7 @@ above, provided that you also meet all of these conditions: License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) - + These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in @@ -168,7 +168,7 @@ access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. - + 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is @@ -225,7 +225,7 @@ impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. - + 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License @@ -255,7 +255,7 @@ make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. - NO WARRANTY + NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN @@ -277,9 +277,9 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it @@ -303,17 +303,16 @@ the "copyright" line and a pointer to where the full notice is found. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: - Gnomovision version 69, Copyright (C) year name of author + Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. @@ -336,5 +335,5 @@ necessary. Here is a sample; alter the names: This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Library General +library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. diff --git a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c index bf32ef2dd..4b1a5aba2 100644 --- a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c +++ b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c @@ -1,6 +1,6 @@ /* time.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c b/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c index 398d85c70..d29fbf3b1 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c +++ b/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c @@ -1,6 +1,6 @@ /* certs_test.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h index a88e1bca4..8bd713cd8 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h +++ b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h @@ -1,6 +1,6 @@ /* config-BEREFOOT.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h index ed2e6d642..c05fba661 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h +++ b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h @@ -1,6 +1,6 @@ /* config-FS.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h index 5a424e0df..106e7718b 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h +++ b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h @@ -1,6 +1,6 @@ /* config-RTX-TCP-FS.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h index 21e47c46f..4d89d8fca 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h +++ b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h @@ -1,6 +1,6 @@ /* config.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c b/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c index ab6e4d8c5..b8e3d59a7 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c +++ b/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c @@ -1,6 +1,6 @@ /* cyassl_MDK_ARM.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h b/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h index 052fe2991..b26164339 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h +++ b/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h @@ -1,6 +1,6 @@ /* cyassl_KEIL_RL.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /******************************************************************************/ diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c b/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c index 8883a88dd..635267e39 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c +++ b/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c b/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c index 1a0b6ad73..7b76c1d29 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c +++ b/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c @@ -1,6 +1,6 @@ /*shell.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /*** tiny Shell for CyaSSL apps ***/ diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c b/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c index c712a33ec..47f0b201c 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c +++ b/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c @@ -1,6 +1,6 @@ /* ssl-dummy.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c index 37154d136..e2912d19f 100644 --- a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c +++ b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Docs/CyaSSL-License.txt b/IDE/MDK5-ARM/Docs/CyaSSL-License.txt index 6262c57c2..3a01f3420 100644 --- a/IDE/MDK5-ARM/Docs/CyaSSL-License.txt +++ b/IDE/MDK5-ARM/Docs/CyaSSL-License.txt @@ -1,107 +1,292 @@ LICENSE AGREEMENT -The wolfSSL source code is subject to the U.S. Export Administration Regulations and other U.S. law, and may not be exported or re-exported to certain countries (currently Afghanistan, Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria) or to persons or entities prohibited from receiving U.S. exports (including Denied Parties, entities on the Bureau of Export Administration Entity List, and Specially Designated Nationals). +The wolfSSL source code is subject to the U.S. Export Administration +Regulations and other U.S. law, and may not be exported or re-exported to +certain countries (currently Afghanistan, Cuba, Iran, Iraq, Libya, North +Korea, Sudan and Syria) or to persons or entities prohibited from receiving +U.S. exports (including Denied Parties, entities on the Bureau of Export +Administration Entity List, and Specially Designated Nationals). --- -GNU GENERAL PUBLIC LICENSE -Version 2, June 1991 + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 -============================================================ + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. -Copyright (C) 1989, 1991 Free Software Foundation, Inc. -59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Preamble -Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. - -========================================================= - -Preamble - -The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to your programs, too. -When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. -To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. -For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. -We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. -Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. -Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. -The precise terms and conditions for copying, distribution and modification follow. + The precise terms and conditions for copying, distribution and +modification follow. -GNU GENERAL PUBLIC LICENSE + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION -TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. - 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. -You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. - 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: - a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. - b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. - c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) -These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. -Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. -In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. - 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: - a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, - b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, - c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) -The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. -If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. - 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. - 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying the Program or works based on it. - 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. - 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. -If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. -It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. -This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. - 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. - 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. -Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. - 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. -NO WARRANTY + NO WARRANTY - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS -END OF TERMS AND CONDITIONS \ No newline at end of file diff --git a/IDE/MDK5-ARM/Inc/cyassl_MDK_ARM.h b/IDE/MDK5-ARM/Inc/cyassl_MDK_ARM.h index 51f3c901d..e99e9b8b0 100644 --- a/IDE/MDK5-ARM/Inc/cyassl_MDK_ARM.h +++ b/IDE/MDK5-ARM/Inc/cyassl_MDK_ARM.h @@ -1,6 +1,6 @@ /* cyassl_KEIL_RL.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /******************************************************************************/ diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c index 817d9b7c6..6dae4b6e4 100644 --- a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c +++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c @@ -1,6 +1,6 @@ /* benchmark.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* CTaoCrypt benchmark */ diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c index 5a6248704..2c6c8f68a 100644 --- a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c +++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/CryptTest/main.c b/IDE/MDK5-ARM/Projects/CryptTest/main.c index 86a9f0ec5..20d4e40ca 100644 --- a/IDE/MDK5-ARM/Projects/CryptTest/main.c +++ b/IDE/MDK5-ARM/Projects/CryptTest/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/CryptTest/test.c b/IDE/MDK5-ARM/Projects/CryptTest/test.c index 57419e11f..0978a3af3 100644 --- a/IDE/MDK5-ARM/Projects/CryptTest/test.c +++ b/IDE/MDK5-ARM/Projects/CryptTest/test.c @@ -1,6 +1,6 @@ /* test.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c index 817d9b7c6..6dae4b6e4 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c @@ -1,6 +1,6 @@ /* benchmark.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* CTaoCrypt benchmark */ diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/cert_data.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/cert_data.c index 398d85c70..d29fbf3b1 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/cert_data.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/cert_data.c @@ -1,6 +1,6 @@ /* certs_test.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/client.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/client.c index ab17b6a49..4744f9b72 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/client.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/client.c @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/echoclient.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/echoclient.c index 3a62eb67d..24a02febc 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/echoclient.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/echoclient.c @@ -1,6 +1,6 @@ /* echoclient.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/echoserver.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/echoserver.c index c7e23bf7e..33f6df3df 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/echoserver.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/echoserver.c @@ -1,6 +1,6 @@ /* echoserver.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/main.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/main.c index 9d0e71223..6cdd8f80d 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/main.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/server.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/server.c index ae484062f..440dd1d03 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/server.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/server.c @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/shell.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/shell.c index 183f97c87..1ada297cf 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/shell.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/shell.c @@ -1,6 +1,6 @@ /*shell.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /*** tiny Shell for CyaSSL apps ***/ diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c index 57419e11f..0978a3af3 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c @@ -1,6 +1,6 @@ /* test.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/EchoClient/echoclient.c b/IDE/MDK5-ARM/Projects/EchoClient/echoclient.c index 3a62eb67d..24a02febc 100644 --- a/IDE/MDK5-ARM/Projects/EchoClient/echoclient.c +++ b/IDE/MDK5-ARM/Projects/EchoClient/echoclient.c @@ -1,6 +1,6 @@ /* echoclient.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/EchoClient/main.c b/IDE/MDK5-ARM/Projects/EchoClient/main.c index 7224df509..a2db99f5e 100644 --- a/IDE/MDK5-ARM/Projects/EchoClient/main.c +++ b/IDE/MDK5-ARM/Projects/EchoClient/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/EchoServer/echoserver.c b/IDE/MDK5-ARM/Projects/EchoServer/echoserver.c index c7e23bf7e..33f6df3df 100644 --- a/IDE/MDK5-ARM/Projects/EchoServer/echoserver.c +++ b/IDE/MDK5-ARM/Projects/EchoServer/echoserver.c @@ -1,6 +1,6 @@ /* echoserver.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/EchoServer/main.c b/IDE/MDK5-ARM/Projects/EchoServer/main.c index c6a2212f4..810fdbb2b 100644 --- a/IDE/MDK5-ARM/Projects/EchoServer/main.c +++ b/IDE/MDK5-ARM/Projects/EchoServer/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/client.c b/IDE/MDK5-ARM/Projects/SimpleClient/client.c index be7e0816a..113bed9f6 100644 --- a/IDE/MDK5-ARM/Projects/SimpleClient/client.c +++ b/IDE/MDK5-ARM/Projects/SimpleClient/client.c @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/main.c b/IDE/MDK5-ARM/Projects/SimpleClient/main.c index b0efeeb5c..642afd01e 100644 --- a/IDE/MDK5-ARM/Projects/SimpleClient/main.c +++ b/IDE/MDK5-ARM/Projects/SimpleClient/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/SimpleServer/main.c b/IDE/MDK5-ARM/Projects/SimpleServer/main.c index bba0c5f24..053ff48bd 100644 --- a/IDE/MDK5-ARM/Projects/SimpleServer/main.c +++ b/IDE/MDK5-ARM/Projects/SimpleServer/main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Projects/SimpleServer/server.c b/IDE/MDK5-ARM/Projects/SimpleServer/server.c index 5d5256d4a..a42581d90 100644 --- a/IDE/MDK5-ARM/Projects/SimpleServer/server.c +++ b/IDE/MDK5-ARM/Projects/SimpleServer/server.c @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Src/cert_data.c b/IDE/MDK5-ARM/Src/cert_data.c index 398d85c70..d29fbf3b1 100644 --- a/IDE/MDK5-ARM/Src/cert_data.c +++ b/IDE/MDK5-ARM/Src/cert_data.c @@ -1,6 +1,6 @@ /* certs_test.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/IDE/MDK5-ARM/Src/cyassl_MDK_ARM.c b/IDE/MDK5-ARM/Src/cyassl_MDK_ARM.c index 53747afae..cca8ad619 100644 --- a/IDE/MDK5-ARM/Src/cyassl_MDK_ARM.c +++ b/IDE/MDK5-ARM/Src/cyassl_MDK_ARM.c @@ -1,6 +1,6 @@ /* cyassl_KEIL_RL.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/IDE/MDK5-ARM/Src/ssl-dummy.c b/IDE/MDK5-ARM/Src/ssl-dummy.c index 88110ce98..47f4a6cd6 100644 --- a/IDE/MDK5-ARM/Src/ssl-dummy.c +++ b/IDE/MDK5-ARM/Src/ssl-dummy.c @@ -1,6 +1,6 @@ /* ssl-dummy.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/README b/README index 92f199c46..9e3c58eac 100644 --- a/README +++ b/README @@ -35,7 +35,23 @@ before calling SSL_new(); Though it's not recommended. *** end Notes *** -CyaSSL Release 2.9.4 (04/09/2014) +CyaSSL Release 3.0.0 (04/29/2014) + +Release 3.0.0 CyaSSL has bug fixes and new features including: + +- FIPS release candidate +- X.509 improvements that address items reported by Suman Jana with security + researchers at UT Austin and UC Davis +- Small stack size improvements, --enable-smallstack. Offloads large local + variables to the heap. (Note this is not complete.) +- Updated AES-CCM-8 cipher suites to use approved suite numbers. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 2.9.4 (04/09/2014) Release 2.9.4 CyaSSL has bug fixes and new features including: diff --git a/commit-tests.sh b/commit-tests.sh index 551cffdb9..066f1d0d5 100755 --- a/commit-tests.sh +++ b/commit-tests.sh @@ -23,7 +23,7 @@ RESULT=$? # make sure full config is ok echo -e "\n\nTesting full config as well...\n\n" -./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia --enable-sha512; +./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia --enable-sha512 --enable-crl --enable-ocsp --enable-savesession --enable-savecert --enable-atomicuser --enable-pkcallbacks --enable-scep; RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1 diff --git a/configure.ac b/configure.ac index 721afa331..2de6912a1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,12 +1,12 @@ # configure.ac # -# Copyright (C) 2006-2013 wolfSSL Inc. +# Copyright (C) 2006-2014 wolfSSL Inc. # # This file is part of CyaSSL. # # -AC_INIT([cyassl],[2.9.4],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com]) +AC_INIT([cyassl],[3.0.0],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -31,7 +31,7 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -CYASSL_LIBRARY_VERSION=5:4:0 +CYASSL_LIBRARY_VERSION=5:5:0 # | | | # +------+ | +---+ # | | | @@ -1334,6 +1334,19 @@ then fi +# Small Stack +AC_ARG_ENABLE([smallstack], + [ --enable-smallstack Enable Small Stack Usage (default: enabled)], + [ ENABLED_SMALL_STACK=$enableval ], + [ ENABLED_SMALL_STACK=yes ] + ) + +if test "x$ENABLED_SMALL_STACK" = "xyes" +then + AM_CFLAGS="$AM_CFLAGS -DCYASSL_SMALL_STACK" +fi + + #valgrind AC_ARG_ENABLE([valgrind], [ --enable-valgrind Enable valgrind for unit tests (default: disabled)], @@ -1649,7 +1662,7 @@ rm -f $OPTION_FILE echo "/* cyassl options.h" >> $OPTION_FILE echo " * generated from configure options" >> $OPTION_FILE echo " *" >> $OPTION_FILE -echo " * Copyright (C) 2006-2013 wolfSSL Inc." >> $OPTION_FILE +echo " * Copyright (C) 2006-2014 wolfSSL Inc." >> $OPTION_FILE echo " *" >> $OPTION_FILE echo " * This file is part of CyaSSL." >> $OPTION_FILE echo " *" >> $OPTION_FILE @@ -1760,6 +1773,7 @@ echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES" echo " * All TLS Extensions: $ENABLED_TLSX" echo " * PKCS#7 $ENABLED_PKCS7" echo " * wolfSCEP $ENABLED_WOLFSCEP" +echo " * Small Stack: $ENABLED_SMALL_STACK" echo " * valgrind unit tests: $ENABLED_VALGRIND" echo " * LIBZ: $ENABLED_LIBZ" echo " * Examples: $ENABLED_EXAMPLES" diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 817d9b7c6..2cccd362a 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -1,6 +1,6 @@ /* benchmark.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* CTaoCrypt benchmark */ @@ -405,9 +405,13 @@ void bench_camellia(void) { Camellia cam; double start, total, persec; - int i; + int i, ret; - CamelliaSetKey(&cam, key, 16, iv); + ret = CamelliaSetKey(&cam, key, 16, iv); + if (ret != 0) { + printf("CamelliaSetKey failed, ret = %d\n", ret); + return; + } start = current_time(1); for(i = 0; i < numBlocks; i++) @@ -619,8 +623,7 @@ void bench_sha256(void) Sha256 hash; byte digest[SHA256_DIGEST_SIZE]; double start, total, persec; - int i; - int ret; + int i, ret; ret = InitSha256(&hash); if (ret != 0) { @@ -629,10 +632,19 @@ void bench_sha256(void) } start = current_time(1); - for(i = 0; i < numBlocks; i++) - Sha256Update(&hash, plain, sizeof(plain)); + for(i = 0; i < numBlocks; i++) { + ret = Sha256Update(&hash, plain, sizeof(plain)); + if (ret != 0) { + printf("Sha256Update failed, ret = %d\n", ret); + return; + } + } - Sha256Final(&hash, digest); + ret = Sha256Final(&hash, digest); + if (ret != 0) { + printf("Sha256Final failed, ret = %d\n", ret); + return; + } total = current_time(0) - start; persec = 1 / total * numBlocks; @@ -661,10 +673,19 @@ void bench_sha512(void) } start = current_time(1); - for(i = 0; i < numBlocks; i++) - Sha512Update(&hash, plain, sizeof(plain)); - - Sha512Final(&hash, digest); + for(i = 0; i < numBlocks; i++) { + ret = Sha512Update(&hash, plain, sizeof(plain)); + if (ret != 0) { + printf("Sha512Update failed, ret = %d\n", ret); + return; + } + } + + ret = Sha512Final(&hash, digest); + if (ret != 0) { + printf("Sha512Final failed, ret = %d\n", ret); + return; + } total = current_time(0) - start; persec = 1 / total * numBlocks; @@ -713,15 +734,28 @@ void bench_blake2(void) Blake2b b2b; byte digest[64]; double start, total, persec; - int i; + int i, ret; - InitBlake2b(&b2b, 64); + ret = InitBlake2b(&b2b, 64); + if (ret != 0) { + printf("InitBlake2b failed, ret = %d\n", ret); + return; + } start = current_time(1); - for(i = 0; i < numBlocks; i++) - Blake2bUpdate(&b2b, plain, sizeof(plain)); + for(i = 0; i < numBlocks; i++) { + ret = Blake2bUpdate(&b2b, plain, sizeof(plain)); + if (ret != 0) { + printf("Blake2bUpdate failed, ret = %d\n", ret); + return; + } + } - Blake2bFinal(&b2b, digest, 64); + ret = Blake2bFinal(&b2b, digest, 64); + if (ret != 0) { + printf("Blake2bFinal failed, ret = %d\n", ret); + return; + } total = current_time(0) - start; persec = 1 / total * numBlocks; diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index 4d82f4fd3..869203c41 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -1,6 +1,6 @@ /* aes.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/ctaocrypt/src/aes_asm.s b/ctaocrypt/src/aes_asm.s index a1df56b70..382d9b313 100755 --- a/ctaocrypt/src/aes_asm.s +++ b/ctaocrypt/src/aes_asm.s @@ -1,6 +1,6 @@ /* aes_asm.s * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/arc4.c b/ctaocrypt/src/arc4.c index 6c62e4ca1..01cc7a197 100644 --- a/ctaocrypt/src/arc4.c +++ b/ctaocrypt/src/arc4.c @@ -1,6 +1,6 @@ /* arc4.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/ctaocrypt/src/asm.c b/ctaocrypt/src/asm.c index 8b588aa4d..2924cddc2 100644 --- a/ctaocrypt/src/asm.c +++ b/ctaocrypt/src/asm.c @@ -1,6 +1,6 @@ /* asm.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index db30330bf..57650bd1e 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1,6 +1,6 @@ /* asn.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -1057,7 +1057,7 @@ int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, key->type = RSA_PUBLIC; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) { byte b = input[*inOutIdx]; if (b != ASN_INTEGER) { @@ -1272,6 +1272,11 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) cert->subjectCNLen = 0; cert->subjectCNStored = 0; cert->altNames = NULL; +#ifndef IGNORE_NAME_CONSTRAINTS + cert->altEmailNames = NULL; + cert->permittedNames = NULL; + cert->excludedNames = NULL; +#endif /* IGNORE_NAME_CONSTRAINTS */ cert->issuer[0] = '\0'; cert->subject[0] = '\0'; cert->source = source; /* don't own */ @@ -1341,6 +1346,9 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) cert->extSubjKeyIdSrc = NULL; cert->extSubjKeyIdSz = 0; #endif /* OPENSSL_EXTRA */ +#if defined(OPENSSL_EXTRA) || !defined(IGNORE_NAME_CONSTRAINTS) + cert->extNameConstraintSet = 0; +#endif /* OPENSSL_EXTRA || !IGNORE_NAME_CONSTRAINTS */ #ifdef HAVE_ECC cert->pkCurveOID = 0; #endif /* HAVE_ECC */ @@ -1372,6 +1380,22 @@ void FreeAltNames(DNS_entry* altNames, void* heap) } } +#ifndef IGNORE_NAME_CONSTRAINTS + +void FreeNameSubtrees(Base_entry* names, void* heap) +{ + (void)heap; + + while (names) { + Base_entry* tmp = names->next; + + XFREE(names->name, heap, DYNAMIC_TYPE_ALTNAME); + XFREE(names, heap, DYNAMIC_TYPE_ALTNAME); + names = tmp; + } +} + +#endif /* IGNORE_NAME_CONSTRAINTS */ void FreeDecodedCert(DecodedCert* cert) { @@ -1381,6 +1405,14 @@ void FreeDecodedCert(DecodedCert* cert) XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (cert->altNames) FreeAltNames(cert->altNames, cert->heap); +#ifndef IGNORE_NAME_CONSTRAINTS + if (cert->altEmailNames) + FreeAltNames(cert->altEmailNames, cert->heap); + if (cert->permittedNames) + FreeNameSubtrees(cert->permittedNames, cert->heap); + if (cert->excludedNames) + FreeNameSubtrees(cert->excludedNames, cert->heap); +#endif /* IGNORE_NAME_CONSTRAINTS */ #ifdef CYASSL_SEP XFREE(cert->deviceType, cert->heap, 0); XFREE(cert->hwType, cert->heap, 0); @@ -1419,8 +1451,6 @@ static int GetCertHeader(DecodedCert* cert) len = mp_unsigned_bin_size(&mpi); if (len < (int)sizeof(serialTmp)) { if ( (ret = mp_to_unsigned_bin(&mpi, serialTmp)) == MP_OKAY) { - if (len > EXTERNAL_SERIAL_SIZE) - len = EXTERNAL_SERIAL_SIZE; XMEMCPY(cert->serial, serialTmp, len); cert->serialSz = len; } @@ -1640,6 +1670,12 @@ static int GetName(DecodedCert* cert, int nameType) cert->issuerRawLen = length - cert->srcIdx; } #endif +#ifndef IGNORE_NAME_CONSTRAINTS + if (nameType == SUBJECT) { + cert->subjectRaw = &cert->source[cert->srcIdx]; + cert->subjectRawLen = length - cert->srcIdx; + } +#endif while (cert->srcIdx < (word32)length) { byte b; @@ -1863,7 +1899,30 @@ static int GetName(DecodedCert* cert, int nameType) dName->emailIdx = cert->srcIdx; dName->emailLen = adv; #endif /* OPENSSL_EXTRA */ + #ifndef IGNORE_NAME_CONSTRAINTS + { + DNS_entry* emailName = NULL; + emailName = (DNS_entry*)XMALLOC(sizeof(DNS_entry), + cert->heap, DYNAMIC_TYPE_ALTNAME); + if (emailName == NULL) { + CYASSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + emailName->name = (char*)XMALLOC(adv + 1, + cert->heap, DYNAMIC_TYPE_ALTNAME); + if (emailName->name == NULL) { + CYASSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + XMEMCPY(emailName->name, + &cert->source[cert->srcIdx], adv); + emailName->name[adv] = 0; + + emailName->next = cert->altEmailNames; + cert->altEmailNames = emailName; + } + #endif /* IGNORE_NAME_CONSTRAINTS */ if (!tooBig) { XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv); idx += adv; @@ -2696,8 +2755,19 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, CYASSL_MSG("InitSha256 failed"); return 0; /* not confirmed */ } - Sha256Update(&sha256, buf, bufSz); - Sha256Final(&sha256, digest); + + ret = Sha256Update(&sha256, buf, bufSz); + if (ret != 0) { + CYASSL_MSG("Sha256Update failed"); + return 0; /* not confirmed */ + } + + ret = Sha256Final(&sha256, digest); + if (ret != 0) { + CYASSL_MSG("Sha256Final failed"); + return 0; /* not confirmed */ + } + typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; } @@ -2713,8 +2783,19 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, CYASSL_MSG("InitSha512 failed"); return 0; /* not confirmed */ } - Sha512Update(&sha512, buf, bufSz); - Sha512Final(&sha512, digest); + + ret = Sha512Update(&sha512, buf, bufSz); + if (ret != 0) { + CYASSL_MSG("Sha512Update failed"); + return 0; /* not confirmed */ + } + + ret = Sha512Final(&sha512, digest); + if (ret != 0) { + CYASSL_MSG("Sha512Final failed"); + return 0; /* not confirmed */ + } + typeH = SHA512h; digestSz = SHA512_DIGEST_SIZE; } @@ -2730,8 +2811,19 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, CYASSL_MSG("InitSha384 failed"); return 0; /* not confirmed */ } - Sha384Update(&sha384, buf, bufSz); - Sha384Final(&sha384, digest); + + ret = Sha384Update(&sha384, buf, bufSz); + if (ret != 0) { + CYASSL_MSG("Sha384Update failed"); + return 0; /* not confirmed */ + } + + ret = Sha384Final(&sha384, digest); + if (ret != 0) { + CYASSL_MSG("Sha384Final failed"); + return 0; /* not confirmed */ + } + typeH = SHA384h; digestSz = SHA384_DIGEST_SIZE; } @@ -2837,6 +2929,174 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, } +#ifndef