diff --git a/autogen.sh b/autogen.sh index f16dbd7b9..38665be47 100755 --- a/autogen.sh +++ b/autogen.sh @@ -10,4 +10,7 @@ else fi autoreconf --install --force --verbose -ln -s -f ../../pre-commit.sh .git/hooks/pre-commit + +if test -d .git; then + ln -s -f ../../pre-commit.sh .git/hooks/pre-commit +fi diff --git a/commit-tests.sh b/commit-tests.sh index 31a4bc3d0..06408ec12 100755 --- a/commit-tests.sh +++ b/commit-tests.sh @@ -23,7 +23,7 @@ RESULT=$? # make sure full config is ok echo -e "\n\nTesting full config as well...\n\n" -./configure --enable-opensslExtra --enable-fastmath --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia; +./configure --enable-opensslextra --enable-fastmath --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia; RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1 diff --git a/configure.ac b/configure.ac index eba405191..1af141a39 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[2.5.2],[http://www.yassl.com]) +AC_INIT([cyassl],[2.5.3],[http://www.yassl.com]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) @@ -106,8 +106,8 @@ AS_IF([test "$ax_enable_debug" = "yes"], # SINGLE THREADED -AC_ARG_ENABLE([singleThreaded], - [ --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)], +AC_ARG_ENABLE([singlethreaded], + [ --enable-singlethreaded Enable CyaSSL single threaded (default: disabled)], [ ENABLED_SINGLETHREADED=$enableval ], [ ENABLED_SINGLETHREADED=no ]) @@ -136,8 +136,8 @@ fi # OPENSSL Extra Compatibility -AC_ARG_ENABLE([opensslExtra], - [ --enable-opensslExtra Enable extra OpenSSL API, size+ (default: disabled)], +AC_ARG_ENABLE([opensslextra], + [ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)], [ ENABLED_OPENSSLEXTRA=$enableval ], [ ENABLED_OPENSSLEXTRA=no ] ) @@ -148,7 +148,7 @@ fi if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes" then - AC_MSG_ERROR([cannot enable small and opensslExtra, only one or the other.]) + AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.]) fi @@ -201,7 +201,7 @@ AC_ARG_ENABLE([leanpsk], if test "$ENABLED_LEANPSK" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DCYASSL_USER_IO -DUSE_SLOW_SHA" + AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DCYASSL_USER_IO -DNO_SHA -DUSE_SLOW_SHA" ENABLED_SLOWMATH="no" ENABLED_SINGLETHREADED="yes" fi @@ -209,42 +209,6 @@ fi AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"]) -# fastmath -AC_ARG_ENABLE([fastmath], - [ --enable-fastmath Enable fast math for BigInts (default: disabled)], - [ ENABLED_FASTMATH=$enableval ], - [ ENABLED_FASTMATH=no ] - ) - -if test "x$ENABLED_FASTMATH" = "xyes" -then - AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH" - ENABLED_SLOWMATH="no" -fi - - -# fast HUGE math -AC_ARG_ENABLE([fasthugemath], - [ --enable-fasthugemath Enable fast math + huge code (default: disabled)], - [ ENABLED_FASTHUGEMATH=$enableval ], - [ ENABLED_FASTHUGEMATH=no ] - ) - -if test "$ENABLED_BUMP" = "yes" -then - ENABLED_FASTHUGEMATH="yes" -fi - -if test "$ENABLED_FASTHUGEMATH" = "yes" -then - ENABLED_FASTMATH="yes" - AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH" - ENABLED_SLOWMATH="no" -fi - -AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"]) -AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"]) - # big cache AC_ARG_ENABLE([bigcache], [ --enable-bigcache Enable big session cache (default: disabled)], @@ -400,6 +364,18 @@ fi AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"]) +# NULL CIPHER +AC_ARG_ENABLE([nullcipher], + [ --enable-nullcipher Enable CyaSSL NULL cipher support (default: disabled)], + [ ENABLED_NULL_CIPHER=$enableval ], + [ ENABLED_NULL_CIPHER=no ] + ) + +if test "$ENABLED_NULL_CIPHER" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER" +fi + # RIPEMD AC_ARG_ENABLE([ripemd], [ --enable-ripemd Enable CyaSSL RIPEMD-160 support (default: disabled)], @@ -485,6 +461,122 @@ then fi +# DSA +AC_ARG_ENABLE([dsa], + [ --enable-dsa Enable DSA (default: disabled)], + [ ENABLED_DSA=$enableval ], + [ ENABLED_DSA=no ] + ) + +if test "$ENABLED_DSA" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_DSA" +fi + +AM_CONDITIONAL([BUILD_DSA], [test "x$ENABLED_DSA" = "xyes"]) + + +# ECC +AC_ARG_ENABLE([ecc], + [ --enable-ecc Enable ECC (default: disabled)], + [ ENABLED_ECC=$enableval ], + [ ENABLED_ECC=no ] + ) + +if test "$ENABLED_ECC" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC" +fi + +AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"]) + + +if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes" +then + AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.]) +fi + + +# PSK +AC_ARG_ENABLE([psk], + [ --enable-psk Enable PSK (default: disabled)], + [ ENABLED_PSK=$enableval ], + [ ENABLED_PSK=no ] + ) + +if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_PSK" +fi + +if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "yes" +then + ENABLED_PSK=yes +fi + + +# ERROR STRINGS +AC_ARG_ENABLE([errorstrings], + [ --enable-errorstrings Enable error strings table (default: enabled)], + [ ENABLED_ERROR_STRINGS=$enableval ], + [ ENABLED_ERROR_STRINGS=yes ] + ) + +if test "$ENABLED_ERROR_STRINGS" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS" +else + # turn off error strings if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS" + ENABLED_ERROR_STRINGS=no + fi +fi + + +# OLD TLS +AC_ARG_ENABLE([oldtls], + [ --enable-oldtls Enable old TLS versions < 1.2 (default: enabled)], + [ ENABLED_OLD_TLS=$enableval ], + [ ENABLED_OLD_TLS=yes ] + ) + +if test "$ENABLED_OLD_TLS" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" +else + # turn off old if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" + ENABLED_OLD_TLS=no + fi +fi + + +# MEMORY +AC_ARG_ENABLE([memory], + [ --enable-memory Enable memory callbacks (default: enabled)], + [ ENABLED_MEMORY=$enableval ], + [ ENABLED_MEMORY=yes ] + ) + +if test "$ENABLED_MEMORY" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_CYASSL_MEMORY" +else + # turn off memory cb if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + # but don't turn on NO_CYASSL_MEMORY because using own + ENABLED_MEMORY=no + fi +fi + +AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"]) + + # RSA AC_ARG_ENABLE([rsa], [ --enable-rsa Enable RSA (default: enabled)], @@ -507,6 +599,251 @@ fi AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"]) +# DH +AC_ARG_ENABLE([dh], + [ --enable-dh Enable DH (default: enabled)], + [ ENABLED_DH=$enableval ], + [ ENABLED_DH=yes ] + ) + +if test "$ENABLED_DH" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_DH" +else + # turn off DH if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_DH" + ENABLED_DH=no + fi +fi + +AM_CONDITIONAL([BUILD_DH], [test "x$ENABLED_DH" = "xyes"]) + + +# ASN +# turn off asn, which means no certs, no rsa, no dh, no dsa, no ecc, +# and