IGNORE_NAME_CONSTRAINTS + +static int MatchBaseName(int type, const char* name, int nameSz, + const char* base, int baseSz) +{ + if (base == NULL || baseSz <= 0 || name == NULL || nameSz <= 0 || + name[0] == '.' || nameSz < baseSz || + (type != ASN_RFC822_TYPE && type != ASN_DNS_TYPE)) + return 0; + + /* If an email type, handle special cases where the base is only + * a domain, or is an email address itself. */ + if (type == ASN_RFC822_TYPE) { + const char* p = NULL; + int count = 0; + + if (base[0] != '.') { + p = base; + count = 0; + + /* find the '@' in the base */ + while (*p != '@' && count < baseSz) { + count++; + p++; + } + + /* No '@' in base, reset p to NULL */ + if (count >= baseSz) + p = NULL; + } + + if (p == NULL) { + /* Base isn't an email address, it is a domain name, + * wind the name forward one character past its '@'. */ + p = name; + count = 0; + while (*p != '@' && count < baseSz) { + count++; + p++; + } + + if (count < baseSz && *p == '@') { + name = p + 1; + nameSz -= count + 1; + } + } + } + + if ((type == ASN_DNS_TYPE || type == ASN_RFC822_TYPE) && base[0] == '.') { + int szAdjust = nameSz - baseSz; + name += szAdjust; + nameSz -= szAdjust; + } + + while (nameSz > 0) { + if (XTOLOWER(*name++) != XTOLOWER(*base++)) + return 0; + nameSz--; + } + + return 1; +} + + +static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) +{ + if (signer == NULL || cert == NULL) + return 0; + + /* Check against the excluded list */ + if (signer->excludedNames) { + Base_entry* base = signer->excludedNames; + + while (base != NULL) { + if (base->type == ASN_DNS_TYPE) { + DNS_entry* name = cert->altNames; + while (name != NULL) { + if (MatchBaseName(ASN_DNS_TYPE, + name->name, (int)XSTRLEN(name->name), + base->name, base->nameSz)) + return 0; + name = name->next; + } + } + else if (base->type == ASN_RFC822_TYPE) { + DNS_entry* name = cert->altEmailNames; + while (name != NULL) { + if (MatchBaseName(ASN_RFC822_TYPE, + name->name, (int)XSTRLEN(name->name), + base->name, base->nameSz)) + return 0; + + name = name->next; + } + } + else if (base->type == ASN_DIR_TYPE) { + if (cert->subjectRawLen == base->nameSz && + XMEMCMP(cert->subjectRaw, base->name, base->nameSz) == 0) { + + return 0; + } + } + base = base->next; + } + } + + /* Check against the permitted list */ + if (signer->permittedNames != NULL) { + int needDns = 0; + int matchDns = 0; + int needEmail = 0; + int matchEmail = 0; + int needDir = 0; + int matchDir = 0; + Base_entry* base = signer->permittedNames; + + while (base != NULL) { + if (base->type == ASN_DNS_TYPE) { + DNS_entry* name = cert->altNames; + + if (name != NULL) + needDns = 1; + + while (name != NULL) { + matchDns = MatchBaseName(ASN_DNS_TYPE, + name->name, (int)XSTRLEN(name->name), + base->name, base->nameSz); + name = name->next; + } + } + else if (base->type == ASN_RFC822_TYPE) { + DNS_entry* name = cert->altEmailNames; + + if (name != NULL) + needEmail = 1; + + while (name != NULL) { + matchEmail = MatchBaseName(ASN_DNS_TYPE, + name->name, (int)XSTRLEN(name->name), + base->name, base->nameSz); + name = name->next; + } + } + else if (base->type == ASN_DIR_TYPE) { + needDir = 1; + if (cert->subjectRaw != NULL && + cert->subjectRawLen == base->nameSz && + XMEMCMP(cert->subjectRaw, base->name, base->nameSz) == 0) { + + matchDir = 1; + } + } + base = base->next; + } + + if ((needDns && !matchDns) || (needEmail && !matchEmail) || + (needDir && !matchDir)) { + + return 0; + } + } + + return 1; +} + +#endif /* IGNORE_NAME_CONSTRAINTS */ + + static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) { word32 idx = 0; @@ -2891,6 +3151,43 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) length -= strLen; idx += strLen; } +#ifndef IGNORE_NAME_CONSTRAINTS + else if (b == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) { + DNS_entry* emailEntry; + int strLen; + word32 lenStartIdx = idx; + + if (GetLength(input, &idx, &strLen, sz) < 0) { + CYASSL_MSG("\tfail: str length"); + return ASN_PARSE_E; + } + length -= (idx - lenStartIdx); + + emailEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), cert->heap, + DYNAMIC_TYPE_ALTNAME); + if (emailEntry == NULL) { + CYASSL_MSG("\tOut of Memory"); + return ASN_PARSE_E; + } + + emailEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, + DYNAMIC_TYPE_ALTNAME); + if (emailEntry->name == NULL) { + CYASSL_MSG("\tOut of Memory"); + XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); + return ASN_PARSE_E; + } + + XMEMCPY(emailEntry->name, &input[idx], strLen); + emailEntry->name[strLen] = '\0'; + + emailEntry->next = cert->altEmailNames; + cert->altEmailNames = emailEntry; + + length -= strLen; + idx += strLen; + } +#endif /* IGNORE_NAME_CONSTRAINTS */ #ifdef CYASSL_SEP else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) { @@ -3296,7 +3593,7 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert) CYASSL_ENTER("DecodeExtKeyUsage"); if (GetSequence(input, &idx, &length, sz) < 0) { - CYASSL_MSG("\tfail: should be a SEQUENCE\n"); + CYASSL_MSG("\tfail: should be a SEQUENCE"); return ASN_PARSE_E; } @@ -3333,6 +3630,103 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert) } +#ifndef IGNORE_NAME_CONSTRAINTS +static int DecodeSubtree(byte* input, int sz, Base_entry** head, void* heap) +{ + word32 idx = 0; + + (void)heap; + + while (idx < (word32)sz) { + int seqLength, strLength; + word32 nameIdx; + byte b; + + if (GetSequence(input, &idx, &seqLength, sz) < 0) { + CYASSL_MSG("\tfail: should be a SEQUENCE"); + return ASN_PARSE_E; + } + + nameIdx = idx; + b = input[nameIdx++]; + if (GetLength(input, &nameIdx, &strLength, sz) <= 0) { + CYASSL_MSG("\tinvalid length"); + return ASN_PARSE_E; + } + + if (b == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE) || + b == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE) || + b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) { + + Base_entry* entry = (Base_entry*)XMALLOC(sizeof(Base_entry), + heap, DYNAMIC_TYPE_ALTNAME); + + if (entry == NULL) { + CYASSL_MSG("allocate error"); + return MEMORY_E; + } + + entry->name = (char*)XMALLOC(strLength, heap, DYNAMIC_TYPE_ALTNAME); + if (entry->name == NULL) { + CYASSL_MSG("allocate error"); + return MEMORY_E; + } + + XMEMCPY(entry->name, &input[nameIdx], strLength); + entry->nameSz = strLength; + entry->type = b & 0x0F; + + entry->next = *head; + *head = entry; + } + + idx += seqLength; + } + + return 0; +} + + +static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert) +{ + word32 idx = 0; + int length = 0; + + CYASSL_ENTER("DecodeNameConstraints"); + + if (GetSequence(input, &idx, &length, sz) < 0) { + CYASSL_MSG("\tfail: should be a SEQUENCE"); + return ASN_PARSE_E; + } + + while (idx < (word32)sz) { + byte b = input[idx++]; + Base_entry** subtree = NULL; + + if (GetLength(input, &idx, &length, sz) <= 0) { + CYASSL_MSG("\tinvalid length"); + return ASN_PARSE_E; + } + + if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) + subtree = &cert->permittedNames; + else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) + subtree = &cert->excludedNames; + else { + CYASSL_MSG("\tinvalid subtree"); + return ASN_PARSE_E; + } + + DecodeSubtree(input + idx, length, subtree, cert->heap); + + idx += length; + } + + return 0; +} +#endif /* IGNORE_NAME_CONSTRAINTS */ + + #ifdef CYASSL_SEP static int DecodeCertPolicy(byte* input, int sz, DecodedCert* cert) { @@ -3519,6 +3913,17 @@ static int DecodeCertExtensions(DecodedCert* cert) return ASN_PARSE_E; break; + #ifndef IGNORE_NAME_CONSTRAINTS + case NAME_CONS_OID: + cert->extNameConstraintSet = 1; + #ifdef OPENSSL_EXTRA + cert->extNameConstraintCrit = critical; + #endif + if (DecodeNameConstraints(&input[idx], length, cert) < 0) + return ASN_PARSE_E; + break; + #endif /* IGNORE_NAME_CONSTRAINTS */ + case INHIBIT_ANY_OID: CYASSL_MSG("Inhibit anyPolicy extension not supported yet."); break; @@ -3603,13 +4008,18 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) CYASSL_MSG("Parsed Past Key"); - if (cert->srcIdx != cert->sigIndex) { - if (cert->srcIdx < cert->sigIndex) { - /* save extensions */ - cert->extensions = &cert->source[cert->srcIdx]; - cert->extensionsSz = cert->sigIndex - cert->srcIdx; - cert->extensionsIdx = cert->srcIdx; /* for potential later use */ - } + if (cert->srcIdx < cert->sigIndex) { + #ifndef ALLOW_V1_EXTENSIONS + if (cert->version < 2) { + CYASSL_MSG(" v1 and v2 certs not allowed extensions"); + return ASN_VERSION_E; + } + #endif + /* save extensions */ + cert->extensions = &cert->source[cert->srcIdx]; + cert->extensionsSz = cert->sigIndex - cert->srcIdx; + cert->extensionsIdx = cert->srcIdx; /* for potential later use */ + if ((ret = DecodeCertExtensions(cert)) < 0) { if (ret == ASN_CRIT_EXT_E) criticalExt = ret; @@ -3676,6 +4086,14 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) CYASSL_MSG("Confirm signature failed"); return ASN_SIG_CONFIRM_E; } +#ifndef IGNORE_NAME_CONSTRAINTS + /* check that this cert's name is permitted by the signer's + * name constraints */ + if (!ConfirmNameConstraints(ca, cert)) { + CYASSL_MSG("Confirm name constraint failed"); + return ASN_NAME_INVALID_E; + } +#endif /* IGNORE_NAME_CONSTRAINTS */ } else { /* no signer */ @@ -3705,6 +4123,10 @@ Signer* MakeSigner(void* heap) signer->publicKey = NULL; signer->nameLen = 0; signer->name = NULL; + #ifndef IGNORE_NAME_CONSTRAINTS + signer->permittedNames = NULL; + signer->excludedNames = NULL; + #endif /* IGNORE_NAME_CONSTRAINTS */ signer->next = NULL; } (void)heap; @@ -3718,6 +4140,12 @@ void FreeSigner(Signer* signer, void* heap) { XFREE(signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN); XFREE(signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); + #ifndef IGNORE_NAME_CONSTRAINTS + if (signer->permittedNames) + FreeNameSubtrees(signer->permittedNames, heap); + if (signer->excludedNames) + FreeNameSubtrees(signer->excludedNames, heap); + #endif XFREE(signer, heap, DYNAMIC_TYPE_SIGNER); (void)heap; @@ -4583,6 +5011,8 @@ static int SetName(byte* output, CertName* name) static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, RNG* rng, const byte* ntruKey, word16 ntruSz) { + int ret; + (void)eccKey; (void)ntruKey; (void)ntruSz; @@ -4594,7 +5024,10 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, der->versionSz = SetMyVersion(cert->version, der->version, TRUE); /* serial number */ - RNG_GenerateBlock(rng, cert->serial, CTC_SERIAL_SIZE); + ret = RNG_GenerateBlock(rng, cert->serial, CTC_SERIAL_SIZE); + if (ret != 0) + return ret; + cert->serial[0] = 0x01; /* ensure positive */ der->serialSz = SetSerial(cert->serial, der->serial); @@ -4758,30 +5191,43 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, (void)eccKey; if (sigAlgoType == CTC_MD5wRSA) { - Md5 md5; + Md5 md5; + InitMd5(&md5); Md5Update(&md5, buffer, sz); Md5Final(&md5, digest); + digestSz = MD5_DIGEST_SIZE; typeH = MD5h; } else if (sigAlgoType == CTC_SHAwRSA || sigAlgoType == CTC_SHAwECDSA) { - Sha sha; + Sha sha; + ret = InitSha(&sha); if (ret != 0) return ret; + ShaUpdate(&sha, buffer, sz); ShaFinal(&sha, digest); + digestSz = SHA_DIGEST_SIZE; typeH = SHAh; } else if (sigAlgoType == CTC_SHA256wRSA || sigAlgoType == CTC_SHA256wECDSA) { - Sha256 sha256; + Sha256 sha256; + ret = InitSha256(&sha256); if (ret != 0) return ret; - Sha256Update(&sha256, buffer, sz); - Sha256Final(&sha256, digest); + + ret = Sha256Update(&sha256, buffer, sz); + if (ret != 0) + return ret; + + ret = Sha256Final(&sha256, digest); + if (ret != 0) + return ret; + digestSz = SHA256_DIGEST_SIZE; typeH = SHA256h; } @@ -6116,10 +6562,13 @@ int EncodeOcspRequest(OcspRequest* req) if (InitRng(&rng) != 0) { CYASSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce."); } else { - req->nonceSz = MAX_OCSP_NONCE_SZ; - RNG_GenerateBlock(&rng, req->nonce, req->nonceSz); - extSz = SetOcspReqExtensions(MAX_OCSP_EXT_SZ, extArray, + if (RNG_GenerateBlock(&rng, req->nonce, MAX_OCSP_NONCE_SZ) != 0) + CYASSL_MSG("\tCannot run RNG. Skipping the OSCP Nonce."); + else { + req->nonceSz = MAX_OCSP_NONCE_SZ; + extSz = SetOcspReqExtensions(MAX_OCSP_EXT_SZ, extArray, req->nonce, req->nonceSz); + } } } @@ -6497,6 +6946,12 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm) if (ca) { CYASSL_MSG("Found CRL issuer CA"); /* try to confirm/verify signature */ + #ifndef IGNORE_KEY_EXTENSIONS + if ((ca->keyUsage & KEYUSE_CRL_SIGN) == 0) { + CYASSL_MSG("CA cannot sign CRLs"); + return ASN_CRL_NO_SIGNER_E; + } + #endif /* IGNORE_KEY_EXTENSIONS */ if (!ConfirmSignature(buff + dcrl->certBegin, dcrl->sigIndex - dcrl->certBegin, ca->publicKey, ca->pubKeySize, ca->keyOID, diff --git a/ctaocrypt/src/blake2b.c b/ctaocrypt/src/blake2b.c index fd5526765..a9d1753ac 100644 --- a/ctaocrypt/src/blake2b.c +++ b/ctaocrypt/src/blake2b.c @@ -12,7 +12,7 @@ */ /* blake2b.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -28,7 +28,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -163,12 +163,25 @@ int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, if( blake2b_init_param( S, P ) < 0 ) return -1; { +#ifdef CYASSL_SMALL_STACK + byte* block; + + block = (byte*)XMALLOC(BLAKE2B_BLOCKBYTES, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if ( block == NULL ) return -1; +#else byte block[BLAKE2B_BLOCKBYTES]; +#endif + XMEMSET( block, 0, BLAKE2B_BLOCKBYTES ); XMEMCPY( block, key, keylen ); blake2b_update( S, block, BLAKE2B_BLOCKBYTES ); secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from */ - /*stack */ + /* memory */ + +#ifdef CYASSL_SMALL_STACK + XFREE(block, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif } return 0; } @@ -176,9 +189,27 @@ int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, static int blake2b_compress( blake2b_state *S, const byte block[BLAKE2B_BLOCKBYTES] ) { + int i; + +#ifdef CYASSL_SMALL_STACK + word64* m; + word64* v; + + m = (word64*)XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if ( m == NULL ) return -1; + + v = (word64*)XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if ( v == NULL ) + { + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return -1; + } +#else word64 m[16]; word64 v[16]; - int i; +#endif for( i = 0; i < 16; ++i ) m[i] = load64( block + i * sizeof( m[i] ) ); @@ -234,6 +265,12 @@ static int blake2b_compress( blake2b_state *S, #undef G #undef ROUND + +#ifdef CYASSL_SMALL_STACK + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return 0; } @@ -250,7 +287,9 @@ int blake2b_update( blake2b_state *S, const byte *in, word64 inlen ) XMEMCPY( S->buf + left, in, (word)fill ); /* Fill buffer */ S->buflen += fill; blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES ); - blake2b_compress( S, S->buf ); /* Compress */ + + if ( blake2b_compress( S, S->buf ) < 0 ) return -1; /* Compress */ + XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES ); /* Shift buffer left */ S->buflen -= BLAKE2B_BLOCKBYTES; @@ -278,7 +317,9 @@ int blake2b_final( blake2b_state *S, byte *out, byte outlen ) if( S->buflen > BLAKE2B_BLOCKBYTES ) { blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES ); - blake2b_compress( S, S->buf ); + + if ( blake2b_compress( S, S->buf ) < 0 ) return -1; + S->buflen -= BLAKE2B_BLOCKBYTES; XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, (word)S->buflen ); } @@ -287,7 +328,7 @@ int blake2b_final( blake2b_state *S, byte *out, byte outlen ) blake2b_set_lastblock( S ); XMEMSET( S->buf + S->buflen, 0, (word)(2 * BLAKE2B_BLOCKBYTES - S->buflen) ); /* Padding */ - blake2b_compress( S, S->buf ); + if ( blake2b_compress( S, S->buf ) < 0 ) return -1; for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */ store64( buffer + sizeof( S->h[i] ) * i, S->h[i] ); @@ -318,9 +359,9 @@ int blake2b( byte *out, const void *in, const void *key, const byte outlen, if( blake2b_init( S, outlen ) < 0 ) return -1; } - blake2b_update( S, ( byte * )in, inlen ); - blake2b_final( S, out, outlen ); - return 0; + if ( blake2b_update( S, ( byte * )in, inlen ) < 0) return -1; + + return blake2b_final( S, out, outlen ); } #if defined(BLAKE2B_SELFTEST) @@ -340,7 +381,11 @@ int main( int argc, char **argv ) for( word32 i = 0; i < KAT_LENGTH; ++i ) { byte hash[BLAKE2B_OUTBYTES]; - blake2b( hash, buf, key, BLAKE2B_OUTBYTES, i, BLAKE2B_KEYBYTES ); + if ( blake2b( hash, buf, key, BLAKE2B_OUTBYTES, i, BLAKE2B_KEYBYTES ) < 0 ) + { + puts( "error" ); + return -1; + } if( 0 != memcmp( hash, blake2b_keyed_kat[i], BLAKE2B_OUTBYTES ) ) { diff --git a/ctaocrypt/src/camellia.c b/ctaocrypt/src/camellia.c index 2315b63b7..eaed4c90b 100644 --- a/ctaocrypt/src/camellia.c +++ b/ctaocrypt/src/camellia.c @@ -27,7 +27,7 @@ /* camellia.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -43,7 +43,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* @@ -486,13 +486,29 @@ static const u32 camellia_sp4404[256] = { #define subl(x) subL[(x)] #define subr(x) subR[(x)] -static void camellia_setup128(const unsigned char *key, u32 *subkey) +static int camellia_setup128(const unsigned char *key, u32 *subkey) { u32 kll, klr, krl, krr; u32 il, ir, t0, t1, w0, w1; u32 kw4l, kw4r, dw, tl, tr; + +#ifdef CYASSL_SMALL_STACK + u32* subL; + u32* subR; + + subL = (u32*) XMALLOC(sizeof(u32) * 26, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (subL == NULL) + return MEMORY_E; + + subR = (u32*) XMALLOC(sizeof(u32) * 26, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (subR == NULL) { + XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#else u32 subL[26]; u32 subR[26]; +#endif /** * k == kll || klr || krl || krr (|| is concatination) @@ -694,17 +710,38 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey) dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; - return; +#ifdef CYASSL_SMALL_STACK + XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return 0; } -static void camellia_setup256(const unsigned char *key, u32 *subkey) +static int camellia_setup256(const unsigned char *key, u32 *subkey) { u32 kll,klr,krl,krr; /* left half of key */ u32 krll,krlr,krrl,krrr; /* right half of key */ u32 il, ir, t0, t1, w0, w1; /* temporary variables */ u32 kw4l, kw4r, dw, tl, tr; + +#ifdef CYASSL_SMALL_STACK + u32* subL; + u32* subR; + + subL = (u32*) XMALLOC(sizeof(u32) * 34, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (subL == NULL) + return MEMORY_E; + + subR = (u32*) XMALLOC(sizeof(u32) * 34, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (subR == NULL) { + XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#else u32 subL[34]; u32 subR[34]; +#endif /** * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) @@ -980,10 +1017,15 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw); CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw; - return; +#ifdef CYASSL_SMALL_STACK + XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return 0; } -static void camellia_setup192(const unsigned char *key, u32 *subkey) +static int camellia_setup192(const unsigned char *key, u32 *subkey) { unsigned char kk[32]; u32 krll, krlr, krrl,krrr; @@ -995,8 +1037,8 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey) krrr = ~krlr; memcpy(kk+24, (unsigned char *)&krrl, 4); memcpy(kk+28, (unsigned char *)&krrr, 4); - camellia_setup256(kk, subkey); - return; + + return camellia_setup256(kk, subkey); } @@ -1488,22 +1530,29 @@ static void Camellia_DecryptBlock(const int keyBitLength, int CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv) { + int ret = 0; + if (cam == NULL) return BAD_FUNC_ARG; XMEMSET(cam->key, 0, sizeof(KEY_TABLE_TYPE)); + switch (len) { case 16: - camellia_setup128(key, cam->key); + ret = camellia_setup128(key, cam->key); break; case 24: - camellia_setup192(key, cam->key); + ret = camellia_setup192(key, cam->key); break; case 32: - camellia_setup256(key, cam->key); + ret = camellia_setup256(key, cam->key); break; default: return BAD_FUNC_ARG; } + + if (ret != 0) + return ret; + cam->keySz = len * 8; return CamelliaSetIV(cam, iv); diff --git a/ctaocrypt/src/coding.c b/ctaocrypt/src/coding.c index 4aebe20dc..cdad0f5ca 100644 --- a/ctaocrypt/src/coding.c +++ b/ctaocrypt/src/coding.c @@ -1,6 +1,6 @@ /* coding.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/ctaocrypt/src/compress.c b/ctaocrypt/src/compress.c index 0c3834f5d..faebd2ad0 100644 --- a/ctaocrypt/src/compress.c +++ b/ctaocrypt/src/compress.c @@ -1,6 +1,6 @@ /* compress.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index dbf260f4d..dc1aac910 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -1,6 +1,6 @@ /* des3.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -988,12 +988,16 @@ static INLINE void FPERM(word32* left, word32* right) static int DesSetKey(const byte* key, int dir, word32* out) { +#ifdef CYASSL_SMALL_STACK byte* buffer = (byte*)XMALLOC(56+56+8, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!buffer) { + if (buffer == NULL) return MEMORY_E; - } - else { +#else + byte buffer[56+56+8]; +#endif + + { byte* const pc1m = buffer; /* place to modify pc1 into */ byte* const pcr = pc1m + 56; /* place to rotate pc1 into */ byte* const ks = pcr + 56; @@ -1048,7 +1052,9 @@ static int DesSetKey(const byte* key, int dir, word32* out) } } +#ifdef CYASSL_SMALL_STACK XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif } return 0; diff --git a/ctaocrypt/src/dh.c b/ctaocrypt/src/dh.c index ff23ffd74..1e1dd704e 100644 --- a/ctaocrypt/src/dh.c +++ b/ctaocrypt/src/dh.c @@ -1,6 +1,6 @@ /* dh.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -82,15 +82,22 @@ static word32 DiscreteLogWorkFactor(word32 n) } -static void GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz) +static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz) { + int ret; word32 sz = mp_unsigned_bin_size(&key->p); sz = min(sz, 2 * DiscreteLogWorkFactor(sz * CYASSL_BIT_SIZE) / CYASSL_BIT_SIZE + 1); - RNG_GenerateBlock(rng, priv, sz); + + ret = RNG_GenerateBlock(rng, priv, sz); + if (ret != 0) + return ret; + priv[0] |= 0x0C; *privSz = sz; + + return 0; } @@ -127,9 +134,9 @@ static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz, int DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz, byte* pub, word32* pubSz) { - GeneratePrivate(key, rng, priv, privSz); - return GeneratePublic(key, priv, *privSz, pub, pubSz); + int ret = GeneratePrivate(key, rng, priv, privSz); + return (ret != 0) ? ret : GeneratePublic(key, priv, *privSz, pub, pubSz); } int DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, diff --git a/ctaocrypt/src/dsa.c b/ctaocrypt/src/dsa.c index 4dcba291e..6ee78f72a 100644 --- a/ctaocrypt/src/dsa.c +++ b/ctaocrypt/src/dsa.c @@ -1,6 +1,6 @@ /* dsa.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -83,22 +83,25 @@ void FreeDsaKey(DsaKey* key) int DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng) { mp_int k, kInv, r, s, H; - int ret = 0, sz; + int ret, sz; byte buffer[DSA_HALF_SIZE]; - if (mp_init_multi(&k, &kInv, &r, &s, &H, 0) != MP_OKAY) - return MP_INIT_E; - sz = min(sizeof(buffer), mp_unsigned_bin_size(&key->q)); /* generate k */ - RNG_GenerateBlock(rng, buffer, sz); + ret = RNG_GenerateBlock(rng, buffer, sz); + if (ret != 0) + return ret; + buffer[0] |= 0x0C; + if (mp_init_multi(&k, &kInv, &r, &s, &H, 0) != MP_OKAY) + return MP_INIT_E; + if (mp_read_unsigned_bin(&k, buffer, sz) != MP_OKAY) ret = MP_READ_E; - if (mp_cmp_d(&k, 1) != MP_GT) + if (ret == 0 && mp_cmp_d(&k, 1) != MP_GT) ret = MP_CMP_E; /* inverse k mod q */ diff --git a/ctaocrypt/src/ecc.c b/ctaocrypt/src/ecc.c index 3fec64215..6d6da7346 100644 --- a/ctaocrypt/src/ecc.c +++ b/ctaocrypt/src/ecc.c @@ -1,6 +1,6 @@ /* ecc.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -1299,6 +1299,9 @@ int ecc_make_key(RNG* rng, int keysize, ecc_key* key) { int x, err; + if (key == NULL || rng == NULL) + return ECC_BAD_ARG_E; + /* find key size */ for (x = 0; (keysize > ecc_sets[x].size) && (ecc_sets[x].size != 0); x++) ; @@ -1319,12 +1322,22 @@ int ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp) ecc_point* base; mp_int prime; mp_int order; +#ifdef CYASSL_SMALL_STACK + byte* buf; +#else byte buf[ECC_MAXSIZE]; +#endif int keysize; if (key == NULL || rng == NULL || dp == NULL) return ECC_BAD_ARG_E; +#ifdef CYASSL_SMALL_STACK + buf = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) + return MEMORY_E; +#endif + key->idx = -1; key->dp = dp; keysize = dp->size; @@ -1333,17 +1346,23 @@ int ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp) base = NULL; /* make up random string */ - RNG_GenerateBlock(rng, buf, keysize); - buf[0] |= 0x0c; + err = RNG_GenerateBlock(rng, buf, keysize); + if (err == 0) + buf[0] |= 0x0c; /* setup the key variables */ - if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, - &key->k, &prime, &order)) != MP_OKAY) - return MEMORY_E; + if (err == 0) { + err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, + &key->k, &prime, &order); + if (err != MP_OKAY) + err = MEMORY_E; + } - base = ecc_new_point(); - if (base == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + base = ecc_new_point(); + if (base == NULL) + err = MEMORY_E; + } /* read in the specs for this key */ if (err == MP_OKAY) @@ -1381,9 +1400,15 @@ int ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp) ecc_del_point(base); mp_clear(&prime); mp_clear(&order); + #ifdef ECC_CLEAN_STACK - XMEMSET(buff, 0, ECC_MAXSIZE); + XMEMSET(buf, 0, ECC_MAXSIZE); #endif + +#ifdef CYASSL_SMALL_STACK + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return err; } @@ -1747,8 +1772,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA, } } #ifdef ECC_CLEAN_STACK - XMEMSET(tA, 0, ECC_BUF_SIZE); - XMEMSET(tB, 0, ECC_BUF_SIZE); + XMEMSET(tA, 0, ECC_BUFSIZE); + XMEMSET(tB, 0, ECC_BUFSIZE); #endif XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tB, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1952,7 +1977,11 @@ int ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, /* export public ECC key in ANSI X9.63 format */ int ecc_export_x963(ecc_key* key, byte* out, word32* outLen) { +#ifdef CYASSL_SMALL_STACK + byte* buf; +#else byte buf[ECC_BUFSIZE]; +#endif word32 numlen; int ret = MP_OKAY; @@ -1972,25 +2001,37 @@ int ecc_export_x963(ecc_key* key, byte* out, word32* outLen) /* store byte 0x04 */ out[0] = 0x04; - /* pad and store x */ - XMEMSET(buf, 0, sizeof(buf)); - ret = mp_to_unsigned_bin(&key->pubkey.x, - buf + (numlen - mp_unsigned_bin_size(&key->pubkey.x))); - if (ret != MP_OKAY) - return ret; - XMEMCPY(out+1, buf, numlen); +#ifdef CYASSL_SMALL_STACK + buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) + return MEMORY_E; +#endif - /* pad and store y */ - XMEMSET(buf, 0, sizeof(buf)); - ret = mp_to_unsigned_bin(&key->pubkey.y, - buf + (numlen - mp_unsigned_bin_size(&key->pubkey.y))); - if (ret != MP_OKAY) - return ret; - XMEMCPY(out+1+numlen, buf, numlen); + do { + /* pad and store x */ + XMEMSET(buf, 0, ECC_BUFSIZE); + ret = mp_to_unsigned_bin(&key->pubkey.x, + buf + (numlen - mp_unsigned_bin_size(&key->pubkey.x))); + if (ret != MP_OKAY) + break; + XMEMCPY(out+1, buf, numlen); - *outLen = 1 + 2*numlen; + /* pad and store y */ + XMEMSET(buf, 0, ECC_BUFSIZE); + ret = mp_to_unsigned_bin(&key->pubkey.y, + buf + (numlen - mp_unsigned_bin_size(&key->pubkey.y))); + if (ret != MP_OKAY) + break; + XMEMCPY(out+1+numlen, buf, numlen); - return 0; + *outLen = 1 + 2*numlen; + } while (0); + +#ifdef CYASSL_SMALL_STACK + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } @@ -2925,7 +2966,13 @@ static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu) static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* modulus, mp_digit* mp, int map) { +#define KB_SIZE 128 + +#ifdef CYASSL_SMALL_STACK + unsigned char* kb; +#else unsigned char kb[128]; +#endif int x; unsigned y, z, err, bitlen, bitpos, lut_gap, first; mp_int tk; @@ -2980,71 +3027,88 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* modulus, lut_gap = bitlen / FP_LUT; /* get the k value */ - if (mp_unsigned_bin_size(&tk) > (int)(sizeof(kb) - 2)) { + if (mp_unsigned_bin_size(&tk) > (int)(KB_SIZE - 2)) { mp_clear(&tk); return BUFFER_E; } /* store k */ - XMEMSET(kb, 0, sizeof(kb)); +#ifdef CYASSL_SMALL_STACK + kb = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (kb == NULL) + return MEMORY_E; +#endif + + XMEMSET(kb, 0, KB_SIZE); if ((err = mp_to_unsigned_bin(&tk, kb)) != MP_OKAY) { mp_clear(&tk); - return err; } - - /* let's reverse kb so it's little endian */ - x = 0; - y = mp_unsigned_bin_size(&tk) - 1; - mp_clear(&tk); + else { + /* let's reverse kb so it's little endian */ + x = 0; + y = mp_unsigned_bin_size(&tk) - 1; + mp_clear(&tk); - while ((unsigned)x < y) { - z = kb[x]; kb[x] = kb[y]; kb[y] = z; - ++x; --y; - } - - /* at this point we can start, yipee */ - first = 1; - for (x = lut_gap-1; x >= 0; x--) { - /* extract FP_LUT bits from kb spread out by lut_gap bits and offset - by x bits from the start */ - bitpos = x; - for (y = z = 0; y < FP_LUT; y++) { - z |= ((kb[bitpos>>3] >> (bitpos&7)) & 1) << y; - bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid - the mult in each loop */ - } - - /* double if not first */ - if (!first) { - if ((err = ecc_projective_dbl_point(R, R, modulus, mp)) != MP_OKAY) { - return err; + while ((unsigned)x < y) { + z = kb[x]; kb[x] = kb[y]; kb[y] = z; + ++x; --y; + } + + /* at this point we can start, yipee */ + first = 1; + for (x = lut_gap-1; x >= 0; x--) { + /* extract FP_LUT bits from kb spread out by lut_gap bits and offset + by x bits from the start */ + bitpos = x; + for (y = z = 0; y < FP_LUT; y++) { + z |= ((kb[bitpos>>3] >> (bitpos&7)) & 1) << y; + bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid + the mult in each loop */ } - } - - /* add if not first, otherwise copy */ - if (!first && z) { - if ((err = ecc_projective_add_point(R, fp_cache[idx].LUT[z], R, - modulus, mp)) != MP_OKAY) { - return err; + + /* double if not first */ + if (!first) { + if ((err = ecc_projective_dbl_point(R, R, modulus, + mp)) != MP_OKAY) { + break; + } } - } else if (z) { - if ((mp_copy(&fp_cache[idx].LUT[z]->x, &R->x) != MP_OKAY) || - (mp_copy(&fp_cache[idx].LUT[z]->y, &R->y) != MP_OKAY) || - (mp_copy(&fp_cache[idx].mu, &R->z) != MP_OKAY)) { - return GEN_MEM_ERR; + + /* add if not first, otherwise copy */ + if (!first && z) { + if ((err = ecc_projective_add_point(R, fp_cache[idx].LUT[z], R, + modulus, mp)) != MP_OKAY) { + break; + } + } else if (z) { + if ((mp_copy(&fp_cache[idx].LUT[z]->x, &R->x) != MP_OKAY) || + (mp_copy(&fp_cache[idx].LUT[z]->y, &R->y) != MP_OKAY) || + (mp_copy(&fp_cache[idx].mu, &R->z) != MP_OKAY)) { + err = GEN_MEM_ERR; + break; + } + first = 0; } - first = 0; - } - } - z = 0; - XMEMSET(kb, 0, sizeof(kb)); - /* map R back from projective space */ - if (map) { - err = ecc_map(R, modulus, mp); - } else { - err = MP_OKAY; + } } + if (err == MP_OKAY) { + z = 0; + XMEMSET(kb, 0, KB_SIZE); + /* map R back from projective space */ + if (map) { + err = ecc_map(R, modulus, mp); + } else { + err = MP_OKAY; + } + } + +#ifdef CYASSL_SMALL_STACK + XFREE(kb, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + +#undef KB_SIZE + return err; } @@ -3054,7 +3118,13 @@ static int accel_fp_mul2add(int idx1, int idx2, mp_int* kA, mp_int* kB, ecc_point *R, mp_int* modulus, mp_digit* mp) { +#define KB_SIZE 128 + +#ifdef CYASSL_SMALL_STACK + unsigned char* kb[2]; +#else unsigned char kb[2][128]; +#endif int x; unsigned y, z, err, bitlen, bitpos, lut_gap, first, zA, zB; mp_int tka; @@ -3151,18 +3221,25 @@ static int accel_fp_mul2add(int idx1, int idx2, lut_gap = bitlen / FP_LUT; /* get the k value */ - if ((mp_unsigned_bin_size(&tka) > (int)(sizeof(kb[0]) - 2)) || - (mp_unsigned_bin_size(&tkb) > (int)(sizeof(kb[0]) - 2)) ) { + if ((mp_unsigned_bin_size(&tka) > (int)(KB_SIZE - 2)) || + (mp_unsigned_bin_size(&tkb) > (int)(KB_SIZE - 2)) ) { mp_clear(&tka); mp_clear(&tkb); return BUFFER_E; } /* store k */ - XMEMSET(kb, 0, sizeof(kb)); +#ifdef CYASSL_SMALL_STACK + kb[0] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (kb[0] == NULL) + return MEMORY_E; +#endif + + XMEMSET(kb[0], 0, KB_SIZE); if ((err = mp_to_unsigned_bin(&tka, kb[0])) != MP_OKAY) { mp_clear(&tka); mp_clear(&tkb); + XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER); return err; } @@ -3176,80 +3253,101 @@ static int accel_fp_mul2add(int idx1, int idx2, } /* store b */ +#ifdef CYASSL_SMALL_STACK + kb[1] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (kb[1] == NULL) { + XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + XMEMSET(kb[1], 0, KB_SIZE); if ((err = mp_to_unsigned_bin(&tkb, kb[1])) != MP_OKAY) { mp_clear(&tkb); - return err; } + else { + x = 0; + y = mp_unsigned_bin_size(&tkb) - 1; + mp_clear(&tkb); + while ((unsigned)x < y) { + z = kb[1][x]; kb[1][x] = kb[1][y]; kb[1][y] = z; + ++x; --y; + } - x = 0; - y = mp_unsigned_bin_size(&tkb) - 1; - mp_clear(&tkb); - while ((unsigned)x < y) { - z = kb[1][x]; kb[1][x] = kb[1][y]; kb[1][y] = z; - ++x; --y; - } - - /* at this point we can start, yipee */ - first = 1; - for (x = lut_gap-1; x >= 0; x--) { - /* extract FP_LUT bits from kb spread out by lut_gap bits and - offset by x bits from the start */ - bitpos = x; - for (y = zA = zB = 0; y < FP_LUT; y++) { - zA |= ((kb[0][bitpos>>3] >> (bitpos&7)) & 1) << y; - zB |= ((kb[1][bitpos>>3] >> (bitpos&7)) & 1) << y; - bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid - the mult in each loop */ - } - - /* double if not first */ - if (!first) { - if ((err = ecc_projective_dbl_point(R, R, modulus, mp)) != MP_OKAY) { - return err; + /* at this point we can start, yipee */ + first = 1; + for (x = lut_gap-1; x >= 0; x--) { + /* extract FP_LUT bits from kb spread out by lut_gap bits and + offset by x bits from the start */ + bitpos = x; + for (y = zA = zB = 0; y < FP_LUT; y++) { + zA |= ((kb[0][bitpos>>3] >> (bitpos&7)) & 1) << y; + zB |= ((kb[1][bitpos>>3] >> (bitpos&7)) & 1) << y; + bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid + the mult in each loop */ } - } - - /* add if not first, otherwise copy */ - if (!first) { - if (zA) { - if ((err = ecc_projective_add_point(R, fp_cache[idx1].LUT[zA], - R, modulus, mp)) != MP_OKAY) { - return err; + + /* double if not first */ + if (!first) { + if ((err = ecc_projective_dbl_point(R, R, modulus, + mp)) != MP_OKAY) { + break; } } - if (zB) { - if ((err = ecc_projective_add_point(R, fp_cache[idx2].LUT[zB], - R, modulus, mp)) != MP_OKAY) { - return err; - } - } - } else { - if (zA) { - if ((mp_copy(&fp_cache[idx1].LUT[zA]->x, &R->x) != MP_OKAY) || - (mp_copy(&fp_cache[idx1].LUT[zA]->y, &R->y) != MP_OKAY) || - (mp_copy(&fp_cache[idx1].mu, &R->z) != MP_OKAY)) { - return GEN_MEM_ERR; - } - first = 0; - } - if (zB && first == 0) { - if (zB) { - if ((err = ecc_projective_add_point(R, fp_cache[idx2].LUT[zB], - R, modulus, mp)) != MP_OKAY){ - return err; + + /* add if not first, otherwise copy */ + if (!first) { + if (zA) { + if ((err = ecc_projective_add_point(R, fp_cache[idx1].LUT[zA], + R, modulus, mp)) != MP_OKAY) { + break; } } - } else if (zB && first == 1) { - if ((mp_copy(&fp_cache[idx2].LUT[zB]->x, &R->x) != MP_OKAY) || - (mp_copy(&fp_cache[idx2].LUT[zB]->y, &R->y) != MP_OKAY) || - (mp_copy(&fp_cache[idx2].mu, &R->z) != MP_OKAY)) { - return GEN_MEM_ERR; - } - first = 0; + if (zB) { + if ((err = ecc_projective_add_point(R, fp_cache[idx2].LUT[zB], + R, modulus, mp)) != MP_OKAY) { + break; + } + } + } else { + if (zA) { + if ((mp_copy(&fp_cache[idx1].LUT[zA]->x, &R->x) != MP_OKAY) || + (mp_copy(&fp_cache[idx1].LUT[zA]->y, &R->y) != MP_OKAY) || + (mp_copy(&fp_cache[idx1].mu, &R->z) != MP_OKAY)) { + err = GEN_MEM_ERR; + break; + } + first = 0; + } + if (zB && first == 0) { + if (zB) { + if ((err = ecc_projective_add_point(R, + fp_cache[idx2].LUT[zB], R, modulus, mp)) != MP_OKAY){ + break; + } + } + } else if (zB && first == 1) { + if ((mp_copy(&fp_cache[idx2].LUT[zB]->x, &R->x) != MP_OKAY) || + (mp_copy(&fp_cache[idx2].LUT[zB]->y, &R->y) != MP_OKAY) || + (mp_copy(&fp_cache[idx2].mu, &R->z) != MP_OKAY)) { + err = GEN_MEM_ERR; + break; + } + first = 0; + } } - } - } - XMEMSET(kb, 0, sizeof(kb)); + } + } + + XMEMSET(kb[0], 0, KB_SIZE); + XMEMSET(kb[1], 0, KB_SIZE); + +#ifdef CYASSL_SMALL_STACK + XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(kb[1], NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + +#undef KB_SIZE return ecc_map(R, modulus, mp); } @@ -3634,9 +3732,8 @@ static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, RNG* rng) return BAD_FUNC_ARG; saltBuffer = (flags == REQ_RESP_CLIENT) ? ctx->clientSalt : ctx->serverSalt; - RNG_GenerateBlock(rng, saltBuffer, EXCHANGE_SALT_SZ); - return 0; + return RNG_GenerateBlock(rng, saltBuffer, EXCHANGE_SALT_SZ); } @@ -3739,9 +3836,14 @@ int ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, word32 blockSz; word32 digestSz; ecEncCtx localCtx; +#ifdef CYASSL_SMALL_STACK + byte* sharedSecret; + byte* keys; +#else byte sharedSecret[ECC_MAXSIZE]; /* 521 max size */ byte keys[ECC_BUFSIZE]; /* max size */ - word32 sharedSz = sizeof(sharedSecret); +#endif + word32 sharedSz = ECC_MAXSIZE; int keysLen; int encKeySz; int ivSz; @@ -3780,7 +3882,7 @@ int ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, ctx->cliSt = ecCLI_SENT_REQ; /* only do this once */ } - if (keysLen > (int)sizeof(keys)) + if (keysLen > ECC_BUFSIZE) /* keys size */ return BUFFER_E; if ( (msgSz%blockSz) != 0) @@ -3789,64 +3891,90 @@ int ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, if (*outSz < (msgSz + digestSz)) return BUFFER_E; - ret = ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); - if (ret != 0) - return ret; +#ifdef CYASSL_SMALL_STACK + sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sharedSecret == NULL) + return MEMORY_E; - switch (ctx->kdfAlgo) { - case ecHKDF_SHA256 : - ret = HKDF(SHA256, sharedSecret, sharedSz, ctx->kdfSalt, - ctx->kdfSaltSz, ctx->kdfInfo, - ctx->kdfInfoSz, keys, keysLen); - if (ret != 0) - return ret; - break; + keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (keys == NULL) { + XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif - default: - return BAD_FUNC_ARG; + ret = ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); + + if (ret == 0) { + switch (ctx->kdfAlgo) { + case ecHKDF_SHA256 : + ret = HKDF(SHA256, sharedSecret, sharedSz, ctx->kdfSalt, + ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz, + keys, keysLen); + break; + + default: + ret = BAD_FUNC_ARG; + break; + } } - encKey = keys + offset; - encIv = encKey + encKeySz; - macKey = encKey + encKeySz + ivSz; + if (ret == 0) { + encKey = keys + offset; + encIv = encKey + encKeySz; + macKey = encKey + encKeySz + ivSz; - switch (ctx->encAlgo) { - case ecAES_128_CBC: - { - Aes aes; - ret = AesSetKey(&aes, encKey,KEY_SIZE_128,encIv,AES_ENCRYPTION); - if (ret != 0) - return ret; - ret = AesCbcEncrypt(&aes, out, msg, msgSz); - if (ret != 0) - return ret; - } - break; + switch (ctx->encAlgo) { + case ecAES_128_CBC: + { + Aes aes; + ret = AesSetKey(&aes, encKey, KEY_SIZE_128, encIv, + AES_ENCRYPTION); + if (ret != 0) + break; + ret = AesCbcEncrypt(&aes, out, msg, msgSz); + } + break; - default: - return BAD_FUNC_ARG; + default: + ret = BAD_FUNC_ARG; + break; + } } - switch (ctx->macAlgo) { - case ecHMAC_SHA256: - { - Hmac hmac; - ret = HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE); - if (ret != 0) - return ret; - HmacUpdate(&hmac, out, msgSz); - HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz); - HmacFinal(&hmac, out+msgSz); - } - break; + if (ret == 0) { + switch (ctx->macAlgo) { + case ecHMAC_SHA256: + { + Hmac hmac; + ret = HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE); + if (ret != 0) + break; + ret = HmacUpdate(&hmac, out, msgSz); + if (ret != 0) + break; + ret = HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz); + if (ret != 0) + break; + ret = HmacFinal(&hmac, out+msgSz); + } + break; - default: - return BAD_FUNC_ARG; + default: + ret = BAD_FUNC_ARG; + break; + } } - *outSz = msgSz + digestSz; + if (ret == 0) + *outSz = msgSz + digestSz; - return 0; +#ifdef CYASSL_SMALL_STACK + XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } @@ -3860,9 +3988,14 @@ int ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, word32 blockSz; word32 digestSz; ecEncCtx localCtx; +#ifdef CYASSL_SMALL_STACK + byte* sharedSecret; + byte* keys; +#else byte sharedSecret[ECC_MAXSIZE]; /* 521 max size */ byte keys[ECC_BUFSIZE]; /* max size */ - word32 sharedSz = sizeof(sharedSecret); +#endif + word32 sharedSz = ECC_MAXSIZE; int keysLen; int encKeySz; int ivSz; @@ -3901,7 +4034,7 @@ int ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, ctx->srvSt = ecSRV_RECV_REQ; /* only do this once */ } - if (keysLen > (int)sizeof(keys)) + if (keysLen > ECC_BUFSIZE) /* keys size */ return BUFFER_E; if ( ((msgSz-digestSz) % blockSz) != 0) @@ -3910,69 +4043,95 @@ int ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, if (*outSz < (msgSz - digestSz)) return BUFFER_E; - ret = ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); - if (ret != 0) - return ret; +#ifdef CYASSL_SMALL_STACK + sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sharedSecret == NULL) + return MEMORY_E; - switch (ctx->kdfAlgo) { - case ecHKDF_SHA256 : - ret = HKDF(SHA256, sharedSecret, sharedSz, ctx->kdfSalt, - ctx->kdfSaltSz, ctx->kdfInfo, - ctx->kdfInfoSz, keys, keysLen); - if (ret != 0) - return ret; - break; + keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (keys == NULL) { + XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif - default: - return BAD_FUNC_ARG; + ret = ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); + + if (ret == 0) { + switch (ctx->kdfAlgo) { + case ecHKDF_SHA256 : + ret = HKDF(SHA256, sharedSecret, sharedSz, ctx->kdfSalt, + ctx->kdfSaltSz, ctx->kdfInfo, ctx->kdfInfoSz, + keys, keysLen); + break; + + default: + ret = BAD_FUNC_ARG; + break; + } } - encKey = keys + offset; - encIv = encKey + encKeySz; - macKey = encKey + encKeySz + ivSz; + if (ret == 0) { + encKey = keys + offset; + encIv = encKey + encKeySz; + macKey = encKey + encKeySz + ivSz; - switch (ctx->macAlgo) { - case ecHMAC_SHA256: - { - byte verify[SHA256_DIGEST_SIZE]; - Hmac hmac; - ret = HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE); - if (ret != 0) - return ret; - HmacUpdate(&hmac, msg, msgSz-digestSz); - HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz); - HmacFinal(&hmac, verify); + switch (ctx->macAlgo) { + case ecHMAC_SHA256: + { + byte verify[SHA256_DIGEST_SIZE]; + Hmac hmac; + ret = HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE); + if (ret != 0) + break; + ret = HmacUpdate(&hmac, msg, msgSz-digestSz); + if (ret != 0) + break; + ret = HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz); + if (ret != 0) + break; + ret = HmacFinal(&hmac, verify); + if (ret != 0) + break; + if (memcmp(verify, msg + msgSz - digestSz, digestSz) != 0) + ret = -1; + } + break; - if (memcmp(verify, msg + msgSz - digestSz, digestSz) != 0) { - return -1; - } - } - break; - - default: - return BAD_FUNC_ARG; + default: + ret = BAD_FUNC_ARG; + break; + } } - switch (ctx->encAlgo) { - case ecAES_128_CBC: - { - Aes aes; - ret = AesSetKey(&aes, encKey,KEY_SIZE_128,encIv,AES_DECRYPTION); - if (ret != 0) - return ret; - ret = AesCbcDecrypt(&aes, out, msg, msgSz-digestSz); - if (ret != 0) - return ret; - } - break; + if (ret == 0) { + switch (ctx->encAlgo) { + case ecAES_128_CBC: + { + Aes aes; + ret = AesSetKey(&aes, encKey, KEY_SIZE_128, encIv, + AES_DECRYPTION); + if (ret != 0) + break; + ret = AesCbcDecrypt(&aes, out, msg, msgSz-digestSz); + } + break; - default: - return BAD_FUNC_ARG; + default: + ret = BAD_FUNC_ARG; + break; + } } - *outSz = msgSz - digestSz; + if (ret == 0) + *outSz = msgSz - digestSz; - return 0; +#ifdef CYASSL_SMALL_STACK + XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c index ae49c3536..3b629ae08 100644 --- a/ctaocrypt/src/error.c +++ b/ctaocrypt/src/error.c @@ -1,6 +1,6 @@ /* error.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -351,6 +351,10 @@ void CTaoCryptErrorString(int error, char* buffer) XSTRNCPY(buffer, "FIPS mode not allowed error", max); break; + case ASN_NAME_INVALID_E: + XSTRNCPY(buffer, "Name Constraint error", max); + break; + default: XSTRNCPY(buffer, "unknown error number", max); diff --git a/ctaocrypt/src/fp_mont_small.i b/ctaocrypt/src/fp_mont_small.i index 783d8a258..f52cc0875 100644 --- a/ctaocrypt/src/fp_mont_small.i +++ b/ctaocrypt/src/fp_mont_small.i @@ -1,6 +1,6 @@ /* fp_mont_small.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_12.i b/ctaocrypt/src/fp_mul_comba_12.i index eb3bf16e9..c40ee2ba1 100644 --- a/ctaocrypt/src/fp_mul_comba_12.i +++ b/ctaocrypt/src/fp_mul_comba_12.i @@ -1,6 +1,6 @@ /* fp_mul_comba_12.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_17.i b/ctaocrypt/src/fp_mul_comba_17.i index a6508a58d..c92237075 100644 --- a/ctaocrypt/src/fp_mul_comba_17.i +++ b/ctaocrypt/src/fp_mul_comba_17.i @@ -1,6 +1,6 @@ /* fp_mul_comba_17.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_20.i b/ctaocrypt/src/fp_mul_comba_20.i index ed7a23bbe..22d342fa7 100644 --- a/ctaocrypt/src/fp_mul_comba_20.i +++ b/ctaocrypt/src/fp_mul_comba_20.i @@ -1,6 +1,6 @@ /* fp_mul_comba_20.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef TFM_MUL20 diff --git a/ctaocrypt/src/fp_mul_comba_24.i b/ctaocrypt/src/fp_mul_comba_24.i index 0664bd50a..18de6b81a 100644 --- a/ctaocrypt/src/fp_mul_comba_24.i +++ b/ctaocrypt/src/fp_mul_comba_24.i @@ -1,6 +1,6 @@ /* fp_mul_comba_24.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_28.i b/ctaocrypt/src/fp_mul_comba_28.i index 0b047adc1..8c8f9ae45 100644 --- a/ctaocrypt/src/fp_mul_comba_28.i +++ b/ctaocrypt/src/fp_mul_comba_28.i @@ -1,6 +1,6 @@ /* fp_mul_comba_28.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_3.i b/ctaocrypt/src/fp_mul_comba_3.i index 77fffae60..a0720f30a 100644 --- a/ctaocrypt/src/fp_mul_comba_3.i +++ b/ctaocrypt/src/fp_mul_comba_3.i @@ -1,6 +1,6 @@ /* fp_mul_comba_3.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_32.i b/ctaocrypt/src/fp_mul_comba_32.i index 1de4f4b8e..b1ddf1df3 100644 --- a/ctaocrypt/src/fp_mul_comba_32.i +++ b/ctaocrypt/src/fp_mul_comba_32.i @@ -1,6 +1,6 @@ /* fp_mul_comba_32.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_4.i b/ctaocrypt/src/fp_mul_comba_4.i index 231a0e176..a3bdd4294 100644 --- a/ctaocrypt/src/fp_mul_comba_4.i +++ b/ctaocrypt/src/fp_mul_comba_4.i @@ -1,6 +1,6 @@ /* fp_mul_comba_4.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_48.i b/ctaocrypt/src/fp_mul_comba_48.i index 0bd73c4e8..bb0685831 100644 --- a/ctaocrypt/src/fp_mul_comba_48.i +++ b/ctaocrypt/src/fp_mul_comba_48.i @@ -1,6 +1,6 @@ /* fp_mul_comba_48.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_6.i b/ctaocrypt/src/fp_mul_comba_6.i index 94f3f63c3..da46589ef 100644 --- a/ctaocrypt/src/fp_mul_comba_6.i +++ b/ctaocrypt/src/fp_mul_comba_6.i @@ -1,6 +1,6 @@ /* fp_mul_comba_6.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_64.i b/ctaocrypt/src/fp_mul_comba_64.i index 804391a78..38b40a71a 100644 --- a/ctaocrypt/src/fp_mul_comba_64.i +++ b/ctaocrypt/src/fp_mul_comba_64.i @@ -1,6 +1,6 @@ /* fp_mul_comba_64.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_7.i b/ctaocrypt/src/fp_mul_comba_7.i index 0318beb6e..22b2eec21 100644 --- a/ctaocrypt/src/fp_mul_comba_7.i +++ b/ctaocrypt/src/fp_mul_comba_7.i @@ -1,6 +1,6 @@ /* fp_mul_comba_7.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_8.i b/ctaocrypt/src/fp_mul_comba_8.i index cf7459157..7847d1114 100644 --- a/ctaocrypt/src/fp_mul_comba_8.i +++ b/ctaocrypt/src/fp_mul_comba_8.i @@ -1,6 +1,6 @@ /* fp_mul_comba_8.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_9.i b/ctaocrypt/src/fp_mul_comba_9.i index c84d3bca6..598c281aa 100644 --- a/ctaocrypt/src/fp_mul_comba_9.i +++ b/ctaocrypt/src/fp_mul_comba_9.i @@ -1,6 +1,6 @@ /* fp_mul_comba_9.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_mul_comba_small_set.i b/ctaocrypt/src/fp_mul_comba_small_set.i index b9cd31f95..64326c6b9 100644 --- a/ctaocrypt/src/fp_mul_comba_small_set.i +++ b/ctaocrypt/src/fp_mul_comba_small_set.i @@ -1,6 +1,6 @@ /* fp_mul_comba_small_set.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_12.i b/ctaocrypt/src/fp_sqr_comba_12.i index 2f068c7d9..f6326d7e6 100644 --- a/ctaocrypt/src/fp_sqr_comba_12.i +++ b/ctaocrypt/src/fp_sqr_comba_12.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_12.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_17.i b/ctaocrypt/src/fp_sqr_comba_17.i index db34b1a78..d94bd6382 100644 --- a/ctaocrypt/src/fp_sqr_comba_17.i +++ b/ctaocrypt/src/fp_sqr_comba_17.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_17.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_20.i b/ctaocrypt/src/fp_sqr_comba_20.i index b31ed7f15..04b5dd406 100644 --- a/ctaocrypt/src/fp_sqr_comba_20.i +++ b/ctaocrypt/src/fp_sqr_comba_20.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_20.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_24.i b/ctaocrypt/src/fp_sqr_comba_24.i index a99a2bc4b..3e23e9f55 100644 --- a/ctaocrypt/src/fp_sqr_comba_24.i +++ b/ctaocrypt/src/fp_sqr_comba_24.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_24.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_28.i b/ctaocrypt/src/fp_sqr_comba_28.i index 9c0315af1..d6e4998fb 100644 --- a/ctaocrypt/src/fp_sqr_comba_28.i +++ b/ctaocrypt/src/fp_sqr_comba_28.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_28.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_3.i b/ctaocrypt/src/fp_sqr_comba_3.i index fea21d183..7e308dd59 100644 --- a/ctaocrypt/src/fp_sqr_comba_3.i +++ b/ctaocrypt/src/fp_sqr_comba_3.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_3.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_32.i b/ctaocrypt/src/fp_sqr_comba_32.i index e245ba9f9..598a514e2 100644 --- a/ctaocrypt/src/fp_sqr_comba_32.i +++ b/ctaocrypt/src/fp_sqr_comba_32.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_32.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_4.i b/ctaocrypt/src/fp_sqr_comba_4.i index 7b7eefa6f..53c2a9057 100644 --- a/ctaocrypt/src/fp_sqr_comba_4.i +++ b/ctaocrypt/src/fp_sqr_comba_4.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_4.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_48.i b/ctaocrypt/src/fp_sqr_comba_48.i index 77cb92035..61779c880 100644 --- a/ctaocrypt/src/fp_sqr_comba_48.i +++ b/ctaocrypt/src/fp_sqr_comba_48.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_48.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_6.i b/ctaocrypt/src/fp_sqr_comba_6.i index dc7028138..75205e85d 100644 --- a/ctaocrypt/src/fp_sqr_comba_6.i +++ b/ctaocrypt/src/fp_sqr_comba_6.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_6.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_64.i b/ctaocrypt/src/fp_sqr_comba_64.i index ca9742fd5..6c8b9f131 100644 --- a/ctaocrypt/src/fp_sqr_comba_64.i +++ b/ctaocrypt/src/fp_sqr_comba_64.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_64.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_7.i b/ctaocrypt/src/fp_sqr_comba_7.i index 7ba664e2f..12b4f19ad 100644 --- a/ctaocrypt/src/fp_sqr_comba_7.i +++ b/ctaocrypt/src/fp_sqr_comba_7.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_7.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_8.i b/ctaocrypt/src/fp_sqr_comba_8.i index 24efa52cb..52a0cebdf 100644 --- a/ctaocrypt/src/fp_sqr_comba_8.i +++ b/ctaocrypt/src/fp_sqr_comba_8.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_8.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_9.i b/ctaocrypt/src/fp_sqr_comba_9.i index e9cc21665..bbf7149e8 100644 --- a/ctaocrypt/src/fp_sqr_comba_9.i +++ b/ctaocrypt/src/fp_sqr_comba_9.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_9.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/fp_sqr_comba_small_set.i b/ctaocrypt/src/fp_sqr_comba_small_set.i index 96c06c017..43f15b5ec 100644 --- a/ctaocrypt/src/fp_sqr_comba_small_set.i +++ b/ctaocrypt/src/fp_sqr_comba_small_set.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_small_set.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/hc128.c b/ctaocrypt/src/hc128.c index b76288236..4937d6eb9 100644 --- a/ctaocrypt/src/hc128.c +++ b/ctaocrypt/src/hc128.c @@ -1,6 +1,6 @@ /* hc128.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -338,6 +338,7 @@ static INLINE int DoProcess(HC128* ctx, byte* output, const byte* input, if (msglen > 0) { + XMEMSET(keystream, 0, sizeof(keystream)); /* hush the static analysis */ generate_keystream(ctx, keystream); #ifdef BIG_ENDIAN_ORDER diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index ce4b5aedf..0bd1c41d1 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -1,6 +1,6 @@ /* hmac.