no big int, use this to disable all public key stuff +AC_ARG_ENABLE([asn], + [ --enable-asn Enable ASN (default: enabled)], + [ ENABLED_ASN=$enableval ], + [ ENABLED_ASN=yes ] + ) + +if test "$ENABLED_ASN" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT" +else + # turn off ASN if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT" + ENABLED_ASN=no + fi +fi + +if test "$ENABLED_RSA" = "yes" && test "$ENABLED_ASN" = "no" +then + AC_MSG_ERROR([please disable rsa if disabling asn.]) +fi + +if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no" +then + AC_MSG_ERROR([please disable dsa if disabling asn.]) +fi + +if test "$ENABLED_DH" = "yes" && test "$ENABLED_ASN" = "no" +then + AC_MSG_ERROR([please disable dh if disabling asn.]) +fi + +if test "$ENABLED_ECC" = "yes" && test "$ENABLED_ASN" = "no" +then + AC_MSG_ERROR([please disable ecc if disabling asn.]) +fi + +if test "$ENABLED_PSK" = "no" && test "$ENABLED_ASN" = "no" +then + AC_MSG_ERROR([please enable psk if disabling asn.]) +fi + +if test "$ENABLED_ASN" = "no" +then + ENABLED_FASTMATH=no + ENABLED_SLOWMATH=no +fi + +AM_CONDITIONAL([BUILD_ASN], [test "x$ENABLED_ASN" = "xyes"]) + + +# AES +AC_ARG_ENABLE([aes], + [ --enable-aes Enable AES (default: enabled)], + [ ENABLED_AES=$enableval ], + [ ENABLED_AES=yes ] + ) + +if test "$ENABLED_AES" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_AES" +else + # turn off AES if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_AES" + ENABLED_AES=no + fi +fi + +AM_CONDITIONAL([BUILD_AES], [test "x$ENABLED_AES" = "xyes"]) + + +# CODING +AC_ARG_ENABLE([coding], + [ --enable-coding Enable Coding base 16/64 (default: enabled)], + [ ENABLED_CODING=$enableval ], + [ ENABLED_CODING=yes ] + ) + +if test "$ENABLED_CODING" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_CODING" +else + # turn off CODING if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_CODING" + ENABLED_CODING=no + fi +fi + +AM_CONDITIONAL([BUILD_CODING], [test "x$ENABLED_CODING" = "xyes"]) + + +# DES3 +AC_ARG_ENABLE([des3], + [ --enable-des3 Enable DES3 (default: enabled)], + [ ENABLED_DES3=$enableval ], + [ ENABLED_DES3=yes ] + ) + +if test "$ENABLED_DES3" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_DES3" +else + # turn off DES3 if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_DES3" + ENABLED_DES3=no + fi +fi + +AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"]) + + +# ARC4 +AC_ARG_ENABLE([arc4], + [ --enable-arc4 Enable ARC4 (default: enabled)], + [ ENABLED_ARC4=$enableval ], + [ ENABLED_ARC4=yes ] + ) + +if test "$ENABLED_ARC4" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_RC4" +else + # turn off ARC4 if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_RC4" + ENABLED_ARC4=no + fi +fi + +AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"]) + + +# MD5 +AC_ARG_ENABLE([md5], + [ --enable-md5 Enable MD5 (default: enabled)], + [ ENABLED_MD5=$enableval ], + [ ENABLED_MD5=yes ] + ) + +if test "$ENABLED_MD5" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS" +else + # turn off MD5 if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS" + ENABLED_MD5=no + fi +fi + +AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"]) + + +# SHA +AC_ARG_ENABLE([sha], + [ --enable-sha Enable SHA (default: enabled)], + [ ENABLED_SHA=$enableval ], + [ ENABLED_SHA=yes ] + ) + +if test "$ENABLED_SHA" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS" +else + # turn off SHA if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS" + ENABLED_SHA=no + fi +fi + +AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"]) + + +# MD4 +AC_ARG_ENABLE([md4], + [ --enable-md4 Enable MD4 (default: disabled)], + [ ENABLED_MD4=$enableval ], + [ ENABLED_MD4=no ] + ) + +if test "$ENABLED_MD4" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_MD4" +fi + +AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"]) + + +# PWDBASED +AC_ARG_ENABLE([pwdbased], + [ --enable-pwdbased Enable PWDBASED (default: disabled)], + [ ENABLED_PWDBASED=$enableval ], + [ ENABLED_PWDBASED=no ] + ) + +if test "$ENABLED_PWDBASED" = "no" +then + if test "$ENABLED_OPENSSLEXTRA" = "yes" + then + # opensslextra needs pwdbased + ENABLED_PWDBASED=yes + else + AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED" + fi +fi + +AM_CONDITIONAL([BUILD_PWDBASED], [test "x$ENABLED_PWDBASED" = "xyes"]) + + # HC128 AC_ARG_ENABLE([hc128], [ --enable-hc128 Enable HC-128 (default: disabled)], @@ -541,22 +878,9 @@ fi AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"]) -# PSK -AC_ARG_ENABLE([psk], - [ --enable-psk Enable PSK (default: disabled)], - [ ENABLED_PSK=$enableval ], - [ ENABLED_PSK=no ] - ) - -if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" -then - AM_CFLAGS="$AM_CFLAGS -DNO_PSK" -fi - - # Web Server Build -AC_ARG_ENABLE([webServer], - [ --enable-webServer Enable Web Server (default: disabled)], +AC_ARG_ENABLE([webserver], + [ --enable-webserver Enable Web Server (default: disabled)], [ ENABLED_WEBSERVER=$enableval ], [ ENABLED_WEBSERVER=no ] ) @@ -567,53 +891,39 @@ then fi -# No Filesystem Build -AC_ARG_ENABLE([noFilesystem], - [ --enable-noFilesystem Enable No Filesystem (default: disabled)], - [ ENABLED_NOFILESYSTEM=$enableval ], - [ ENABLED_NOFILESYSTEM=no ] +# Filesystem Build +AC_ARG_ENABLE([filesystem], + [ --enable-filesystem Enable Filesystem support (default: disabled)], + [ ENABLED_FILESYSTEM=$enableval ], + [ ENABLED_FILESYSTEM=yes ] ) -if test "$ENABLED_NOFILESYSTEM" = "yes" +if test "$ENABLED_FILESYSTEM" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" +else + # turn off filesystem if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" + ENABLED_FILESYSTEM=no + fi fi -# No inline Build -AC_ARG_ENABLE([noInline], - [ --enable-noInline Enable No inline (default: disabled)], - [ ENABLED_NOINLINE=$enableval ], - [ ENABLED_NOINLINE=no ] +# inline Build +AC_ARG_ENABLE([inline], + [ --enable-inline Enable inline functions (default: disabled)], + [ ENABLED_INLINE=$enableval ], + [ ENABLED_INLINE=yes ] ) -if test "$ENABLED_NOINLINE" = "yes" +if test "$ENABLED_INLINE" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_INLINE" fi -AM_CONDITIONAL([BUILD_NOINLINE], [test "x$ENABLED_NOINLINE" = "xyes"]) - - -# ECC -AC_ARG_ENABLE([ecc], - [ --enable-ecc Enable ECC (default: disabled)], - [ ENABLED_ECC=$enableval ], - [ ENABLED_ECC=no ] - ) - -if test "$ENABLED_ECC" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC" -fi - -AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"]) - - -if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes" -then - AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.]) -fi +AM_CONDITIONAL([BUILD_INLINE], [test "x$ENABLED_INLINE" = "xyes"]) # OCSP @@ -725,6 +1035,43 @@ then fi +# fastmath +AC_ARG_ENABLE([fastmath], + [ --enable-fastmath Enable fast math for BigInts (default: disabled)], + [ ENABLED_FASTMATH=$enableval ], + [ ENABLED_FASTMATH=no ] + ) + +if test "x$ENABLED_FASTMATH" = "xyes" +then + AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH" + ENABLED_SLOWMATH="no" +fi + + +# fast HUGE math +AC_ARG_ENABLE([fasthugemath], + [ --enable-fasthugemath Enable fast math + huge code (default: disabled)], + [ ENABLED_FASTHUGEMATH=$enableval ], + [ ENABLED_FASTHUGEMATH=no ] + ) + +if test "$ENABLED_BUMP" = "yes" +then + ENABLED_FASTHUGEMATH="yes" +fi + +if test "$ENABLED_FASTHUGEMATH" = "yes" +then + ENABLED_FASTMATH="yes" + AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH" + ENABLED_SLOWMATH="no" +fi + +AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"]) +AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"]) + + # Enable Examples, used to disable examples AC_ARG_ENABLE([examples], [ --enable-examples Enable Examples (default: enabled)], @@ -733,7 +1080,10 @@ AC_ARG_ENABLE([examples], ) AS_IF([test "x$ENABLED_SINGLETHREADED" = "xyes"], [ENABLED_EXAMPLES="no"]) -AS_IF([test "x$ENABLED_NOFILESYSTEM" = "xyes"], [ENABLED_EXAMPLES="no"]) +AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"]) +AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"]) +# certs still have sha signatures for now +AS_IF([test "x$ENABLED_SHA" = "xno"], [ENABLED_EXAMPLES="no"]) AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"]) @@ -880,24 +1230,40 @@ echo " * VCS checkout: $ac_cv_vcs_checkout" echo echo " Features " echo " * Single threaded: $ENABLED_SINGLETHREADED" -echo " * DTLS: $ENABLED_DTLS" -echo " * Enable extra OpenSSL API: $ENABLED_OPENSSLEXTRA" +echo " * Filesystem: $ENABLED_FILESYSTEM" +echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA" echo " * fastmath: $ENABLED_FASTMATH" echo " * sniffer: $ENABLED_SNIFFER" +echo " * ARC4: $ENABLED_ARC4" +echo " * AES: $ENABLED_AES" echo " * AES-NI: $ENABLED_AESNI" echo " * AES-GCM: $ENABLED_AESGCM" echo " * AES-CCM: $ENABLED_AESCCM" +echo " * DES3: $ENABLED_DES3" echo " * Camellia: $ENABLED_CAMELLIA" +echo " * NULL Cipher: $ENABLED_NULL_CIPHER" +echo " * MD5: $ENABLED_MD5" echo " * RIPEMD: $ENABLED_RIPEMD" +echo " * SHA: $ENABLED_SHA" echo " * SHA-512: $ENABLED_SHA512" echo " * keygen: $ENABLED_KEYGEN" echo " * certgen: $ENABLED_CERTGEN" echo " * HC-128: $ENABLED_HC128" echo " * RABBIT: $ENABLED_RABBIT" +echo " * PWDBASED: $ENABLED_PWDBASED" +echo " * MD4: $ENABLED_MD4" echo " * PSK: $ENABLED_PSK" echo " * LEANPSK: $ENABLED_LEANPSK" echo " * RSA: $ENABLED_RSA" +echo " * DSA: $ENABLED_DSA" +echo " * DH: $ENABLED_DH" echo " * ECC: $ENABLED_ECC" +echo " * ASN: $ENABLED_ASN" +echo " * CODING: $ENABLED_CODING" +echo " * MEMORY: $ENABLED_MEMORY" +echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" +echo " * DTLS: $ENABLED_DTLS" +echo " * Old TLS Versions: $ENABLED_OLD_TLS" echo " * OCSP: $ENABLED_OCSP" echo " * CRL: $ENABLED_CRL" echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR" diff --git a/ctaocrypt/src/asm.c b/ctaocrypt/src/asm.c index ba1d4a716..21751c098 100644 --- a/ctaocrypt/src/asm.c +++ b/ctaocrypt/src/asm.c @@ -437,9 +437,10 @@ __asm__( \ #define INNERMUL \ do { fp_word t; \ - _c[0] = t = ((fp_word)_c[0] + (fp_word)cy) + \ + t = ((fp_word)_c[0] + (fp_word)cy) + \ (((fp_word)mu) * ((fp_word)*tmpm++)); \ - cy = (t >> DIGIT_BIT); \ + _c[0] = (fp_digit)t; \ + cy = (fp_digit)(t >> DIGIT_BIT); \ } while (0) #define PROPCARRY \ @@ -975,8 +976,9 @@ __asm__( \ /* multiplies point i and j, updates carry "c1" and digit c2 */ #define SQRADD(i, j) \ do { fp_word t; \ - t = c0 + ((fp_word)i) * ((fp_word)j); c0 = t; \ - t = c1 + (t >> DIGIT_BIT); c1 = t; c2 += t >> DIGIT_BIT; \ + t = c0 + ((fp_word)i) * ((fp_word)j); c0 = (fp_digit)t; \ + t = c1 + (t >> DIGIT_BIT); c1 = (fp_digit)t; \ + c2 +=(fp_digit) (t >> DIGIT_BIT); \ } while (0); @@ -984,10 +986,12 @@ __asm__( \ #define SQRADD2(i, j) \ do { fp_word t; \ t = ((fp_word)i) * ((fp_word)j); \ - tt = (fp_word)c0 + t; c0 = tt; \ - tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = tt; c2 += tt >> DIGIT_BIT; \ - tt = (fp_word)c0 + t; c0 = tt; \ - tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = tt; c2 += tt >> DIGIT_BIT; \ + tt = (fp_word)c0 + t; c0 = (fp_digit)tt; \ + tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = (fp_digit)tt; \ + c2 +=(fp_digit)( tt >> DIGIT_BIT); \ + tt = (fp_word)c0 + t; c0 = (fp_digit)tt; \ + tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = (fp_digit)tt; \ + c2 +=(fp_digit) (tt >> DIGIT_BIT); \ } while (0); #define SQRADDSC(i, j) \ @@ -1274,10 +1278,11 @@ ____asm__( \ #define COMBA_FINI -#define MULADD(i, j) \ - do { fp_word t; \ - t = (fp_word)c0 + ((fp_word)i) * ((fp_word)j); c0 = t; \ - t = (fp_word)c1 + (t >> DIGIT_BIT); c1 = t; c2 += t >> DIGIT_BIT; \ +#define MULADD(i, j) \ + do { fp_word t; \ + t = (fp_word)c0 + ((fp_word)i) * ((fp_word)j); c0 = (fp_digit)t; \ + t = (fp_word)c1 + (t >> DIGIT_BIT); \ + c1 = (fp_digit)t; c2 += (fp_digit)(t >> DIGIT_BIT); \ } while (0); #endif diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 76939be21..72dee4f9f 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -71,10 +71,10 @@ #ifndef TRUE -enum { - FALSE = 0, - TRUE = 1 -}; + #define TRUE 1 +#endif +#ifndef FALSE + #define FALSE 0 #endif @@ -184,10 +184,10 @@ struct tm* gmtime(const time_t* timer) dayclock = (unsigned long)secs % SECS_DAY; dayno = (unsigned long)secs / SECS_DAY; - ret->tm_sec = dayclock % 60; - ret->tm_min = (dayclock % 3600) / 60; - ret->tm_hour = dayclock / 3600; - ret->tm_wday = (dayno + 4) % 7; /* day 0 a Thursday */ + ret->tm_sec = (int) dayclock % 60; + ret->tm_min = (int)(dayclock % 3600) / 60; + ret->tm_hour = (int) dayclock / 3600; + ret->tm_wday = (int) (dayno + 4) % 7; /* day 0 a Thursday */ while(dayno >= (unsigned long)YEARSIZE(year)) { dayno -= YEARSIZE(year); @@ -195,7 +195,7 @@ struct tm* gmtime(const time_t* timer) } ret->tm_year = year - YEAR0; - ret->tm_yday = dayno; + ret->tm_yday = (int)dayno; ret->tm_mon = 0; while(dayno >= (unsigned long)_ytab[LEAPYEAR(year)][ret->tm_mon]) { @@ -203,7 +203,7 @@ struct tm* gmtime(const time_t* timer) ret->tm_mon++; } - ret->tm_mday = ++dayno; + ret->tm_mday = (int)++dayno; ret->tm_isdst = 0; return ret; @@ -1911,7 +1911,7 @@ static word32 BytePrecision(word32 value) { word32 i; for (i = sizeof(value); i; --i) - if (value >> ((i - 1) * BIT_SIZE)) + if (value >> ((i - 1) * CYASSL_BIT_SIZE)) break; return i; @@ -1928,7 +1928,7 @@ static word32 SetLength(word32 length, byte* output) output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH); for (j = BytePrecision(length); j; --j) { - output[i] = (byte)(length >> ((j - 1) * BIT_SIZE)); + output[i] = (byte)(length >> ((j - 1) * CYASSL_BIT_SIZE)); i++; } } diff --git