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -103,7 +103,7 @@ static int InitHmac(Hmac* hmac, int type) #ifdef HAVE_BLAKE2 case BLAKE2B_ID: - InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256); + ret = InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256); break; #endif @@ -172,8 +172,14 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) XMEMCPY(ip, key, length); } else { - Sha256Update(&hmac->hash.sha256, key, length); - Sha256Final(&hmac->hash.sha256, ip); + ret = Sha256Update(&hmac->hash.sha256, key, length); + if (ret != 0) + return ret; + + ret = Sha256Final(&hmac->hash.sha256, ip); + if (ret != 0) + return ret; + length = SHA256_DIGEST_SIZE; } } @@ -188,8 +194,14 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) XMEMCPY(ip, key, length); } else { - Sha384Update(&hmac->hash.sha384, key, length); - Sha384Final(&hmac->hash.sha384, ip); + ret = Sha384Update(&hmac->hash.sha384, key, length); + if (ret != 0) + return ret; + + ret = Sha384Final(&hmac->hash.sha384, ip); + if (ret != 0) + return ret; + length = SHA384_DIGEST_SIZE; } } @@ -204,8 +216,14 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) XMEMCPY(ip, key, length); } else { - Sha512Update(&hmac->hash.sha512, key, length); - Sha512Final(&hmac->hash.sha512, ip); + ret = Sha512Update(&hmac->hash.sha512, key, length); + if (ret != 0) + return ret; + + ret = Sha512Final(&hmac->hash.sha512, ip); + if (ret != 0) + return ret; + length = SHA512_DIGEST_SIZE; } } @@ -220,8 +238,14 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) XMEMCPY(ip, key, length); } else { - Blake2bUpdate(&hmac->hash.blake2b, key, length); - Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256); + ret = Blake2bUpdate(&hmac->hash.blake2b, key, length); + if (ret != 0) + return ret; + + ret = Blake2bFinal(&hmac->hash.blake2b, ip, BLAKE2B_256); + if (ret != 0) + return ret; + length = BLAKE2B_256; } } @@ -242,8 +266,10 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) } -static void HmacKeyInnerHash(Hmac* hmac) +static int HmacKeyInnerHash(Hmac* hmac) { + int ret = 0; + switch (hmac->macType) { #ifndef NO_MD5 case MD5: @@ -259,29 +285,37 @@ static void HmacKeyInnerHash(Hmac* hmac) #ifndef NO_SHA256 case SHA256: - Sha256Update(&hmac->hash.sha256, + ret = Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, SHA256_BLOCK_SIZE); + if (ret != 0) + return ret; break; #endif #ifdef CYASSL_SHA384 case SHA384: - Sha384Update(&hmac->hash.sha384, + ret = Sha384Update(&hmac->hash.sha384, (byte*) hmac->ipad, SHA384_BLOCK_SIZE); + if (ret != 0) + return ret; break; #endif #ifdef CYASSL_SHA512 case SHA512: - Sha512Update(&hmac->hash.sha512, + ret = Sha512Update(&hmac->hash.sha512, (byte*) hmac->ipad, SHA512_BLOCK_SIZE); + if (ret != 0) + return ret; break; #endif #ifdef HAVE_BLAKE2 case BLAKE2B_ID: - Blake2bUpdate(&hmac->hash.blake2b, + ret = Blake2bUpdate(&hmac->hash.blake2b, (byte*) hmac->ipad,BLAKE2B_BLOCKBYTES); + if (ret != 0) + return ret; break; #endif @@ -290,18 +324,25 @@ static void HmacKeyInnerHash(Hmac* hmac) } hmac->innerHashKeyed = 1; + + return ret; } int HmacUpdate(Hmac* hmac, const byte* msg, word32 length) { + int ret; + #ifdef HAVE_CAVIUM if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) return HmacCaviumUpdate(hmac, msg, length); #endif - if (!hmac->innerHashKeyed) - HmacKeyInnerHash(hmac); + if (!hmac->innerHashKeyed) { + ret = HmacKeyInnerHash(hmac); + if (ret != 0) + return ret; + } switch (hmac->macType) { #ifndef NO_MD5 @@ -318,25 +359,33 @@ int HmacUpdate(Hmac* hmac, const byte* msg, word32 length) #ifndef NO_SHA256 case SHA256: - Sha256Update(&hmac->hash.sha256, msg, length); + ret = Sha256Update(&hmac->hash.sha256, msg, length); + if (ret != 0) + return ret; break; #endif #ifdef CYASSL_SHA384 case SHA384: - Sha384Update(&hmac->hash.sha384, msg, length); + ret = Sha384Update(&hmac->hash.sha384, msg, length); + if (ret != 0) + return ret; break; #endif #ifdef CYASSL_SHA512 case SHA512: - Sha512Update(&hmac->hash.sha512, msg, length); + ret = Sha512Update(&hmac->hash.sha512, msg, length); + if (ret != 0) + return ret; break; #endif #ifdef HAVE_BLAKE2 case BLAKE2B_ID: - Blake2bUpdate(&hmac->hash.blake2b, msg, length); + ret = Blake2bUpdate(&hmac->hash.blake2b, msg, length); + if (ret != 0) + return ret; break; #endif @@ -350,13 +399,18 @@ int HmacUpdate(Hmac* hmac, const byte* msg, word32 length) int HmacFinal(Hmac* hmac, byte* hash) { + int ret; + #ifdef HAVE_CAVIUM if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) return HmacCaviumFinal(hmac, hash); #endif - if (!hmac->innerHashKeyed) - HmacKeyInnerHash(hmac); + if (!hmac->innerHashKeyed) { + ret = HmacKeyInnerHash(hmac); + if (ret != 0) + return ret; + } switch (hmac->macType) { #ifndef NO_MD5 @@ -390,14 +444,23 @@ int HmacFinal(Hmac* hmac, byte* hash) #ifndef NO_SHA256 case SHA256: { - Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash); + ret = Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash); + if (ret != 0) + return ret; - Sha256Update(&hmac->hash.sha256, + ret = Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, SHA256_BLOCK_SIZE); - Sha256Update(&hmac->hash.sha256, - (byte*) hmac->innerHash, SHA256_DIGEST_SIZE); + if (ret != 0) + return ret; - Sha256Final(&hmac->hash.sha256, hash); + ret = Sha256Update(&hmac->hash.sha256, + (byte*) hmac->innerHash, SHA256_DIGEST_SIZE); + if (ret != 0) + return ret; + + ret = Sha256Final(&hmac->hash.sha256, hash); + if (ret != 0) + return ret; } break; #endif @@ -405,14 +468,23 @@ int HmacFinal(Hmac* hmac, byte* hash) #ifdef CYASSL_SHA384 case SHA384: { - Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash); + ret = Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash); + if (ret != 0) + return ret; - Sha384Update(&hmac->hash.sha384, + ret = Sha384Update(&hmac->hash.sha384, (byte*) hmac->opad, SHA384_BLOCK_SIZE); - Sha384Update(&hmac->hash.sha384, - (byte*) hmac->innerHash, SHA384_DIGEST_SIZE); + if (ret != 0) + return ret; - Sha384Final(&hmac->hash.sha384, hash); + ret = Sha384Update(&hmac->hash.sha384, + (byte*) hmac->innerHash, SHA384_DIGEST_SIZE); + if (ret != 0) + return ret; + + ret = Sha384Final(&hmac->hash.sha384, hash); + if (ret != 0) + return ret; } break; #endif @@ -420,14 +492,23 @@ int HmacFinal(Hmac* hmac, byte* hash) #ifdef CYASSL_SHA512 case SHA512: { - Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash); + ret = Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash); + if (ret != 0) + return ret; - Sha512Update(&hmac->hash.sha512, + ret = Sha512Update(&hmac->hash.sha512, (byte*) hmac->opad, SHA512_BLOCK_SIZE); - Sha512Update(&hmac->hash.sha512, - (byte*) hmac->innerHash, SHA512_DIGEST_SIZE); + if (ret != 0) + return ret; - Sha512Final(&hmac->hash.sha512, hash); + ret = Sha512Update(&hmac->hash.sha512, + (byte*) hmac->innerHash, SHA512_DIGEST_SIZE); + if (ret != 0) + return ret; + + ret = Sha512Final(&hmac->hash.sha512, hash); + if (ret != 0) + return ret; } break; #endif @@ -435,13 +516,24 @@ int HmacFinal(Hmac* hmac, byte* hash) #ifdef HAVE_BLAKE2 case BLAKE2B_ID: { - Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash, + ret = Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash, BLAKE2B_256); - Blake2bUpdate(&hmac->hash.blake2b, + if (ret != 0) + return ret; + + ret = Blake2bUpdate(&hmac->hash.blake2b, (byte*) hmac->opad, BLAKE2B_BLOCKBYTES); - Blake2bUpdate(&hmac->hash.blake2b, + if (ret != 0) + return ret; + + ret = Blake2bUpdate(&hmac->hash.blake2b, (byte*) hmac->innerHash, BLAKE2B_256); - Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256); + if (ret != 0) + return ret; + + ret = Blake2bFinal(&hmac->hash.blake2b, hash, BLAKE2B_256); + if (ret != 0) + return ret; } break; #endif @@ -640,16 +732,34 @@ int HKDF(int type, const byte* inKey, word32 inKeySz, byte* out, word32 outSz) { Hmac myHmac; +#ifdef CYASSL_SMALL_STACK + byte* tmp; + byte* prk; +#else byte tmp[MAX_DIGEST_SIZE]; /* localSalt helper and T */ byte prk[MAX_DIGEST_SIZE]; +#endif const byte* localSalt; /* either points to user input or tmp */ int hashSz = GetHashSizeByType(type); word32 outIdx = 0; byte n = 0x1; + int ret; if (hashSz < 0) return BAD_FUNC_ARG; +#ifdef CYASSL_SMALL_STACK + tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) + return MEMORY_E; + + prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (prk == NULL) { + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + localSalt = salt; if (localSalt == NULL) { XMEMSET(tmp, 0, hashSz); @@ -657,32 +767,51 @@ int HKDF(int type, const byte* inKey, word32 inKeySz, saltSz = hashSz; } - if (HmacSetKey(&myHmac, type, localSalt, saltSz) != 0) - return BAD_FUNC_ARG; + do { + ret = HmacSetKey(&myHmac, type, localSalt, saltSz); + if (ret != 0) + break; + ret = HmacUpdate(&myHmac, inKey, inKeySz); + if (ret != 0) + break; + ret = HmacFinal(&myHmac, prk); + } while (0); - HmacUpdate(&myHmac, inKey, inKeySz); - HmacFinal(&myHmac, prk); + if (ret == 0) { + while (outIdx < outSz) { + int tmpSz = (n == 1) ? 0 : hashSz; + word32 left = outSz - outIdx; - while (outIdx < outSz) { - int tmpSz = (n == 1) ? 0 : hashSz; - word32 left = outSz - outIdx; + ret = HmacSetKey(&myHmac, type, prk, hashSz); + if (ret != 0) + break; + ret = HmacUpdate(&myHmac, tmp, tmpSz); + if (ret != 0) + break; + ret = HmacUpdate(&myHmac, info, infoSz); + if (ret != 0) + break; + ret = HmacUpdate(&myHmac, &n, 1); + if (ret != 0) + break; + ret = HmacFinal(&myHmac, tmp); + if (ret != 0) + break; - if (HmacSetKey(&myHmac, type, prk, hashSz) != 0) - return BAD_FUNC_ARG; + left = min(left, (word32)hashSz); + XMEMCPY(out+outIdx, tmp, left); - HmacUpdate(&myHmac, tmp, tmpSz); - HmacUpdate(&myHmac, info, infoSz); - HmacUpdate(&myHmac, &n, 1); - HmacFinal(&myHmac, tmp); - - left = min(left, (word32)hashSz); - XMEMCPY(out+outIdx, tmp, left); - - outIdx += hashSz; - n++; + outIdx += hashSz; + n++; + } } - return 0; +#ifdef CYASSL_SMALL_STACK + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } #endif /* HAVE_HKDF */ diff --git a/ctaocrypt/src/integer.c b/ctaocrypt/src/integer.c index 88e16d57c..e885ca04b 100644 --- a/ctaocrypt/src/integer.c +++ b/ctaocrypt/src/integer.c @@ -1,6 +1,6 @@ /* integer.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/logging.c b/ctaocrypt/src/logging.c index 8f450ab0a..5c17f591d 100644 --- a/ctaocrypt/src/logging.c +++ b/ctaocrypt/src/logging.c @@ -1,6 +1,6 @@ /* logging.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/ctaocrypt/src/md2.c b/ctaocrypt/src/md2.c index b8e616542..178287eec 100644 --- a/ctaocrypt/src/md2.c +++ b/ctaocrypt/src/md2.c @@ -1,6 +1,6 @@ /* md2.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/md4.c b/ctaocrypt/src/md4.c index 15961a007..d696d6380 100644 --- a/ctaocrypt/src/md4.c +++ b/ctaocrypt/src/md4.c @@ -1,6 +1,6 @@ /* md4.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/ctaocrypt/src/md5.c b/ctaocrypt/src/md5.c index 43362327a..3da4cc6b6 100644 --- a/ctaocrypt/src/md5.c +++ b/ctaocrypt/src/md5.c @@ -1,6 +1,6 @@ /* md5.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/memory.c b/ctaocrypt/src/memory.c index a0a993921..71bbbc461 100644 --- a/ctaocrypt/src/memory.c +++ b/ctaocrypt/src/memory.c @@ -1,6 +1,6 @@ /* memory.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/ctaocrypt/src/misc.c b/ctaocrypt/src/misc.c index 971af0aa5..69fd4a449 100644 --- a/ctaocrypt/src/misc.c +++ b/ctaocrypt/src/misc.c @@ -1,6 +1,6 @@ /* misc.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/ctaocrypt/src/pkcs7.c b/ctaocrypt/src/pkcs7.c index f12396390..1b0092797 100644 --- a/ctaocrypt/src/pkcs7.c +++ b/ctaocrypt/src/pkcs7.c @@ -1,6 +1,6 @@ /* pkcs7.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -585,11 +585,7 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) byte* content = NULL; byte* sig = NULL; byte* cert = NULL; - byte* signedAttr = NULL; - int contentSz = 0, sigSz = 0, certSz = 0, signedAttrSz = 0; - - (void)signedAttr; /* not used yet, just set */ - (void)signedAttrSz; + int contentSz = 0, sigSz = 0, certSz = 0; if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0) return BAD_FUNC_ARG; @@ -750,10 +746,6 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; - /* save pointer and length */ - signedAttr = &pkiMsg[idx]; - signedAttrSz = length; - idx += length; } @@ -980,8 +972,13 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) verSz = SetMyVersion(0, ver, 0); /* generate random content encryption key */ - InitRng(&rng); - RNG_GenerateBlock(&rng, contentKeyPlain, blockKeySz); + ret = InitRng(&rng); + if (ret != 0) + return ret; + + ret = RNG_GenerateBlock(&rng, contentKeyPlain, blockKeySz); + if (ret != 0) + return ret; /* build RecipientInfo, only handle 1 for now */ recipSz = CreateRecipientInfo(pkcs7->singleCert, pkcs7->singleCertSz, RSAk, @@ -995,6 +992,11 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } recipSetSz = SetSet(recipSz, recipSet); + /* generate IV for block cipher */ + ret = RNG_GenerateBlock(&rng, tmpIv, DES_BLOCK_SIZE); + if (ret != 0) + return ret; + /* EncryptedContentInfo */ contentTypeSz = SetContentType(pkcs7->contentOID, contentType); if (contentTypeSz == 0) @@ -1028,9 +1030,6 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) return MEMORY_E; } - /* generate IV for block cipher */ - RNG_GenerateBlock(&rng, tmpIv, DES_BLOCK_SIZE); - /* put together IV OCTET STRING */ ivOctetStringSz = SetOctetString(DES_BLOCK_SIZE, ivOctetString); diff --git a/ctaocrypt/src/port.c b/ctaocrypt/src/port.c index 87efc5bdc..c51062185 100644 --- a/ctaocrypt/src/port.c +++ b/ctaocrypt/src/port.c @@ -1,6 +1,6 @@ /* port.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/ctaocrypt/src/port/pic32/pic32mz-hash.c b/ctaocrypt/src/port/pic32/pic32mz-hash.c index fe2c1f3e4..7511725c7 100644 --- a/ctaocrypt/src/port/pic32/pic32mz-hash.c +++ b/ctaocrypt/src/port/pic32/pic32mz-hash.c @@ -1,6 +1,6 @@ /* pic32mz-hash.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -221,19 +221,23 @@ void InitSha256(Sha256* sha256) reset_engine(&(sha256->desc), PIC32_ALGO_SHA256) ; } -void Sha256Update(Sha256* sha256, const byte* data, word32 len) +int Sha256Update(Sha256* sha256, const byte* data, word32 len) { CYASSL_ENTER("Sha256Update\n") ; update_engine(&(sha256->desc), data, len, sha256->digest) ; + + return 0; } -void Sha256Final(Sha256* sha256, byte* hash) +int Sha256Final(Sha256* sha256, byte* hash) { CYASSL_ENTER("Sha256Final\n") ; start_engine(&(sha256->desc)) ; wait_engine(&(sha256->desc), (char *)sha256->digest, SHA256_HASH_SIZE) ; XMEMCPY(hash, sha256->digest, SHA256_HASH_SIZE) ; InitSha256(sha256); /* reset state */ + + return 0; } #endif /* NO_SHA256 */ diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index a227661bb..582c80fb9 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -1,6 +1,6 @@ /* pwdbased.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -124,7 +124,11 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, int hLen; int j, ret; Hmac hmac; +#ifdef CYASSL_SMALL_STACK + byte* buffer; +#else byte buffer[MAX_DIGEST_SIZE]; +#endif if (hashType == MD5) { hLen = MD5_DIGEST_SIZE; @@ -145,38 +149,76 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, else return BAD_FUNC_ARG; +#ifdef CYASSL_SMALL_STACK + buffer = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (buffer == NULL) + return MEMORY_E; +#endif + ret = HmacSetKey(&hmac, hashType, passwd, pLen); - if (ret != 0) - return ret; - while (kLen) { - int currentLen; - HmacUpdate(&hmac, salt, sLen); + if (ret == 0) { + while (kLen) { + int currentLen; - /* encode i */ - for (j = 0; j < 4; j++) { - byte b = (byte)(i >> ((3-j) * 8)); - HmacUpdate(&hmac, &b, 1); + ret = HmacUpdate(&hmac, salt, sLen); + if (ret != 0) + break; + + /* encode i */ + for (j = 0; j < 4; j++) { + byte b = (byte)(i >> ((3-j) * 8)); + + ret = HmacUpdate(&hmac, &b, 1); + if (ret != 0) + break; + } + + /* check ret from inside for loop */ + if (ret != 0) + break; + + ret = HmacFinal(&hmac, buffer); + if (ret != 0) + break; + + currentLen = min(kLen, hLen); + XMEMCPY(output, buffer, currentLen); + + for (j = 1; j < iterations; j++) { + ret = HmacUpdate(&hmac, buffer, hLen); + if (ret != 0) + break; + ret = HmacFinal(&hmac, buffer); + if (ret != 0) + break; + xorbuf(output, buffer, currentLen); + } + + /* check ret from inside for loop */ + if (ret != 0) + break; + + output += currentLen; + kLen -= currentLen; + i++; } - HmacFinal(&hmac, buffer); - - currentLen = min(kLen, hLen); - XMEMCPY(output, buffer, currentLen); - - for (j = 1; j < iterations; j++) { - HmacUpdate(&hmac, buffer, hLen); - HmacFinal(&hmac, buffer); - xorbuf(output, buffer, currentLen); - } - - output += currentLen; - kLen -= currentLen; - i++; } - return 0; +#ifdef CYASSL_SMALL_STACK + XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } +#ifdef CYASSL_SHA512 +#define PBKDF_DIGEST_SIZE SHA512_BLOCK_SIZE +#elif !defined(NO_SHA256) +#define PBKDF_DIGEST_SIZE SHA256_BLOCK_SIZE +#else +#define PBKDF_DIGEST_SIZE SHA_DIGEST_SIZE +#endif int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, int saltLen, int iterations, int kLen, int hashType, int id) @@ -187,17 +229,19 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, int ret = 0; int i; byte *D, *S, *P, *I; - byte staticBuffer[1024]; - byte* buffer = staticBuffer; -#ifdef CYASSL_SHA512 - byte Ai[SHA512_DIGEST_SIZE]; - byte B[SHA512_BLOCK_SIZE]; -#elif !defined(NO_SHA256) - byte Ai[SHA256_DIGEST_SIZE]; - byte B[SHA256_BLOCK_SIZE]; +#ifdef CYASSL_SMALL_STACK + byte staticBuffer[1]; /* force dynamic usage */ #else - byte Ai[SHA_DIGEST_SIZE]; - byte B[SHA_BLOCK_SIZE]; + byte staticBuffer[1024]; +#endif + byte* buffer = staticBuffer; + +#ifdef CYASSL_SMALL_STACK + byte* Ai; + byte* B; +#else + byte Ai[PBKDF_DIGEST_SIZE]; + byte B[PBKDF_DIGEST_SIZE]; #endif if (!iterations) @@ -224,7 +268,19 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, } #endif else - return BAD_FUNC_ARG; + return BAD_FUNC_ARG; + +#ifdef CYASSL_SMALL_STACK + Ai = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (Ai == NULL) + return MEMORY_E; + + B = (byte*)XMALLOC(PBKDF_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (B == NULL) { + XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif dLen = v; sLen = v * ((saltLen + v - 1) / v); @@ -238,7 +294,13 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, if (totalLen > sizeof(staticBuffer)) { buffer = (byte*)XMALLOC(totalLen, 0, DYNAMIC_TYPE_KEY); - if (buffer == NULL) return MEMORY_E; + if (buffer == NULL) { +#ifdef CYASSL_SMALL_STACK + XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return MEMORY_E; + } dynamic = 1; } @@ -291,12 +353,23 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, ret = InitSha256(&sha256); if (ret != 0) break; - Sha256Update(&sha256, buffer, totalLen); - Sha256Final(&sha256, Ai); + + ret = Sha256Update(&sha256, buffer, totalLen); + if (ret != 0) + break; + + ret = Sha256Final(&sha256, Ai); + if (ret != 0) + break; for (i = 1; i < iterations; i++) { - Sha256Update(&sha256, Ai, u); - Sha256Final(&sha256, Ai); + ret = Sha256Update(&sha256, Ai, u); + if (ret != 0) + break; + + ret = Sha256Final(&sha256, Ai); + if (ret != 0) + break; } } #endif @@ -307,12 +380,23 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, ret = InitSha512(&sha512); if (ret != 0) break; - Sha512Update(&sha512, buffer, totalLen); - Sha512Final(&sha512, Ai); + + ret = Sha512Update(&sha512, buffer, totalLen); + if (ret != 0) + break; + + ret = Sha512Final(&sha512, Ai); + if (ret != 0) + break; for (i = 1; i < iterations; i++) { - Sha512Update(&sha512, Ai, u); - Sha512Final(&sha512, Ai); + ret = Sha512Update(&sha512, Ai, u); + if (ret != 0) + break; + + ret = Sha512Final(&sha512, Ai); + if (ret != 0) + break; } } #endif @@ -375,8 +459,16 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, } if (dynamic) XFREE(buffer, 0, DYNAMIC_TYPE_KEY); + +#ifdef CYASSL_SMALL_STACK + XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(B, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } +#undef PBKDF_DIGEST_SIZE + #endif /* NO_PWDBASED */ diff --git a/ctaocrypt/src/rabbit.c b/ctaocrypt/src/rabbit.c index 061bc05ff..5be474163 100644 --- a/ctaocrypt/src/rabbit.c +++ b/ctaocrypt/src/rabbit.c @@ -1,6 +1,6 @@ /* rabbit.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/ctaocrypt/src/random.c b/ctaocrypt/src/random.c index e5127690b..6372c76a1 100644 --- a/ctaocrypt/src/random.c +++ b/ctaocrypt/src/random.c @@ -1,6 +1,6 @@ /* random.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -70,12 +70,12 @@ #define OUTPUT_BLOCK_LEN (256/8) #define MAX_REQUEST_LEN (0x1000) #define MAX_STRING_LEN (0x100000000) -#define RESEED_MAX (0x100000000000LL) +#define RESEED_INTERVAL (0xFFFFFFFF) #define ENTROPY_SZ 256 -#define DBRG_SUCCESS 0 -#define DBRG_ERROR 1 -#define DBRG_NEED_RESEED 2 +#define DRBG_SUCCESS 0 +#define DRBG_ERROR 1 +#define DRBG_NEED_RESEED 2 enum { @@ -87,8 +87,10 @@ enum { }; -static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, byte* inA, word32 inASz, - byte* inB, word32 inBSz, byte* inC, word32 inCSz) +static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, + byte* inA, word32 inASz, + byte* inB, word32 inBSz, + byte* inC, word32 inCSz) { byte ctr; int i; @@ -104,19 +106,33 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, byte* inA, word for (i = 0, ctr = 1; i < len; i++, ctr++) { if (InitSha256(&rng->sha) != 0) - return DBRG_ERROR; - Sha256Update(&rng->sha, &ctr, sizeof(ctr)); - Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits)); - /* churning V is the only string that doesn't have + return DRBG_ERROR; + + if (Sha256Update(&rng->sha, &ctr, sizeof(ctr)) != 0) + return DRBG_ERROR; + + if (Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits)) != 0) + return DRBG_ERROR; + + /* churning V is the only string that doesn't have * the type added */ if (type != dbrgInitV) - Sha256Update(&rng->sha, &type, sizeof(type)); - Sha256Update(&rng->sha, inA, inASz); + if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0) + return DRBG_ERROR; + + if (Sha256Update(&rng->sha, inA, inASz) != 0) + return DRBG_ERROR; + if (inB != NULL && inBSz > 0) - Sha256Update(&rng->sha, inB, inBSz); + if (Sha256Update(&rng->sha, inB, inBSz) != 0) + return DRBG_ERROR; + if (inC != NULL && inCSz > 0) - Sha256Update(&rng->sha, inC, inCSz); - Sha256Final(&rng->sha, rng->digest); + if (Sha256Update(&rng->sha, inC, inCSz) != 0) + return DRBG_ERROR; + + if (Sha256Final(&rng->sha, rng->digest) != 0) + return DRBG_ERROR; if (outSz > SHA256_DIGEST_SIZE) { XMEMCPY(out, rng->digest, SHA256_DIGEST_SIZE); @@ -128,22 +144,29 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, byte* inA, word } } - return DBRG_SUCCESS; + return DRBG_SUCCESS; } -static int Hash_DBRG_Reseed(RNG* rng, byte* entropy, word32 entropySz) +static int Hash_DRBG_Reseed(RNG* rng, byte* entropy, word32 entropySz) { - byte seed[DBRG_SEED_LEN]; + int ret; + byte seed[DRBG_SEED_LEN]; + + ret = Hash_df(rng, seed, sizeof(seed), dbrgInitV, rng->V, sizeof(rng->V), + entropy, entropySz, NULL, 0); + if (ret != 0) + return ret; - Hash_df(rng, seed, sizeof(seed), dbrgInitV, rng->V, sizeof(rng->V), - entropy, entropySz, NULL, 0); XMEMCPY(rng->V, seed, sizeof(rng->V)); XMEMSET(seed, 0, sizeof(seed)); - Hash_df(rng, rng->C, sizeof(rng->C), dbrgInitC, rng->V, sizeof(rng->V), - NULL, 0, NULL, 0); - rng->reseed_ctr = 1; + ret = Hash_df(rng, rng->C, sizeof(rng->C), dbrgInitC, rng->V, + sizeof(rng->V), NULL, 0, NULL, 0); + if (ret != 0) + return ret; + + rng->reseedCtr = 1; return 0; } @@ -160,7 +183,7 @@ static INLINE void array_add_one(byte* data, word32 dataSz) static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V) { - byte data[DBRG_SEED_LEN]; + byte data[DRBG_SEED_LEN]; int i, ret; int len = (outSz / SHA256_DIGEST_SIZE) + ((outSz % SHA256_DIGEST_SIZE) ? 1 : 0); @@ -168,14 +191,22 @@ static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V) XMEMCPY(data, V, sizeof(data)); for (i = 0; i < len; i++) { ret = InitSha256(&rng->sha); - if (ret != 0) return ret; - Sha256Update(&rng->sha, data, sizeof(data)); - Sha256Final(&rng->sha, rng->digest); + if (ret != 0) + return ret; + + ret = Sha256Update(&rng->sha, data, sizeof(data)); + if (ret != 0) + return ret; + + ret = Sha256Final(&rng->sha, rng->digest); + if (ret != 0) + return ret; + if (outSz > SHA256_DIGEST_SIZE) { XMEMCPY(out, rng->digest, SHA256_DIGEST_SIZE); outSz -= SHA256_DIGEST_SIZE; out += SHA256_DIGEST_SIZE; - array_add_one(data, DBRG_SEED_LEN); + array_add_one(data, DRBG_SEED_LEN); } else { XMEMCPY(out, rng->digest, outSz); @@ -206,51 +237,69 @@ static INLINE void array_add(byte* d, word32 dLen, byte* s, word32 sLen) } -static int Hash_DBRG_Generate(RNG* rng, byte* out, word32 outSz) +static int Hash_DRBG_Generate(RNG* rng, byte* out, word32 outSz) { int ret; - if (rng->reseed_ctr != RESEED_MAX) { + if (rng->reseedCtr != RESEED_INTERVAL) { byte type = dbrgGenerateH; + word32 reseedCtr = rng->reseedCtr; + rng->reseedCtr++; if (Hash_gen(rng, out, outSz, rng->V) != 0) - return DBRG_ERROR; + return DRBG_ERROR; if (InitSha256(&rng->sha) != 0) - return DBRG_ERROR; - Sha256Update(&rng->sha, &type, sizeof(type)); - Sha256Update(&rng->sha, rng->V, sizeof(rng->V)); - Sha256Final(&rng->sha, rng->digest); + return DRBG_ERROR; + if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0) + return DRBG_ERROR; + if (Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0) + return DRBG_ERROR; + if (Sha256Final(&rng->sha, rng->digest) != 0) + return DRBG_ERROR; + array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest)); array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C)); - array_add(rng->V, sizeof(rng->V), - (byte*)&rng->reseed_ctr, sizeof(rng->reseed_ctr)); - rng->reseed_ctr++; - ret = DBRG_SUCCESS; + #ifdef LITTLE_ENDIAN_ORDER + reseedCtr = ByteReverseWord32(reseedCtr); + #endif + array_add(rng->V, sizeof(rng->V), (byte*)&reseedCtr, sizeof(reseedCtr)); + ret = DRBG_SUCCESS; } else { - ret = DBRG_NEED_RESEED; + ret = DRBG_NEED_RESEED; } return ret; } -static void Hash_DBRG_Instantiate(RNG* rng, byte* seed, word32 seedSz) +static int Hash_DRBG_Instantiate(RNG* rng, byte* seed, word32 seedSz) { + int ret; + XMEMSET(rng, 0, sizeof(*rng)); - Hash_df(rng, rng->V, sizeof(rng->V), dbrgInitV, seed, seedSz, NULL, 0, NULL, 0); - Hash_df(rng, rng->C, sizeof(rng->C), dbrgInitC, rng->V, sizeof(rng->V), - NULL, 0, NULL, 0); - rng->reseed_ctr = 1; + ret = Hash_df(rng, rng->V, sizeof(rng->V), dbrgInitV, seed, seedSz, NULL, 0, + NULL, 0); + if (ret != 0) + return ret; + + ret = Hash_df(rng, rng->C, sizeof(rng->C), dbrgInitC, rng->V, + sizeof(rng->V), NULL, 0, NULL, 0); + if (ret != 0) + return ret; + + rng->reseedCtr = 1; + + return 0; } -static int Hash_DBRG_Uninstantiate(RNG* rng) +static int Hash_DRBG_Uninstantiate(RNG* rng) { - int result = DBRG_ERROR; + int result = DRBG_ERROR; if (rng != NULL) { XMEMSET(rng, 0, sizeof(*rng)); - result = DBRG_SUCCESS; + result = DRBG_SUCCESS; } return result; @@ -263,51 +312,83 @@ static int Hash_DBRG_Uninstantiate(RNG* rng) /* Get seed and key cipher */ int InitRng(RNG* rng) { +#ifdef CYASSL_SMALL_STACK + byte* entropy; +#else byte entropy[ENTROPY_SZ]; - int ret = DBRG_ERROR; +#endif + int ret = DRBG_ERROR; + +#ifdef CYASSL_SMALL_STACK + entropy = (byte*)XMALLOC(ENTROPY_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (entropy == NULL) + return MEMORY_E; +#endif + + if (GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0) + ret = Hash_DRBG_Instantiate(rng, entropy, ENTROPY_SZ); + + XMEMSET(entropy, 0, ENTROPY_SZ); + +#ifdef CYASSL_SMALL_STACK + XFREE(entropy, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif - if (GenerateSeed(&rng->seed, entropy, sizeof(entropy)) == 0) { - Hash_DBRG_Instantiate(rng, entropy, sizeof(entropy)); - ret = DBRG_SUCCESS; - } - XMEMSET(entropy, 0, sizeof(entropy)); return ret; } /* place a generated block in output */ -void RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +int RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) { int ret; XMEMSET(output, 0, sz); - ret = Hash_DBRG_Generate(rng, output, sz); - if (ret == DBRG_NEED_RESEED) { + ret = Hash_DRBG_Generate(rng, output, sz); + + if (ret == DRBG_NEED_RESEED) { +#ifdef CYASSL_SMALL_STACK + byte* entropy; +#else byte entropy[ENTROPY_SZ]; - ret = GenerateSeed(&rng->seed, entropy, sizeof(entropy)); +#endif + +#ifdef CYASSL_SMALL_STACK + entropy = (byte*)XMALLOC(ENTROPY_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (entropy == NULL) + return MEMORY_E; +#endif + + ret = GenerateSeed(&rng->seed, entropy, ENTROPY_SZ); if (ret == 0) { - Hash_DBRG_Reseed(rng, entropy, sizeof(entropy)); - ret = Hash_DBRG_Generate(rng, output, sz); + ret = Hash_DRBG_Reseed(rng, entropy, ENTROPY_SZ); + + if (ret == 0) + ret = Hash_DRBG_Generate(rng, output, sz); } else - ret = DBRG_ERROR; - XMEMSET(entropy, 0, sizeof(entropy)); + ret = DRBG_ERROR; + + XMEMSET(entropy, 0, ENTROPY_SZ); + +#ifdef CYASSL_SMALL_STACK + XFREE(entropy, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif } + + return ret; } -byte RNG_GenerateByte(RNG* rng) +int RNG_GenerateByte(RNG* rng, byte* b) { - byte b; - RNG_GenerateBlock(rng, &b, 1); - - return b; + return RNG_GenerateBlock(rng, b, 1); } void FreeRng(RNG* rng) { - Hash_DBRG_Uninstantiate(rng); + Hash_DRBG_Uninstantiate(rng); } #else /* NO_RC4 */ @@ -315,21 +396,45 @@ void FreeRng(RNG* rng) /* Get seed and key cipher */ int InitRng(RNG* rng) { + int ret; +#ifdef CYASSL_SMALL_STACK + byte* key; + byte* junk; +#else byte key[32]; byte junk[256]; - int ret; +#endif #ifdef HAVE_CAVIUM if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC) return 0; #endif - ret = GenerateSeed(&rng->seed, key, sizeof(key)); + +#ifdef CYASSL_SMALL_STACK + key = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + return MEMORY_E; + + junk = (byte*)XMALLOC(256, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (junk == NULL) { + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + ret = GenerateSeed(&rng->seed, key, 32); if (ret == 0) { Arc4SetKey(&rng->cipher, key, sizeof(key)); - RNG_GenerateBlock(rng, junk, sizeof(junk)); /* rid initial state */ + + ret = RNG_GenerateBlock(rng, junk, 256); /*rid initial state*/ } +#ifdef CYASSL_SMALL_STACK + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(junk, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } @@ -338,7 +443,7 @@ int InitRng(RNG* rng) #endif /* place a generated block in output */ -void RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +int RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) { #ifdef HAVE_CAVIUM if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC) @@ -346,15 +451,14 @@ void RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) #endif XMEMSET(output, 0, sz); Arc4Process(&rng->cipher, output, output, sz); + + return 0; } -byte RNG_GenerateByte(RNG* rng) +int RNG_GenerateByte(RNG* rng, byte* b) { - byte b; - RNG_GenerateBlock(rng, &b, 1); - - return b; + return RNG_GenerateBlock(rng, b, 1); } diff --git a/ctaocrypt/src/ripemd.c b/ctaocrypt/src/ripemd.c index f885a6f30..69ff9066e 100644 --- a/ctaocrypt/src/ripemd.c +++ b/ctaocrypt/src/ripemd.c @@ -1,6 +1,6 @@ /* ripemd.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/rsa.c b/ctaocrypt/src/rsa.c index 060d1f5e2..648d56f1b 100644 --- a/ctaocrypt/src/rsa.c +++ b/ctaocrypt/src/rsa.c @@ -1,6 +1,6 @@ /* rsa.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -124,10 +124,11 @@ int FreeRsaKey(RsaKey* key) return 0; } -static void RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, +static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, word32 pkcsBlockLen, byte padValue, RNG* rng) { - if (inputLen == 0) return; + if (inputLen == 0) + return 0; pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ pkcsBlock++; pkcsBlockLen--; @@ -139,7 +140,10 @@ static void RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, else { /* pad with non-zero random bytes */ word32 padLen = pkcsBlockLen - inputLen - 1, i; - RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); + int ret = RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); + + if (ret != 0) + return ret; /* remove zeros */ for (i = 1; i < padLen; i++) @@ -148,6 +152,8 @@ static void RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */ XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); + + return 0; } @@ -297,7 +303,9 @@ int RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) return RSA_BUFFER_E; - RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng); + ret = RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng); + if (ret != 0) + return ret; if ((ret = RsaFunction(out, sz, out, &outLen, RSA_PUBLIC_ENCRYPT, key)) < 0) sz = ret; @@ -444,7 +452,9 @@ int RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) return RSA_BUFFER_E; - RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng); + ret = RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng); + if (ret != 0) + return ret; if ((ret = RsaFunction(out, sz, out, &outLen, RSA_PRIVATE_ENCRYPT,key)) < 0) sz = ret; @@ -502,7 +512,11 @@ static int rand_prime(mp_int* N, int len, RNG* rng, void* heap) fflush(stdout); #endif /* generate value */ - RNG_GenerateBlock(rng, buf, len); + err = RNG_GenerateBlock(rng, buf, len); + if (err != 0) { + XFREE(buf, heap, DYNAMIC_TYPE_RSA); + return err; + } /* munge bits */ buf[0] |= 0x80 | 0x40; diff --git a/ctaocrypt/src/sha.c b/ctaocrypt/src/sha.c index 91260d12d..9797b5317 100644 --- a/ctaocrypt/src/sha.c +++ b/ctaocrypt/src/sha.c @@ -1,6 +1,6 @@ /* sha.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/ctaocrypt/src/sha256.c b/ctaocrypt/src/sha256.c index 292393995..2a0d1f979 100644 --- a/ctaocrypt/src/sha256.c +++ b/ctaocrypt/src/sha256.c @@ -1,6 +1,6 @@ /* sha256.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -42,6 +42,7 @@ #endif #include +#include #ifdef NO_INLINE #include #else @@ -50,12 +51,8 @@ #ifdef FREESCALE_MMCAU #include "cau_api.h" - #define XTRANSFORM(S,B) cau_sha256_hash_n((B), 1, ((S))->digest) -#else - #define XTRANSFORM(S,B) Transform((S)) #endif - #ifndef min static INLINE word32 min(word32 a, word32 b) @@ -88,7 +85,18 @@ int InitSha256(Sha256* sha256) return 0; } -#ifndef FREESCALE_MMCAU +#ifdef FREESCALE_MMCAU + #define XTRANSFORM(S,B) Transform((S), (B)) + +static int Transform(Sha256* sha256, byte* buf) +{ + cau_sha256_hash_n(buf, 1, sha256->digest); + + return 0; +} + +#else + #define XTRANSFORM(S,B) Transform((S)) static const word32 K[64] = { 0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL, @@ -122,11 +130,21 @@ static const word32 K[64] = { h = t0 + t1; -static void Transform(Sha256* sha256) +static int Transform(Sha256* sha256) { - word32 S[8], W[64], t0, t1; + word32 S[8], t0, t1; int i; +#ifdef CYASSL_SMALL_STACK + word32* W; + + W = (word32*) XMALLOC(sizeof(word32) * 64, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (W == NULL) + return MEMORY_E; +#else + word32 W[64]; +#endif + /* Copy context->state[] to working vars */ for (i = 0; i < 8; i++) S[i] = sha256->digest[i]; @@ -152,6 +170,12 @@ static void Transform(Sha256* sha256) for (i = 0; i < 8; i++) { sha256->digest[i] += S[i]; } + +#ifdef CYASSL_SMALL_STACK + XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return 0; } #endif /* FREESCALE_MMCAU */ @@ -179,11 +203,17 @@ int Sha256Update(Sha256* sha256, const byte* data, word32 len) len -= add; if (sha256->buffLen == SHA256_BLOCK_SIZE) { + int ret; + #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE); #endif - XTRANSFORM(sha256, local); + + ret = XTRANSFORM(sha256, local); + if (ret != 0) + return ret; + AddLength(sha256, SHA256_BLOCK_SIZE); sha256->buffLen = 0; } @@ -196,6 +226,7 @@ int Sha256Update(Sha256* sha256, const byte* data, word32 len) int Sha256Final(Sha256* sha256, byte* hash) { byte* local = (byte*)sha256->buffer; + int ret; AddLength(sha256, sha256->buffLen); /* before adding pads */ @@ -209,7 +240,11 @@ int Sha256Final(Sha256* sha256, byte* hash) #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE); #endif - XTRANSFORM(sha256, local); + + ret = XTRANSFORM(sha256, local); + if (ret != 0) + return ret; + sha256->buffLen = 0; } XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen); @@ -235,7 +270,10 @@ int Sha256Final(Sha256* sha256, byte* hash) 2 * sizeof(word32)); #endif - XTRANSFORM(sha256, local); + ret = XTRANSFORM(sha256, local); + if (ret != 0) + return ret; + #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE); #endif diff --git a/ctaocrypt/src/sha512.c b/ctaocrypt/src/sha512.c index 125337229..ceb5a7e72 100644 --- a/ctaocrypt/src/sha512.c +++ b/ctaocrypt/src/sha512.c @@ -1,6 +1,6 @@ /* sha512.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -33,6 +33,7 @@ #endif #include +#include #ifdef NO_INLINE #include #else @@ -142,14 +143,23 @@ static const word64 K512[80] = { d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)) -static void Transform(Sha512* sha512) +static int Transform(Sha512* sha512) { const word64* K = K512; word32 j; - word64 W[16]; word64 T[8]; +#ifdef CYASSL_SMALL_STACK + word64* W; + + W = (word64*) XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (W == NULL) + return MEMORY_E; +#else + word64 W[16]; +#endif + /* Copy digest to working vars */ XMEMCPY(T, sha512->digest, sizeof(T)); @@ -184,8 +194,14 @@ static void Transform(Sha512* sha512) sha512->digest[7] += h(0); /* Wipe variables */ - XMEMSET(W, 0, sizeof(W)); + XMEMSET(W, 0, sizeof(word64) * 16); XMEMSET(T, 0, sizeof(T)); + +#ifdef CYASSL_SMALL_STACK + XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return 0; } @@ -211,11 +227,16 @@ int Sha512Update(Sha512* sha512, const byte* data, word32 len) len -= add; if (sha512->buffLen == SHA512_BLOCK_SIZE) { + int ret; + #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords64(sha512->buffer, sha512->buffer, SHA512_BLOCK_SIZE); #endif - Transform(sha512); + ret = Transform(sha512); + if (ret != 0) + return ret; + AddLength(sha512, SHA512_BLOCK_SIZE); sha512->buffLen = 0; } @@ -227,6 +248,7 @@ int Sha512Update(Sha512* sha512, const byte* data, word32 len) int Sha512Final(Sha512* sha512, byte* hash) { byte* local = (byte*)sha512->buffer; + int ret; AddLength(sha512, sha512->buffLen); /* before adding pads */ @@ -240,7 +262,10 @@ int Sha512Final(Sha512* sha512, byte* hash) #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords64(sha512->buffer,sha512->buffer,SHA512_BLOCK_SIZE); #endif - Transform(sha512); + ret = Transform(sha512); + if (ret != 0) + return ret; + sha512->buffLen = 0; } XMEMSET(&local[sha512->buffLen], 0, SHA512_PAD_SIZE - sha512->buffLen); @@ -258,7 +283,10 @@ int Sha512Final(Sha512* sha512, byte* hash) sha512->buffer[SHA512_BLOCK_SIZE / sizeof(word64) - 2] = sha512->hiLen; sha512->buffer[SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen; - Transform(sha512); + ret = Transform(sha512); + if (ret != 0) + return ret; + #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords64(sha512->digest, sha512->digest, SHA512_DIGEST_SIZE); #endif @@ -290,14 +318,23 @@ int InitSha384(Sha384* sha384) } -static void Transform384(Sha384* sha384) +static int Transform384(Sha384* sha384) { const word64* K = K512; word32 j; - word64 W[16]; word64 T[8]; +#ifdef CYASSL_SMALL_STACK + word64* W; + + W = (word64*) XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (W == NULL) + return MEMORY_E; +#else + word64 W[16]; +#endif + /* Copy digest to working vars */ XMEMCPY(T, sha384->digest, sizeof(T)); @@ -332,8 +369,14 @@ static void Transform384(Sha384* sha384) sha384->digest[7] += h(0); /* Wipe variables */ - XMEMSET(W, 0, sizeof(W)); + XMEMSET(W, 0, sizeof(word64) * 16); XMEMSET(T, 0, sizeof(T)); + +#ifdef CYASSL_SMALL_STACK + XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return 0; } @@ -359,11 +402,16 @@ int Sha384Update(Sha384* sha384, const byte* data, word32 len) len -= add; if (sha384->buffLen == SHA384_BLOCK_SIZE) { + int ret; + #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords64(sha384->buffer, sha384->buffer, SHA384_BLOCK_SIZE); #endif - Transform384(sha384); + ret = Transform384(sha384); + if (ret != 0) + return ret; + AddLength384(sha384, SHA384_BLOCK_SIZE); sha384->buffLen = 0; } @@ -375,6 +423,7 @@ int Sha384Update(Sha384* sha384, const byte* data, word32 len) int Sha384Final(Sha384* sha384, byte* hash) { byte* local = (byte*)sha384->buffer; + int ret; AddLength384(sha384, sha384->buffLen); /* before adding pads */ @@ -388,7 +437,10 @@ int Sha384Final(Sha384* sha384, byte* hash) #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords64(sha384->buffer,sha384->buffer,SHA384_BLOCK_SIZE); #endif - Transform384(sha384); + ret = Transform384(sha384); + if (ret != 0) + return ret; + sha384->buffLen = 0; } XMEMSET(&local[sha384->buffLen], 0, SHA384_PAD_SIZE - sha384->buffLen); @@ -406,7 +458,10 @@ int Sha384Final(Sha384* sha384, byte* hash) sha384->buffer[SHA384_BLOCK_SIZE / sizeof(word64) - 2] = sha384->hiLen; sha384->buffer[SHA384_BLOCK_SIZE / sizeof(word64) - 1] = sha384->loLen; - Transform384(sha384); + ret = Transform384(sha384); + if (ret != 0) + return ret; + #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords64(sha384->digest, sha384->digest, SHA384_DIGEST_SIZE); #endif diff --git a/ctaocrypt/src/tfm.c b/ctaocrypt/src/tfm.c index 2fa280e9c..5fb6b2efc 100644 --- a/ctaocrypt/src/tfm.c +++ b/ctaocrypt/src/tfm.c @@ -1,6 +1,6 @@ /* tfm.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -95,7 +95,7 @@ void s_fp_add(fp_int *a, fp_int *b, fp_int *c) register fp_word t; y = MAX(a->used, b->used); - oldused = c->used; + oldused = MAX(c->used, FP_SIZE); /* help static analysis w/ max size */ c->used = y; t = 0; diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 57419e11f..e19675bd9 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1,6 +1,6 @@ /* test.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -919,15 +919,23 @@ int blake2b_test(void) Blake2b b2b; byte digest[64]; byte input[64]; - int i; + int i, ret; for (i = 0; i < (int)sizeof(input); i++) input[i] = (byte)i; for (i = 0; i < BLAKE2_TESTS; i++) { - InitBlake2b(&b2b, 64); - Blake2bUpdate(&b2b, input, i); - Blake2bFinal(&b2b, digest, 64); + ret = InitBlake2b(&b2b, 64); + if (ret != 0) + return -4002; + + ret = Blake2bUpdate(&b2b, input, i); + if (ret != 0) + return -4003; + + ret = Blake2bFinal(&b2b, digest, 64); + if (ret != 0) + return -4004; if (memcmp(digest, blake2b_vec[i], 64) != 0) { return -300 - i; @@ -969,11 +977,15 @@ int sha256_test(void) ret = InitSha256(&sha); if (ret != 0) - return -4003; + return -4005; for (i = 0; i < times; ++i) { - Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); - Sha256Final(&sha, hash); + ret = Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); + if (ret != 0) + return -4006; + ret = Sha256Final(&sha, hash); + if (ret != 0) + return -4007; if (memcmp(hash, test_sha[i].output, SHA256_DIGEST_SIZE) != 0) return -10 - i; @@ -1022,8 +1034,13 @@ int sha512_test(void) return -4009; for (i = 0; i < times; ++i) { - Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); - Sha512Final(&sha, hash); + ret = Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); + if (ret != 0) + return -4010; + + ret = Sha512Final(&sha, hash); + if (ret != 0) + return -4011; if (memcmp(hash, test_sha[i].output, SHA512_DIGEST_SIZE) != 0) return -10 - i; @@ -1067,11 +1084,16 @@ int sha384_test(void) ret = InitSha384(&sha); if (ret != 0) - return -4010; + return -4012; for (i = 0; i < times; ++i) { - Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); - Sha384Final(&sha, hash); + ret = Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); + if (ret != 0) + return -4013; + + ret = Sha384Final(&sha, hash); + if (ret != 0) + return -4014; if (memcmp(hash, test_sha[i].output, SHA384_DIGEST_SIZE) != 0) return -10 - i; @@ -1135,10 +1157,14 @@ int hmac_md5_test(void) #endif ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4011; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4015; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4016; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4017; if (memcmp(hash, test_hmac[i].output, MD5_DIGEST_SIZE) != 0) return -20 - i; @@ -1206,10 +1232,14 @@ int hmac_sha_test(void) #endif ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4012; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4018; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4019; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4020; if (memcmp(hash, test_hmac[i].output, SHA_DIGEST_SIZE) != 0) return -20 - i; @@ -1281,10 +1311,14 @@ int hmac_sha256_test(void) #endif ret = HmacSetKey(&hmac, SHA256, (byte*)keys[i],(word32)strlen(keys[i])); if (ret != 0) - return -4013; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4021; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4022; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4023; if (memcmp(hash, test_hmac[i].output, SHA256_DIGEST_SIZE) != 0) return -20 - i; @@ -1357,10 +1391,14 @@ int hmac_blake2b_test(void) ret = HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4014; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4024; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4025; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4026; if (memcmp(hash, test_hmac[i].output, BLAKE2B_256) != 0) return -20 - i; @@ -1429,10 +1467,14 @@ int hmac_sha384_test(void) for (i = 0; i < times; ++i) { ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i])); if (ret != 0) - return -4015; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4027; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4028; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4029; if (memcmp(hash, test_hmac[i].output, SHA384_DIGEST_SIZE) != 0) return -20 - i; @@ -1501,10 +1543,14 @@ int hmac_sha512_test(void) for (i = 0; i < times; ++i) { ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i])); if (ret != 0) - return -4016; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4030; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4031; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4032; if (memcmp(hash, test_hmac[i].output, SHA512_DIGEST_SIZE) != 0) return -20 - i; @@ -2476,8 +2522,9 @@ int camellia_test(void) testsSz = sizeof(testVectors)/sizeof(test_vector_t); for (i = 0; i < testsSz; i++) { - CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz, - testVectors[i].iv); + if (CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz, + testVectors[i].iv) != 0) + return testVectors[i].errorCode; switch (testVectors[i].type) { case CAM_ECB_ENC: @@ -2547,7 +2594,8 @@ int random_test(void) ret = InitRng(&rng); if (ret != 0) return -39; - RNG_GenerateBlock(&rng, block, sizeof(block)); + ret = RNG_GenerateBlock(&rng, block, sizeof(block)); + if (ret != 0) return -40; return 0; } @@ -2561,21 +2609,14 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) { static RNG rng; - if (cmd == INIT) { - int ret = InitRng(&rng); - if (ret == 0) - return 1; - else - return 0; - } + if (cmd == INIT) + return (InitRng(&rng) == 0) ? 1 : 0; if (out == NULL) return 0; - if (cmd == GET_BYTE_OF_ENTROPY) { - RNG_GenerateBlock(&rng, out, 1); - return 1; - } + if (cmd == GET_BYTE_OF_ENTROPY) + return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0; if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) { *out = 1; @@ -2751,44 +2792,87 @@ int rsa_test(void) FILE* pemFile; ret = InitRsaKey(&genKey, 0); - if (ret != 0) return -300; + if (ret != 0) + return -300; ret = MakeRsaKey(&genKey, 1024, 65537, &rng); if (ret != 0) return -301; der = (byte*)malloc(FOURK_BUF); - if (der == NULL) + if (der == NULL) { + FreeRsaKey(&genKey); return -307; + } pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(der); + FreeRsaKey(&genKey); return -308; + } derSz = RsaKeyToDer(&genKey, der, FOURK_BUF); - if (derSz < 0) + if (derSz < 0) { + free(der); + free(pem); return -302; + } keyFile = fopen("./key.der", "wb"); - if (!keyFile) + if (!keyFile) { + free(der); + free(pem); + FreeRsaKey(&genKey); return -303; - ret = (int)fwrite(der, derSz, 1, keyFile); + } + ret = (int)fwrite(der, 1, derSz, keyFile); fclose(keyFile); + if (ret != derSz) { + free(der); + free(pem); + FreeRsaKey(&genKey); + return -313; + } pemSz = DerToPem(der, derSz, pem, FOURK_BUF, PRIVATEKEY_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(der); + free(pem); + FreeRsaKey(&genKey); return -304; + } pemFile = fopen("./key.pem", "wb"); - if (!pemFile) + if (!pemFile) { + free(der); + free(pem); + FreeRsaKey(&genKey); return -305; - ret = (int)fwrite(pem, pemSz, 1, pemFile); + } + ret = (int)fwrite(pem, 1, pemSz, pemFile); fclose(pemFile); + if (ret != pemSz) { + free(der); + free(pem); + FreeRsaKey(&genKey); + return -314; + } ret = InitRsaKey(&derIn, 0); - if (ret != 0) return -3060; + if (ret != 0) { + free(der); + free(pem); + FreeRsaKey(&genKey); + return -3060; + } idx = 0; ret = RsaPrivateKeyDecode(der, &idx, &derIn, derSz); - if (ret != 0) + if (ret != 0) { + free(der); + free(pem); + FreeRsaKey(&derIn); + FreeRsaKey(&genKey); return -306; + } FreeRsaKey(&derIn); FreeRsaKey(&genKey); @@ -2816,8 +2900,10 @@ int rsa_test(void) if (derCert == NULL) return -309; pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(derCert); return -310; + } InitCert(&myCert); @@ -2832,31 +2918,56 @@ int rsa_test(void) myCert.sigType = CTC_SHA256wRSA; certSz = MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, &rng); - if (certSz < 0) + if (certSz < 0) { + free(derCert); + free(pem); return -401; + } #ifdef CYASSL_TEST_CERT InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) + if (ret != 0) { + free(derCert); + free(pem); return -402; + } FreeDecodedCert(&decode); #endif derFile = fopen("./cert.der", "wb"); - if (!derFile) + if (!derFile) { + free(derCert); + free(pem); return -403; - ret = (int)fwrite(derCert, certSz, 1, derFile); + } + ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); + if (ret != certSz) { + free(derCert); + free(pem); + return -414; + } pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(derCert); + free(pem); return -404; + } pemFile = fopen("./cert.pem", "wb"); - if (!pemFile) + if (!pemFile) { + free(derCert); + free(pem); return -405; - ret = (int)fwrite(pem, pemSz, 1, pemFile); + } + ret = (int)fwrite(pem, 1, pemSz, pemFile); fclose(pemFile); + if (ret != pemSz) { + free(derCert); + free(pem); + return -406; + } free(pem); free(derCert); } @@ -2881,21 +2992,35 @@ int rsa_test(void) if (derCert == NULL) return -311; pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(derCert); return -312; + } file3 = fopen(caKeyFile, "rb"); - if (!file3) + if (!file3) { + free(derCert); + free(pem); return -412; + } bytes3 = fread(tmp, 1, FOURK_BUF, file3); fclose(file3); ret = InitRsaKey(&caKey, 0); - if (ret != 0) return -411; + if (ret != 0) { + free(derCert); + free(pem); + return -411; + } ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) return -413; + if (ret != 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); + return -413; + } InitCert(&myCert); @@ -2908,41 +3033,81 @@ int rsa_test(void) strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE); ret = SetIssuer(&myCert, caCertFile); - if (ret < 0) + if (ret < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -405; + } certSz = MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng); - if (certSz < 0) + if (certSz < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -407; + } certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, &caKey, NULL, &rng); - if (certSz < 0) + if (certSz < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -408; + } #ifdef CYASSL_TEST_CERT InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) + if (ret != 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -409; + } FreeDecodedCert(&decode); #endif derFile = fopen("./othercert.der", "wb"); - if (!derFile) + if (!derFile) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -410; - ret = (int)fwrite(derCert, certSz, 1, derFile); + } + ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); + if (ret != certSz) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); + return -416; + } pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -411; + } pemFile = fopen("./othercert.pem", "wb"); - if (!pemFile) + if (!pemFile) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -412; - ret = (int)fwrite(pem, pemSz, 1, pemFile); + } + ret = (int)fwrite(pem, 1, pemSz, pemFile); + if (ret != pemSz) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); + return -415; + } fclose(pemFile); free(pem); free(derCert); @@ -2961,7 +3126,7 @@ int rsa_test(void) int pemSz; size_t bytes3; word32 idx3 = 0; - FILE* file3 ; + FILE* file3; #ifdef CYASSL_TEST_CERT DecodedCert decode; #endif @@ -2970,20 +3135,29 @@ int rsa_test(void) if (derCert == NULL) return -5311; pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(derCert); return -5312; + } file3 = fopen(eccCaKeyFile, "rb"); - if (!file3) + if (!file3) { + free(derCert); + free(pem); return -5412; + } bytes3 = fread(tmp, 1, FOURK_BUF, file3); fclose(file3); ecc_init(&caKey); ret = EccPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) return -5413; + if (ret != 0) { + free(derCert); + free(pem); + return -5413; + } InitCert(&myCert); myCert.sigType = CTC_SHA256wECDSA; @@ -2997,40 +3171,80 @@ int rsa_test(void) strncpy(myCert.subject.email, "info@wolfssl.com", CTC_NAME_SIZE); ret = SetIssuer(&myCert, eccCaCertFile); - if (ret < 0) + if (ret < 0) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5405; + } certSz = MakeCert(&myCert, derCert, FOURK_BUF, NULL, &caKey, &rng); - if (certSz < 0) + if (certSz < 0) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5407; + } certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, NULL, &caKey, &rng); - if (certSz < 0) + if (certSz < 0) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5408; + } #ifdef CYASSL_TEST_CERT InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) + if (ret != 0) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5409; + } FreeDecodedCert(&decode); #endif derFile = fopen("./certecc.der", "wb"); - if (!derFile) + if (!derFile) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5410; - ret = (int)fwrite(derCert, certSz, 1, derFile); + } + ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); + if (ret != certSz) { + free(pem); + free(derCert); + ecc_free(&caKey); + return -5414; + } pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5411; + } pemFile = fopen("./certecc.pem", "wb"); - if (!pemFile) + if (!pemFile) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5412; - ret = (int)fwrite(pem, pemSz, 1, pemFile); + } + ret = (int)fwrite(pem, 1, pemSz, pemFile); + if (ret != pemSz) { + free(pem); + free(derCert); + ecc_free(&caKey); + return -5415; + } fclose(pemFile); free(pem); free(derCert); @@ -3049,8 +3263,7 @@ int rsa_test(void) FILE* ntruPrivFile; int certSz; int pemSz; - size_t bytes; - word32 idx = 0; + word32 idx3; #ifdef CYASSL_TEST_CERT DecodedCert decode; #endif @@ -3058,8 +3271,10 @@ int rsa_test(void) if (derCert == NULL) return -311; pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(derCert); return -312; + } byte public_key[557]; /* sized for EES401EP2 */ word16 public_key_len; /* no. of octets in public key */ @@ -3071,33 +3286,53 @@ int rsa_test(void) }; word32 rc = crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), GetEntropy, &drbg); - if (rc != DRBG_OK) + if (rc != DRBG_OK) { + free(derCert); + free(pem); return -450; + } rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, NULL, &private_key_len, NULL); - if (rc != NTRU_OK) + if (rc != NTRU_OK) { + free(derCert); + free(pem); return -451; + } rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, public_key, &private_key_len, private_key); crypto_drbg_uninstantiate(drbg); - if (rc != NTRU_OK) + if (rc != NTRU_OK) { + free(derCert); + free(pem); return -452; + } caFile = fopen(caKeyFile, "rb"); - if (!caFile) + if (!caFile) { + free(derCert); + free(pem); return -453; + } bytes = fread(tmp, 1, FOURK_BUF, caFile); fclose(caFile); ret = InitRsaKey(&caKey, 0); - if (ret != 0) return -459; - ret = RsaPrivateKeyDecode(tmp, &idx, &caKey, (word32)bytes); - if (ret != 0) return -454; + if (ret != 0) { + free(derCert); + free(pem); + return -459; + } + ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); + if (ret != 0) { + free(derCert); + free(pem); + return -454; + } InitCert(&myCert); @@ -3110,51 +3345,92 @@ int rsa_test(void) strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE); ret = SetIssuer(&myCert, caCertFile); - if (ret < 0) + if (ret < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -455; + } certSz = MakeNtruCert(&myCert, derCert, FOURK_BUF, public_key, public_key_len, &rng); - if (certSz < 0) + if (certSz < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -456; + } certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, &caKey, NULL, &rng); - if (certSz < 0) + FreeRsaKey(&caKey); + if (certSz < 0) { + free(derCert); + free(pem); return -457; + } #ifdef CYASSL_TEST_CERT InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) + if (ret != 0) { + free(derCert); + free(pem); return -458; + } FreeDecodedCert(&decode); #endif derFile = fopen("./ntru-cert.der", "wb"); - if (!derFile) + if (!derFile) { + free(derCert); + free(pem); return -459; - ret = fwrite(derCert, certSz, 1, derFile); + } + ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); + if (ret != certSz) { + free(derCert); + free(pem); + return -473; + } pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(derCert); + free(pem); return -460; + } pemFile = fopen("./ntru-cert.pem", "wb"); - if (!pemFile) + if (!pemFile) { + free(derCert); + free(pem); return -461; - ret = fwrite(pem, pemSz, 1, pemFile); + } + ret = (int)fwrite(pem, 1, pemSz, pemFile); fclose(pemFile); + if (ret != pemSz) { + free(derCert); + free(pem); + return -474; + } ntruPrivFile = fopen("./ntru-key.raw", "wb"); - if (!ntruPrivFile) + if (!ntruPrivFile) { + free(derCert); + free(pem); return -462; - ret = fwrite(private_key, private_key_len, 1, ntruPrivFile); + } + ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile); fclose(ntruPrivFile); + if (ret != private_key_len) { + free(pem); + free(derCert); + return -475; + } free(pem); free(derCert); - FreeRsaKey(&caKey); } #endif /* HAVE_NTRU */ #ifdef CYASSL_CERT_REQ @@ -3170,8 +3446,10 @@ int rsa_test(void) if (der == NULL) return -463; pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(der); return -464; + } InitCert(&req); @@ -3188,30 +3466,55 @@ int rsa_test(void) req.sigType = CTC_SHA256wRSA; derSz = MakeCertReq(&req, der, FOURK_BUF, &key, NULL); - if (derSz < 0) + if (derSz < 0) { + free(pem); + free(der); return -465; + } derSz = SignCert(req.bodySz, req.sigType, der, FOURK_BUF, &key, NULL, &rng); - if (derSz < 0) + if (derSz < 0) { + free(pem); + free(der); return -466; + } pemSz = DerToPem(der, derSz, pem, FOURK_BUF, CERTREQ_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(pem); + free(der); return -467; + } reqFile = fopen("./certreq.der", "wb"); - if (!reqFile) + if (!reqFile) { + free(pem); + free(der); return -468; + } - ret = (int)fwrite(der, derSz, 1, reqFile); + ret = (int)fwrite(der, 1, derSz, reqFile); fclose(reqFile); + if (ret != derSz) { + free(pem); + free(der); + return -471; + } reqFile = fopen("./certreq.pem", "wb"); - if (!reqFile) + if (!reqFile) { + free(pem); + free(der); return -469; - ret = (int)fwrite(pem, pemSz, 1, reqFile); + } + ret = (int)fwrite(pem, 1, pemSz, reqFile); fclose(reqFile); + if (ret != pemSz) { + free(pem); + free(der); + return -470; + } free(pem); free(der); @@ -3664,8 +3967,10 @@ int pbkdf2_test(void) }; - PBKDF2(derived, (byte*)passwd, (int)strlen(passwd), salt, 8, iterations, - kLen, SHA); + int ret = PBKDF2(derived, (byte*)passwd, (int)strlen(passwd), salt, 8, + iterations, kLen, SHA); + if (ret != 0) + return ret; if (memcmp(derived, verify, sizeof(verify)) != 0) return -102; @@ -3812,6 +4117,10 @@ int ecc_test(void) ecc_init(&pubKey); ret = ecc_make_key(&rng, 32, &userA); + + if (ret != 0) + return -1014; + ret = ecc_make_key(&rng, 32, &userB); if (ret != 0) @@ -3820,6 +4129,9 @@ int ecc_test(void) x = sizeof(sharedA); ret = ecc_shared_secret(&userA, &userB, sharedA, &x); + if (ret != 0) + return -1015; + y = sizeof(sharedB); ret = ecc_shared_secret(&userB, &userA, sharedB, &y); @@ -3858,6 +4170,9 @@ int ecc_test(void) x = sizeof(sig); ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA); + if (ret != 0) + return -1016; + verify = 0; ret = ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &userA); @@ -4157,21 +4472,29 @@ int pkcs7enveloped_test(void) return -201; privKey = (byte*)malloc(FOURK_BUF); - if (privKey == NULL) + if (privKey == NULL) { + free(cert); return -202; + } certFile = fopen(clientCert, "rb"); - if (!certFile) + if (!certFile) { + free(cert); + free(privKey); err_sys("can't open ./certs/client-cert.der, " "Please run from CyaSSL home dir", -42); + } certSz = fread(cert, 1, FOURK_BUF, certFile); fclose(certFile); keyFile = fopen(clientKey, "rb"); - if (!keyFile) + if (!keyFile) { + free(cert); + free(privKey); err_sys("can't open ./certs/client-key.der, " "Please run from CyaSSL home dir", -43); + } privKeySz = fread(privKey, 1, FOURK_BUF, keyFile); fclose(keyFile); @@ -4187,24 +4510,35 @@ int pkcs7enveloped_test(void) /* encode envelopedData */ envelopedSz = PKCS7_EncodeEnvelopedData(&pkcs7, enveloped, sizeof(enveloped)); - if (envelopedSz <= 0) + if (envelopedSz <= 0) { + free(cert); + free(privKey); return -203; + } /* decode envelopedData */ decodedSz = PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz, decoded, sizeof(decoded)); - if (decodedSz <= 0) + if (decodedSz <= 0) { + free(cert); + free(privKey); return -204; + } /* test decode result */ if (memcmp(decoded, data, sizeof(data)) != 0) { + free(cert); + free(privKey); return -205; } /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(pkcs7OutFile, "wb"); - if (!pkcs7File) + if (!pkcs7File) { + free(cert); + free(privKey); return -206; + } ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File); fclose(pkcs7File); @@ -4259,15 +4593,19 @@ int pkcs7signed_test(void) outSz = FOURK_BUF; certDer = (byte*)malloc(FOURK_BUF); - keyDer = (byte*)malloc(FOURK_BUF); - out = (byte*)malloc(FOURK_BUF); - if (certDer == NULL) return -207; - if (keyDer == NULL) + keyDer = (byte*)malloc(FOURK_BUF); + if (keyDer == NULL) { + free(certDer); return -208; - if (out == NULL) + } + out = (byte*)malloc(FOURK_BUF); + if (out == NULL) { + free(certDer); + free(keyDer); return -209; + } /* read in DER cert of recipient, into cert of size certSz */ file = fopen(clientCert, "rb"); @@ -4293,9 +4631,23 @@ int pkcs7signed_test(void) fclose(file); ret = InitRng(&rng); + if (ret != 0) { + free(certDer); + free(keyDer); + free(out); + return -210; + } + senderNonce[0] = 0x04; senderNonce[1] = PKCS7_NONCE_SZ; - RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); + + ret = RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); + if (ret != 0) { + free(certDer); + free(keyDer); + free(out); + return -211; + } PKCS7_InitWithCert(&msg, certDer, certDerSz); msg.privateKey = keyDer; @@ -4316,8 +4668,12 @@ int pkcs7signed_test(void) transId[1] = SHA_DIGEST_SIZE * 2; ret = InitSha(&sha); - if (ret != 0) + if (ret != 0) { + free(certDer); + free(keyDer); + free(out); return -4003; + } ShaUpdate(&sha, msg.publicKey, msg.publicKeySz); ShaFinal(&sha, digest); @@ -4331,7 +4687,7 @@ int pkcs7signed_test(void) free(keyDer); free(out); PKCS7_Free(&msg); - return -210; + return -212; } else outSz = ret; @@ -4343,10 +4699,17 @@ int pkcs7signed_test(void) free(keyDer); free(out); PKCS7_Free(&msg); - return -211; + return -213; } ret = (int)fwrite(out, 1, outSz, file); fclose(file); + if (ret != (int)outSz) { + free(certDer); + free(keyDer); + free(out); + PKCS7_Free(&msg); + return -218; + } PKCS7_Free(&msg); PKCS7_InitWithCert(&msg, NULL, 0); @@ -4357,7 +4720,7 @@ int pkcs7signed_test(void) free(keyDer); free(out); PKCS7_Free(&msg); - return -212; + return -214; } if (msg.singleCert == NULL || msg.singleCertSz == 0) { @@ -4365,7 +4728,7 @@ int pkcs7signed_test(void) free(keyDer); free(out); PKCS7_Free(&msg); - return -213; + return -215; } file = fopen("./pkcs7cert.der", "wb"); @@ -4374,7 +4737,7 @@ int pkcs7signed_test(void) free(keyDer); free(out); PKCS7_Free(&msg); - return -214; + return -216; } ret = (int)fwrite(msg.singleCert, 1, msg.singleCertSz, file); fclose(file); diff --git a/ctaocrypt/test/test.h b/ctaocrypt/test/test.h index 17e8e90b6..2310ed516 100644 --- a/ctaocrypt/test/test.h +++ b/ctaocrypt/test/test.h @@ -1,6 +1,6 @@ /* ctaocrypt/test/test.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #pragma once diff --git a/cyassl/callbacks.h b/cyassl/callbacks.h index 7f0676cd6..3dacc5729 100644 --- a/cyassl/callbacks.h +++ b/cyassl/callbacks.h @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/crl.h b/cyassl/crl.h index 62a35ffec..c3dbfd7c1 100644 --- a/cyassl/crl.h +++ b/cyassl/crl.h @@ -1,6 +1,6 @@ /* crl.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index 0d06675ae..c36dfd5f5 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/arc4.h b/cyassl/ctaocrypt/arc4.h index 2654aaaaa..e205c50d8 100644 --- a/cyassl/ctaocrypt/arc4.h +++ b/cyassl/ctaocrypt/arc4.h @@ -1,6 +1,6 @@ /* arc4.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index fe961afdb..239c07491 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -1,6 +1,6 @@ /* asn.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifndef NO_ASN @@ -64,7 +64,9 @@ enum ASN_Tags { ASN_SET = 0x11, ASN_UTC_TIME = 0x17, ASN_OTHER_TYPE = 0x00, + ASN_RFC822_TYPE = 0x01, ASN_DNS_TYPE = 0x02, + ASN_DIR_TYPE = 0x04, ASN_GENERALIZED_TIME = 0x18, CRL_EXTENSIONS = 0xa0, ASN_EXTENSIONS = 0xa3, @@ -219,6 +221,7 @@ enum Extensions_Sum { KEY_USAGE_OID = 129, /* 2.5.29.15 */ INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ + NAME_CONS_OID = 144 /* 2.5.29.30 */ }; enum CertificatePolicy_Sum { @@ -272,6 +275,16 @@ struct DNS_entry { }; +typedef struct Base_entry Base_entry; + +struct Base_entry { + Base_entry* next; /* next on name base list */ + char* name; /* actual name base */ + int nameSz; /* name length */ + byte type; /* Name base type (DNS or RFC822) */ +}; + + struct DecodedName { char* fullName; int fullNameLen; @@ -315,6 +328,11 @@ struct DecodedCert { word32 keyOID; /* sum of key algo object id */ int version; /* cert version, 1 or 3 */ DNS_entry* altNames; /* alt names list of dns entries */ +#ifndef IGNORE_NAME_CONSTRAINTS + DNS_entry* altEmailNames; /* alt names list of RFC822 entries */ + Base_entry* permittedNames; /* Permitted name bases */ + Base_entry* excludedNames; /* Excluded name bases */ +#endif /* IGNORE_NAME_CONSTRAINTS */ byte subjectHash[SHA_SIZE]; /* hash of all Names */ byte issuerHash[SHA_SIZE]; /* hash of all Names */ #ifdef HAVE_OCSP @@ -344,6 +362,9 @@ struct DecodedCert { byte extSubjKeyIdSet; /* Set when the SKID was read from cert */ byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */ byte extAuthKeyIdSet; /* Set when the AKID was read from cert */ +#ifndef IGNORE_NAME_CONSTRAINTS + byte extNameConstraintSet; +#endif /* IGNORE_NAME_CONSTRAINTS */ byte isCA; /* CA basic constraint true */ byte extKeyUsageSet; word16 extKeyUsage; /* Key usage bitfield */ @@ -357,6 +378,9 @@ struct DecodedCert { byte extSubjAltNameSet; byte extSubjAltNameCrit; byte extAuthKeyIdCrit; +#ifndef IGNORE_NAME_CONSTRAINTS + byte extNameConstraintCrit; +#endif /* IGNORE_NAME_CONSTRAINTS */ byte extSubjKeyIdCrit; byte extKeyUsageCrit; byte extExtKeyUsageCrit; @@ -379,6 +403,10 @@ struct DecodedCert { byte* issuerRaw; /* pointer to issuer inside source */ int issuerRawLen; #endif +#ifndef IGNORE_NAME_CONSTRAINT + byte* subjectRaw; /* pointer to subject inside source */ + int subjectRawLen; +#endif #if defined(CYASSL_CERT_GEN) /* easy access to subject info for other sign */ char* subjectSN; @@ -426,9 +454,14 @@ struct DecodedCert { struct Signer { word32 pubKeySize; word32 keyOID; /* key type */ + word16 keyUsage; byte* publicKey; int nameLen; char* name; /* common name */ +#ifndef IGNORE_NAME_CONSTRAINTS + Base_entry* permittedNames; + Base_entry* excludedNames; +#endif /* IGNORE_NAME_CONSTRAINTS */ byte subjectNameHash[SIGNER_DIGEST_SIZE]; /* sha hash of names in certificate */ #ifndef NO_SKID @@ -447,6 +480,9 @@ struct Signer { #endif CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*); +#ifndef IGNORE_NAME_CONSTRAINTS + CYASSL_TEST_API void FreeNameSubtrees(Base_entry*, void*); +#endif /* IGNORE_NAME_CONSTRAINTS */ CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); CYASSL_TEST_API void FreeDecodedCert(DecodedCert*); CYASSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm); diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index 24c6a79e5..3ad601709 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -1,6 +1,6 @@ /* asn_public.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/blake2-impl.h b/cyassl/ctaocrypt/blake2-impl.h index 6acb62878..d82bffc64 100644 --- a/cyassl/ctaocrypt/blake2-impl.h +++ b/cyassl/ctaocrypt/blake2-impl.h @@ -12,7 +12,7 @@ */ /* blake2-impl.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -28,7 +28,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/blake2-int.h b/cyassl/ctaocrypt/blake2-int.h index c4be83a5f..ba5cc7745 100644 --- a/cyassl/ctaocrypt/blake2-int.h +++ b/cyassl/ctaocrypt/blake2-int.h @@ -12,7 +12,7 @@ */ /* blake2-int.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -28,7 +28,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/blake2.h b/cyassl/ctaocrypt/blake2.h index 381471a9c..ba5ec6fd6 100644 --- a/cyassl/ctaocrypt/blake2.h +++ b/cyassl/ctaocrypt/blake2.h @@ -1,6 +1,6 @@ /* blake2.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/camellia.h b/cyassl/ctaocrypt/camellia.h index 32219cbf1..aec9ecf69 100644 --- a/cyassl/ctaocrypt/camellia.h +++ b/cyassl/ctaocrypt/camellia.h @@ -27,7 +27,7 @@ /* camellia.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -43,7 +43,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CAMELLIA diff --git a/cyassl/ctaocrypt/coding.h b/cyassl/ctaocrypt/coding.h index 9a0f11d65..303565fd9 100644 --- a/cyassl/ctaocrypt/coding.h +++ b/cyassl/ctaocrypt/coding.h @@ -1,6 +1,6 @@ /* coding.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/compress.h b/cyassl/ctaocrypt/compress.h index 60ebed7fd..ecf162204 100644 --- a/cyassl/ctaocrypt/compress.h +++ b/cyassl/ctaocrypt/compress.h @@ -1,6 +1,6 @@ /* compress.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index cc704b252..5a95851d6 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -1,6 +1,6 @@ /* des3.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/dh.h b/cyassl/ctaocrypt/dh.h index 35f5a481c..f700e3332 100644 --- a/cyassl/ctaocrypt/dh.h +++ b/cyassl/ctaocrypt/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/dsa.h b/cyassl/ctaocrypt/dsa.h index b8cc026a4..8bfc32152 100644 --- a/cyassl/ctaocrypt/dsa.h +++ b/cyassl/ctaocrypt/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/ecc.h b/cyassl/ctaocrypt/ecc.h index 5cd5b2cf3..0c44a4f0a 100644 --- a/cyassl/ctaocrypt/ecc.h +++ b/cyassl/ctaocrypt/ecc.h @@ -1,6 +1,6 @@ /* ecc.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_ECC diff --git a/cyassl/ctaocrypt/error-crypt.h b/cyassl/ctaocrypt/error-crypt.h index 859c3451a..113d2d73a 100644 --- a/cyassl/ctaocrypt/error-crypt.h +++ b/cyassl/ctaocrypt/error-crypt.h @@ -1,6 +1,6 @@ /* error-crypt.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -123,6 +123,7 @@ enum { PKCS7_OID_E = -195, /* PKCS#7, mismatched OID error */ PKCS7_RECIP_E = -196, /* PKCS#7, recipient error */ FIPS_NOT_ALLOWED_E = -197, /* FIPS not allowed error */ + ASN_NAME_INVALID_E = -198, /* ASN name constraint error */ MIN_CODE_E = -200 /* errors -101 - -199 */ }; diff --git a/cyassl/ctaocrypt/fips_test.h b/cyassl/ctaocrypt/fips_test.h index e4f1e6751..2015927cd 100644 --- a/cyassl/ctaocrypt/fips_test.h +++ b/cyassl/ctaocrypt/fips_test.h @@ -1,6 +1,6 @@ /* fips_test.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/hc128.h b/cyassl/ctaocrypt/hc128.h index cdd70291a..766a79b2e 100644 --- a/cyassl/ctaocrypt/hc128.h +++ b/cyassl/ctaocrypt/hc128.h @@ -1,6 +1,6 @@ /* hc128.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/hmac.h b/cyassl/ctaocrypt/hmac.h index 859ec7b68..68627efcd 100644 --- a/cyassl/ctaocrypt/hmac.h +++ b/cyassl/ctaocrypt/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/integer.h b/cyassl/ctaocrypt/integer.h index 707eff7bf..8f20f901b 100644 --- a/cyassl/ctaocrypt/integer.h +++ b/cyassl/ctaocrypt/integer.h @@ -1,6 +1,6 @@ /* integer.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* diff --git a/cyassl/ctaocrypt/logging.h b/cyassl/ctaocrypt/logging.h index 12fbd8238..a361e8cca 100644 --- a/cyassl/ctaocrypt/logging.h +++ b/cyassl/ctaocrypt/logging.h @@ -1,6 +1,6 @@ /* logging.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* submitted by eof */ diff --git a/cyassl/ctaocrypt/md2.h b/cyassl/ctaocrypt/md2.h index ea67d8912..0b99c43ba 100644 --- a/cyassl/ctaocrypt/md2.h +++ b/cyassl/ctaocrypt/md2.h @@ -1,6 +1,6 @@ /* md2.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/md4.h b/cyassl/ctaocrypt/md4.h index 1a581aacb..eb5ebb5a4 100644 --- a/cyassl/ctaocrypt/md4.h +++ b/cyassl/ctaocrypt/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/md5.h b/cyassl/ctaocrypt/md5.h index b669998e3..418d7b14d 100644 --- a/cyassl/ctaocrypt/md5.h +++ b/cyassl/ctaocrypt/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifndef NO_MD5 diff --git a/cyassl/ctaocrypt/memory.h b/cyassl/ctaocrypt/memory.h index 9646c106f..20e98a392 100644 --- a/cyassl/ctaocrypt/memory.h +++ b/cyassl/ctaocrypt/memory.h @@ -1,6 +1,6 @@ /* memory.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* submitted by eof */ diff --git a/cyassl/ctaocrypt/misc.h b/cyassl/ctaocrypt/misc.h index 1740e1ab7..c55f50bd0 100644 --- a/cyassl/ctaocrypt/misc.h +++ b/cyassl/ctaocrypt/misc.h @@ -1,6 +1,6 @@ /* misc.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/mpi_class.h b/cyassl/ctaocrypt/mpi_class.h index d27ea2371..50ad757f3 100644 --- a/cyassl/ctaocrypt/mpi_class.h +++ b/cyassl/ctaocrypt/mpi_class.h @@ -1,6 +1,6 @@ /* mpi_class.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/mpi_superclass.h b/cyassl/ctaocrypt/mpi_superclass.h index a6cc2608d..06a05f542 100644 --- a/cyassl/ctaocrypt/mpi_superclass.h +++ b/cyassl/ctaocrypt/mpi_superclass.h @@ -1,6 +1,6 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/pkcs7.h b/cyassl/ctaocrypt/pkcs7.h index b4313f399..63ae2a54c 100644 --- a/cyassl/ctaocrypt/pkcs7.h +++ b/cyassl/ctaocrypt/pkcs7.h @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/port.h b/cyassl/ctaocrypt/port.h index fd07b206e..9f8a46d80 100644 --- a/cyassl/ctaocrypt/port.h +++ b/cyassl/ctaocrypt/port.h @@ -1,6 +1,6 @@ /* port.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h b/cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h index e52b7d584..0841ba980 100644 --- a/cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h +++ b/cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h @@ -1,6 +1,6 @@ /* pic32mz-crypt.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifndef PIC32MZ_CRYPT_H diff --git a/cyassl/ctaocrypt/pwdbased.h b/cyassl/ctaocrypt/pwdbased.h index 4e85f0ee5..04ea330a8 100644 --- a/cyassl/ctaocrypt/pwdbased.h +++ b/cyassl/ctaocrypt/pwdbased.h @@ -1,6 +1,6 @@ /* pwdbased.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/rabbit.h b/cyassl/ctaocrypt/rabbit.h index 97bca779b..08da26c83 100644 --- a/cyassl/ctaocrypt/rabbit.h +++ b/cyassl/ctaocrypt/rabbit.h @@ -1,6 +1,6 @@ /* rabbit.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/random.h b/cyassl/ctaocrypt/random.h index 00be9d163..c41f4ae6c 100644 --- a/cyassl/ctaocrypt/random.h +++ b/cyassl/ctaocrypt/random.h @@ -1,6 +1,6 @@ /* random.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -87,7 +87,7 @@ typedef struct RNG { #else /* NO_RC4 */ -#define DBRG_SEED_LEN (440/8) +#define DRBG_SEED_LEN (440/8) /* secure Random Nnumber Generator */ @@ -96,16 +96,16 @@ typedef struct RNG { Sha256 sha; byte digest[SHA256_DIGEST_SIZE]; - byte V[DBRG_SEED_LEN]; - byte C[DBRG_SEED_LEN]; - word64 reseed_ctr; + byte V[DRBG_SEED_LEN]; + byte C[DRBG_SEED_LEN]; + word32 reseedCtr; } RNG; #endif CYASSL_API int InitRng(RNG*); -CYASSL_API void RNG_GenerateBlock(RNG*, byte*, word32 sz); -CYASSL_API byte RNG_GenerateByte(RNG*); +CYASSL_API int RNG_GenerateBlock(RNG*, byte*, word32 sz); +CYASSL_API int RNG_GenerateByte(RNG*, byte*); #ifdef NO_RC4 CYASSL_API void FreeRng(RNG*); diff --git a/cyassl/ctaocrypt/ripemd.h b/cyassl/ctaocrypt/ripemd.h index eb9956cb2..de062698c 100644 --- a/cyassl/ctaocrypt/ripemd.h +++ b/cyassl/ctaocrypt/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/rsa.h b/cyassl/ctaocrypt/rsa.h index 03858dbed..1f94742a8 100644 --- a/cyassl/ctaocrypt/rsa.h +++ b/cyassl/ctaocrypt/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifndef NO_RSA diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index 33d41cfdb..a506755ff 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -1,6 +1,6 @@ /* settings.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* Place OS specific preprocessor flags, defines, includes here, will be diff --git a/cyassl/ctaocrypt/sha.h b/cyassl/ctaocrypt/sha.h index b34e99e13..749b728a5 100644 --- a/cyassl/ctaocrypt/sha.h +++ b/cyassl/ctaocrypt/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/sha256.h b/cyassl/ctaocrypt/sha256.h index bcf540d12..5b709c23e 100644 --- a/cyassl/ctaocrypt/sha256.h +++ b/cyassl/ctaocrypt/sha256.h @@ -1,6 +1,6 @@ /* sha256.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/sha512.h b/cyassl/ctaocrypt/sha512.h index de6afa0cb..5a49942cb 100644 --- a/cyassl/ctaocrypt/sha512.h +++ b/cyassl/ctaocrypt/sha512.h @@ -1,6 +1,6 @@ /* sha512.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index e1b16e2d3..abb588f78 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -1,6 +1,6 @@ /* tfm.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 6542d979e..194b50b76 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -1,6 +1,6 @@ /* types.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ctaocrypt/visibility.h b/cyassl/ctaocrypt/visibility.h index 6efe2728b..a3b27812d 100644 --- a/cyassl/ctaocrypt/visibility.h +++ b/cyassl/ctaocrypt/visibility.h @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* Visibility control macros */ diff --git a/cyassl/error-ssl.h b/cyassl/error-ssl.h index 71f4b4ffd..74445b40c 100644 --- a/cyassl/error-ssl.h +++ b/cyassl/error-ssl.h @@ -1,6 +1,6 @@ /* error-ssl.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -115,6 +115,9 @@ enum CyaSSL_ErrorCodes { UNKNOWN_SNI_HOST_NAME_E = -281, /* Unrecognized host name Error */ UNKNOWN_MAX_FRAG_LEN_E = -282, /* Unrecognized max frag len Error */ /* add strings to SetErrorString !!!!! */ + KEYUSE_SIGNATURE_E = -283, /* KeyUse digSignature error */ + KEYUSE_ENCIPHER_E = -285, /* KeyUse keyEncipher error */ + EXTKEYUSE_AUTH_E = -286, /* ExtKeyUse server|client_auth */ /* begin negotiation parameter errors */ UNSUPPORTED_SUITE = -290, /* unsupported cipher suite */ diff --git a/cyassl/internal.h b/cyassl/internal.h index dca1a3caf..f74c2d68e 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -520,8 +520,8 @@ enum { * with non-ECC AES-GCM */ TLS_RSA_WITH_AES_128_CCM_8 = 0xa0, TLS_RSA_WITH_AES_256_CCM_8 = 0xa1, - TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xc6, /* Still TBD, made up */ - TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xc7, /* Still TBD, made up */ + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae, + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf, TLS_PSK_WITH_AES_128_CCM = 0xa4, TLS_PSK_WITH_AES_256_CCM = 0xa5, TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, @@ -1057,6 +1057,7 @@ struct CYASSL_CRL { CRL_Monitor monitors[2]; /* PEM and DER possible */ #ifdef HAVE_CRL_MONITOR pthread_t tid; /* monitoring thread */ + int mfd; /* monitor fd, -1 if no init yet */ #endif }; @@ -2066,6 +2067,8 @@ CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl); CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl); CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree); CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl); + +CYASSL_LOCAL int VerifyClientSuite(CYASSL* ssl); #ifndef NO_CERTS CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash); #ifndef NO_SKID diff --git a/cyassl/ocsp.h b/cyassl/ocsp.h index f6931bd98..3fc4f9f01 100644 --- a/cyassl/ocsp.h +++ b/cyassl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/openssl/des.h b/cyassl/openssl/des.h index 8bedd3cc5..848bc28b0 100644 --- a/cyassl/openssl/des.h +++ b/cyassl/openssl/des.h @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/openssl/evp.h b/cyassl/openssl/evp.h index eef1a8cf1..ee2873c59 100644 --- a/cyassl/openssl/evp.h +++ b/cyassl/openssl/evp.h @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/openssl/hmac.h b/cyassl/openssl/hmac.h index ac966f4e8..4482d1099 100644 --- a/cyassl/openssl/hmac.h +++ b/cyassl/openssl/hmac.h @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index 840954f00..0fb6d453a 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * a with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/options.h.in b/cyassl/options.h.in index 887665545..0030ecdf8 100644 --- a/cyassl/options.h.in +++ b/cyassl/options.h.in @@ -1,6 +1,6 @@ /* options.h.in * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* default blank options for autoconf */ diff --git a/cyassl/sniffer.h b/cyassl/sniffer.h index 543b2e6cf..a1d0e9661 100644 --- a/cyassl/sniffer.h +++ b/cyassl/sniffer.h @@ -1,6 +1,6 @@ /* sniffer.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/sniffer_error.h b/cyassl/sniffer_error.h index f8528668f..c588a568e 100644 --- a/cyassl/sniffer_error.h +++ b/cyassl/sniffer_error.h @@ -1,6 +1,6 @@ /* sniffer_error.