a/ctaocrypt/src/coding.c b/ctaocrypt/src/coding.c index a9f374543..c914f9183 100644 --- a/ctaocrypt/src/coding.c +++ b/ctaocrypt/src/coding.c @@ -23,6 +23,8 @@ #include #endif +#ifndef NO_CODING + #include #include #include @@ -265,3 +267,4 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) #endif /* defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER) */ +#endif /* NO_CODING */ diff --git a/ctaocrypt/src/dh.c b/ctaocrypt/src/dh.c index ff64543b0..d5ad83f4f 100644 --- a/ctaocrypt/src/dh.c +++ b/ctaocrypt/src/dh.c @@ -83,8 +83,8 @@ static word32 DiscreteLogWorkFactor(word32 n) static void GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz) { word32 sz = mp_unsigned_bin_size(&key->p); - sz = min(sz, 2 * DiscreteLogWorkFactor(sz * BIT_SIZE) / BIT_SIZE + 1); - + sz = min(sz, 2 * DiscreteLogWorkFactor(sz * CYASSL_BIT_SIZE) / + CYASSL_BIT_SIZE + 1); RNG_GenerateBlock(rng, priv, sz); priv[0] |= 0x0C; diff --git a/ctaocrypt/src/integer.c b/ctaocrypt/src/integer.c index d97f9122e..32da4f612 100644 --- a/ctaocrypt/src/integer.c +++ b/ctaocrypt/src/integer.c @@ -3736,7 +3736,7 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c) #endif -#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || !defined(NO_PWDBASED) +#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || defined(OPENSSL_EXTRA) /* single digit addition */ int mp_add_d (mp_int* a, mp_digit b, mp_int* c) diff --git a/ctaocrypt/src/misc.c b/ctaocrypt/src/misc.c index 653be2f3b..1a31b2dca 100644 --- a/ctaocrypt/src/misc.c +++ b/ctaocrypt/src/misc.c @@ -163,8 +163,8 @@ STATIC INLINE void XorWords(word* r, const word* a, word32 n) STATIC INLINE void xorbuf(byte* buf, const byte* mask, word32 count) { - if (((word)buf | (word)mask | count) % WORD_SIZE == 0) - XorWords( (word*)buf, (const word*)mask, count / WORD_SIZE); + if (((word)buf | (word)mask | count) % CYASSL_WORD_SIZE == 0) + XorWords( (word*)buf, (const word*)mask, count / CYASSL_WORD_SIZE); else { word32 i; for (i = 0; i < count; i++) buf[i] ^= mask[i]; diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index fe3ce3a31..fd1e9509e 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -166,7 +166,7 @@ void ctaocrypt_test(void* args) ((func_args*)args)->return_code = -1; /* error state */ -#if !defined(CYASSL_LEANPSK) +#if !defined(NO_BIG_INT) if (CheckCtcSettings() != 1) err_sys("Build vs runtime math mismatch\n", -1234); @@ -174,7 +174,7 @@ void ctaocrypt_test(void* args) if (CheckFastMathSettings() != 1) err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n", -1235); #endif /* USE_FAST_MATH */ -#endif /* !CYASSL_LEANPSK */ +#endif /* !NO_BIG_INT */ #ifndef NO_MD5 diff --git a/cyassl/ctaocrypt/integer.h b/cyassl/ctaocrypt/integer.h index b3c4137cc..fdad4773a 100644 --- a/cyassl/ctaocrypt/integer.h +++ b/cyassl/ctaocrypt/integer.h @@ -82,9 +82,9 @@ extern "C" { #ifdef MP_8BIT typedef unsigned char mp_digit; typedef unsigned short mp_word; -#elif defined(MP_16BIT) +#elif defined(MP_16BIT) || defined(NO_64BIT) typedef unsigned short mp_digit; - typedef unsigned long mp_word; + typedef unsigned int mp_word; #elif defined(MP_64BIT) /* for GCC only on supported platforms */ #ifndef CRYPT @@ -313,7 +313,7 @@ int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e, int mp_lcm (mp_int * a, mp_int * b, mp_int * c); #endif -#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || !defined(NO_PWDBASED) +#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || defined(OPENSSL_EXTRA) int mp_sub_d (mp_int * a, mp_digit b, mp_int * c); #endif diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index a9309638f..d070aaa5c 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -133,11 +133,21 @@ #ifdef FREERTOS - #define NO_WRITEV - #define NO_SHA512 - #define NO_DH - #define NO_DSA - #define NO_HC128 + #ifndef NO_WRITEV + #define NO_WRITEV + #endif + #ifndef NO_SHA512 + #define NO_SHA512 + #endif + #ifndef NO_DH + #define NO_DH + #endif + #ifndef NO_DSA + #define NO_DSA + #endif + #ifndef NO_HC128 + #define NO_HC128 + #endif #ifndef SINGLE_THREADED #include "FreeRTOS.h" @@ -457,7 +467,7 @@ #if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \ - !defined(CYASSL_LEANPSK) + !defined(CYASSL_LEANPSK) && !defined(NO_CYASSL_MEMORY) #define USE_CYASSL_MEMORY #endif diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index 314feb608..b42dfdeaf 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -54,6 +54,7 @@ #endif +#ifndef NO_64BIT /* autodetect x86-64 and make sure we are using 64-bit digits with x86-64 asm */ #if defined(__x86_64__) #if defined(TFM_X86) || defined(TFM_SSE2) || defined(TFM_ARM) @@ -72,6 +73,7 @@ #if defined(__x86_64__) && !defined(FP_64BIT) #define FP_64BIT #endif +#endif /* NO_64BIT */ /* try to detect x86-32 */ #if defined(__i386__) && !defined(TFM_SSE2) @@ -214,8 +216,15 @@ typedef signed long long long64; #endif #endif - typedef unsigned int fp_digit; - typedef ulong64 fp_word; + #ifndef NO_64BIT + typedef unsigned int fp_digit; + typedef ulong64 fp_word; + #else + /* some procs like coldfire prefer not to place multiply into 64bit type + even though it exists */ + typedef unsigned short fp_digit; + typedef unsigned int fp_word; + #endif #endif /* # of digits this is */ diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 2a7a8d02c..adf69fdf1 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -97,9 +97,9 @@ enum { - WORD_SIZE = sizeof(word), - BIT_SIZE = 8, - WORD_BITS = WORD_SIZE * BIT_SIZE + CYASSL_WORD_SIZE = sizeof(word), + CYASSL_BIT_SIZE = 8, + CYASSL_WORD_BITS = CYASSL_WORD_SIZE * CYASSL_BIT_SIZE }; #define CYASSL_MAX_16BIT 0xffffU @@ -149,16 +149,22 @@ enum { /* default to libc stuff */ /* XREALLOC is used once in normal math lib, not in fast math lib */ /* XFREE on some embeded systems doesn't like free(0) so test */ -#ifdef XMALLOC_USER +#if defined(XMALLOC_USER) /* prototypes for user heap override functions */ #include /* for size_t */ extern void *XMALLOC(size_t n, void* heap, int type); extern void *XREALLOC(void *p, size_t n, void* heap, int type); extern void XFREE(void *p, void* heap, int type); +#elif defined(NO_CYASSL_MEMORY) + /* just use plain C stdlib stuff if desired */ + #include + #define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} + #define XREALLOC(p, n, h, t) realloc((p), (n)) #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ && !defined(CYASSL_SAFERTOS) && !defined(FREESCALE_MQX) \ && !defined(CYASSL_LEANPSK) - /* default C runtime, can install different routines at runtime */ + /* default C runtime, can install different routines at runtime via cbs */ #include #define XMALLOC(s, h, t) ((void)h, (void)t, CyaSSL_Malloc((s))) #define XFREE(p, h, t) {void* xp = (p); if((xp)) CyaSSL_Free((xp));} diff --git a/cyassl/internal.h b/cyassl/internal.h index