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 7821cefd2..c6ffb2732 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/cyassl/test.h b/cyassl/test.h index dff9df896..667476ed2 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -1345,9 +1345,15 @@ static INLINE int myMacEncryptCb(CYASSL* ssl, unsigned char* macOut, CyaSSL_GetMacSecret(ssl, macVerify), CyaSSL_GetHmacSize(ssl)); if (ret != 0) return ret; - HmacUpdate(&hmac, myInner, sizeof(myInner)); - HmacUpdate(&hmac, macIn, macInSz); - HmacFinal(&hmac, macOut); + ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, macIn, macInSz); + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, macOut); + if (ret != 0) + return ret; /* encrypt setup on first time */ @@ -1454,9 +1460,15 @@ static INLINE int myDecryptVerifyCb(CYASSL* ssl, CyaSSL_GetMacSecret(ssl, macVerify), digestSz); if (ret != 0) return ret; - HmacUpdate(&hmac, myInner, sizeof(myInner)); - HmacUpdate(&hmac, decOut + ivExtra, macInSz); - HmacFinal(&hmac, verify); + ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, decOut + ivExtra, macInSz); + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, verify); + if (ret != 0) + return ret; if (memcmp(verify, decOut + decSz - digestSz - pad - padByte, digestSz) != 0) { @@ -1520,7 +1532,10 @@ static INLINE int myEccSign(CYASSL* ssl, const byte* in, word32 inSz, (void)ssl; (void)ctx; - InitRng(&rng); + ret = InitRng(&rng); + if (ret != 0) + return ret; + ecc_init(&myKey); ret = EccPrivateKeyDecode(key, &idx, &myKey, keySz); @@ -1567,7 +1582,10 @@ static INLINE int myRsaSign(CYASSL* ssl, const byte* in, word32 inSz, (void)ssl; (void)ctx; - InitRng(&rng); + ret = InitRng(&rng); + if (ret != 0) + return ret; + InitRsaKey(&myKey, NULL); ret = RsaPrivateKeyDecode(key, &idx, &myKey, keySz); @@ -1618,7 +1636,10 @@ static INLINE int myRsaEnc(CYASSL* ssl, const byte* in, word32 inSz, (void)ssl; (void)ctx; - InitRng(&rng); + ret = InitRng(&rng); + if (ret != 0) + return ret; + InitRsaKey(&myKey, NULL); ret = RsaPublicKeyDecode(key, &idx, &myKey, keySz); diff --git a/cyassl/version.h b/cyassl/version.h index 02aeacabb..9df3246e7 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -1,6 +1,6 @@ /* cyassl_version.h.in * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBCYASSL_VERSION_STRING "2.9.4" -#define LIBCYASSL_VERSION_HEX 0x02009004 +#define LIBCYASSL_VERSION_STRING "3.0.0" +#define LIBCYASSL_VERSION_HEX 0x03000000 #ifdef __cplusplus } diff --git a/cyassl/version.h.in b/cyassl/version.h.in index f84bd0cd1..ee1d639c2 100644 --- a/cyassl/version.h.in +++ b/cyassl/version.h.in @@ -1,6 +1,6 @@ /* cyassl_version.h.in * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/examples/client/client.c b/examples/client/client.c index be7e0816a..113bed9f6 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/examples/client/client.h b/examples/client/client.h index 2d051fb2d..61f0e8cc1 100644 --- a/examples/client/client.h +++ b/examples/client/client.h @@ -1,6 +1,6 @@ /* client.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #pragma once diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 3a62eb67d..24a02febc 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -1,6 +1,6 @@ /* echoclient.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/examples/echoclient/echoclient.h b/examples/echoclient/echoclient.h index 815301a8c..ad60ad40e 100644 --- a/examples/echoclient/echoclient.h +++ b/examples/echoclient/echoclient.h @@ -1,6 +1,6 @@ /* echoclient.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #pragma once diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index c7e23bf7e..33f6df3df 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -1,6 +1,6 @@ /* echoserver.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/examples/echoserver/echoserver.h b/examples/echoserver/echoserver.h index e88c4c699..2e229ac0f 100644 --- a/examples/echoserver/echoserver.h +++ b/examples/echoserver/echoserver.h @@ -1,6 +1,6 @@ /* echoserver.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #pragma once diff --git a/examples/server/server.c b/examples/server/server.c index 5d5256d4a..a42581d90 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/examples/server/server.h b/examples/server/server.h index d5efa435c..559b2bbe3 100644 --- a/examples/server/server.h +++ b/examples/server/server.h @@ -1,6 +1,6 @@ /* server.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #pragma once diff --git a/mcapi/crypto.c b/mcapi/crypto.c index 5958d63d0..d72324494 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -1,6 +1,6 @@ /* crypto.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -301,9 +301,7 @@ int CRYPT_RNG_Get(CRYPT_RNG_CTX* rng, unsigned char* b) if (rng == NULL || b == NULL) return BAD_FUNC_ARG; - *b = RNG_GenerateByte((RNG*)rng); - - return 0; + return RNG_GenerateByte((RNG*)rng, (byte*)b); } @@ -314,9 +312,7 @@ int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX* rng, unsigned char* b, if (rng == NULL || b == NULL) return BAD_FUNC_ARG; - RNG_GenerateBlock((RNG*)rng, b, sz); - - return 0; + return RNG_GenerateBlock((RNG*)rng, b, sz); } diff --git a/mcapi/crypto.h b/mcapi/crypto.h index c47f78dfd..0838b5373 100644 --- a/mcapi/crypto.h +++ b/mcapi/crypto.h @@ -1,6 +1,6 @@ /* crypto.h * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index c26c04db9..5610a650e 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -1,6 +1,6 @@ /* test.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -284,10 +284,18 @@ static int check_sha256(void) } CRYPT_SHA256_DataAdd(&mcSha256, ourData, OUR_DATA_SIZE); - Sha256Update(&defSha256, ourData, OUR_DATA_SIZE); + ret = Sha256Update(&defSha256, ourData, OUR_DATA_SIZE); + if (ret != 0) { + printf("sha256 update default failed\n"); + return -1; + } CRYPT_SHA256_Finalize(&mcSha256, mcDigest); - Sha256Final(&defSha256, defDigest); + ret = Sha256Final(&defSha256, defDigest); + if (ret != 0) { + printf("sha256 final default failed\n"); + return -1; + } if (memcmp(mcDigest, defDigest, CRYPT_SHA256_DIGEST_SIZE) != 0) { printf("sha256 final memcmp fialed\n"); @@ -316,10 +324,18 @@ static int check_sha384(void) } CRYPT_SHA384_DataAdd(&mcSha384, ourData, OUR_DATA_SIZE); - Sha384Update(&defSha384, ourData, OUR_DATA_SIZE); + ret = Sha384Update(&defSha384, ourData, OUR_DATA_SIZE); + if (ret != 0) { + printf("sha384 update default failed\n"); + return -1; + } CRYPT_SHA384_Finalize(&mcSha384, mcDigest); - Sha384Final(&defSha384, defDigest); + ret = Sha384Final(&defSha384, defDigest); + if (ret != 0) { + printf("sha384 final default failed\n"); + return -1; + } if (memcmp(mcDigest, defDigest, CRYPT_SHA384_DIGEST_SIZE) != 0) { printf("sha384 final memcmp fialed\n"); @@ -348,10 +364,18 @@ static int check_sha512(void) } CRYPT_SHA512_DataAdd(&mcSha512, ourData, OUR_DATA_SIZE); - Sha512Update(&defSha512, ourData, OUR_DATA_SIZE); + ret = Sha512Update(&defSha512, ourData, OUR_DATA_SIZE); + if (ret != 0) { + printf("sha512 update default failed\n"); + return -1; + } CRYPT_SHA512_Finalize(&mcSha512, mcDigest); - Sha512Final(&defSha512, defDigest); + ret = Sha512Final(&defSha512, defDigest); + if (ret != 0) { + printf("sha512 final default failed\n"); + return -1; + } if (memcmp(mcDigest, defDigest, CRYPT_SHA512_DIGEST_SIZE) != 0) { printf("sha512 final memcmp fialed\n"); @@ -383,10 +407,18 @@ static int check_hmac(void) } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); - HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + ret = HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + if (ret != 0) { + printf("hmac sha update default failed\n"); + return -1; + } CRYPT_HMAC_Finalize(&mcHmac, mcDigest); - HmacFinal(&defHmac, defDigest); + ret = HmacFinal(&defHmac, defDigest); + if (ret != 0) { + printf("hmac sha final default failed\n"); + return -1; + } if (memcmp(mcDigest, defDigest, CRYPT_SHA_DIGEST_SIZE) != 0) { printf("hmac sha final memcmp fialed\n"); @@ -403,10 +435,18 @@ static int check_hmac(void) } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); - HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + ret = HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + if (ret != 0) { + printf("hmac sha256 update default failed\n"); + return -1; + } CRYPT_HMAC_Finalize(&mcHmac, mcDigest); - HmacFinal(&defHmac, defDigest); + ret = HmacFinal(&defHmac, defDigest); + if (ret != 0) { + printf("hmac sha256 final default failed\n"); + return -1; + } if (memcmp(mcDigest, defDigest, CRYPT_SHA256_DIGEST_SIZE) != 0) { printf("hmac sha256 final memcmp fialed\n"); @@ -423,10 +463,18 @@ static int check_hmac(void) } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); - HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + ret = HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + if (ret != 0) { + printf("hmac sha384 update default failed\n"); + return -1; + } CRYPT_HMAC_Finalize(&mcHmac, mcDigest); - HmacFinal(&defHmac, defDigest); + ret = HmacFinal(&defHmac, defDigest); + if (ret != 0) { + printf("hmac sha384 final default failed\n"); + return -1; + } if (memcmp(mcDigest, defDigest, CRYPT_SHA384_DIGEST_SIZE) != 0) { printf("hmac sha384 final memcmp fialed\n"); @@ -443,10 +491,18 @@ static int check_hmac(void) } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); - HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + ret = HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + if (ret != 0) { + printf("hmac sha512 update default failed\n"); + return -1; + } CRYPT_HMAC_Finalize(&mcHmac, mcDigest); - HmacFinal(&defHmac, defDigest); + ret = HmacFinal(&defHmac, defDigest); + if (ret != 0) { + printf("hmac sha512 final default failed\n"); + return -1; + } if (memcmp(mcDigest, defDigest, CRYPT_SHA512_DIGEST_SIZE) != 0) { printf("hmac sha512 final memcmp fialed\n"); diff --git a/mplabx/benchmark_main.c b/mplabx/benchmark_main.c index 586b13c86..4d115de78 100644 --- a/mplabx/benchmark_main.c +++ b/mplabx/benchmark_main.c @@ -1,6 +1,6 @@ /* benchmark_main.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H #include diff --git a/mplabx/crypto.h b/mplabx/crypto.h deleted file mode 100644 index 76dccadff..000000000 --- a/mplabx/crypto.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * File: crypto.h - * Author: C15009 - * - * Created on July 23, 2013, 12:26 PM - */ - -#ifndef CRYPTO_H -#define CRYPTO_H - -#ifdef __cplusplus -extern "C" { -#endif - - typedef struct saCtrl { - unsigned int CRYPTOALGO : 4; - unsigned int MULTITASK : 3; - unsigned int KEYSIZE : 2; - unsigned int ENCTYPE : 1; - unsigned int ALGO : 7; - unsigned int : 3; - unsigned int FLAGS : 1; - unsigned int FB : 1; - unsigned int LOADIV : 1; - unsigned int LNC : 1; - unsigned int IRFLAG : 1; - unsigned int ICVONLY : 1; - unsigned int OR_EN : 1; - unsigned int NO_RX : 1; - unsigned int : 1; - unsigned int VERIFY : 1; - unsigned int : 2; - } saCtrl; - - typedef struct securityAssociation { - saCtrl SA_CTRL; - unsigned int SA_AUTHKEY[8]; - unsigned int SA_ENCKEY[8]; - unsigned int SA_AUTHIV[8]; - unsigned int SA_ENCIV[4]; - } securityAssociation; - - typedef struct bdCtrl { - unsigned int BUFLEN : 16; - unsigned int CBD_INT_EN : 1; - unsigned int PKT_INT_EN : 1; - unsigned int LIFM : 1; - unsigned int LAST_BD: 1; - unsigned int : 2; - unsigned int SA_FETCH_EN : 1; - unsigned int : 4; - unsigned int CRY_MODE: 3; - unsigned int : 1; - unsigned int DESC_EN : 1; - /* Naveen did this - unsigned int CRDMA_EN: 1; - unsigned int UPD_RES : 1; - unsigned int SA_FETCH_EN : 1; - unsigned int SEC_CODE : 1; - unsigned int : 7; - unsigned int DESC_EN : 1; */ - } bdCtrl; - - typedef struct bufferDescriptor { - bdCtrl BD_CTRL; -// unsigned int BD_CTRL; - unsigned int SA_ADDR; - unsigned int SRCADDR; - unsigned int DSTADDR; - unsigned int NXTPTR; - unsigned int UPDPTR; - unsigned int MSGLEN; - unsigned int ENCOFF; - } bufferDescriptor; - - -#ifdef __cplusplus -} -#endif - -#endif /* CRYPTO_H */ - diff --git a/mplabx/ssl-dummy.c b/mplabx/ssl-dummy.c index 88110ce98..47f4a6cd6 100644 --- a/mplabx/ssl-dummy.c +++ b/mplabx/ssl-dummy.c @@ -1,6 +1,6 @@ /* ssl-dummy.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/mplabx/test_main.c b/mplabx/test_main.c index ee1fa95a5..b77f4f5de 100644 --- a/mplabx/test_main.c +++ b/mplabx/test_main.c @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/rpm/spec.in b/rpm/spec.in index e1ca1c99e..97d8e5722 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/libcyassl.la %{_libdir}/libcyassl.so %{_libdir}/libcyassl.so.5 -%{_libdir}/libcyassl.so.5.0.3 +%{_libdir}/libcyassl.so.5.0.5 %files devel %defattr(-,root,root,-) @@ -93,6 +93,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_includedir}/cyassl/ctaocrypt/dsa.h %{_includedir}/cyassl/ctaocrypt/ecc.h %{_includedir}/cyassl/ctaocrypt/error-crypt.h +%{_includedir}/cyassl/ctaocrypt/fips_test.h %{_includedir}/cyassl/ctaocrypt/hc128.h %{_includedir}/cyassl/ctaocrypt/hmac.h %{_includedir}/cyassl/ctaocrypt/integer.h diff --git a/src/crl.c b/src/crl.c index 9536be18f..42591b997 100644 --- a/src/crl.c +++ b/src/crl.c @@ -1,6 +1,6 @@ /* crl.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -34,6 +34,10 @@ #include #include +#ifdef HAVE_CRL_MONITOR + static int StopMonitor(int mfd); +#endif + /* Initialze CRL members */ int InitCRL(CYASSL_CRL* crl, CYASSL_CERT_MANAGER* cm) @@ -45,7 +49,8 @@ int InitCRL(CYASSL_CRL* crl, CYASSL_CERT_MANAGER* cm) crl->monitors[0].path = NULL; crl->monitors[1].path = NULL; #ifdef HAVE_CRL_MONITOR - crl->tid = 0; + crl->tid = 0; + crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */ #endif if (InitMutex(&crl->crlLock) != 0) return BAD_MUTEX_E; @@ -113,8 +118,13 @@ void FreeCRL(CYASSL_CRL* crl, int dynamic) #ifdef HAVE_CRL_MONITOR if (crl->tid != 0) { - CYASSL_MSG("Canceling monitor thread"); - pthread_cancel(crl->tid); + CYASSL_MSG("stopping monitor thread"); + if (StopMonitor(crl->mfd) == 0) + pthread_join(crl->tid, NULL); + else { + CYASSL_MSG("stop monitor failed, cancel instead"); + pthread_cancel(crl->tid); + } } #endif FreeMutex(&crl->crlLock); @@ -339,6 +349,7 @@ static int SwapLists(CYASSL_CRL* crl) #include #include #include +#include #ifdef __MACH__ #define XEVENT_MODE O_EVTONLY @@ -347,22 +358,53 @@ static int SwapLists(CYASSL_CRL* crl) #endif +/* we need a unique kqueue user filter fd for crl in case user is doing custom + * events too */ +#ifndef CRL_CUSTOM_FD + #define CRL_CUSTOM_FD 123456 +#endif + + +/* shutdown monitor thread, 0 on success */ +static int StopMonitor(int mfd) +{ + struct kevent change; + + /* trigger custom shutdown */ + EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL); + if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) { + CYASSL_MSG("kevent trigger customer event failed"); + return -1; + } + + return 0; +} + + /* OS X monitoring */ static void* DoMonitor(void* arg) { - int fPEM, fDER, kq; + int fPEM, fDER; struct kevent change; CYASSL_CRL* crl = (CYASSL_CRL*)arg; CYASSL_ENTER("DoMonitor"); - kq = kqueue(); - if (kq == -1) { + crl->mfd = kqueue(); + if (crl->mfd == -1) { CYASSL_MSG("kqueue failed"); return NULL; } + /* listen for custom shutdown event */ + EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL); + if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) { + CYASSL_MSG("kevent monitor customer event failed"); + close(crl->mfd); + return NULL; + } + fPEM = -1; fDER = -1; @@ -370,6 +412,7 @@ static void* DoMonitor(void* arg) fPEM = open(crl->monitors[0].path, XEVENT_MODE); if (fPEM == -1) { CYASSL_MSG("PEM event dir open failed"); + close(crl->mfd); return NULL; } } @@ -378,6 +421,7 @@ static void* DoMonitor(void* arg) fDER = open(crl->monitors[1].path, XEVENT_MODE); if (fDER == -1) { CYASSL_MSG("DER event dir open failed"); + close(crl->mfd); return NULL; } } @@ -392,7 +436,7 @@ static void* DoMonitor(void* arg) for (;;) { struct kevent event; - int numEvents = kevent(kq, &change, 1, &event, 1, NULL); + int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL); CYASSL_MSG("Got kevent"); @@ -401,11 +445,23 @@ static void* DoMonitor(void* arg) continue; } + if (event.filter == EVFILT_USER) { + CYASSL_MSG("Got user shutdown event, breaking out"); + break; + } + if (SwapLists(crl) < 0) { CYASSL_MSG("SwapLists problem, continue"); } } + if (fPEM != -1) + close(fPEM); + if (fDER != -1) + close(fDER); + + close(crl->mfd); + return NULL; } @@ -414,8 +470,33 @@ static void* DoMonitor(void* arg) #include #include +#include #include + +#ifndef max + static INLINE int max(int a, int b) + { + return a > b ? a : b; + } +#endif /* max */ + + +/* shutdown monitor thread, 0 on success */ +static int StopMonitor(int mfd) +{ + word64 w64 = 1; + + /* write to our custom event */ + if (write(mfd, &w64, sizeof(w64)) < 0) { + CYASSL_MSG("StopMonitor write failed"); + return -1; + } + + return 0; +} + + /* linux monitoring */ static void* DoMonitor(void* arg) { @@ -425,9 +506,16 @@ static void* DoMonitor(void* arg) CYASSL_ENTER("DoMonitor"); + crl->mfd = eventfd(0, 0); /* our custom shutdown event */ + if (crl->mfd < 0) { + CYASSL_MSG("eventfd failed"); + return NULL; + } + notifyFd = inotify_init(); if (notifyFd < 0) { CYASSL_MSG("inotify failed"); + close(crl->mfd); return NULL; } @@ -436,6 +524,8 @@ static void* DoMonitor(void* arg) IN_DELETE); if (wd < 0) { CYASSL_MSG("PEM notify add watch failed"); + close(crl->mfd); + close(notifyFd); return NULL; } } @@ -445,16 +535,36 @@ static void* DoMonitor(void* arg) IN_DELETE); if (wd < 0) { CYASSL_MSG("DER notify add watch failed"); + close(crl->mfd); + close(notifyFd); return NULL; } } for (;;) { + fd_set readfds; char buff[8192]; - int length = read(notifyFd, buff, sizeof(buff)); + int result, length; + + FD_ZERO(&readfds); + FD_SET(notifyFd, &readfds); + FD_SET(crl->mfd, &readfds); + + result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL); CYASSL_MSG("Got notify event"); + if (result < 0) { + CYASSL_MSG("select problem, continue"); + continue; + } + + if (FD_ISSET(crl->mfd, &readfds)) { + CYASSL_MSG("got custom shutdown event, breaking out"); + break; + } + + length = read(notifyFd, buff, sizeof(buff)); if (length < 0) { CYASSL_MSG("notify read problem, continue"); continue; @@ -465,6 +575,10 @@ static void* DoMonitor(void* arg) } } + inotify_rm_watch(notifyFd, wd); + close(crl->mfd); + close(notifyFd); + return NULL; } diff --git a/src/internal.c b/src/internal.c index 4f2ab78ac..533476cd8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1,6 +1,6 @@ /* internal.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -113,7 +113,7 @@ static int SSL_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, #endif #ifndef NO_CERTS -static void BuildCertHashes(CYASSL* ssl, Hashes* hashes); +static int BuildCertHashes(CYASSL* ssl, Hashes* hashes); #endif static void PickHashSigAlgo(CYASSL* ssl, @@ -156,21 +156,14 @@ static byte GetEntropy(ENTROPY_CMD cmd, byte* out) /* TODO: add locking? */ static RNG rng; - if (cmd == INIT) { - int ret = InitRng(&rng); - if (ret == 0) - return 1; - else - return 0; - } + if (cmd == INIT) + return (InitRng(&rng) == 0) ? 1 : 0; if (out == NULL) return 0; - if (cmd == GET_BYTE_OF_ENTROPY) { - RNG_GenerateBlock(&rng, out, 1); - return 1; - } + if (cmd == GET_BYTE_OF_ENTROPY) + return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0; if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) { *out = 1; @@ -2384,7 +2377,7 @@ ProtocolVersion MakeDTLSv1_2(void) /* add output to md5 and sha handshake hashes, exclude record header */ -static void HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz) +static int HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz) { const byte* adj = output + RECORD_HEADER_SZ + ivSz; sz -= RECORD_HEADER_SZ; @@ -2405,18 +2398,26 @@ static void HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz) #endif if (IsAtLeastTLSv1_2(ssl)) { + int ret; + #ifndef NO_SHA256 - Sha256Update(&ssl->hashSha256, adj, sz); + ret = Sha256Update(&ssl->hashSha256, adj, sz); + if (ret != 0) + return ret; #endif #ifdef CYASSL_SHA384 - Sha384Update(&ssl->hashSha384, adj, sz); + ret = Sha384Update(&ssl->hashSha384, adj, sz); + if (ret != 0) + return ret; #endif } + + return 0; } /* add input to md5 and sha handshake hashes, include handshake header */ -static void HashInput(CYASSL* ssl, const byte* input, int sz) +static int HashInput(CYASSL* ssl, const byte* input, int sz) { const byte* adj = input - HANDSHAKE_HEADER_SZ; sz += HANDSHAKE_HEADER_SZ; @@ -2438,13 +2439,21 @@ static void HashInput(CYASSL* ssl, const byte* input, int sz) #endif if (IsAtLeastTLSv1_2(ssl)) { + int ret; + #ifndef NO_SHA256 - Sha256Update(&ssl->hashSha256, adj, sz); + ret = Sha256Update(&ssl->hashSha256, adj, sz); + if (ret != 0) + return ret; #endif #ifdef CYASSL_SHA384 - Sha384Update(&ssl->hashSha384, adj, sz); + ret = Sha384Update(&ssl->hashSha384, adj, sz); + if (ret != 0) + return ret; #endif } + + return 0; } @@ -3486,6 +3495,38 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, } #endif +#ifndef IGNORE_KEY_EXTENSIONS + if (dCert.extKeyUsageSet) { + if ((ssl->specs.kea == rsa_kea) && + (dCert.extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) { + ret = KEYUSE_ENCIPHER_E; + } + if ((ssl->specs.sig_algo == rsa_sa_algo || + ssl->specs.sig_algo == ecc_dsa_sa_algo) && + (dCert.extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) { + CYASSL_MSG("KeyUse Digital Sig not set"); + ret = KEYUSE_SIGNATURE_E; + } + } + + if (dCert.extExtKeyUsageSet) { + if (ssl->options.side == CYASSL_CLIENT_END) { + if ((dCert.extExtKeyUsage & + (EXTKEYUSE_ANY | EXTKEYUSE_SERVER_AUTH)) == 0) { + CYASSL_MSG("ExtKeyUse Server Auth not set"); + ret = EXTKEYUSE_AUTH_E; + } + } + else { + if ((dCert.extExtKeyUsage & + (EXTKEYUSE_ANY | EXTKEYUSE_CLIENT_AUTH)) == 0) { + CYASSL_MSG("ExtKeyUse Client Auth not set"); + ret = EXTKEYUSE_AUTH_E; + } + } + } +#endif /* IGNORE_KEY_EXTENSIONS */ + if (fatal) { FreeDecodedCert(&dCert); ssl->error = ret; @@ -3794,7 +3835,9 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, if (*inOutIdx + size > totalSz) return INCOMPLETE_DATA; - HashInput(ssl, input + *inOutIdx, size); + ret = HashInput(ssl, input + *inOutIdx, size); + if (ret != 0) + return ret; #ifdef CYASSL_CALLBACKS /* add name later, add on record and handshake header part back on */ @@ -4478,8 +4521,11 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) InitSha256(&sha256); /* no error check on purpose, dummy round */ - for (i = 0; i < rounds; i++) + for (i = 0; i < rounds; i++) { Sha256Update(&sha256, data, sz); + /* no error check on purpose, dummy round */ + } + } #endif @@ -4494,8 +4540,10 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) InitSha384(&sha384); /* no error check on purpose, dummy round */ - for (i = 0; i < rounds; i++) + for (i = 0; i < rounds; i++) { Sha384Update(&sha384, data, sz); + /* no error check on purpose, dummy round */ + } } #endif @@ -4510,8 +4558,10 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) InitSha512(&sha512); /* no error check on purpose, dummy round */ - for (i = 0; i < rounds; i++) + for (i = 0; i < rounds; i++) { Sha512Update(&sha512, data, sz); + /* no error check on purpose, dummy round */ + } } #endif @@ -5459,7 +5509,7 @@ static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest) #ifndef NO_CERTS -static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) +static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) { /* store current states, building requires get_digest which resets state */ #ifndef NO_OLD_TLS @@ -5479,11 +5529,17 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) ShaFinal(&ssl->hashSha, hashes->sha); #endif if (IsAtLeastTLSv1_2(ssl)) { + int ret; + #ifndef NO_SHA256 - Sha256Final(&ssl->hashSha256, hashes->sha256); + ret = Sha256Final(&ssl->hashSha256, hashes->sha256); + if (ret != 0) + return ret; #endif #ifdef CYASSL_SHA384 - Sha384Final(&ssl->hashSha384, hashes->sha384); + ret = Sha384Final(&ssl->hashSha384, hashes->sha384); + if (ret != 0) + return ret; #endif } } @@ -5505,6 +5561,8 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) ssl->hashSha384 = sha384; #endif } + + return 0; } #endif /* CYASSL_LEANPSK */ @@ -5547,7 +5605,11 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, if (ssl->options.tls1_1) { ivSz = blockSz; sz += ivSz; - RNG_GenerateBlock(ssl->rng, iv, ivSz); + + ret = RNG_GenerateBlock(ssl->rng, iv, ivSz); + if (ret != 0) + return ret; + } sz += 1; /* pad byte */ pad = (sz - headerSz) % blockSz; @@ -5574,7 +5636,9 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, idx += inSz; if (type == handshake) { - HashOutput(ssl, output, headerSz + inSz, ivSz); + ret = HashOutput(ssl, output, headerSz + inSz, ivSz); + if (ret != 0) + return ret; } if (ssl->specs.cipher_type == block) { @@ -5800,7 +5864,11 @@ int SendCertificate(CYASSL* ssl) return ret; } #endif - HashOutput(ssl, output, sendSz, 0); + + ret = HashOutput(ssl, output, sendSz, 0); + if (ret != 0) + return ret; + #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo); if (ssl->toInfoOn) @@ -5876,7 +5944,10 @@ int SendCertificateRequest(CYASSL* ssl) return ret; } #endif - HashOutput(ssl, output, sendSz, 0); + + ret = HashOutput(ssl, output, sendSz, 0); + if (ret != 0) + return ret; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -6478,6 +6549,18 @@ void SetErrorString(int error, char* str) XSTRNCPY(str, "Unrecognized host name Error", max); break; + case KEYUSE_SIGNATURE_E: + XSTRNCPY(str, "Key Use digitalSignature not set Error", max); + break; + + case KEYUSE_ENCIPHER_E: + XSTRNCPY(str, "Key Use keyEncipherment not set Error", max); + break; + + case EXTKEYUSE_AUTH_E: + XSTRNCPY(str, "Ext Key Use server/client auth not set Error", max); + break; + default : XSTRNCPY(str, "unknown error number", max); } @@ -7458,7 +7541,9 @@ static void PickHashSigAlgo(CYASSL* ssl, /* then random */ if (ssl->options.connectState == CONNECT_BEGIN) { - RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN); + ret = RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN); + if (ret != 0) + return ret; /* store random */ XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN); @@ -7532,7 +7617,10 @@ static void PickHashSigAlgo(CYASSL* ssl, return ret; } #endif - HashOutput(ssl, output, sendSz, 0); + + ret = HashOutput(ssl, output, sendSz, 0); + if (ret != 0) + return ret; ssl->options.clientState = CLIENT_HELLO_COMPLETE; @@ -8046,20 +8134,36 @@ static void PickHashSigAlgo(CYASSL* ssl, ret = InitSha256(&sha256); if (ret != 0) return ret; - Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); - Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); - Sha256Update(&sha256, messageVerify, verifySz); - Sha256Final(&sha256, hash256); + ret = Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha256Update(&sha256, messageVerify, verifySz); + if (ret != 0) + return ret; + ret = Sha256Final(&sha256, hash256); + if (ret != 0) + return ret; #endif #ifdef CYASSL_SHA384 ret = InitSha384(&sha384); if (ret != 0) return ret; - Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); - Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); - Sha384Update(&sha384, messageVerify, verifySz); - Sha384Final(&sha384, hash384); + ret = Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha384Update(&sha384, messageVerify, verifySz); + if (ret != 0) + return ret; + ret = Sha384Final(&sha384, hash384); + if (ret != 0) + return ret; #endif #ifndef NO_RSA @@ -8079,8 +8183,8 @@ static void PickHashSigAlgo(CYASSL* ssl, if (doUserRsa) { #ifdef HAVE_PK_CALLBACKS - ret = ssl->ctx->RsaVerifyCb(ssl, input + *inOutIdx, length, - &out, + ret = ssl->ctx->RsaVerifyCb(ssl, (byte *) input + *inOutIdx, + length, &out, ssl->buffers.peerRsaKey.buffer, ssl->buffers.peerRsaKey.length, ssl->RsaVerifyCtx); @@ -8233,8 +8337,11 @@ static void