becf5adcd..1ece4556f 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -138,8 +138,10 @@ void c32to24(word32 in, word24 out); #if !defined(NO_SHA) #define BUILD_SSL_RSA_WITH_RC4_128_SHA #endif - #define BUILD_SSL_RSA_WITH_RC4_128_MD5 - #if !defined(NO_TLS) && defined(HAVE_NTRU) + #if !defined(NO_MD5) + #define BUILD_SSL_RSA_WITH_RC4_128_MD5 + #endif + #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA #endif #endif @@ -826,7 +828,7 @@ enum { The length (in bytes) of the following TLSPlaintext.fragment. The length should not exceed 2^14. */ -#if defined(LARGE_STATIC_BUFFERS) || defined(CYASSL_DTLS) +#if defined(LARGE_STATIC_BUFFERS) #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ MTU_EXTRA + MAX_MSG_EXTRA #else @@ -882,18 +884,18 @@ int SetCipherList(Suites*, const char* list); CYASSL_LOCAL void EmbedOcspRespFree(void*, byte*); #endif -#endif -#ifdef CYASSL_DTLS - CYASSL_LOCAL - int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx); - CYASSL_LOCAL - int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx); - CYASSL_LOCAL - int EmbedGenerateCookie(byte *buf, int sz, void *ctx); - CYASSL_LOCAL - int IsUDP(void*); -#endif + #ifdef CYASSL_DTLS + CYASSL_LOCAL + int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx); + CYASSL_LOCAL + int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx); + CYASSL_LOCAL + int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx); + CYASSL_LOCAL + int IsUDP(void*); + #endif /* CYASSL_DTLS */ +#endif /* CYASSL_USER_IO */ /* CyaSSL Cipher type just points back to SSL */ @@ -1087,6 +1089,9 @@ struct CYASSL_CTX { byte groupMessages; /* group handshake messages before sending */ CallbackIORecv CBIORecv; CallbackIOSend CBIOSend; +#ifdef CYASSL_DTLS + CallbackGenCookie CBIOCookie; /* gen cookie callback */ +#endif VerifyCallback verifyCallback; /* cert verification callback */ word32 timeout; /* session timeout */ #ifdef HAVE_ECC @@ -1621,6 +1626,7 @@ struct CYASSL { int dtls_timeout; DtlsPool* dtls_pool; DtlsMsg* dtls_msg_list; + void* IOCB_CookieCtx; /* gen cookie ctx */ #endif #ifdef CYASSL_CALLBACKS HandShakeInfo handShakeInfo; /* info saved during handshake */ diff --git a/cyassl/ssl.h b/cyassl/ssl.h index cef60f5f3..8f0eafc85 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -809,6 +809,11 @@ CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx); CYASSL_API void CyaSSL_SetIOReadFlags( CYASSL* ssl, int flags); CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags); +typedef int (*CallbackGenCookie)(CYASSL* ssl, unsigned char* buf, int sz, + void* ctx); +CYASSL_API void CyaSSL_CTX_SetGenCookie(CYASSL_CTX*, CallbackGenCookie); +CYASSL_API void CyaSSL_SetCookieCtx(CYASSL* ssl, void *ctx); + typedef int (*CallbackIOOcsp)(void*, const char*, int, unsigned char*, int, unsigned char**); typedef void (*CallbackIOOcspRespFree)(void*,unsigned char*); diff --git a/cyassl/test.h b/cyassl/test.h index 5c0f15f67..bc41a7d46 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -937,5 +937,113 @@ static INLINE int CurrentDir(const char* str) #endif /* USE_WINDOWS_API */ + +#ifdef USE_CYASSL_MEMORY + + typedef struct memoryStats { + size_t totalAllocs; /* number of allocations */ + size_t totalBytes; /* total number of bytes allocated */ + size_t peakBytes; /* concurrent max bytes */ + size_t currentBytes; /* total current bytes in use */ + } memoryStats; + + typedef struct memHint { + size_t thisSize; /* size of this memory */ + void* thisMemory; /* actual memory for user */ + } memHint; + + typedef struct memoryTrack { + union { + memHint hint; + byte alignit[16]; /* make sure we have strong alignment */ + } u; + } memoryTrack; + + #if defined(CYASSL_TRACK_MEMORY) + #define DO_MEM_STATS + static memoryStats ourMemStats; + #endif + + static INLINE void* TrackMalloc(size_t sz) + { + memoryTrack* mt; + + if (sz == 0) + return NULL; + + mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz); + if (mt == NULL) + return NULL; + + mt->u.hint.thisSize = sz; + mt->u.hint.thisMemory = (byte*)mt + sizeof(memoryTrack); + +#ifdef DO_MEM_STATS + ourMemStats.totalAllocs++; + ourMemStats.totalBytes += sz; + ourMemStats.currentBytes += sz; + if (ourMemStats.currentBytes > ourMemStats.peakBytes) + ourMemStats.peakBytes = ourMemStats.currentBytes; +#endif + + return mt->u.hint.thisMemory; + } + + + static INLINE void TrackFree(void* ptr) + { + memoryTrack* mt; + + if (ptr == NULL) + return; + + mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack)); + +#ifdef DO_MEM_STATS + ourMemStats.currentBytes -= mt->u.hint.thisSize; +#endif + + free(mt); + } + + + static INLINE void* TrackRealloc(void* ptr, size_t sz) + { + void* ret = TrackMalloc(sz); + + if (ret && ptr) + memcpy(ret, ptr, sz); + + if (ret) + TrackFree(ptr); + + return ret; + } + + static INLINE void InitMemoryTracker(void) + { + if (CyaSSL_SetAllocators(TrackMalloc, TrackFree, TrackRealloc) != 0) + err_sys("CyaSSL SetAllocators failed for track memory"); + + #ifdef DO_MEM_STATS + ourMemStats.totalAllocs = 0; + ourMemStats.totalBytes = 0; + ourMemStats.peakBytes = 0; + ourMemStats.currentBytes = 0; + #endif + } + + static INLINE void ShowMemoryTracker(void) + { + #ifdef DO_MEM_STATS + printf("total Allocs = %9ld\n", ourMemStats.totalAllocs); + printf("total Bytes = %9ld\n", ourMemStats.totalBytes); + printf("peak Bytes = %9ld\n", ourMemStats.peakBytes); + printf("current Bytes = %9ld\n", ourMemStats.currentBytes); + #endif + } + +#endif /* USE_CYASSL_MEMORY */ + #endif /* CyaSSL_TEST_H */ diff --git a/cyassl/version.h b/cyassl/version.h index 3972641b2..fbe4595ce 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBCYASSL_VERSION_STRING "2.5.2" -#define LIBCYASSL_VERSION_HEX 0x02005002 +#define LIBCYASSL_VERSION_STRING "2.5.3" +#define LIBCYASSL_VERSION_HEX 0x02005003 #ifdef __cplusplus } diff --git a/examples/client/client.c b/examples/client/client.c index 738f2582b..d44f7100b 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -23,6 +23,11 @@ #include #endif +#if !defined(CYASSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER) + /* in case memory tracker wants stats */ + #define CYASSL_TRACK_MEMORY +#endif + #include #include @@ -35,6 +40,7 @@ Timeval timeout; #endif + static void NonBlockingSSL_Connect(CYASSL* ssl) { #ifndef CYASSL_CALLBACKS @@ -97,6 +103,7 @@ static void Usage(void) printf("-A Certificate Authority file, default %s\n", caCert); printf("-b Benchmark connections and print stats\n"); printf("-s Use pre Shared keys\n"); + printf("-t Track CyaSSL memory use\n"); printf("-d Disable peer checks\n"); printf("-g Send server HTTP GET\n"); printf("-u Use UDP DTLS," @@ -139,6 +146,7 @@ void client_test(void* args) int doPeerCheck = 1; int nonBlocking = 0; int resumeSession = 0; + int trackMemory = 0; char* cipherList = NULL; char* verifyCert = (char*)caCert; char* ourCert = (char*)cliCert; @@ -157,8 +165,9 @@ void client_test(void* args) (void)resumeSz; (void)session; (void)sslResume; + (void)trackMemory; - while ((ch = mygetopt(argc, argv, "?gdusmNrh:p:v:l:A:c:k:b:")) != -1) { + while ((ch = mygetopt(argc, argv, "?gdusmNrth:p:v:l:A:c:k:b:")) != -1) { switch (ch) { case '?' : Usage(); @@ -180,6 +189,12 @@ void client_test(void* args) usePsk = 1; break; + case 't' : + #ifdef USE_CYASSL_MEMORY + trackMemory = 1; + #endif + break; + case 'm' : matchName = 1; break; @@ -257,6 +272,11 @@ void client_test(void* args) } } +#ifdef USE_CYASSL_MEMORY + if (trackMemory) + InitMemoryTracker(); +#endif + switch (version) { #ifndef NO_OLD_TLS case 0: @@ -361,8 +381,10 @@ void client_test(void* args) err_sys("can't load ca file, Please run from CyaSSL home dir"); } #endif +#if !defined(NO_CERTS) if (!usePsk && doPeerCheck == 0) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); +#endif #ifdef HAVE_CAVIUM CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID); @@ -561,6 +583,11 @@ void client_test(void* args) CyaSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; + +#ifdef USE_CYASSL_MEMORY + if (trackMemory) + ShowMemoryTracker(); +#endif /* USE_CYASSL_MEMORY */ } @@ -622,4 +649,3 @@ void client_test(void* args) #endif - diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 5e9444958..12bbc6a38 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -98,7 +98,7 @@ void echoclient_test(void* args) err_sys("can't load ca file, Please run from CyaSSL home dir"); #endif #elif !defined(NO_CERTS) - if (!doLeanPSK) + if (!doPSK) load_buffer(ctx, caCert, CYASSL_CA); #endif diff --git a/examples/server/server.c b/examples/server/server.c index 324fb41a8..3b06d0687 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -23,6 +23,11 @@ #include #endif +#if !defined(CYASSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER) + /* in case memory tracker wants stats */ + #define CYASSL_TRACK_MEMORY +#endif + #include #include @@ -98,6 +103,7 @@ static void Usage(void) printf("-d Disable client cert check\n"); printf("-b Bind to any interface instead of localhost only\n"); printf("-s Use pre Shared keys\n"); + printf("-t Track CyaSSL memory use\n"); printf("-u Use UDP DTLS," " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n"); printf("-N Use Non-blocking sockets\n"); @@ -125,6 +131,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) int doDTLS = 0; int useNtruKey = 0; int nonBlocking = 0; + int trackMemory = 0; char* cipherList = NULL; char* verifyCert = (char*)cliCert; char* ourCert = (char*)svrCert; @@ -139,8 +146,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) ourCert = (char*)eccCert; ourKey = (char*)eccKey; #endif + (void)trackMemory; - while ((ch = mygetopt(argc, argv, "?dbsnNup:v:l:A:c:k:")) != -1) { + while ((ch = mygetopt(argc, argv, "?dbstnNup:v:l:A:c:k:")) != -1) { switch (ch) { case '?' : Usage(); @@ -158,6 +166,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) usePsk = 1; break; + case 't' : + #ifdef USE_CYASSL_MEMORY + trackMemory = 1; + #endif + break; + case 'n' : useNtruKey = 1; break; @@ -222,6 +236,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } } +#ifdef USE_CYASSL_MEMORY + if (trackMemory) + InitMemoryTracker(); +#endif + switch (version) { #ifndef NO_OLD_TLS case 0: @@ -400,6 +419,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) CloseSocket(clientfd); ((func_args*)args)->return_code = 0; + +#ifdef USE_CYASSL_MEMORY + if (trackMemory) + ShowMemoryTracker(); +#endif /* USE_CYASSL_MEMORY */ + return 0; } diff --git a/src/crl.c b/src/crl.c index 38487eb67..e65cc3236 100644 --- a/src/crl.c +++ b/src/crl.c @@ -30,6 +30,7 @@ #include #include +#include #include @@ -532,8 +533,19 @@ int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor) return BAD_PATH_ERROR; } while ( (entry = readdir(dir)) != NULL) { - if (entry->d_type & DT_REG) { - char name[MAX_FILENAME_SZ]; + char name[MAX_FILENAME_SZ]; + struct stat s; + + XMEMSET(name, 0, sizeof(name)); + XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2); + XSTRNCAT(name, "/", 1); + XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2); + + if (stat(name, &s) != 0) { + CYASSL_MSG("stat on name failed"); + continue; + } + if (s.st_mode & S_IFREG) { if (type == SSL_FILETYPE_PEM) { if (strstr(entry->d_name, ".pem") == NULL) { @@ -550,11 +562,6 @@ int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor) } } - XMEMSET(name, 0, sizeof(name)); - XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2); - XSTRNCAT(name, "/", 1); - XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2); - if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl) != SSL_SUCCESS) { CYASSL_MSG("CRL file load failed, continuing"); diff --git a/src/include.am b/src/include.am index c5521ad86..4807557b2 100644 --- a/src/include.am +++ b/src/include.am @@ -11,7 +11,6 @@ src_libcyassl_la_SOURCES = \ src/tls.c \ ctaocrypt/src/hmac.c \ ctaocrypt/src/random.c \ - ctaocrypt/src/sha.c \ ctaocrypt/src/sha256.c \ ctaocrypt/src/logging.c \ ctaocrypt/src/error.c @@ -20,24 +19,58 @@ src_libcyassl_la_LIBADD = $(LIBM) src_libcyassl_la_CFLAGS = -DBUILDING_CYASSL $(AM_CFLAGS) src_libcyassl_la_CPPFLAGS = -DBUILDING_CYASSL $(AM_CPPFLAGS) -if !BUILD_LEANPSK -src_libcyassl_la_SOURCES += ctaocrypt/src/des3.c \ - ctaocrypt/src/coding.c \ - ctaocrypt/src/arc4.c \ - ctaocrypt/src/md4.c \ - ctaocrypt/src/md5.c \ - ctaocrypt/src/asn.c \ - ctaocrypt/src/dh.c \ - ctaocrypt/src/dsa.c \ - ctaocrypt/src/pwdbased.c \ - ctaocrypt/src/aes.c \ - ctaocrypt/src/memory.c +if BUILD_MEMORY +src_libcyassl_la_SOURCES += ctaocrypt/src/memory.c endif if BUILD_RSA src_libcyassl_la_SOURCES += ctaocrypt/src/rsa.c endif +if BUILD_DH +src_libcyassl_la_SOURCES += ctaocrypt/src/dh.c +endif + +if BUILD_ASN +src_libcyassl_la_SOURCES += ctaocrypt/src/asn.c +endif + +if BUILD_CODING +src_libcyassl_la_SOURCES += ctaocrypt/src/coding.c +endif + +if BUILD_AES +src_libcyassl_la_SOURCES += ctaocrypt/src/aes.c +endif + +if BUILD_DES3 +src_libcyassl_la_SOURCES += ctaocrypt/src/des3.c +endif + +if BUILD_SHA +src_libcyassl_la_SOURCES += ctaocrypt/src/sha.c +endif + +if BUILD_RC4 +src_libcyassl_la_SOURCES += ctaocrypt/src/arc4.c +endif + +if BUILD_MD4 +src_libcyassl_la_SOURCES += ctaocrypt/src/md4.c +endif + +if BUILD_MD5 +src_libcyassl_la_SOURCES += ctaocrypt/src/md5.c +endif + +if BUILD_PWDBASED +src_libcyassl_la_SOURCES += ctaocrypt/src/pwdbased.c +endif + +if BUILD_DSA +src_libcyassl_la_SOURCES += ctaocrypt/src/dsa.c +endif + if BUILD_AESNI src_libcyassl_la_SOURCES += ctaocrypt/src/aes_asm.s endif @@ -70,7 +103,7 @@ if BUILD_RABBIT src_libcyassl_la_SOURCES += ctaocrypt/src/rabbit.c endif -if BUILD_NOINLINE +if !BUILD_INLINE src_libcyassl_la_SOURCES += ctaocrypt/src/misc.c