PickHashSigAlgo(CYASSL* ssl, switch (ssl->specs.kea) { #ifndef NO_RSA case rsa_kea: - RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, - SECRET_LEN); + ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, + SECRET_LEN); + if (ret != 0) + return ret; + ssl->arrays->preMasterSecret[0] = ssl->chVersion.major; ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor; ssl->arrays->preMasterSz = SECRET_LEN; @@ -8336,8 +8443,11 @@ static void PickHashSigAlgo(CYASSL* ssl, 'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U' }; - RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, - SECRET_LEN); + ret = RNG_GenerateBlock(ssl->rng, + ssl->arrays->preMasterSecret, SECRET_LEN); + if (ret != 0) + return ret; + ssl->arrays->preMasterSz = SECRET_LEN; if (ssl->peerNtruKeyPresent == 0) @@ -8458,7 +8568,10 @@ static void PickHashSigAlgo(CYASSL* ssl, return ret; } #endif - HashOutput(ssl, output, sendSz, 0); + + ret = HashOutput(ssl, output, sendSz, 0); + if (ret != 0) + return ret; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -8518,7 +8631,9 @@ static void PickHashSigAlgo(CYASSL* ssl, output = ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length; - BuildCertHashes(ssl, &ssl->certHashes); + ret = BuildCertHashes(ssl, &ssl->certHashes); + if (ret != 0) + return ret; #ifdef HAVE_ECC ecc_init(&eccKey); @@ -8725,7 +8840,8 @@ static void PickHashSigAlgo(CYASSL* ssl, return ret; } #endif - HashOutput(ssl, output, sendSz, 0); + + ret = HashOutput(ssl, output, sendSz, 0); } } #ifndef NO_RSA @@ -8800,8 +8916,13 @@ static void PickHashSigAlgo(CYASSL* ssl, output[idx++] = ssl->version.minor; /* then random */ - if (!ssl->options.resuming) - RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN); + if (!ssl->options.resuming) { + ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, + RAN_LEN); + if (ret != 0) + return ret; + } + XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN); idx += RAN_LEN; @@ -8816,8 +8937,13 @@ static void PickHashSigAlgo(CYASSL* ssl, #endif /* then session id */ output[idx++] = ID_LEN; - if (!ssl->options.resuming) - RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID, ID_LEN); + + if (!ssl->options.resuming) { + ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID, ID_LEN); + if (ret != 0) + return ret; + } + XMEMCPY(output + idx, ssl->arrays->sessionID, ID_LEN); idx += ID_LEN; @@ -8844,7 +8970,10 @@ static void PickHashSigAlgo(CYASSL* ssl, return ret; } #endif - HashOutput(ssl, output, sendSz, 0); + + ret = HashOutput(ssl, output, sendSz, 0); + if (ret != 0) + return ret; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -8928,7 +9057,9 @@ static void PickHashSigAlgo(CYASSL* ssl, idx += HINT_LEN_SZ; XMEMCPY(output + idx, ssl->arrays->server_hint,length -HINT_LEN_SZ); - HashOutput(ssl, output, sendSz, 0); + ret = HashOutput(ssl, output, sendSz, 0); + if (ret != 0) + return ret; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -9103,20 +9234,36 @@ static void PickHashSigAlgo(CYASSL* ssl, ret = InitSha256(&sha256); if (ret != 0) return ret; - Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); - Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); - Sha256Update(&sha256, output + preSigIdx, preSigSz); - Sha256Final(&sha256, hash256); + ret = Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha256Update(&sha256, output + preSigIdx, preSigSz); + if (ret != 0) + return ret; + ret = Sha256Final(&sha256, hash256); + if (ret != 0) + return ret; #endif #ifdef CYASSL_SHA384 ret = InitSha384(&sha384); if (ret != 0) return ret; - Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); - Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); - Sha384Update(&sha384, output + preSigIdx, preSigSz); - Sha384Final(&sha384, hash384); + ret = Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha384Update(&sha384, output + preSigIdx, preSigSz); + if (ret != 0) + return ret; + ret = Sha384Final(&sha384, hash384); + if (ret != 0) + return ret; #endif #ifndef NO_RSA if (ssl->suites->sigAlgo == rsa_sa_algo) { @@ -9251,7 +9398,10 @@ static void PickHashSigAlgo(CYASSL* ssl, } AddHeaders(output, length, server_key_exchange, ssl); - HashOutput(ssl, output, sendSz, 0); + + ret = HashOutput(ssl, output, sendSz, 0); + if (ret != 0) + return ret; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -9436,20 +9586,36 @@ static void PickHashSigAlgo(CYASSL* ssl, ret = InitSha256(&sha256); if (ret != 0) return ret; - Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); - Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); - Sha256Update(&sha256, output + preSigIdx, preSigSz); - Sha256Final(&sha256, hash256); + ret = Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha256Update(&sha256, output + preSigIdx, preSigSz); + if (ret != 0) + return ret; + ret = Sha256Final(&sha256, hash256); + if (ret != 0) + return ret; #endif #ifdef CYASSL_SHA384 ret = InitSha384(&sha384); if (ret != 0) return ret; - Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); - Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); - Sha384Update(&sha384, output + preSigIdx, preSigSz); - Sha384Final(&sha384, hash384); + ret = Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + if (ret != 0) + return ret; + ret = Sha384Update(&sha384, output + preSigIdx, preSigSz); + if (ret != 0) + return ret; + ret = Sha384Final(&sha384, hash384); + if (ret != 0) + return ret; #endif #ifndef NO_RSA if (ssl->suites->sigAlgo == rsa_sa_algo) { @@ -9515,7 +9681,10 @@ static void PickHashSigAlgo(CYASSL* ssl, return ret; } #endif - HashOutput(ssl, output, sendSz, 0); + + ret = HashOutput(ssl, output, sendSz, 0); + if (ret != 0) + return ret; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -9749,6 +9918,14 @@ static void PickHashSigAlgo(CYASSL* ssl, return 1; break; + case TLS_PSK_WITH_AES_128_CCM: + case TLS_PSK_WITH_AES_256_CCM: + case TLS_PSK_WITH_AES_128_CCM_8: + case TLS_PSK_WITH_AES_256_CCM_8: + if (requirement == REQUIRES_PSK) + return 1; + break; + default: CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); return 0; @@ -9821,25 +9998,9 @@ static void PickHashSigAlgo(CYASSL* ssl, #endif case TLS_PSK_WITH_AES_128_CBC_SHA256 : - if (requirement == REQUIRES_PSK) - return 1; - break; - case TLS_PSK_WITH_AES_128_CBC_SHA : - if (requirement == REQUIRES_PSK) - return 1; - break; - case TLS_PSK_WITH_AES_256_CBC_SHA : - if (requirement == REQUIRES_PSK) - return 1; - break; - case TLS_PSK_WITH_NULL_SHA256 : - if (requirement == REQUIRES_PSK) - return 1; - break; - case TLS_PSK_WITH_NULL_SHA : if (requirement == REQUIRES_PSK) return 1; @@ -9945,18 +10106,40 @@ static void PickHashSigAlgo(CYASSL* ssl, } + /* Make sure client setup is valid for this suite, true on success */ + int VerifyClientSuite(CYASSL* ssl) + { + int havePSK = 0; + byte first = ssl->options.cipherSuite0; + byte second = ssl->options.cipherSuite; + + CYASSL_ENTER("VerifyClientSuite"); + + #ifndef NO_PSK + havePSK = ssl->options.havePSK; + #endif + + if (CipherRequires(first, second, REQUIRES_PSK)) { + CYASSL_MSG("Requires PSK"); + if (havePSK == 0) { + CYASSL_MSG("Don't have PSK"); + return 0; + } + } + + return 1; /* success */ + } - - /* Make sure cert/key are valid for this suite, true on success */ - static int VerifySuite(CYASSL* ssl, word16 idx) + /* Make sure server cert/key are valid for this suite, true on success */ + static int VerifyServerSuite(CYASSL* ssl, word16 idx) { int haveRSA = !ssl->options.haveStaticECC; int havePSK = 0; byte first; byte second; - CYASSL_ENTER("VerifySuite"); + CYASSL_ENTER("VerifyServerSuite"); if (ssl->suites == NULL) { CYASSL_MSG("Suites pointer error"); @@ -10061,7 +10244,7 @@ static void PickHashSigAlgo(CYASSL* ssl, if (ssl->suites->suites[i] == peerSuites->suites[j] && ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) { - if (VerifySuite(ssl, i)) { + if (VerifyServerSuite(ssl, i)) { int result; CYASSL_MSG("Verified suite validity"); ssl->options.cipherSuite0 = ssl->suites->suites[i]; @@ -10111,8 +10294,12 @@ static void PickHashSigAlgo(CYASSL* ssl, #endif #endif #ifndef NO_SHA256 - if (IsAtLeastTLSv1_2(ssl)) - Sha256Update(&ssl->hashSha256, input + idx, sz); + if (IsAtLeastTLSv1_2(ssl)) { + int shaRet = Sha256Update(&ssl->hashSha256, input + idx, sz); + + if (shaRet != 0) + return shaRet; + } #endif /* does this value mean client_hello? */ @@ -10229,7 +10416,12 @@ static void PickHashSigAlgo(CYASSL* ssl, #ifdef SESSION_CERTS ssl->session = *session; /* restore session certs. */ #endif - RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN); + + ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, + RAN_LEN); + if (ret != 0) + return ret; + #ifdef NO_OLD_TLS ret = DeriveTlsKeys(ssl); #else @@ -10506,7 +10698,12 @@ static void PickHashSigAlgo(CYASSL* ssl, #ifdef SESSION_CERTS ssl->session = *session; /* restore session certs. */ #endif - RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN); + + ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, + RAN_LEN); + if (ret != 0) + return ret; + #ifdef NO_OLD_TLS ret = DeriveTlsKeys(ssl); #else @@ -10714,7 +10911,11 @@ static void PickHashSigAlgo(CYASSL* ssl, return 0; } #endif - HashOutput(ssl, output, sendSz, 0); + + ret = HashOutput(ssl, output, sendSz, 0); + if (ret != 0) + return ret; + #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) AddPacketName("ServerHelloDone", &ssl->handShakeInfo); @@ -10761,7 +10962,10 @@ static void PickHashSigAlgo(CYASSL* ssl, ssl->IOCB_CookieCtx)) < 0) return ret; - HashOutput(ssl, output, sendSz, 0); + ret = HashOutput(ssl, output, sendSz, 0); + if (ret != 0) + return ret; + #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest", &ssl->handShakeInfo); @@ -11086,7 +11290,7 @@ static void PickHashSigAlgo(CYASSL* ssl, ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; #ifndef NO_CERTS if (ssl->options.verifyPeer) - BuildCertHashes(ssl, &ssl->certHashes); + ret = BuildCertHashes(ssl, &ssl->certHashes); #endif } diff --git a/src/io.c b/src/io.c index 1fccd9e1e..0f5ddf308 100644 --- a/src/io.c +++ b/src/io.c @@ -1,6 +1,6 @@ /* io.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/src/keys.c b/src/keys.c index af0ef5b19..463ba9f4c 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1,6 +1,6 @@ /* keys.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ @@ -39,6 +39,13 @@ int SetCipherSpecs(CYASSL* ssl) { + if (ssl->options.side == CYASSL_CLIENT_END) { + /* server side verified before SetCipherSpecs call */ + if (VerifyClientSuite(ssl) != 1) { + CYASSL_MSG("SetCipherSpecs() client has an unusuable suite"); + return UNSUPPORTED_SUITE; + } + } /* ECC extensions, or AES-CCM */ if (ssl->options.cipherSuite0 == ECC_BYTE) { @@ -1741,27 +1748,41 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #ifdef HAVE_CAMELLIA if (specs->bulk_cipher_algorithm == cyassl_camellia) { + int camRet; + if (enc->cam == NULL) enc->cam = (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); if (enc->cam == NULL) return MEMORY_E; + if (dec->cam == NULL) dec->cam = (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); if (dec->cam == NULL) return MEMORY_E; + if (side == CYASSL_CLIENT_END) { - CamelliaSetKey(enc->cam, keys->client_write_key, + camRet = CamelliaSetKey(enc->cam, keys->client_write_key, specs->key_size, keys->client_write_IV); - CamelliaSetKey(dec->cam, keys->server_write_key, + if (camRet != 0) + return camRet; + + camRet = CamelliaSetKey(dec->cam, keys->server_write_key, specs->key_size, keys->server_write_IV); + if (camRet != 0) + return camRet; } else { - CamelliaSetKey(enc->cam, keys->server_write_key, + camRet = CamelliaSetKey(enc->cam, keys->server_write_key, specs->key_size, keys->server_write_IV); - CamelliaSetKey(dec->cam, keys->client_write_key, + if (camRet != 0) + return camRet; + + camRet = CamelliaSetKey(dec->cam, keys->client_write_key, specs->key_size, keys->client_write_IV); + if (camRet != 0) + return camRet; } enc->setup = 1; dec->setup = 1; @@ -1879,18 +1900,21 @@ int DeriveKeys(CYASSL* ssl) } -static void CleanPreMaster(CYASSL* ssl) +static int CleanPreMaster(CYASSL* ssl) { - int i, sz = ssl->arrays->preMasterSz; + int i, ret, sz = ssl->arrays->preMasterSz; for (i = 0; i < sz; i++) ssl->arrays->preMasterSecret[i] = 0; - RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz); + ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz); + if (ret != 0) + return ret; for (i = 0; i < sz; i++) ssl->arrays->preMasterSecret[i] = 0; + return 0; } @@ -1961,9 +1985,13 @@ static int MakeSslMasterSecret(CYASSL* ssl) #endif ret = DeriveKeys(ssl); - CleanPreMaster(ssl); + if (ret != 0) { + /* always try to clean PreMaster */ + CleanPreMaster(ssl); + return ret; + } - return ret; + return CleanPreMaster(ssl); } #endif diff --git a/src/ocsp.c b/src/ocsp.c index bccb7f8cf..98cbfdb7c 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1,6 +1,6 @@ /* ocsp.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/src/sniffer.c b/src/sniffer.c index 8b4e65cc9..2c6860c83 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1,6 +1,6 @@ /* sniffer.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ diff --git a/src/ssl.c b/src/ssl.c index 17b76bc53..8e8fcb0c4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1,6 +1,6 @@ /* ssl.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -1496,6 +1496,15 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) CYASSL_MSG(" Can't add as CA if not actually one"); ret = NOT_CA_ERROR; } + #ifndef ALLOW_INVALID_CERTSIGN + else if (ret == 0 && cert.isCA == 1 && type != CYASSL_USER_CA && + (cert.extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { + /* Intermediate CA certs are required to have the keyCertSign + * extension set. User loaded root certs are not. */ + CYASSL_MSG(" Doesn't have key usage certificate signing"); + ret = NOT_CA_ERROR; + } + #endif else if (ret == 0 && AlreadySigner(cm, subjectHash)) { CYASSL_MSG(" Already have this CA, not adding again"); (void)ret; @@ -1511,15 +1520,25 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) signer->pubKeySize = cert.pubKeySize; signer->nameLen = cert.subjectCNLen; signer->name = cert.subjectCN; + #ifndef IGNORE_NAME_CONSTRAINTS + signer->permittedNames = cert.permittedNames; + signer->excludedNames = cert.excludedNames; + #endif #ifndef NO_SKID XMEMCPY(signer->subjectKeyIdHash, cert.extSubjKeyId, SHA_DIGEST_SIZE); #endif XMEMCPY(signer->subjectNameHash, cert.subjectHash, SHA_DIGEST_SIZE); + signer->keyUsage = cert.extKeyUsageSet ? cert.extKeyUsage : 0xFFFF; + /* If Key Usage not set, all uses valid. */ signer->next = NULL; /* in case lock fails */ cert.publicKey = 0; /* don't free here */ cert.subjectCN = 0; + #ifndef IGNORE_NAME_CONSTRAINTS + cert.permittedNames = NULL; + cert.excludedNames = NULL; + #endif #ifndef NO_SKID row = HashSigner(signer->subjectKeyIdHash); @@ -1958,6 +1977,8 @@ int CyaSSL_Init(void) if (ret < 0) { CYASSL_MSG(" Error in Cert in Chain"); + if (dynamicBuffer) + XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); XFREE(der.buffer, heap, dynamicType); return ret; } @@ -1967,6 +1988,9 @@ int CyaSSL_Init(void) if (ctx == NULL) { CYASSL_MSG("certChain needs context"); + if (dynamicBuffer) + XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); + XFREE(der.buffer, heap, dynamicType); return BAD_FUNC_ARG; } ctx->certChain.buffer = (byte*)XMALLOC(idx, heap, @@ -2017,7 +2041,6 @@ int CyaSSL_Init(void) XFREE(der.buffer, heap, dynamicType); return ret; } - ret = 0; /* back to good status */ if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) { Des enc; @@ -3262,6 +3285,9 @@ int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format) int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file) { CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file"); + if (ctx == NULL) + return SSL_FAILURE; + if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL) == SSL_SUCCESS) { ctx->haveNTRU = 1; @@ -4974,8 +5000,18 @@ static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error) *error = ret; return 0; } - Sha256Update(&sha256, sessionID, len); - Sha256Final(&sha256, digest); + + ret = Sha256Update(&sha256, sessionID, len); + if (ret != 0) { + *error = ret; + return 0; + } + + ret = Sha256Final(&sha256, digest); + if (ret != 0) { + *error = ret; + return 0; + } return MakeWordFromHash(digest); } @@ -6559,6 +6595,7 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_ENTER("SHA256_Update"); Sha256Update((Sha256*)sha, (const byte*)input, (word32)sz); + /* OpenSSL compat, no error */ } @@ -6566,6 +6603,7 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_ENTER("SHA256_Final"); Sha256Final((Sha256*)sha, input); + /* OpenSSL compat, no error */ } @@ -6586,6 +6624,7 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_ENTER("SHA384_Update"); Sha384Update((Sha384*)sha, (const byte*)input, (word32)sz); + /* OpenSSL compat, no error */ } @@ -6593,6 +6632,7 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_ENTER("SHA384_Final"); Sha384Final((Sha384*)sha, input); + /* OpenSSL compat, no error */ } #endif /* CYASSL_SHA384 */ @@ -6615,6 +6655,7 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_ENTER("SHA512_Update"); Sha512Update((Sha512*)sha, (const byte*)input, (word32)sz); + /* OpenSSL compat, no error */ } @@ -6622,6 +6663,7 @@ int CyaSSL_set_compression(CYASSL* ssl) { CYASSL_ENTER("SHA512_Final"); Sha512Final((Sha512*)sha, input); + /* OpenSSL compat, no error */ } #endif /* CYASSL_SHA512 */ @@ -7315,28 +7357,31 @@ int CyaSSL_set_compression(CYASSL* ssl) unsigned char* md, unsigned int* md_len) { Hmac hmac; - int ret; CYASSL_ENTER("HMAC"); if (!md) return NULL; /* no static buffer support */ if (XSTRNCMP(evp_md, "MD5", 3) == 0) { - ret = HmacSetKey(&hmac, MD5, (const byte*)key, key_len); + if (HmacSetKey(&hmac, MD5, (const byte*)key, key_len) != 0) + return NULL; + if (md_len) *md_len = MD5_DIGEST_SIZE; } else if (XSTRNCMP(evp_md, "SHA", 3) == 0) { - ret = HmacSetKey(&hmac, SHA, (const byte*)key, key_len); + if (HmacSetKey(&hmac, SHA, (const byte*)key, key_len) != 0) + return NULL; + if (md_len) *md_len = SHA_DIGEST_SIZE; } else return NULL; - if (ret != 0) + if (HmacUpdate(&hmac, d, n) != 0) return NULL; - HmacUpdate(&hmac, d, n); - HmacFinal(&hmac, md); - + if (HmacFinal(&hmac, md) != 0) + return NULL; + return md; } @@ -7785,7 +7830,7 @@ int CyaSSL_set_compression(CYASSL* ssl) break; } - if (buf != NULL) { + if (buf != NULL && text != NULL) { textSz = min(textSz, len); XMEMCPY(buf, text, textSz); buf[textSz] = '\0'; @@ -9515,6 +9560,7 @@ static int initGlobalRNG = 0; if (initGlobalRNG == 0) { if (InitRng(&globalRNG) < 0) { CYASSL_MSG("CyaSSL Init Global RNG failed"); + return 0; } initGlobalRNG = 1; } @@ -9539,7 +9585,10 @@ static int initGlobalRNG = 0; rng = &globalRNG; } - RNG_GenerateBlock(rng, buf, num); + if (RNG_GenerateBlock(rng, buf, num) != 0) { + CYASSL_MSG("Bad RNG_GenerateBlock"); + return 0; + } return SSL_SUCCESS; } @@ -9834,7 +9883,11 @@ static int initGlobalRNG = 0; rng = &globalRNG; } - RNG_GenerateBlock(rng, buff, len); + if (RNG_GenerateBlock(rng, buff, len) != 0) { + CYASSL_MSG("Bad RNG_GenerateBlock"); + return 0; + } + buff[0] |= 0x80 | 0x40; buff[len-1] |= 0x01; @@ -10820,6 +10873,7 @@ static int initGlobalRNG = 0; if (ctx && data) { CYASSL_MSG("updating hmac"); HmacUpdate(&ctx->hmac, data, (word32)len); + /* OpenSSL compat, no error */ } } @@ -10832,6 +10886,7 @@ static int initGlobalRNG = 0; if (ctx && hash) { CYASSL_MSG("final hmac"); HmacFinal(&ctx->hmac, hash); + /* OpenSSL compat, no error */ if (len) { CYASSL_MSG("setting output len"); diff --git a/src/tls.c b/src/tls.c index ffa37e8de..420ea15ba 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1,6 +1,6 @@ /* tls.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -111,21 +111,35 @@ static int p_hash(byte* result, word32 resLen, const byte* secret, ret = HmacSetKey(&hmac, hash, secret, secLen); if (ret != 0) return ret; - HmacUpdate(&hmac, seed, seedLen); /* A0 = seed */ - HmacFinal(&hmac, previous); /* A1 */ + ret = HmacUpdate(&hmac, seed, seedLen); /* A0 = seed */ + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, previous); /* A1 */ + if (ret != 0) + return ret; for (i = 0; i < times; i++) { - HmacUpdate(&hmac, previous, len); - HmacUpdate(&hmac, seed, seedLen); - HmacFinal(&hmac, current); + ret = HmacUpdate(&hmac, previous, len); + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, seed, seedLen); + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, current); + if (ret != 0) + return ret; if ( (i == lastTime) && lastLen) XMEMCPY(&result[idx], current, min(lastLen, sizeof(current))); else { XMEMCPY(&result[idx], current, len); idx += len; - HmacUpdate(&hmac, previous, len); - HmacFinal(&hmac, previous); + ret = HmacUpdate(&hmac, previous, len); + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, previous); + if (ret != 0) + return ret; } } XMEMSET(previous, 0, sizeof previous); @@ -251,13 +265,21 @@ int BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 if (ssl->specs.mac_algorithm <= sha256_mac) { - Sha256Final(&ssl->hashSha256, handshake_hash); + int ret = Sha256Final(&ssl->hashSha256, handshake_hash); + + if (ret != 0) + return ret; + hashSz = SHA256_DIGEST_SIZE; } #endif #ifdef CYASSL_SHA384 if (ssl->specs.mac_algorithm == sha384_mac) { - Sha384Final(&ssl->hashSha384, handshake_hash); + int ret = Sha384Final(&ssl->hashSha384, handshake_hash); + + if (ret != 0) + return ret; + hashSz = SHA384_DIGEST_SIZE; } #endif @@ -528,6 +550,9 @@ int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, Hmac hmac; int ret; byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; + + if (ssl == NULL) + return BAD_FUNC_ARG; CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); @@ -535,9 +560,15 @@ int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, CyaSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); if (ret != 0) return ret; - HmacUpdate(&hmac, myInner, sizeof(myInner)); - HmacUpdate(&hmac, in, sz); /* content */ - HmacFinal(&hmac, digest); + ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, in, sz); /* content */ + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, digest); + if (ret != 0) + return ret; return 0; } diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 5e990c7a5..60c80ad49 100755 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -1,6 +1,6 @@ /* snifftest.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/swig/cyassl.i b/swig/cyassl.i index a381ad689..f9dc7d380 100644 --- a/swig/cyassl.i +++ b/swig/cyassl.i @@ -1,6 +1,6 @@ /* cyassl.i * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ %module cyassl diff --git a/swig/cyassl_adds.c b/swig/cyassl_adds.c index 52cdb77e3..4733815dd 100644 --- a/swig/cyassl_adds.c +++ b/swig/cyassl_adds.c @@ -1,6 +1,6 @@ /* cyassl_adds.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/tests/api.c b/tests/api.c index 23346a10d..200fca2e1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1,6 +1,6 @@ /* api.c API unit tests * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/tests/hash.c b/tests/hash.c index ab4776d69..03bf4bcb0 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -1,6 +1,6 @@ /* hash.c has unit tests * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -386,8 +386,13 @@ int sha256_test(void) return ret; for (i = 0; i < times; ++i) { - Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); - Sha256Final(&sha, hash); + ret = Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); + if (ret != 0) + return ret; + + ret = Sha256Final(&sha, hash); + if (ret != 0) + return ret; if (memcmp(hash, test_sha[i].output, SHA256_DIGEST_SIZE) != 0) return -10 - i; @@ -432,11 +437,16 @@ int sha512_test(void) ret = InitSha512(&sha); if (ret != 0) - return -4009; + return ret; for (i = 0; i < times; ++i) { - Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); - Sha512Final(&sha, hash); + ret = Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); + if (ret != 0) + return ret; + + ret = Sha512Final(&sha, hash); + if (ret != 0) + return ret; if (memcmp(hash, test_sha[i].output, SHA512_DIGEST_SIZE) != 0) return -10 - i; @@ -482,8 +492,13 @@ int sha384_test() return ret; for (i = 0; i < times; ++i) { - Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); - Sha384Final(&sha, hash); + ret = Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); + if (ret != 0) + return ret; + + ret = Sha384Final(&sha, hash); + if (ret != 0) + return ret; if (memcmp(hash, test_sha[i].output, SHA384_DIGEST_SIZE) != 0) return -10 - i; @@ -596,9 +611,13 @@ int hmac_md5_test(void) ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) return -4014; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4015; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4016; if (memcmp(hash, test_hmac[i].output, MD5_DIGEST_SIZE) != 0) return -20 - i; @@ -657,10 +676,14 @@ int hmac_sha_test(void) for (i = 0; i < times; ++i) { ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4015; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4017; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4018; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4019; if (memcmp(hash, test_hmac[i].output, SHA_DIGEST_SIZE) != 0) return -20 - i; @@ -722,10 +745,14 @@ int hmac_sha256_test(void) for (i = 0; i < times; ++i) { ret = HmacSetKey(&hmac,SHA256, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4016; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4020; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4021; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4022; if (memcmp(hash, test_hmac[i].output, SHA256_DIGEST_SIZE) != 0) return -20 - i; @@ -791,10 +818,14 @@ int hmac_sha384_test(void) for (i = 0; i < times; ++i) { ret = HmacSetKey(&hmac,SHA384, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4017; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4023; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4024; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4025; if (memcmp(hash, test_hmac[i].output, SHA384_DIGEST_SIZE) != 0) return -20 - i; diff --git a/tests/suites.c b/tests/suites.c index a695476b3..aeb4fd24d 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -1,6 +1,6 @@ /* suites.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index de6507aea..419704f0c 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -1,6 +1,6 @@ /* testsuite.c * - * Copyright (C) 2006-2013 wolfSSL Inc. + * Copyright (C) 2006-2014 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H @@ -321,10 +321,20 @@ void file_test(const char* file, byte* check) printf("Can't open %s\n", file); return; } - while( ( i = (int)fread(buf, 1, sizeof(buf), f )) > 0 ) - Sha256Update(&sha256, buf, i); + while( ( i = (int)fread(buf, 1, sizeof(buf), f )) > 0 ) { + ret = Sha256Update(&sha256, buf, i); + if (ret != 0) { + printf("Can't Sha256Update %d\n", ret); + return; + } + } - Sha256Final(&sha256, shasum); + ret = Sha256Final(&sha256, shasum); + if (ret != 0) { + printf("Can't Sha256Final %d\n", ret); + return; + } + memcpy(check, shasum, sizeof(shasum)); for(j = 0; j < SHA256_DIGEST_SIZE; ++j )