endif diff --git a/src/internal.c b/src/internal.c index c88c00047..bb3825acd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -94,6 +94,9 @@ typedef enum { static void Hmac(CYASSL* ssl, byte* digest, const byte* buffer, word32 sz, int content, int verify); +#endif + +#ifndef NO_CERTS static void BuildCertHashes(CYASSL* ssl, Hashes* hashes); #endif @@ -219,12 +222,16 @@ static INLINE void ato16(const byte* c, word16* u16) } +#ifdef CYASSL_DTLS + /* convert opaque to 32 bit integer */ static INLINE void ato32(const byte* c, word32* u32) { *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3]; } +#endif /* CYASSL_DTLS */ + #ifdef HAVE_LIBZ @@ -360,14 +367,18 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method) #ifdef CYASSL_DTLS if (method->version.major == DTLS_MAJOR && method->version.minor >= DTLSv1_2_MINOR) { - ctx->CBIORecv = EmbedReceiveFrom; - ctx->CBIOSend = EmbedSendTo; + ctx->CBIORecv = EmbedReceiveFrom; + ctx->CBIOSend = EmbedSendTo; + ctx->CBIOCookie = EmbedGenerateCookie; } #endif #else /* user will set */ - ctx->CBIORecv = NULL; - ctx->CBIOSend = NULL; + ctx->CBIORecv = NULL; + ctx->CBIOSend = NULL; + #ifdef CYASSL_DTLS + ctx->CBIOCookie = NULL; + #endif #endif ctx->partialWrite = 0; ctx->verifyCallback = 0; @@ -1220,6 +1231,9 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */ ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */ +#ifdef CYASSL_DTLS + ssl->IOCB_CookieCtx = NULL; /* we don't use for default cb */ +#endif #ifndef NO_OLD_TLS #ifndef NO_MD5 @@ -2189,6 +2203,11 @@ static int Receive(CYASSL* ssl, byte* buf, word32 sz) { int recvd; + if (ssl->ctx->CBIORecv == NULL) { + CYASSL_MSG("Your IO Recv callback is null, please set"); + return -1; + } + retry: recvd = ssl->ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx); if (recvd < 0) @@ -2283,6 +2302,11 @@ void ShrinkInputBuffer(CYASSL* ssl, int forcedFree) int SendBuffered(CYASSL* ssl) { + if (ssl->ctx->CBIOSend == NULL) { + CYASSL_MSG("Your IO Send callback is null, please set"); + return SOCKET_ERROR_E; + } + while (ssl->buffers.outputBuffer.length > 0) { int sent = ssl->ctx->CBIOSend(ssl, (char*)ssl->buffers.outputBuffer.buffer + @@ -4143,6 +4167,7 @@ static int GetInputData(CYASSL *ssl, word32 size) int inSz; int maxLength; int usedLength; + int dtlsExtra = 0; /* check max input length */ @@ -4151,12 +4176,15 @@ static int GetInputData(CYASSL *ssl, word32 size) inSz = (int)(size - usedLength); /* from last partial read */ #ifdef CYASSL_DTLS - if (ssl->options.dtls) + if (ssl->options.dtls) { + if (size < MAX_MTU) + dtlsExtra = (int)(MAX_MTU - size); inSz = MAX_MTU; /* read ahead up to MTU */ + } #endif if (inSz > maxLength) { - if (GrowInputBuffer(ssl, size, usedLength) < 0) + if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0) return MEMORY_E; } @@ -4599,7 +4627,7 @@ static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, } } - +#ifndef NO_CERTS static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest) { byte md5_result[MD5_DIGEST_SIZE]; @@ -4634,7 +4662,8 @@ static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest) ShaFinal(&ssl->hashSha, digest); } -#endif +#endif /* NO_CERTS */ +#endif /* NO_OLD_TLS */ #ifndef NO_CERTS @@ -5163,6 +5192,7 @@ int SendAlert(CYASSL* ssl, int severity, int type) byte *output; int sendSz; int ret; + int dtlsExtra = 0; /* if sendalert is called again for nonbloking */ if (ssl->options.sendAlertState != 0) { @@ -5172,8 +5202,14 @@ int SendAlert(CYASSL* ssl, int severity, int type) return ret; } + #ifdef CYASSL_DTLS + if (ssl->options.dtls) + dtlsExtra = DTLS_RECORD_EXTRA; + #endif + /* check for avalaible size */ - if ((ret = CheckAvalaibleSize(ssl, ALERT_SIZE + MAX_MSG_EXTRA)) != 0) + if ((ret = CheckAvalaibleSize(ssl, + ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra)) != 0) return ret; /* get ouput buffer */ @@ -9008,8 +9044,12 @@ int SetCipherList(Suites* s, const char* list) return BUFFER_ERROR; if (i + b > totalSz) return INCOMPLETE_DATA; - if ((EmbedGenerateCookie(cookie, COOKIE_SZ, ssl) - != COOKIE_SZ) + if (ssl->ctx->CBIORecv == NULL) { + CYASSL_MSG("Your Cookie callback is null, please set"); + return COOKIE_ERROR; + } + if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ, + ssl->IOCB_CookieCtx) != COOKIE_SZ) || (b != COOKIE_SZ) || (XMEMCMP(cookie, input + i, b) != 0)) { return COOKIE_ERROR; @@ -9319,7 +9359,12 @@ int SetCipherList(Suites* s, const char* list) output[idx++] = ssl->chVersion.minor; output[idx++] = cookieSz; - if ((ret = EmbedGenerateCookie(output + idx, cookieSz, ssl)) < 0) + if (ssl->ctx->CBIORecv == NULL) { + CYASSL_MSG("Your Cookie callback is null, please set"); + return COOKIE_ERROR; + } + if ((ret = ssl->ctx->CBIOCookie(ssl, output + idx, cookieSz, + ssl->IOCB_CookieCtx)) < 0) return ret; HashOutput(ssl, output, sendSz, 0); diff --git a/src/io.c b/src/io.c index 6edb8008d..7fe4f0260 100644 --- a/src/io.c +++ b/src/io.c @@ -192,7 +192,9 @@ int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx) #ifdef USE_WINDOWS_API DWORD timeout = dtls_timeout * 1000; #else - struct timeval timeout = {dtls_timeout, 0}; + struct timeval timeout; + XMEMSET(&timeout, 0, sizeof(timeout)); + timeout.tv_sec = dtls_timeout; #endif if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, sizeof(timeout)) != 0) { @@ -324,7 +326,9 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx) #ifdef USE_WINDOWS_API DWORD timeout = dtls_timeout * 1000; #else - struct timeval timeout = { dtls_timeout, 0 }; + struct timeval timeout; + XMEMSET(&timeout, 0, sizeof(timeout)); + timeout.tv_sec = dtls_timeout; #endif if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, sizeof(timeout)) != 0) { @@ -429,9 +433,8 @@ int EmbedSendTo(CYASSL* ssl, char *buf, int sz, void *ctx) /* The DTLS Generate Cookie callback * return : number of bytes copied into buf, or error */ -int EmbedGenerateCookie(byte *buf, int sz, void *ctx) +int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx) { - CYASSL* ssl = (CYASSL*)ctx; int sd = ssl->wfd; struct sockaddr_in peer; XSOCKLENT peerSz = sizeof(peer); @@ -439,6 +442,8 @@ int EmbedGenerateCookie(byte *buf, int sz, void *ctx) int cookieSrcSz = 0; Sha sha; + (void)ctx; + if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) { CYASSL_MSG("getpeername failed in EmbedGenerateCookie"); return GEN_COOKIE_E; @@ -783,6 +788,23 @@ CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags) ssl->wflags = flags; } + +#ifdef CYASSL_DTLS + +CYASSL_API void CyaSSL_CTX_SetGenCookie(CYASSL_CTX* ctx, CallbackGenCookie cb) +{ + ctx->CBIOCookie = cb; +} + + +CYASSL_API void CyaSSL_SetCookieCtx(CYASSL* ssl, void *ctx) +{ + ssl->IOCB_CookieCtx = ctx; +} + +#endif /* CYASSL_DTLS */ + + #ifdef HAVE_OCSP CYASSL_API void CyaSSL_SetIOOcsp(CYASSL_CTX* ctx, CallbackIOOcsp cb) diff --git a/src/ssl.c b/src/ssl.c index 1ee738c0f..d8ece703d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -27,8 +27,6 @@ #include #endif -#define TRUE 1 -#define FALSE 0 #include #include @@ -64,6 +62,7 @@ #if !defined(USE_WINDOWS_API) && !defined(NO_CYASSL_DIR) \ && !defined(EBSNET) #include + #include #endif #ifdef EBSNET #include "vfapi.h" @@ -71,6 +70,12 @@ #endif #endif /* NO_FILESYSTEM */ +#ifndef TRUE + #define TRUE 1 +#endif +#ifndef FALSE + #define FALSE 0 +#endif #ifndef min @@ -1143,7 +1148,7 @@ int CyaSSL_Init(void) if (pkcs8) return ToTraditional(der->buffer, der->length); -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) if (pkcs8Enc) { int passwordSz; char password[80]; @@ -1671,14 +1676,20 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file, return BAD_PATH_ERROR; } while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) { - if (entry->d_type & DT_REG) { - char name[MAX_FILENAME_SZ]; + char name[MAX_FILENAME_SZ]; + struct stat s; - XMEMSET(name, 0, sizeof(name)); - XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2); - XSTRNCAT(name, "/", 1); - XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2); - + XMEMSET(name, 0, sizeof(name)); + XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2); + XSTRNCAT(name, "/", 1); + XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2); + + if (stat(name, &s) != 0) { + CYASSL_MSG("stat on name failed"); + closedir(dir); + return BAD_PATH_ERROR; + } + if (s.st_mode & S_IFREG) { ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0, NULL); } @@ -2865,6 +2876,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) #ifndef NO_PSK havePSK = ssl->options.havePSK; #endif + (void)havePSK; if (ssl->options.side != SERVER_END) { CYASSL_ERROR(ssl->error = SIDE_ERROR); @@ -3109,13 +3121,64 @@ int CyaSSL_Cleanup(void) #ifndef NO_SESSION_CACHE +/* Make a work from the front of random hash */ +static INLINE word32 MakeWordFromHash(const byte* hashID) +{ + return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) | + hashID[3]; +} + + +#ifndef NO_MD5 + +/* some session IDs aren't random afterall, let's make them random */ + static INLINE word32 HashSession(const byte* sessionID) { - /* id is random, just make 32 bit number from first 4 bytes for now */ - return (sessionID[0] << 24) | (sessionID[1] << 16) | (sessionID[2] << 8) | - sessionID[3]; + byte digest[MD5_DIGEST_SIZE]; + Md5 md5; + + InitMd5(&md5); + Md5Update(&md5, sessionID, ID_LEN); + Md5Final(&md5, digest); + + return MakeWordFromHash(digest); } +#elif !defined(NO_SHA) + +static INLINE word32 HashSession(const byte* sessionID) +{ + byte digest[SHA_DIGEST_SIZE]; + Sha sha; + + InitSha(&sha); + ShaUpdate(&sha, sessionID, ID_LEN); + ShaFinal(&sha, digest); + + return MakeWordFromHash(digest); +} + +#elif !defined(NO_SHA256) + +static INLINE word32 HashSession(const byte* sessionID) +{ + byte digest[SHA256_DIGEST_SIZE]; + Sha256 sha256; + + InitSha256(&sha256); + Sha256Update(&sha256, sessionID, ID_LEN); + Sha256Final(&sha256, digest); + + return MakeWordFromHash(digest); +} + +#else + +#error "We need a digest to hash the session IDs" + +#endif /* NO_MD5 */ + void CyaSSL_flush_sessions(CYASSL_CTX* ctx, long tm) { @@ -7340,6 +7403,7 @@ static int initGlobalRNG = 0; } +#ifndef NO_DSA static void InitCyaSSL_DSA(CYASSL_DSA* dsa) { if (dsa) { @@ -7432,7 +7496,7 @@ static int initGlobalRNG = 0; return 0; /* key gen not needed by server */ } - +#endif /* NO_DSA */ static void InitCyaSSL_Rsa(CYASSL_RSA* rsa) { @@ -7532,6 +7596,7 @@ static int initGlobalRNG = 0; } +#ifndef NO_DSA static int SetDsaExternal(CYASSL_DSA* dsa) { DsaKey* key; @@ -7573,6 +7638,7 @@ static int initGlobalRNG = 0; return 0; } +#endif /* NO_DSA */ static int SetRsaExternal(CYASSL_RSA* rsa) @@ -7724,6 +7790,7 @@ static int initGlobalRNG = 0; } +#ifndef NO_DSA /* return 0 on success, < 0 otherwise */ int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, CYASSL_DSA* dsa) @@ -7759,6 +7826,7 @@ static int initGlobalRNG = 0; return 0; } +#endif /* NO_DSA */ /* return 1 on success, 0 otherwise */ @@ -8330,6 +8398,7 @@ int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz) } +#ifndef NO_DSA /* Load DSA from Der, 0 on success < 0 on error */ int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz) { @@ -8358,7 +8427,7 @@ int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz) return 0; } - +#endif /* NO_DSA */ diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 6cb141b77..1ddf1e538 100755 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -214,6 +214,9 @@ int main(int argc, char** argv) ret = ssl_SetPrivateKey(server, port, "../../certs/server-key.pem", FILETYPE_PEM, NULL, err); + if (ret != 0) { + printf("Please run directly from sslSniffer/sslSnifferTest dir\n"); + } } else if (argc >= 3) { saveFile = 1; diff --git a/tests/suites.c b/tests/suites.c index e5f1fd163..053873779 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -34,6 +34,7 @@ #define MAX_COMMAND_SZ 240 #define MAX_SUITE_SZ 80 #define NOT_BUILT_IN -123 +#define VERSION_TOO_OLD -124 #include "examples/client/client.h" #include "examples/server/server.h" @@ -41,6 +42,30 @@ CYASSL_CTX* cipherSuiteCtx = NULL; + +#ifdef NO_OLD_TLS +/* if the protocol version is less than tls 1.2 return 1, else 0 */ +static int IsOldTlsVersion(const char* line) +{ + const char* find = "-v "; + char* begin = strstr(line, find); + + if (begin) { + int version = -1; + + begin += 3; + + version = atoi(begin); + + if (version < 3) + return 1; + } + + return 0; +} +#endif /* NO_OLD_TLS */ + + /* if the cipher suite on line is valid store in suite and return 1, else 0 */ static int IsValidCipherSuite(const char* line, char* suite) { @@ -48,7 +73,7 @@ static int IsValidCipherSuite(const char* line, char* suite) int valid = 0; const char* find = "-l "; - char* begin = strnstr(line, find, MAX_COMMAND_SZ); + char* begin = strstr(line, find); char* end; suite[0] = '\0'; @@ -56,7 +81,7 @@ static int IsValidCipherSuite(const char* line, char* suite) if (begin) { begin += 3; - end = strnstr(begin, " ", MAX_COMMAND_SZ); + end = strstr(begin, " "); if (end) { long len = end - begin; @@ -116,6 +141,15 @@ static int execute_test_case(int svr_argc, char** svr_argv, return NOT_BUILT_IN; } +#ifdef NO_OLD_TLS + if (IsOldTlsVersion(commandLine) == 1) { + #ifdef DEBUG_SUITE_TESTS + printf("protocol version on line %s is too old\n", commandLine); + #endif + return VERSION_TOO_OLD; + } +#endif + if (addNoVerify) { printf("repeating test with client cert request off\n"); added += 4; /* -d plus space plus terminator */ @@ -269,6 +303,8 @@ static void test_harness(void* vargs) comment = strsep(&cursor, "\n"); #ifdef DEBUG_SUITE_TESTS printf("%s\n", comment); +#else + (void)comment; #endif break; case '-':